Authentication

Authentication

Authentication is built with Better Auth and integrated into the App Router, middleware, dashboard, and admin area.

Main files

PathPurpose
src/lib/auth/api.tsBetter Auth API configuration
src/lib/auth/client.tsClient-side auth helpers
src/lib/auth/server.tsServer-side session helpers
src/lib/auth/edge.tsMiddleware-safe auth checks and public route config
src/lib/auth/admin.tsAdmin-specific helpers
src/app/api/auth/[...all]/route.tsBetter Auth route handler
src/features/auth/componentsSign-in, sign-up, forgot-password UI

Supported flows

FlowNotes
Email/passwordBaseline local auth flow
GitHub OAuthRequires GitHub OAuth app credentials
Google OAuthRequires Google Cloud OAuth credentials
Password resetRequires email delivery to send reset messages
Role-based accessuser and admin roles are used by dashboard/admin protection

Public and protected routes

The middleware/auth edge helpers decide which routes are public and which need a session. Public routes include marketing pages, auth pages, blog, legal pages, docs, and selected API endpoints.

Authenticated pages live under:

src/app/[locale]/(dashboard)/dashboard

Admin pages live under:

src/app/[locale]/(admin)/admin

Make yourself an admin

After creating a local user, update the user's role in the database:

update "user"
set role = 'admin'
where email = 'you@example.com';

Then visit:

/en/admin

Adding an OAuth provider

  1. Create credentials in the provider console.
  2. Add the provider credentials to .env.local.
  3. Register callback URLs that match BETTER_AUTH_URL.
  4. Update the auth UI if you want to expose a new provider button.
  5. Test sign-in locally before enabling it in production.

On this page