From 5b23dd92ed372a2a1e3cb3fb03af4341aba1f718 Mon Sep 17 00:00:00 2001
From: Travis Fischer <fisch0920@gmail.com>
Date: Fri, 23 May 2025 14:46:39 +0700
Subject: [PATCH] =?UTF-8?q?=F0=9F=9A=83?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 apps/api/src/lib/auth.ts             | 9 ++++++---
 packages/cli/src/auth-with-github.ts | 7 +++++++
 readme.md                            | 7 +++++++
 3 files changed, 20 insertions(+), 3 deletions(-)

diff --git a/apps/api/src/lib/auth.ts b/apps/api/src/lib/auth.ts
index c277df5e..983d14fb 100644
--- a/apps/api/src/lib/auth.ts
+++ b/apps/api/src/lib/auth.ts
@@ -3,7 +3,7 @@ import { betterAuth } from 'better-auth'
 import { drizzleAdapter } from 'better-auth/adapters/drizzle'
 import { username } from 'better-auth/plugins'
 
-import { createIdForModel, db } from '@/db'
+import { createIdForModel, db, type ModelType } from '@/db'
 
 import { env } from './env'
 
@@ -13,7 +13,10 @@ export const auth = betterAuth({
   database: drizzleAdapter(db, {
     provider: 'pg'
   }),
-  trustedOrigins: ['http://localhost:6013'],
+  trustedOrigins: [
+    // Used for an oauth redirect when authenticating via the CLI
+    'http://localhost:6013'
+  ],
   emailAndPassword: {
     enabled: true
   },
@@ -61,7 +64,7 @@ export const auth = betterAuth({
   },
   advanced: {
     database: {
-      generateId: ({ model }) => createIdForModel(model as any)
+      generateId: ({ model }) => createIdForModel(model as ModelType)
     }
   },
   plugins: [
diff --git a/packages/cli/src/auth-with-github.ts b/packages/cli/src/auth-with-github.ts
index f4a387c3..c90c188e 100644
--- a/packages/cli/src/auth-with-github.ts
+++ b/packages/cli/src/auth-with-github.ts
@@ -21,6 +21,12 @@ export async function authWithGitHub({
   const port = await getPort({ port: preferredPort })
   const app = new Hono()
 
+  if (port !== preferredPort) {
+    throw new Error(
+      `Port ${preferredPort} is required to authenticate with GitHub, but it is already in use.`
+    )
+  }
+
   let _resolveAuth: any
   let _rejectAuth: any
 
@@ -66,6 +72,7 @@ export async function authWithGitHub({
 
   const res = await client.authClient.signIn.social({
     provider: 'github',
+    // TODO: add error url as well
     callbackURL: `http://localhost:${port}/callback/github/success`
   })
   assert(
diff --git a/readme.md b/readme.md
index 13ebfe14..86e336b5 100644
--- a/readme.md
+++ b/readme.md
@@ -17,6 +17,13 @@
   - decide on approach for auth
     - built-in, first-party, tight coupling
     - https://www.better-auth.com
+      - issues
+        - doesn't allow dynamic social provider config
+        - awkward schema cli generation and constraints
+        - awkward cookie-only session support (need JWTs for CLI and SDK)
+        - client uses dynamic proxy for methods which makes DX awkward
+        - should be able to use custom `ky`-based client
+        - drizzle pg adapter requires `Date` timestamps instead of default strings
     - https://github.com/toolbeam/openauth
     - https://github.com/aipotheosis-labs/aci/tree/main/backend/apps
     - https://github.com/NangoHQ/nango