From da6c83d425fae5424296facaba77916e4ef37a6d Mon Sep 17 00:00:00 2001 From: "groombook-engineer[bot]" <3141748+groombook-engineer[bot]@users.noreply.github.com> Date: Fri, 3 Apr 2026 08:37:04 +0000 Subject: [PATCH] feat(GRO-390): add reinitAuth() and call it after PUT/DELETE auth-provider Adds reinitAuth() to auth.ts that clears the authInstance and authInitPromise variables, then reinitializes Better-Auth from the DB config. Both PUT and DELETE /api/admin/auth-provider now call reinitAuth() so auth changes take effect immediately without a pod restart. Co-Authored-By: Paperclip --- apps/api/src/lib/auth.ts | 14 ++++++++++++++ apps/api/src/routes/admin/authProvider.ts | 5 +++++ 2 files changed, 19 insertions(+) diff --git a/apps/api/src/lib/auth.ts b/apps/api/src/lib/auth.ts index b7d285c..3f56c09 100644 --- a/apps/api/src/lib/auth.ts +++ b/apps/api/src/lib/auth.ts @@ -27,6 +27,20 @@ export function getAuthPromise() { return authInitPromise; } +/** + * Re-initializes the Better-Auth instance after auth config changes. + * + * Clears both authInstance and authInitPromise, then calls initAuth() to + * re-read config from DB and build a fresh Better-Auth instance. + * Sessions are DB-backed and survive the re-init. + */ +export async function reinitAuth(): Promise { + authInstance = null; + authInitPromise = null; + await initAuth(); + console.log("[auth] Re-initialized auth instance after config change"); +} + /** * Initializes the Better-Auth instance. * diff --git a/apps/api/src/routes/admin/authProvider.ts b/apps/api/src/routes/admin/authProvider.ts index 311fef1..faeb536 100644 --- a/apps/api/src/routes/admin/authProvider.ts +++ b/apps/api/src/routes/admin/authProvider.ts @@ -3,6 +3,7 @@ import { zValidator } from "@hono/zod-validator"; import { z } from "zod/v3"; import { eq, getDb, authProviderConfig, encryptSecret } from "@groombook/db"; import { requireSuperUser } from "../../middleware/rbac.js"; +import { reinitAuth } from "../../lib/auth.js"; export const authProviderRouter = new Hono(); @@ -104,6 +105,8 @@ authProviderRouter.put( .returning(); } + await reinitAuth(); + // Return config with secret redacted return c.json({ id: saved!.id, @@ -186,5 +189,7 @@ authProviderRouter.delete("/", requireSuperUser(), async (c) => { await db.delete(authProviderConfig).where(eq(authProviderConfig.id, existing.id)); + await reinitAuth(); + return c.json({ ok: true, message: "Auth provider config removed; auth will fall back to env vars" }); }); -- 2.52.0