src/lib/auth/index.ts

import { betterAuth } from 'better-auth';
import { drizzleAdapter } from 'better-auth/adapters/drizzle';

import { db } from '@/lib/db';

/**
 * Better Auth server configuration.
 *
 * Sessions are stored in PostgreSQL (not Redis) per SECURITY-GUIDELINES.md §1.2.
 * The drizzle adapter handles session persistence via the existing `sessions` table.
 */
export const auth = betterAuth({
  database: drizzleAdapter(db, {
    provider: 'pg',
  }),

  emailAndPassword: {
    enabled: true,
    minPasswordLength: 12,
    // Accounts are admin-created only — no self-service email verification flow.
    requireEmailVerification: false,
  },

  session: {
    // Enable cookie-level session caching to reduce DB reads (5-minute cache).
    cookieCache: {
      enabled: true,
      maxAge: 5 * 60,
    },
    // Absolute session lifetime: 24 hours.
    expiresIn: 60 * 60 * 24,
    // Refresh the session whenever the user is active in the last 25% of its lifetime (6h).
    updateAge: 60 * 60 * 6,
  },

  advanced: {
    cookiePrefix: 'pn-crm',
    defaultCookieAttributes: {
      httpOnly: true,
      secure: process.env.NODE_ENV === 'production',
      sameSite: 'strict' as const,
    },
  },

  logger: {
    disabled: false,
    level: 'error' as const,
  },
});

export type Session = typeof auth.$Infer.Session;
export type User = typeof auth.$Infer.Session.user;
Initial commit: Port Nimara CRM (Layers 0-4) Full CRM rebuild with Next.js 15, TypeScript, Tailwind, Drizzle ORM, PostgreSQL, Redis, BullMQ, MinIO, and Socket.io. Includes 461 source files covering clients, berths, interests/pipeline, documents/EOI, expenses/invoices, email, notifications, dashboard, admin, and client portal. CI/CD via Gitea Actions with Docker builds. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-03-26 11:52:51 +01:00			`import { betterAuth } from 'better-auth';`
			`import { drizzleAdapter } from 'better-auth/adapters/drizzle';`

			`import { db } from '@/lib/db';`

			`/**`
			`* Better Auth server configuration.`
			`*`
			`* Sessions are stored in PostgreSQL (not Redis) per SECURITY-GUIDELINES.md §1.2.`
			* The drizzle adapter handles session persistence via the existing `sessions` table.
			`*/`
			`export const auth = betterAuth({`
			`database: drizzleAdapter(db, {`
			`provider: 'pg',`
			`}),`

			`emailAndPassword: {`
			`enabled: true,`
			`minPasswordLength: 12,`
			`// Accounts are admin-created only — no self-service email verification flow.`
			`requireEmailVerification: false,`
			`},`

			`session: {`
			`// Enable cookie-level session caching to reduce DB reads (5-minute cache).`
			`cookieCache: {`
			`enabled: true,`
			`maxAge: 5 * 60,`
			`},`
			`// Absolute session lifetime: 24 hours.`
			`expiresIn: 60 * 60 * 24,`
			`// Refresh the session whenever the user is active in the last 25% of its lifetime (6h).`
			`updateAge: 60 * 60 * 6,`
			`},`

			`advanced: {`
			`cookiePrefix: 'pn-crm',`
			`defaultCookieAttributes: {`
			`httpOnly: true,`
			`secure: process.env.NODE_ENV === 'production',`
			`sameSite: 'strict' as const,`
			`},`
			`},`

			`logger: {`
			`disabled: false,`
			`level: 'error' as const,`
			`},`
			`});`

			`export type Session = typeof auth.$Infer.Session;`
			`export type User = typeof auth.$Infer.Session.user;`