Refactor authentication configuration in BetterAuthProvider: Updated session management to store sessions in the database, increased email verification expiration to 24 hours, and adjusted token expiration settings using date-fns for improved clarity and maintainability.

Rykuno · Rykuno · commit 72fc39d90f93 · 2026-02-21T12:09:03.000-06:00
diff --git a/apps/api/src/auth/better-auth.provider.ts b/apps/api/src/auth/better-auth.provider.ts
@@ -10,6 +10,7 @@ import * as schema from 'src/databases/drizzle.schema';
 import { MailService } from 'src/notifications/mail.service';
 import { AuthConfig } from 'src/common/config/auth.config';
 import { AppConfig } from 'src/common/config/app.config';
+import { hoursToSeconds, minutesToSeconds } from 'date-fns';
 
 const BETTER_AUTH = Symbol('BETTER_AUTH');
 export const InjectBetterAuth = () => Inject(BETTER_AUTH);
@@ -61,10 +62,7 @@ export const BetterAuthProvider = {
       basePath: authConfig.basePath,
       trustedOrigins: authConfig.trustedOrigins,
       session: {
-        cookieCache: {
-          enabled: true,
-          maxAge: 60 * 5,
-        },
+        storeSessionInDatabase: true,
       },
       user: {
         changeEmail: {
@@ -86,17 +84,17 @@ export const BetterAuthProvider = {
           return mailService.sendVerificationEmail({
             to: user.email,
             props: {
-              expirationHours: 1,
+              expirationHours: 24,
               userEmail: user.email,
               verificationUrl: url,
             },
           });
         },
         autoSignInAfterVerification: true,
-        expiresIn: 3600, // 1 hour
+        expiresIn: hoursToSeconds(24), // 1 hour
       },
       emailAndPassword: {
-        resetPasswordTokenExpiresIn: 3600, // 1 hour
+        resetPasswordTokenExpiresIn: hoursToSeconds(1), // 1 hour
         enabled: true,
         autoSignIn: true,
         sendResetPassword: async ({ user, url }) => {
@@ -114,15 +112,15 @@ export const BetterAuthProvider = {
         emailOTP({
           overrideDefaultEmailVerification: true,
           otpLength: 6,
-          expiresIn: 300,
+          expiresIn: minutesToSeconds(5),
           allowedAttempts: 5,
           sendVerificationOTP: async ({ email, otp, type }) => {
             if (type === 'sign-in') {
               return mailService.sendSignInOtpEmail({
                 to: email,
                 props: {
                   otpCode: otp,
-                  expiresInSeconds: 300,
+                  expiresInSeconds: minutesToSeconds(5),
                 },
               });
             }
