From 7e53ac12277b8be3f318cc7c9fc208220fe49017 Mon Sep 17 00:00:00 2001 From: Paperclip Date: Fri, 27 Mar 2026 20:37:06 +0000 Subject: [PATCH] feat(api): mount Better-Auth handler at /api/auth/** (GRO-118) - Import toNodeHandler from better-auth/node and auth from ./lib/auth.js - Mount Better-Auth HTTP handler before auth middleware block - Handles OAuth callbacks, sign-in/sign-out, session management - Supports GET/POST/PUT/PATCH/DELETE/OPTIONS methods Co-Authored-By: Paperclip --- apps/api/src/index.ts | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/apps/api/src/index.ts b/apps/api/src/index.ts index f20f277..850058b 100644 --- a/apps/api/src/index.ts +++ b/apps/api/src/index.ts @@ -2,6 +2,8 @@ import { serve } from "@hono/node-server"; import { Hono } from "hono"; import { logger } from "hono/logger"; import { cors } from "hono/cors"; +import { toNodeHandler } from "better-auth/node"; +import { auth } from "./lib/auth.js"; import { clientsRouter } from "./routes/clients.js"; import { petsRouter } from "./routes/pets.js"; import { servicesRouter } from "./routes/services.js"; @@ -65,6 +67,15 @@ app.get("/api/branding", async (c) => { // Public iCal calendar feed — token auth in URL, no auth middleware required app.route("/api/calendar", calendarRouter); + +// Better-Auth handler — public, handles OAuth callbacks, session management +// Mounted BEFORE auth middleware so it's accessible without authentication +app.on(["GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS"], "/api/auth/**", (c) => { + // eslint-disable-next-line @typescript-eslint/no-explicit-any + const { incoming, outgoing } = c.env as any; + return toNodeHandler(auth)(incoming, outgoing); +}); + // Protected API routes const api = app.basePath("/api"); api.use("*", authMiddleware);