feat: migrate auth and state flows to better-auth and convex

test/app.test.js

@@ -15,16 +15,26 @@ function createApp(options = {}) {
     polarServer: "production",
     polarProductIds: [],
     appBaseUrl: "http://localhost:3000",
-    ttsApiKey: "",
-    ttsBaseUrl: "",
-    ttsModel: "gpt-4o-mini-tts",
-    ttsVoice: "alloy",
-    s3Bucket: "",
-    s3Region: "",
-    s3Endpoint: "",
-    s3AccessKeyId: "",
-    s3SecretAccessKey: "",
-    s3SignedUrlTtlSec: 3600,
+    betterAuthSecret: "test-better-auth-secret",
+    betterAuthBasePath: "/api/auth",
+    betterAuthDevPassword: "xartaudio-dev-password",
+    convexDeploymentUrl: "",
+    convexAuthToken: "",
+    convexStateQuery: "state:getLatestSnapshot",
+    convexStateMutation: "state:saveSnapshot",
+    qwenTtsApiKey: "",
+    qwenTtsBaseUrl: "https://dashscope-intl.aliyuncs.com/compatible-mode/v1",
+    qwenTtsModel: "qwen-tts-latest",
+    qwenTtsVoice: "Cherry",
+    qwenTtsFormat: "mp3",
+    minioBucket: "",
+    minioEndPoint: "",
+    minioPort: 443,
+    minioUseSSL: true,
+    minioRegion: "us-east-1",
+    minioAccessKey: "",
+    minioSecretKey: "",
+    minioSignedUrlTtlSec: 3600,
     rateLimits: {
       webhookPerMinute: 120,
       authPerMinute: 30,
@@ -117,7 +127,7 @@ test("POST /auth/dev-login sets cookie and redirects", async () => {
 
   assert.equal(response.status, 303);
   assert.equal(response.headers.location, "/app");
-  assert.match(response.headers["set-cookie"], /^xartaudio_user=matiss/);
+  assert.match(String(response.headers["set-cookie"]), /HttpOnly/);
 });
 
 test("authenticated dashboard topup + simulate mention flow", async () => {