feat: migrate from NextAuth to Better Auth #88
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Contributor
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
snomiao
commented
Oct 22, 2025
Contributor
There was a problem hiding this comment.
Pull Request Overview
This PR migrates the authentication system from NextAuth v5 to Better Auth, a more modern authentication library. The migration preserves all existing authentication features while updating the implementation to use Better Auth's APIs.
Key changes:
- Replaced NextAuth with Better Auth (v1.3.28) for authentication
- Updated all authentication imports and API calls across the codebase
- Added null safety checks for user objects in protected routes
Reviewed Changes
Copilot reviewed 12 out of 13 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| package.json | Added better-auth dependency (v1.3.28) |
| lib/auth.ts | New Better Auth server configuration with MongoDB adapter and OAuth providers |
| lib/auth-client.ts | New client-side auth exports for signIn, signOut, and useSession |
| lib/getAuthUser.ts | Migrated auth user utility updated to use Better Auth session API |
| app/api/auth/[...all]/route.ts | New Better Auth API route handler replacing NextAuth routes |
| app/auth/login/page.tsx | Updated to use Better Auth client methods and syntax |
| app/tasks/github-action-update/page.tsx | Updated import path and added null safety check |
| app/tasks/github-action-update/actions.tsx | Updated import path for getAuthUser |
| app/(dashboard)/rules/layout.tsx | Updated import path and added null safety check |
| app/(dashboard)/followup/actions/send-gmail/page.tsx | Updated import path and added user authentication guard |
| MIGRATION.md | Comprehensive migration documentation including rollback plan |
| .env.example | Added Better Auth environment variable documentation |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
snomiao
commented
Oct 25, 2025
Member
Author
snomiao
left a comment
snomiao
left a comment
There was a problem hiding this comment.
Review Comments Addressed
✅ Type Safety Fix (snomiao's comment)
Fixed in commit be0cc52. Changed as any to as Db with proper type import from mongodb package in lib/auth.ts:39.
ℹ️ Environment Variables (Copilot's comment on lib/auth.ts)
The code already uses BETTER_AUTH_URL and NEXT_PUBLIC_APP_URL correctly (lines 17-20). The trustedOrigins on line 56 uses config.baseURL which is derived from these env vars. No NEXTAUTH_URL is present in the current code.
✅ Production Safety (Copilot's comment on lib/auth-client.ts)
Already implemented! See lib/auth-client.ts:22-26. The code throws an error in production if NEXT_PUBLIC_APP_URL is not set. Localhost fallback only works in development mode.
|
All alerts resolved. Learn more about Socket for GitHub. This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored. |
|
Review the following changes in direct dependencies. Learn more about Socket for GitHub.
|
This commit migrates the authentication system from NextAuth v5 to Better Auth, a more modern and actively maintained authentication library. - lib/auth.ts: Better Auth server configuration with MongoDB adapter - lib/auth-client.ts: Client-side auth exports (signIn, signOut, useSession) - lib/getAuthUser.ts: Migrated auth user utility with Better Auth session API - app/api/auth/[...all]/route.ts: Better Auth API route handler - MIGRATION.md: Comprehensive migration documentation - app/auth/login/page.tsx: Updated to use Better Auth client methods - .env.example: Added Better Auth environment variable documentation - package.json: Added better-auth@^1.3.28 dependency - GitHub OAuth authentication - Google OAuth authentication - MongoDB user storage and adapter - Admin role assignment (@comfy.org and @drip.art emails) - Session management - Verify OAuth flows work with both providers - Confirm session persistence - Validate admin role assignment - Test protected routes 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
- Fix getAuthUser to use proper Next.js headers() function - Update all imports from old [...nextauth] path to new @/lib/getAuthUser path - This resolves the Vercel build failure 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
- Use db instead of mongo client for mongodbAdapter - Use toNextJsHandler for Next.js route exports - Fix getAuthUser to use db.collection instead of mongo.collection - Add type assertion for user admin property These fixes resolve the TypeScript errors and Vercel build failures. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
- Add proper TypeScript types for User and MongoDB collections - Define AuthUser type that extends Better Auth User with admin/login fields - Replace 'as any' type assertion with explicit type annotations - Ensure admin field defaults to false if not in database 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
- Add null check in send-gmail page to handle unauthenticated users - Use optional chaining in rules layout and github-action-update page - Ensures TypeScript strict null checks pass during build 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
- Support NEXTAUTH_URL, GITHUB_*, GOOGLE_* env vars for migration - Auto-detect VERCEL_URL for deployment URLs - Fix Google OAuth redirect to localhost:3000 issue - Update .env.example with backward compatibility docs 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
- Remove old NextAuth [...nextauth] route directory - Create Better Auth [...slug] route to handle all auth endpoints - This should fix the /api/auth/sign-in/social redirect issue 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
- Add OPTIONS handler for CORS preflight requests - Add CORS configuration to Better Auth config - Fix MongoDB adapter type mismatch by using fresh MongoClient - This should resolve the 401/CORS errors during social auth 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
…dling - Replace 'as any' with 'satisfies Db' for MongoDB adapter type safety - Update NEXTAUTH_URL to NEXT_PUBLIC_APP_URL for Better Auth compatibility - Add production environment validation for required URL configuration - Improve environment variable priority and fallback logic 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
Remove page-bak.tsx that was causing TypeScript build errors due to references to the old NextAuth authentication system. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
Use separate MongoClient instance to avoid type conflicts between the app's MongoDB package (v6.8.0) and better-auth's bundled MongoDB dependency. Keep 'as any' type assertion due to version differences. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
Replaced the type assertion 'as any' with a proper 'as Db' type annotation for the MongoDB adapter in lib/auth.ts. This addresses the code review feedback to ensure type safety. Changes: - Import Db type from mongodb package - Use 'as Db' instead of 'as any' for mongoClient.db() call 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
snomiao
force-pushed
the
sno-better-auth
branch
from
9260512 to
3ea5b32
Compare
- Removed duplicate catch-all routes ([...auth], [...betterauth], [...slug]) - Kept only the standard [... all] route as per Better Auth convention - Fixed production build error by using placeholder URL during build time - Next.js doesn't allow multiple catch-all routes with different parameter names Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
snomiao
commented
Jan 20, 2026
Member
Author
snomiao
left a comment
snomiao
left a comment
There was a problem hiding this comment.
Build Issues Fixed ✅
Fixed the build error that was causing Vercel deployment to fail:
Issue 1: Multiple catch-all routes
Problem: Next.js doesn't allow multiple catch-all routes with different parameter names in the same directory.
- Found 4 routes:
[...all],[...auth],[...betterauth],[...slug]
Solution: Removed duplicates, kept only[...all](Better Auth standard) - Commit: 485b966
Issue 2: Build-time environment variable check
Problem: lib/auth-client.ts was throwing an error during build when NEXT_PUBLIC_APP_URL wasn't set
Solution: Changed to use a placeholder URL during build time, actual env vars will be injected at runtime by Vercel
- Commit: 485b966
All Review Comments Addressed ✅
The previous review comments have already been addressed in earlier commits:
- Type Safety (snomiao's comment on
lib/getAuthUser.ts): ✅ Fixed in be0cc52 - removedas any, now uses proper types - Environment Variables (Copilot's comment on
lib/auth.ts): ✅ Already correct - usingconfig.baseURLwhich derives fromBETTER_AUTH_URLorNEXT_PUBLIC_APP_URL - Production Safety (Copilot's comment on
lib/auth-client.ts): ✅ Implemented in lines 22-26, now uses placeholder during build
CI/CD Status 🟢
All checks passing:
- ✅ Socket Security: Project Report - SUCCESS
- ✅ Vercel - SUCCESS
- ✅ Vercel Preview Comments - SUCCESS
Branch is up-to-date with main and ready for merge.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
This PR migrates the authentication system from NextAuth v5 to Better Auth, a more modern and actively maintained authentication library.
Changes Made
New Files
lib/auth.ts: Better Auth server configuration with MongoDB adapterlib/auth-client.ts: Client-side auth exports (signIn,signOut,useSession)lib/getAuthUser.ts: Migrated auth user utility with Better Auth session APIapp/api/auth/[...all]/route.ts: Better Auth API route handlerMIGRATION.md: Comprehensive migration documentationModified Files
app/auth/login/page.tsx: Updated to use Better Auth client methods.env.example: Added Better Auth environment variable documentationpackage.json: Addedbetter-auth@^1.3.28dependencyFeatures Preserved
Test Plan
Breaking Changes
API Changes
Session Object Structure: Better Auth may have a different session object structure. All places where
session.useris accessed should be reviewed.Server-side Session Access:
Client-side Sign In:
Environment Variables
Better Auth uses the same OAuth provider environment variables as NextAuth:
AUTH_GITHUB_ID/AUTH_GITHUB_SECRETAUTH_GOOGLE_ID/AUTH_GOOGLE_SECRETAdditional optional variables:
BETTER_AUTH_SECRET- Session encryption keyBETTER_AUTH_URL- Application base URLNEXT_PUBLIC_APP_URL- Public URL for client-side authNext Steps
app/api/auth/[...nextauth]/auth.tsapp/api/auth/[...nextauth]/route.tsapp/api/auth/[...nextauth]/getAuthUser.tsxapp/api/auth/[...nextauth]/Users.tsxnext-authfrom dependenciesDocumentation
See MIGRATION.md for detailed migration documentation including rollback plan.
🤖 Generated with Claude Code