feat: Add Better Auth

[JacksonMeade]

Replace AWS Cognito with Better-Auth

Overview

This PR replaces AWS Cognito authentication with Better-Auth, a self-hosted authentication solution. The migration removes all AWS SDK dependencies and Cognito-specific code, replacing them with Better-Auth's client and server APIs.

Major Changes

Authentication Infrastructure

• Removed AWS Cognito integration: All @aws-sdk/client-cognito-identity-provider dependencies and Cognito-specific authentication flows have been removed
• Added Better-Auth: Integrated better-auth package (v1.4.9) with plugins for admin, username, JWT, and organization support
• Removed middleware: The Cognito-based authentication middleware (middleware.ts) has been removed. Authentication checks are now handled at the component/route level using Better-Auth session utilities

API Routes Removed

The following authentication-related API routes have been removed:

• app/api/authentication/route.ts - Cognito authentication endpoints (GET/POST/PATCH)
• app/api/authentication/password/route.ts - Password management endpoints
• app/api/authentication/utilities.ts - Cognito utility functions
• app/api/admin/djs/route.ts - DJ registry API (user profiles now managed via Better-Auth)
• app/api/admin/password/route.ts - Admin password management

New Authentication Clients

• Client-side client (lib/features/authentication/client.ts): React hooks-based client for use in client components
• Server-side client (lib/features/authentication/server-client.ts): Server-only client for use in server components, middleware, and API routes
• Server utilities (lib/features/authentication/server-utils.ts): Helper functions for session management, role checking, and user data extraction

Session Management

• Updated session handling (lib/features/session.ts): Replaced Cognito session management with Better-Auth session retrieval using cookie-based authentication
• Session conversion utilities: Added betterAuthSessionToAuthenticationData() to convert Better-Auth sessions to the existing AuthenticationData format for backward compatibility

Type System Updates

• Updated authentication types (lib/features/authentication/types.ts):
  • Removed Cognito-specific JWT payload types (DJwtPayload)
  • Added Better-Auth JWT payload type (BetterAuthJwtPayload)
  • Added WXYCRole type for role management
  • Made realName and djName optional fields
  • Added Better-Auth session types (BetterAuthSession, BetterAuthSessionResponse)
  • Removed AuthenticationSession type (refresh tokens handled by Better-Auth)

Hooks Refactoring

• Authentication hooks (src/hooks/authenticationHooks.ts):

  • useLogin() now uses authClient.signIn.username()
  • useLogout() uses authClient.signOut()
  • useAuthentication() uses authClient.useSession() hook
  • useNewUser() uses authClient.signUp.username()
  • useResetPassword() updated to use Better-Auth admin API

• Admin hooks (src/hooks/adminHooks.ts):

  • useAccountListResults() now uses authClient.admin.listUsers()
  • Added conversion utilities to map Better-Auth user objects to Account type

• DJ hooks (src/hooks/djHooks.ts): Updated to work with Better-Auth user IDs (strings instead of numbers)

Admin Features

• New admin client (lib/features/admin/better-auth-client.ts): Server-side admin client with access verification
• Updated conversions (lib/features/admin/conversions-better-auth.ts): Conversion utilities for Better-Auth user objects
• Removed old admin client (lib/features/admin/client.ts): Cognito-based admin client removed

Component Updates

• Login components: Updated to use Better-Auth sign-in methods
• Logout component (src/components/experiences/modern/Leftbar/LeftbarLogout.tsx): Simplified to use Better-Auth sign-out
• Admin roster components: Updated to use Better-Auth admin API for user management
• Settings pages: Updated to work with Better-Auth session data

Configuration

• Package.json:

  • Added better-auth dependency
  • Removed AWS SDK dependencies
  • Added jose and jwt-decode for JWT handling
  • Added webcrypt-session for session management

• Environment variables: Better-Auth base URL configured via NEXT_PUBLIC_BETTER_AUTH_URL (defaults to http://localhost:8082/api/auth)

Migration Notes

• User profiles (realName, djName) are now stored directly in Better-Auth user data instead of a separate DJ registry
• Role management uses Better-Auth's organization plugin with roles: member, dj, musicDirector, stationManager
• JWT tokens are obtained via Better-Auth's /token endpoint instead of Cognito tokens
• Session cookies are managed by Better-Auth automatically
• Password reset flow has been updated to use Better-Auth admin API (requires admin authentication)

[cloudflare-workers-and-pages]

Deploying wxyc-dj with    Cloudflare Pages

Latest commit:	a4c78d0
Status:	✅  Deploy successful!
Preview URL:	https://2b15eea2.dj-site.pages.dev
Branch Preview URL:	https://new-authentication-provider.dj-site.pages.dev

View logs