chore: sep out auth pkg and email templates

Author: haritabh-z01

.npmrc

@@ -0,0 +1,2 @@
+public-hoist-pattern[]=*better-auth*
+public-hoist-pattern[]=*@better-auth*

apps/api/package.json

@@ -18,14 +18,14 @@
   "dependencies": {
     "@fastify/cors": "^10.0.1",
     "@paralleldrive/cuid2": "^2.2.2",
+    "@refref/auth": "workspace:*",
     "@refref/coredb": "workspace:*",
     "@refref/id": "workspace:*",
     "@refref/types": "workspace:*",
     "@refref/utils": "workspace:*",
     "@tsndr/cloudflare-worker-jwt": "^3.2.0",
-    "better-auth": "^1.3.32",
     "dotenv": "^17.2.3",
-    "drizzle-orm": "^0.33.0",
+    "drizzle-orm": "^0.44.7",
     "fastify": "^5.2.0",
     "fastify-plugin": "^5.0.1",
     "jose": "^5.9.6",

apps/api/src/plugins/better-auth.ts

@@ -1,10 +1,7 @@
 import { FastifyInstance, FastifyRequest, FastifyReply } from "fastify";
 import fp from "fastify-plugin";
-import { betterAuth } from "better-auth";
-import { drizzleAdapter } from "better-auth/adapters/drizzle";
-import { apiKey } from "better-auth/plugins";
-import { schema } from "@refref/coredb";
-import type { PostgresJsDatabase } from "drizzle-orm/postgres-js";
+import { getAuth } from "@refref/auth";
+import { schema, type DBType } from "@refref/coredb";
 
 declare module "fastify" {
   interface FastifyRequest {
@@ -26,17 +23,16 @@ declare module "fastify" {
  * Better Auth API Key verification plugin for Fastify
  * Uses Better Auth's built-in verifyApiKey function with rate limiting and hashing
  */
-const betterAuthPlugin = fp(async (fastify: FastifyInstance, opts: { db: PostgresJsDatabase<typeof schema> }) => {
-  // Create Better Auth instance with the provided database connection
-  const auth = betterAuth({
-    database: drizzleAdapter(opts.db, {
-      provider: "pg",
-      schema: {
-        ...schema,
-      },
-    }),
-    plugins: [apiKey()],
-    secret: process.env.BETTER_AUTH_SECRET || "secret-for-development-only",
+const betterAuthPlugin = fp(async (fastify: FastifyInstance, opts: { db: DBType }) => {
+  // Create Better Auth instance using shared @refref/auth package
+  const auth = getAuth({
+    baseURL: process.env.APP_URL || "http://localhost:4000",
+    resendApiKey: process.env.RESEND_API_KEY || "debug_key",
+    db: opts.db,
+    schema,
+    enabledSocialAuth: [],
+    enablePasswordAuth: false,
+    enableMagicLinkAuth: false,
   });
 
   if (!fastify.hasRequestDecorator("apiKey")) {

apps/refer/package.json

@@ -23,7 +23,7 @@
     "@refref/utils": "workspace:*",
     "@refref/widget": "workspace:*",
     "dotenv": "^17.2.3",
-    "drizzle-orm": "^0.33.0",
+    "drizzle-orm": "^0.44.7",
     "fastify": "^5.2.0",
     "postgres": "^3.4.5"
   },

apps/webapp/package.json

@@ -59,8 +59,11 @@
     "@radix-ui/react-toggle": "^1.1.2",
     "@radix-ui/react-toggle-group": "^1.1.2",
     "@radix-ui/react-tooltip": "^1.1.8",
+    "@refref/auth": "workspace:*",
+    "@refref/email-templates": "workspace:*",
     "@refref/id": "workspace:*",
     "@refref/types": "workspace:*",
+    "@refref/utils": "workspace:*",
     "@t3-oss/env-nextjs": "^0.10.1",
     "@tabler/icons-react": "^3.31.0",
     "@tanstack/react-form": "^1.19.3",
@@ -71,12 +74,12 @@
     "@trpc/server": "^11.4.4",
     "@tsndr/cloudflare-worker-jwt": "^3.1.4",
     "@uidotdev/usehooks": "^2.4.1",
-    "better-auth": "^1.3.32",
+    "better-auth": "^1.3.34",
     "class-variance-authority": "^0.7.1",
     "clsx": "^2.1.1",
     "cmdk": "1.0.0",
     "date-fns": "^4.1.0",
-    "drizzle-orm": "^0.33.0",
+    "drizzle-orm": "^0.44.7",
     "embla-carousel-react": "^8.5.2",
     "geist": "^1.3.0",
     "input-otp": "^1.4.2",
@@ -89,10 +92,10 @@
     "postgres": "^3.4.5",
     "posthog-js": "^1.281.0",
     "posthog-node": "^5.10.4",
-    "react": "^19.0.0",
+    "react": "^19.2.0",
     "react-aria-components": "^1.8.0",
     "react-day-picker": "8.10.1",
-    "react-dom": "^19.0.0",
+    "react-dom": "^19.2.0",
     "react-hook-form": "^7.54.2",
     "react-icons": "^5.5.0",
     "react-resizable-panels": "^2.1.7",
@@ -116,8 +119,8 @@
     "@refref/ui": "workspace:*",
     "@tailwindcss/postcss": "^4.0.14",
     "@types/node": "^24.3.0",
-    "@types/react": "^19.1.9",
-    "@types/react-dom": "^19.1.7",
+    "@types/react": "^19.2.0",
+    "@types/react-dom": "^19.2.0",
     "@typescript-eslint/eslint-plugin": "^8.1.0",
     "@typescript-eslint/parser": "^8.1.0",
     "@vitest/ui": "^2.1.8",

apps/webapp/src/lib/auth.ts

@@ -1,180 +1,25 @@
-import { betterAuth } from "better-auth";
-import { drizzleAdapter } from "better-auth/adapters/drizzle";
-import { apiKey, magicLink, organization } from "better-auth/plugins";
-import { schema } from "@/server/db";
+import { getAuth } from "@refref/auth";
+import { db, schema } from "@/server/db";
 import { env } from "@/env";
-import { db } from "@/server/db";
 import { logger } from "@/lib/logger";
-import { emailService } from "@/lib/email";
 import { posthog } from "@/lib/posthog";
 
-// Build social providers object dynamically based on enabled providers
-const socialProviders = env.NEXT_PUBLIC_ENABLED_SOCIAL_AUTH.reduce(
-  (acc, provider) => {
-    if (provider === "google") {
-      return {
-        ...acc,
-        google: {
-          clientId: env.GOOGLE_CLIENT_ID,
-          clientSecret: env.GOOGLE_CLIENT_SECRET,
-        },
-      };
-    }
-    // Add more providers here as needed (github, etc.)
-    return acc;
-  },
-  {} as Record<string, { clientId: string; clientSecret: string }>,
-);
-
-export const auth = betterAuth({
+// Create auth instance using the factory function from @refref/auth
+export const auth = getAuth({
   baseURL: env.NEXT_PUBLIC_APP_URL,
-  socialProviders,
-  database: drizzleAdapter(db, {
-    provider: "pg",
-    schema: {
-      ...schema,
-    },
-  }),
-  emailAndPassword: {
-    enabled: env.NEXT_PUBLIC_ENABLE_PASSWORD_AUTH,
-  },
+  resendApiKey: env.RESEND_API_KEY || "debug_key",
+  db,
+  schema,
+  enabledSocialAuth: env.NEXT_PUBLIC_ENABLED_SOCIAL_AUTH,
+  enablePasswordAuth: env.NEXT_PUBLIC_ENABLE_PASSWORD_AUTH,
+  enableMagicLinkAuth: env.NEXT_PUBLIC_ENABLE_MAGIC_LINK_AUTH,
+  google: env.GOOGLE_CLIENT_ID
+    ? {
+        clientId: env.GOOGLE_CLIENT_ID,
+        clientSecret: env.GOOGLE_CLIENT_SECRET,
+      }
+    : undefined,
+  logger,
+  posthog,
   trustedOrigins: [env.NEXT_PUBLIC_APP_URL],
-  /* emailVerification: {
-    sendVerificationEmail: async ({ url }) => {
-        console.log('verification link', url);
-    }
-  }, */
-  emailProviders: {
-    resend: {
-      enabled: !!env.RESEND_API_KEY && env.RESEND_API_KEY !== "debug_key",
-      apiKey: env.RESEND_API_KEY || "debug_key",
-      autosignup: true,
-    },
-  },
-  // socialProviders: {
-  //   github: {
-  //     clientId: process.env.GITHUB_CLIENT_ID!,
-  //     clientSecret: process.env.GITHUB_CLIENT_SECRET!,
-  //   }
-  // },
-  plugins: [
-    ...(env.NEXT_PUBLIC_ENABLE_MAGIC_LINK_AUTH
-      ? [
-          magicLink({
-            sendMagicLink: async ({ email, url }) => {
-              try {
-                logger.info("Sending magic link email", { url, email });
-                const result = await emailService.sendMagicLink({ email, url });
-
-                if (!result.success) {
-                  throw (
-                    result.error || new Error("Failed to send magic link email")
-                  );
-                }
-
-                logger.info("Magic link email sent successfully", { email });
-              } catch (error) {
-                console.error("Error sending magic link email", {
-                  error,
-                  email,
-                });
-                logger.error("Error sending magic link email", {
-                  error,
-                  email,
-                });
-                throw error;
-              }
-            },
-          }),
-        ]
-      : []),
-    organization({
-      schema: {
-        organization: {
-          modelName: "org",
-        },
-        session: {
-          modelName: "session",
-          fields: {
-            activeOrganizationId: "activeOrganizationId",
-          },
-        },
-        member: {
-          modelName: "orgUser",
-          fields: {
-            organizationId: "orgId",
-          },
-        },
-        invitation: {
-          modelName: "invitation",
-          fields: {
-            organizationId: "organizationId",
-          },
-        },
-      },
-      async sendInvitationEmail({ id, email, role, inviter }) {
-        const inviteLink = `${env.NEXT_PUBLIC_APP_URL}/accept-invitation/${id}`;
-        logger.info("Sending invitation email", { inviteLink, email, role });
-
-        await emailService.sendInvitation({
-          id,
-          email,
-          role,
-          inviterName: inviter?.user?.name,
-          inviterEmail: inviter?.user?.email,
-          inviteLink,
-        });
-      },
-    }),
-    apiKey(),
-  ],
-  databaseHooks: {
-    user: {
-      create: {
-        after: async (user) => {
-          // Track user signup event
-          posthog.capture({
-            distinctId: user.id,
-            event: "user_sign_up",
-            properties: {
-              email: user.email,
-              name: user.name || undefined,
-            },
-          });
-
-          // Auto-create default organization for new users
-          try {
-            const { org: orgTable, orgUser } = schema;
-
-            // Create default organization
-            const [newOrg] = await db
-              .insert(orgTable)
-              .values({
-                name: `${user.name || user.email}'s Organization`,
-                slug: `org-${user.id.slice(0, 8)}`,
-              })
-              .returning();
-
-            // Add user as owner of the organization
-            await db.insert(orgUser).values({
-              orgId: newOrg!.id,
-              userId: user.id,
-              role: "owner",
-            });
-
-            logger.info("Created default organization for new user", {
-              userId: user.id,
-              organizationId: newOrg!.id,
-            });
-          } catch (error) {
-            logger.error("Failed to create default organization for user", {
-              userId: user.id,
-              error,
-            });
-            // Don't throw - allow user creation to succeed even if org creation fails
-          }
-        },
-      },
-    },
-  },
 });