Matiss/Final-Year-Project
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: migrate to Better Auth for authentication, update environment variables, and enhance database schema with accounts and sessions

Browse Source
This commit is contained in:
Matiss Jurevics
2025-12-20 11:00:00 +00:00
parent 377836d1fa
commit 7bff6b0f91
13 changed files with 183 additions and 205 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
Backend/README.md
View File

@@ -3,7 +3,7 @@
## Overview
Backend for the video upload prototype providing:
- JWT-based authentication
- Better Auth email/password authentication
- Presigned MinIO uploads/downloads
- An authenticated video administration surface at `/admin`
@@ -30,8 +30,9 @@ Required env vars:
| Name | Purpose |
| --- | --- |
| `DATABASE_URL` | Postgres connection string |
| `JWT_SECRET` | Secret used to sign access tokens |
| `JWT_EXPIRES_IN` | Token expiry (e.g., `7d`) |
| `BETTER_AUTH_SECRET` | Secret used to sign sessions |
| `BETTER_AUTH_URL` | Public base URL for the backend (e.g., `http://localhost:3000`) |
| `BETTER_AUTH_TRUSTED_ORIGINS` | Comma-separated list of allowed frontend origins |
| `PORT` | HTTP port (default `3000`) |
| `MINIO_*` | Connection settings for the MinIO/S3 endpoint |
| `ADMIN_USERNAME` / `ADMIN_PASSWORD` | Basic auth for `/admin` dashboard |
@@ -54,23 +55,23 @@ bun run dev
```bash
bun run db:migrate
```
- Backfill Better Auth credential accounts for existing users:
```bash
bun run auth:migrate
```
- Open Drizzle Studio:
```bash
bun run db:studio
```
## API
All `/videos` and `/admin` routes require a valid JWT Bearer token except for the admin dashboard access, which uses HTTP Basic auth with `ADMIN_USERNAME`/`ADMIN_PASSWORD`.
All `/videos` and `/admin` routes require a valid Better Auth session except for the admin dashboard access, which uses HTTP Basic auth with `ADMIN_USERNAME`/`ADMIN_PASSWORD`.
### Authentication
| Endpoint | Description |
| --- | --- |
| `POST /auth/register` | Create a user (`email`, `password`, `name`) |
| `POST /auth/login` | Receive a token using `email`/`password` |
| `GET /auth/me` | Get the current user ([Authorization](#authorization)) |
Authentication is handled by Better Auth under `/api/auth/*` (for example `/api/auth/sign-in` and `/api/auth/sign-up`).
### Authorization
All authenticated endpoints expect an `Authorization: Bearer <token>` header containing the JWT issued at login.
All authenticated endpoints expect a Better Auth session cookie sent by the client.
### Video Management
| Endpoint | Purpose |
@@ -96,4 +97,4 @@ The dashboard UI submits to `/admin/upload-url`, `/admin/objects`, and `/admin/o
## Notes
- MinIO bucket creation happens during startup, so the service must be able to reach the endpoint.
- Keep JWT and MinIO secrets out of source control.
- Keep Better Auth and MinIO secrets out of source control.