Matt
67d7e6e3d5
Full CRM rebuild with Next.js 15, TypeScript, Tailwind, Drizzle ORM, PostgreSQL, Redis, BullMQ, MinIO, and Socket.io. Includes 461 source files covering clients, berths, interests/pipeline, documents/EOI, expenses/invoices, email, notifications, dashboard, admin, and client portal. CI/CD via Gitea Actions with Docker builds. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
54 lines
1.4 KiB
TypeScript
54 lines
1.4 KiB
TypeScript
import { betterAuth } from 'better-auth';
|
|
import { drizzleAdapter } from 'better-auth/adapters/drizzle';
|
|
|
|
import { db } from '@/lib/db';
|
|
import { logger } from '@/lib/logger';
|
|
|
|
/**
|
|
* Better Auth server configuration.
|
|
*
|
|
* Sessions are stored in PostgreSQL (not Redis) per SECURITY-GUIDELINES.md §1.2.
|
|
* The drizzle adapter handles session persistence via the existing `sessions` table.
|
|
*/
|
|
export const auth = betterAuth({
|
|
database: drizzleAdapter(db, {
|
|
provider: 'pg',
|
|
}),
|
|
|
|
emailAndPassword: {
|
|
enabled: true,
|
|
minPasswordLength: 12,
|
|
// Accounts are admin-created only — no self-service email verification flow.
|
|
requireEmailVerification: false,
|
|
},
|
|
|
|
session: {
|
|
// Enable cookie-level session caching to reduce DB reads (5-minute cache).
|
|
cookieCache: {
|
|
enabled: true,
|
|
maxAge: 5 * 60,
|
|
},
|
|
// Absolute session lifetime: 24 hours.
|
|
expiresIn: 60 * 60 * 24,
|
|
// Refresh the session whenever the user is active in the last 25% of its lifetime (6h).
|
|
updateAge: 60 * 60 * 6,
|
|
},
|
|
|
|
advanced: {
|
|
cookiePrefix: 'pn-crm',
|
|
defaultCookieAttributes: {
|
|
httpOnly: true,
|
|
secure: process.env.NODE_ENV === 'production',
|
|
sameSite: 'strict' as const,
|
|
},
|
|
},
|
|
|
|
logger: {
|
|
disabled: false,
|
|
level: 'error' as const,
|
|
},
|
|
});
|
|
|
|
export type Session = typeof auth.$Infer.Session;
|
|
export type User = typeof auth.$Infer.Session.user;
|