letsbe/pn-new-crm
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

fix(auth/mobile): support LAN-IP access in dev + edge-to-edge auth bg

Browse Source 
- branded-auth-shell: split the background image into a separate
    fixed-positioned layer behind the layout. Previously the bg was on
    a min-h-screen container and iOS Safari left visible whitespace at
    the top/bottom when the URL bar showed/hid (the container's height
    didn't match the visual viewport). Now the bg pins to the actual
    visible viewport via `fixed inset-0`. min-h-[100dvh] also added
    so the layout layer matches.
  - auth client: derive baseURL from window.location.origin instead of
    NEXT_PUBLIC_APP_URL. Same dev build now works whether opened on
    localhost (Mac) or the LAN IP (iPhone on Wi-Fi).
  - auth server: dynamic trustedOrigins function that allows
    localhost / 127.x / 192.168.x / 10.x in dev (function form
    inspects the incoming request's Origin). Production stays locked
    to NEXT_PUBLIC_APP_URL.
  - new dev helper: scripts/dev-set-password.ts to set a user's
    better-auth password directly (bypasses the email-reset flow);
    used to bootstrap matt@letsbe.solutions for mobile testing.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
Matt Ciaccio
2026-05-01 16:21:59 +02:00
parent 16ad61ce15
commit 0fb7920db5
4 changed files with 96 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
src/lib/auth/index.ts
View File

@@ -9,11 +9,43 @@ import { db } from '@/lib/db';
* Sessions are stored in PostgreSQL (not Redis) per SECURITY-GUIDELINES.md §1.2.
* The drizzle adapter handles session persistence via the existing `sessions` table.
*/
/**
* In dev, allow requests from any LAN IP so the same `pnpm dev` instance can
* serve both localhost (Mac) and the LAN IP (iPhone on Wi-Fi). In production,
* trustedOrigins is locked down to NEXT_PUBLIC_APP_URL only.
*/
/**
* In dev, allow localhost + any LAN-IP origin so the same `pnpm dev` instance
* can serve both Mac (localhost) and iPhone-on-Wi-Fi (192.168.x.x). The
* function form is preferred over a static list because the LAN IP can vary
* across networks. In production, lock down to NEXT_PUBLIC_APP_URL only.
*/
const isProd = process.env.NODE_ENV === 'production';
const DEV_ORIGIN_PATTERNS = [
/^https?:\/\/(localhost|127\.0\.0\.1)(:\d+)?$/,
/^https?:\/\/192\.168\.\d+\.\d+(:\d+)?$/,
/^https?:\/\/10\.\d+\.\d+\.\d+(:\d+)?$/,
];
const trustedOrigins: (request?: Request) => Promise<string[]> = async (request) => {
if (isProd) {
const prodUrl = process.env.NEXT_PUBLIC_APP_URL;
return prodUrl ? [prodUrl] : [];
}
const origin = request?.headers.get('origin') ?? '';
if (origin && DEV_ORIGIN_PATTERNS.some((re) => re.test(origin))) {
return [origin];
}
return ['http://localhost:3000', 'http://localhost:3001'];
};
export const auth = betterAuth({
database: drizzleAdapter(db, {
provider: 'pg',
}),
trustedOrigins,
emailAndPassword: {
enabled: true,
minPasswordLength: 9,