fix(auth): make users.hashed_password nullable

Better-Auth inserts into users without a hashed_password value (passwords are stored in the accounts table). This was causing a NOT NULL constraint violation and 422 FAILED_TO_CREATE_USER on sign-up. Revision ID: 003_make_users_hashed_password_nullable Resolves: CAR-172 Co-Authored-By: Paperclip <noreply@paperclip.ing>
fix: use same-origin default for auth URL instead of localhost
2026-03-30 19:10:43 +00:00 · 2026-03-30 16:07:28 +00:00 · 2026-03-30 15:50:51 +00:00 · 2026-03-30 15:20:56 +00:00
3 changed files with 28 additions and 2 deletions
@@ -0,0 +1,26 @@
+"""Make users.hashed_password nullable.
+
+Better-Auth inserts users without hashed_password (passwords live in the
+accounts table). This column is now purely optional.
+
+Revision ID: 003_make_users_hashed_password_nullable
+Revises: 002_better_auth_tables
+Create Date: 2026-03-30
+"""
+
+import sqlalchemy as sa
+
+from alembic import op
+
+revision = "003_make_users_hashed_password_nullable"
+down_revision = "002_better_auth_tables"
+branch_labels = None
+depends_on = None
+
+
+def upgrade() -> None:
+    op.alter_column("users", "hashed_password", existing_type=sa.String(255), nullable=True)
+
+
+def downgrade() -> None:
+    op.alter_column("users", "hashed_password", existing_type=sa.String(255), nullable=False)
@@ -21,7 +21,7 @@ class User(UUIDPrimaryKeyMixin, TimestampMixin, Base):
    __tablename__ = "users"

    email: Mapped[str] = mapped_column(String(255), nullable=False, unique=True)
-    hashed_password: Mapped[str] = mapped_column(String(255), nullable=False)
+    hashed_password: Mapped[str | None] = mapped_column(String(255), nullable=True)
    display_name: Mapped[str | None] = mapped_column(String(100))
    email_verified: Mapped[bool] = mapped_column(Boolean, nullable=False, server_default="false")
    image: Mapped[str | None] = mapped_column(Text, nullable=True)
@@ -28,7 +28,7 @@ const displayNameMapper: BetterFetchPlugin = {
 }

 export const authClient = createAuthClient({
-  baseURL: import.meta.env.VITE_AUTH_URL ?? "http://localhost:3001",
+  baseURL: import.meta.env.VITE_AUTH_URL || "",
  basePath: "/auth",
  fetchPlugins: [displayNameMapper],
 })
Author	SHA1	Message	Date
Barcode Betty	146322f51e	fix(auth): make users.hashed_password nullable Better-Auth inserts into users without a hashed_password value (passwords are stored in the accounts table). This was causing a NOT NULL constraint violation and 422 FAILED_TO_CREATE_USER on sign-up. Revision ID: 003_make_users_hashed_password_nullable Resolves: CAR-172 Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-03-30 19:10:43 +00:00
cartsnitch-engineer[bot]	835aff3522	fix: use same-origin default for auth URL instead of localhost fix: use same-origin default for auth URL instead of localhost	2026-03-30 16:07:28 +00:00
Barcode Betty	5588c1b5d8	fix: use same-origin default for auth URL instead of localhost Avoids ERR_CONNECTION_REFUSED in deployed environments where VITE_AUTH_URL is not set at build time. Empty-string fallback routes auth requests to same origin, which the HTTPRoute forwards to the auth service. cc @cpfarhood Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-03-30 15:50:51 +00:00
cartsnitch-ceo[bot]	c5ed863ab1	fix: align frontend auth with API token response contract fix: align frontend auth with API token response contract	2026-03-30 15:20:56 +00:00