Skip to content

Port Clerk to Better Auth Attempt #2 #621

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
saddlepaddle merged 11 commits into from
Jan 7, 2026
Merged

Port Clerk to Better Auth Attempt #2 #621

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
11 commits
Select commit Hold shift + click to select a range
14120df
WIP
saddlepaddle Jan 6, 2026
1420895
WIP
saddlepaddle Jan 6, 2026
8ec7967
WIP - tried to restore code
saddlepaddle Jan 6, 2026
241784d
WIP - tried to restore code
saddlepaddle Jan 6, 2026
bb36fde
WIP - tried to restore code
saddlepaddle Jan 6, 2026
f4526e6
WIP - tried to restore code
saddlepaddle Jan 6, 2026
5f0bd36
chore: update bun.lock after rebase
saddlepaddle Jan 7, 2026
5d5f67d
WIP
saddlepaddle Jan 7, 2026
5b79556
fix(desktop): use auth client instead of server to avoid database dep…
saddlepaddle Jan 7, 2026
8ce9f29
fix(auth): use Better Auth client API and split server/client exports
saddlepaddle Jan 7, 2026
8c65ae7
chore: add BETTER_AUTH_SECRET to app env.ts files for tree-shaking
saddlepaddle Jan 7, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 2 additions & 5 deletions .env.example
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,11 +28,9 @@ NEXT_PUBLIC_MARKETING_URL=http://localhost:3002
NEXT_PUBLIC_DOCS_URL=http://localhost:3004

# -----------------------------------------------------------------------------
# Clerk Auth
# Better Auth
# -----------------------------------------------------------------------------
NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY=
CLERK_SECRET_KEY=
CLERK_WEBHOOK_SECRET=
BETTER_AUTH_SECRET=
NEXT_PUBLIC_COOKIE_DOMAIN=localhost

# -----------------------------------------------------------------------------
Expand All @@ -54,7 +52,6 @@ BLOB_READ_WRITE_TOKEN=
NEXT_PUBLIC_POSTHOG_KEY=
POSTHOG_API_KEY=
POSTHOG_PROJECT_ID=
DESKTOP_AUTH_SECRET=

# -----------------------------------------------------------------------------
# Freestyle
Expand Down
30 changes: 8 additions & 22 deletions .github/workflows/deploy-preview.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -170,10 +170,7 @@ jobs:
NEXT_PUBLIC_API_URL: https://${{ env.API_ALIAS }}
NEXT_PUBLIC_WEB_URL: https://${{ env.WEB_ALIAS }}
NEXT_PUBLIC_ADMIN_URL: https://${{ env.ADMIN_ALIAS }}
CLERK_SECRET_KEY: ${{ secrets.CLERK_SECRET_KEY }}
CLERK_WEBHOOK_SECRET: ${{ secrets.CLERK_WEBHOOK_SECRET }}
NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY: ${{ secrets.NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY }}
DESKTOP_AUTH_SECRET: ${{ secrets.DESKTOP_AUTH_SECRET }}
BETTER_AUTH_SECRET: ${{ secrets.BETTER_AUTH_SECRET }}
GOOGLE_CLIENT_ID: ${{ secrets.GOOGLE_CLIENT_ID }}
GOOGLE_CLIENT_SECRET: ${{ secrets.GOOGLE_CLIENT_SECRET }}
GH_CLIENT_ID: ${{ secrets.GH_CLIENT_ID }}
Expand All @@ -197,16 +194,13 @@ jobs:
vercel pull --yes --environment=preview --token=$VERCEL_TOKEN
vercel build --token=$VERCEL_TOKEN
VERCEL_URL=$(vercel deploy --prebuilt --token=$VERCEL_TOKEN \
--env CLERK_SECRET_KEY=$CLERK_SECRET_KEY \
--env CLERK_WEBHOOK_SECRET=$CLERK_WEBHOOK_SECRET \
--env DATABASE_URL=$DATABASE_URL \
--env DATABASE_URL_UNPOOLED=$DATABASE_URL_UNPOOLED \
--env BLOB_READ_WRITE_TOKEN=$BLOB_READ_WRITE_TOKEN \
--env NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL \
--env NEXT_PUBLIC_WEB_URL=$NEXT_PUBLIC_WEB_URL \
--env NEXT_PUBLIC_ADMIN_URL=$NEXT_PUBLIC_ADMIN_URL \
--env NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY=$NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY \
--env DESKTOP_AUTH_SECRET=$DESKTOP_AUTH_SECRET \
--env BETTER_AUTH_SECRET=$BETTER_AUTH_SECRET \
--env GOOGLE_CLIENT_ID=$GOOGLE_CLIENT_ID \
--env GOOGLE_CLIENT_SECRET=$GOOGLE_CLIENT_SECRET \
--env GH_CLIENT_ID=$GH_CLIENT_ID \
Expand Down Expand Up @@ -292,28 +286,24 @@ jobs:
NEXT_PUBLIC_WEB_URL: https://${{ env.WEB_ALIAS }}
NEXT_PUBLIC_MARKETING_URL: https://${{ env.MARKETING_ALIAS }}
NEXT_PUBLIC_DOCS_URL: https://${{ env.DOCS_ALIAS }}
CLERK_SECRET_KEY: ${{ secrets.CLERK_SECRET_KEY }}
NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY: ${{ secrets.NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY }}
BETTER_AUTH_SECRET: ${{ secrets.BETTER_AUTH_SECRET }}
NEXT_PUBLIC_COOKIE_DOMAIN: ${{ secrets.NEXT_PUBLIC_COOKIE_DOMAIN }}
NEXT_PUBLIC_POSTHOG_KEY: ${{ secrets.NEXT_PUBLIC_POSTHOG_KEY }}
NEXT_PUBLIC_POSTHOG_HOST: ${{ secrets.NEXT_PUBLIC_POSTHOG_HOST }}
DESKTOP_AUTH_SECRET: ${{ secrets.DESKTOP_AUTH_SECRET }}
NEXT_PUBLIC_SENTRY_DSN_WEB: ${{ secrets.NEXT_PUBLIC_SENTRY_DSN_WEB }}
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
NEXT_PUBLIC_SENTRY_ENVIRONMENT: ${{ vars.NEXT_PUBLIC_SENTRY_ENVIRONMENT }}
run: |
vercel pull --yes --environment=preview --token=$VERCEL_TOKEN
vercel build --token=$VERCEL_TOKEN
VERCEL_URL=$(vercel deploy --prebuilt --token=$VERCEL_TOKEN \
--env CLERK_SECRET_KEY=$CLERK_SECRET_KEY \
--env DATABASE_URL=$DATABASE_URL \
--env DATABASE_URL_UNPOOLED=$DATABASE_URL_UNPOOLED \
--env DESKTOP_AUTH_SECRET=$DESKTOP_AUTH_SECRET \
--env BETTER_AUTH_SECRET=$BETTER_AUTH_SECRET \
--env NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL \
--env NEXT_PUBLIC_WEB_URL=$NEXT_PUBLIC_WEB_URL \
--env NEXT_PUBLIC_MARKETING_URL=$NEXT_PUBLIC_MARKETING_URL \
--env NEXT_PUBLIC_DOCS_URL=$NEXT_PUBLIC_DOCS_URL \
--env NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY=$NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY \
--env NEXT_PUBLIC_COOKIE_DOMAIN=$NEXT_PUBLIC_COOKIE_DOMAIN \
--env NEXT_PUBLIC_POSTHOG_KEY=$NEXT_PUBLIC_POSTHOG_KEY \
--env NEXT_PUBLIC_POSTHOG_HOST=$NEXT_PUBLIC_POSTHOG_HOST \
Expand Down Expand Up @@ -370,8 +360,7 @@ jobs:
VERCEL_PROJECT_ID: ${{ secrets.VERCEL_MARKETING_PROJECT_ID }}
NEXT_PUBLIC_API_URL: https://${{ env.API_ALIAS }}
NEXT_PUBLIC_WEB_URL: https://${{ env.WEB_ALIAS }}
CLERK_SECRET_KEY: ${{ secrets.CLERK_SECRET_KEY }}
NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY: ${{ secrets.NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY }}
BETTER_AUTH_SECRET: ${{ secrets.BETTER_AUTH_SECRET }}
NEXT_PUBLIC_COOKIE_DOMAIN: ${{ secrets.NEXT_PUBLIC_COOKIE_DOMAIN }}
NEXT_PUBLIC_POSTHOG_KEY: ${{ secrets.NEXT_PUBLIC_POSTHOG_KEY }}
NEXT_PUBLIC_POSTHOG_HOST: ${{ secrets.NEXT_PUBLIC_POSTHOG_HOST }}
Expand All @@ -382,10 +371,9 @@ jobs:
vercel pull --yes --environment=preview --token=$VERCEL_TOKEN
vercel build --token=$VERCEL_TOKEN
VERCEL_URL=$(vercel deploy --prebuilt --token=$VERCEL_TOKEN \
--env CLERK_SECRET_KEY=$CLERK_SECRET_KEY \
--env BETTER_AUTH_SECRET=$BETTER_AUTH_SECRET \
--env NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL \
--env NEXT_PUBLIC_WEB_URL=$NEXT_PUBLIC_WEB_URL \
--env NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY=$NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY \
--env NEXT_PUBLIC_COOKIE_DOMAIN=$NEXT_PUBLIC_COOKIE_DOMAIN \
--env NEXT_PUBLIC_POSTHOG_KEY=$NEXT_PUBLIC_POSTHOG_KEY \
--env NEXT_PUBLIC_POSTHOG_HOST=$NEXT_PUBLIC_POSTHOG_HOST \
Expand Down Expand Up @@ -455,8 +443,7 @@ jobs:
DATABASE_URL_UNPOOLED: ${{ env.DATABASE_URL_UNPOOLED }}
NEXT_PUBLIC_API_URL: https://${{ env.API_ALIAS }}
NEXT_PUBLIC_WEB_URL: https://${{ env.WEB_ALIAS }}
CLERK_SECRET_KEY: ${{ secrets.CLERK_SECRET_KEY }}
NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY: ${{ secrets.NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY }}
BETTER_AUTH_SECRET: ${{ secrets.BETTER_AUTH_SECRET }}
NEXT_PUBLIC_COOKIE_DOMAIN: ${{ secrets.NEXT_PUBLIC_COOKIE_DOMAIN }}
NEXT_PUBLIC_POSTHOG_KEY: ${{ secrets.NEXT_PUBLIC_POSTHOG_KEY }}
NEXT_PUBLIC_POSTHOG_HOST: ${{ secrets.NEXT_PUBLIC_POSTHOG_HOST }}
Expand All @@ -469,12 +456,11 @@ jobs:
vercel pull --yes --environment=preview --token=$VERCEL_TOKEN
vercel build --token=$VERCEL_TOKEN
VERCEL_URL=$(vercel deploy --prebuilt --token=$VERCEL_TOKEN \
--env CLERK_SECRET_KEY=$CLERK_SECRET_KEY \
--env DATABASE_URL=$DATABASE_URL \
--env DATABASE_URL_UNPOOLED=$DATABASE_URL_UNPOOLED \
--env BETTER_AUTH_SECRET=$BETTER_AUTH_SECRET \
--env NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL \
--env NEXT_PUBLIC_WEB_URL=$NEXT_PUBLIC_WEB_URL \
--env NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY=$NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY \
--env NEXT_PUBLIC_COOKIE_DOMAIN=$NEXT_PUBLIC_COOKIE_DOMAIN \
--env NEXT_PUBLIC_POSTHOG_KEY=$NEXT_PUBLIC_POSTHOG_KEY \
--env NEXT_PUBLIC_POSTHOG_HOST=$NEXT_PUBLIC_POSTHOG_HOST \
Expand Down
30 changes: 8 additions & 22 deletions .github/workflows/deploy-production.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -73,11 +73,8 @@ jobs:
NEXT_PUBLIC_API_URL: ${{ secrets.NEXT_PUBLIC_API_URL }}
NEXT_PUBLIC_WEB_URL: ${{ secrets.NEXT_PUBLIC_WEB_URL }}
NEXT_PUBLIC_ADMIN_URL: ${{ secrets.NEXT_PUBLIC_ADMIN_URL }}
CLERK_SECRET_KEY: ${{ secrets.CLERK_SECRET_KEY }}
CLERK_WEBHOOK_SECRET: ${{ secrets.CLERK_WEBHOOK_SECRET }}
BETTER_AUTH_SECRET: ${{ secrets.BETTER_AUTH_SECRET }}
BLOB_READ_WRITE_TOKEN: ${{ secrets.BLOB_READ_WRITE_TOKEN }}
NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY: ${{ secrets.NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY }}
DESKTOP_AUTH_SECRET: ${{ secrets.DESKTOP_AUTH_SECRET }}
GOOGLE_CLIENT_ID: ${{ secrets.GOOGLE_CLIENT_ID }}
GOOGLE_CLIENT_SECRET: ${{ secrets.GOOGLE_CLIENT_SECRET }}
GH_CLIENT_ID: ${{ secrets.GH_CLIENT_ID }}
Expand All @@ -101,16 +98,13 @@ jobs:
vercel pull --yes --environment=production --token=$VERCEL_TOKEN
vercel build --prod --token=$VERCEL_TOKEN
vercel deploy --prod --prebuilt --token=$VERCEL_TOKEN \
--env CLERK_SECRET_KEY=$CLERK_SECRET_KEY \
--env CLERK_WEBHOOK_SECRET=$CLERK_WEBHOOK_SECRET \
--env DATABASE_URL=$DATABASE_URL \
--env DATABASE_URL_UNPOOLED=$DATABASE_URL_UNPOOLED \
--env BLOB_READ_WRITE_TOKEN=$BLOB_READ_WRITE_TOKEN \
--env NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL \
--env NEXT_PUBLIC_WEB_URL=$NEXT_PUBLIC_WEB_URL \
--env NEXT_PUBLIC_ADMIN_URL=$NEXT_PUBLIC_ADMIN_URL \
--env NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY=$NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY \
--env DESKTOP_AUTH_SECRET=$DESKTOP_AUTH_SECRET \
--env BETTER_AUTH_SECRET=$BETTER_AUTH_SECRET \
--env GOOGLE_CLIENT_ID=$GOOGLE_CLIENT_ID \
--env GOOGLE_CLIENT_SECRET=$GOOGLE_CLIENT_SECRET \
--env GH_CLIENT_ID=$GH_CLIENT_ID \
Expand Down Expand Up @@ -168,28 +162,24 @@ jobs:
NEXT_PUBLIC_WEB_URL: ${{ secrets.NEXT_PUBLIC_WEB_URL }}
NEXT_PUBLIC_MARKETING_URL: ${{ secrets.NEXT_PUBLIC_MARKETING_URL }}
NEXT_PUBLIC_DOCS_URL: ${{ secrets.NEXT_PUBLIC_DOCS_URL }}
CLERK_SECRET_KEY: ${{ secrets.CLERK_SECRET_KEY }}
NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY: ${{ secrets.NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY }}
BETTER_AUTH_SECRET: ${{ secrets.BETTER_AUTH_SECRET }}
NEXT_PUBLIC_COOKIE_DOMAIN: ${{ secrets.NEXT_PUBLIC_COOKIE_DOMAIN }}
NEXT_PUBLIC_POSTHOG_KEY: ${{ secrets.NEXT_PUBLIC_POSTHOG_KEY }}
NEXT_PUBLIC_POSTHOG_HOST: ${{ secrets.NEXT_PUBLIC_POSTHOG_HOST }}
DESKTOP_AUTH_SECRET: ${{ secrets.DESKTOP_AUTH_SECRET }}
NEXT_PUBLIC_SENTRY_DSN_WEB: ${{ secrets.NEXT_PUBLIC_SENTRY_DSN_WEB }}
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
NEXT_PUBLIC_SENTRY_ENVIRONMENT: ${{ vars.NEXT_PUBLIC_SENTRY_ENVIRONMENT }}
run: |
vercel pull --yes --environment=production --token=$VERCEL_TOKEN
vercel build --prod --token=$VERCEL_TOKEN
vercel deploy --prod --prebuilt --token=$VERCEL_TOKEN \
--env CLERK_SECRET_KEY=$CLERK_SECRET_KEY \
--env DATABASE_URL=$DATABASE_URL \
--env DATABASE_URL_UNPOOLED=$DATABASE_URL_UNPOOLED \
--env DESKTOP_AUTH_SECRET=$DESKTOP_AUTH_SECRET \
--env BETTER_AUTH_SECRET=$BETTER_AUTH_SECRET \
--env NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL \
--env NEXT_PUBLIC_WEB_URL=$NEXT_PUBLIC_WEB_URL \
--env NEXT_PUBLIC_MARKETING_URL=$NEXT_PUBLIC_MARKETING_URL \
--env NEXT_PUBLIC_DOCS_URL=$NEXT_PUBLIC_DOCS_URL \
--env NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY=$NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY \
--env NEXT_PUBLIC_COOKIE_DOMAIN=$NEXT_PUBLIC_COOKIE_DOMAIN \
--env NEXT_PUBLIC_POSTHOG_KEY=$NEXT_PUBLIC_POSTHOG_KEY \
--env NEXT_PUBLIC_POSTHOG_HOST=$NEXT_PUBLIC_POSTHOG_HOST \
Expand Down Expand Up @@ -230,8 +220,7 @@ jobs:
VERCEL_PROJECT_ID: ${{ secrets.VERCEL_MARKETING_PROJECT_ID }}
NEXT_PUBLIC_API_URL: ${{ secrets.NEXT_PUBLIC_API_URL }}
NEXT_PUBLIC_WEB_URL: ${{ secrets.NEXT_PUBLIC_WEB_URL }}
CLERK_SECRET_KEY: ${{ secrets.CLERK_SECRET_KEY }}
NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY: ${{ secrets.NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY }}
BETTER_AUTH_SECRET: ${{ secrets.BETTER_AUTH_SECRET }}
NEXT_PUBLIC_COOKIE_DOMAIN: ${{ secrets.NEXT_PUBLIC_COOKIE_DOMAIN }}
NEXT_PUBLIC_POSTHOG_KEY: ${{ secrets.NEXT_PUBLIC_POSTHOG_KEY }}
NEXT_PUBLIC_POSTHOG_HOST: ${{ secrets.NEXT_PUBLIC_POSTHOG_HOST }}
Expand All @@ -242,10 +231,9 @@ jobs:
vercel pull --yes --environment=production --token=$VERCEL_TOKEN
vercel build --prod --token=$VERCEL_TOKEN
vercel deploy --prod --prebuilt --token=$VERCEL_TOKEN \
--env CLERK_SECRET_KEY=$CLERK_SECRET_KEY \
--env BETTER_AUTH_SECRET=$BETTER_AUTH_SECRET \
--env NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL \
--env NEXT_PUBLIC_WEB_URL=$NEXT_PUBLIC_WEB_URL \
--env NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY=$NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY \
--env NEXT_PUBLIC_COOKIE_DOMAIN=$NEXT_PUBLIC_COOKIE_DOMAIN \
--env NEXT_PUBLIC_POSTHOG_KEY=$NEXT_PUBLIC_POSTHOG_KEY \
--env NEXT_PUBLIC_POSTHOG_HOST=$NEXT_PUBLIC_POSTHOG_HOST \
Expand Down Expand Up @@ -288,8 +276,7 @@ jobs:
DATABASE_URL_UNPOOLED: ${{ secrets.DATABASE_URL_UNPOOLED }}
NEXT_PUBLIC_API_URL: ${{ secrets.NEXT_PUBLIC_API_URL }}
NEXT_PUBLIC_WEB_URL: ${{ secrets.NEXT_PUBLIC_WEB_URL }}
CLERK_SECRET_KEY: ${{ secrets.CLERK_SECRET_KEY }}
NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY: ${{ secrets.NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY }}
BETTER_AUTH_SECRET: ${{ secrets.BETTER_AUTH_SECRET }}
NEXT_PUBLIC_COOKIE_DOMAIN: ${{ secrets.NEXT_PUBLIC_COOKIE_DOMAIN }}
NEXT_PUBLIC_POSTHOG_KEY: ${{ secrets.NEXT_PUBLIC_POSTHOG_KEY }}
NEXT_PUBLIC_POSTHOG_HOST: ${{ secrets.NEXT_PUBLIC_POSTHOG_HOST }}
Expand All @@ -302,12 +289,11 @@ jobs:
vercel pull --yes --environment=production --token=$VERCEL_TOKEN
vercel build --prod --token=$VERCEL_TOKEN
vercel deploy --prod --prebuilt --token=$VERCEL_TOKEN \
--env CLERK_SECRET_KEY=$CLERK_SECRET_KEY \
--env DATABASE_URL=$DATABASE_URL \
--env DATABASE_URL_UNPOOLED=$DATABASE_URL_UNPOOLED \
--env BETTER_AUTH_SECRET=$BETTER_AUTH_SECRET \
--env NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL \
--env NEXT_PUBLIC_WEB_URL=$NEXT_PUBLIC_WEB_URL \
--env NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY=$NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY \
--env NEXT_PUBLIC_COOKIE_DOMAIN=$NEXT_PUBLIC_COOKIE_DOMAIN \
--env NEXT_PUBLIC_POSTHOG_KEY=$NEXT_PUBLIC_POSTHOG_KEY \
--env NEXT_PUBLIC_POSTHOG_HOST=$NEXT_PUBLIC_POSTHOG_HOST \
Expand Down
3 changes: 2 additions & 1 deletion apps/admin/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,8 +11,8 @@
"typecheck": "tsc --noEmit"
},
"dependencies": {
"@clerk/nextjs": "^6.36.2",
"@sentry/nextjs": "^10.32.1",
"@superset/auth": "workspace:*",
Copy link

@coderabbitai coderabbitai bot Jan 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🌐 Web query:

better-auth npm package version 1.4.9 security vulnerabilities

💡 Result:

I found multiple public security advisories for the better-auth package. Short summary relevant to version 1.4.9:

  • Multiple disclosures exist (open-redirect / verify-email, HTML injection, and other router / multi-session issues) documented in public advisories. (advisories.gitlab.com)
  • One CVE (CVE-2024-56734) is an open-redirect in the verify-email endpoint; it was fixed in 1.1.6 (so versions >=1.1.6 are not vulnerable to that CVE). (advisories.gitlab.com)
  • Other more recent advisories describe router baseURL poisoning, a multi-session sign-out cookie-trust issue, and other flaws — check the package security advisories and change logs for which specific patch version fixes each issue. (advisories.gitlab.com)

Recommendation: review the project’s official security advisories and changelog and upgrade to the latest patched release (or apply the vendor-recommended patches) before running 1.4.9 in production. Useful references: Snyk package page, GitLab/npm advisory page, and vendor security advisory entries. (security.snyk.io)

If you want, I can (a) list which specific advisories affect 1.4.9 exactly, or (b) fetch the changelog/commit that fixes a particular advisory. Which would you prefer?

Citations:

🌐 Web query:

better-auth latest stable version npm registry

💡 Result:

The latest stable version on the npm registry is 1.4.7 (as of January 6, 2026). [1][2]

Sources:
[1] Snyk package page for better-auth (shows latest version 1.4.7).
[2] Better Auth release/blog pages announcing the 1.4 series.

Correct the better-auth version—1.4.9 does not exist on npm.

The specified version ^1.4.9 cannot be resolved; the latest stable version on npm is 1.4.7 (as of January 2026). Update the dependency to ^1.4.7 or verify the intended version.

Additionally, better-auth has multiple known security advisories including router baseURL poisoning, multi-session sign-out cookie-trust issues, and HTML injection flaws. Review the official security advisories and changelog to understand which patches apply to the version you deploy, and plan upgrades accordingly before production use.

Also applies to: 26-26

🤖 Prompt for AI Agents 
In @apps/admin/package.json at line 15, Update the better-auth dependency in
package.json for the @superset/auth entry: replace the non-existent ^1.4.9
version with a resolvable release such as ^1.4.7 (or the intended published
version), and ensure any other occurrences of better-auth in the repo are
updated consistently; also review the linked security advisories and changelog
to determine whether additional patches or a different safe version are required
before promoting to production.

"@superset/db": "workspace:*",
"@superset/shared": "workspace:*",
"@superset/trpc": "workspace:*",
Expand All @@ -23,6 +23,7 @@
"@trpc/client": "^11.7.1",
"@trpc/server": "^11.7.1",
"@trpc/tanstack-react-query": "^11.7.1",
"better-auth": "^1.4.9",
"date-fns": "^4.1.0",
"drizzle-orm": "0.45.1",
"import-in-the-middle": "2.0.1",
Expand Down
7 changes: 1 addition & 6 deletions apps/admin/src/app/(dashboard)/components/AppSidebar/AppSidebar.tsx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ import {
SidebarRail,
} from "@superset/ui/sidebar";
import { usePathname } from "next/navigation";
import { LuChevronRight, LuHouse, LuUsers, LuUserX } from "react-icons/lu";
import { LuChevronRight, LuHouse, LuUsers } from "react-icons/lu";

import { AppSidebarHeader } from "./components/AppSidebarHeader";
import { NavUser } from "./components/NavUser";
Expand All @@ -43,11 +43,6 @@ const sections = [
url: "/users",
icon: LuUsers,
},
{
title: "Deleted Users",
url: "/users/deleted",
icon: LuUserX,
},
],
},
];
Expand Down
28 changes: 14 additions & 14 deletions apps/admin/src/app/(dashboard)/components/AppSidebar/components/NavUser/NavUser.tsx
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
"use client";

import { useClerk } from "@clerk/nextjs";
import { authClient } from "@superset/auth/client";
import type { RouterOutputs } from "@superset/trpc";
import { Avatar, AvatarFallback, AvatarImage } from "@superset/ui/avatar";
import {
Expand All @@ -25,7 +25,6 @@ import {
LuLogOut,
LuSettings,
} from "react-icons/lu";

import { env } from "@/env";

export interface NavUserProps {
Expand All @@ -34,13 +33,22 @@ export interface NavUserProps {

export function NavUser({ user }: NavUserProps) {
const { isMobile } = useSidebar();
const { signOut } = useClerk();

const userInitials = user.name
.split(" ")
.map((name) => name[0])
.join("");

const handleSignOut = async () => {
await authClient.signOut({
fetchOptions: {
onSuccess: () => {
window.location.href = env.NEXT_PUBLIC_WEB_URL;
},
},
});
};
Comment on lines +42 to +50
Copy link

@coderabbitai coderabbitai bot Jan 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

Error handling still missing in sign-out flow.

The handleSignOut function continues to lack error handling as previously flagged. Without try-catch or an onError handler, sign-out failures (network issues, API errors) will leave users in an inconsistent auth state with no feedback.

As noted in the previous review, please add error handling with logging following the pattern [domain/operation] message per coding guidelines.

🤖 Prompt for AI Agents 
In
@apps/admin/src/app/(dashboard)/components/AppSidebar/components/NavUser/NavUser.tsx
around lines 42 - 50, The sign-out flow in handleSignOut lacks error handling;
wrap the authClient.signOut call in a try/catch (or provide an onError callback
in fetchOptions) and log failures using the project pattern (e.g.,
processLogger.error or console.error with a prefix like "[auth/signOut] Failed
to sign out: <error>"). Ensure the success behavior (window.location.href =
env.NEXT_PUBLIC_WEB_URL) remains on success and surface a user-friendly fallback
or no-op on error.


return (
<SidebarMenu>
<SidebarMenuItem>
Expand All @@ -51,10 +59,7 @@ export function NavUser({ user }: NavUserProps) {
className="data-[state=open]:bg-sidebar-accent data-[state=open]:text-sidebar-accent-foreground"
>
<Avatar className="h-8 w-8 rounded-lg">
<AvatarImage
src={user.avatarUrl ?? undefined}
alt={user.name}
/>
<AvatarImage src={user.image ?? undefined} alt={user.name} />
<AvatarFallback className="rounded-lg">
{userInitials}
</AvatarFallback>
Expand All @@ -75,10 +80,7 @@ export function NavUser({ user }: NavUserProps) {
<DropdownMenuLabel className="p-0 font-normal">
<div className="flex items-center gap-2 px-1 py-1.5 text-left text-sm">
<Avatar className="h-8 w-8 rounded-lg">
<AvatarImage
src={user.avatarUrl ?? undefined}
alt={user.name}
/>
<AvatarImage src={user.image ?? undefined} alt={user.name} />
<AvatarFallback className="rounded-lg">
{userInitials}
</AvatarFallback>
Expand All @@ -105,9 +107,7 @@ export function NavUser({ user }: NavUserProps) {
</DropdownMenuItem>
</DropdownMenuGroup>
<DropdownMenuSeparator />
<DropdownMenuItem
onClick={() => signOut({ redirectUrl: env.NEXT_PUBLIC_WEB_URL })}
>
<DropdownMenuItem onClick={handleSignOut}>
<LuLogOut />
Log out
</DropdownMenuItem>
Expand Down
4 changes: 2 additions & 2 deletions apps/admin/src/app/(dashboard)/components/LeaderboardTable/LeaderboardTable.tsx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ interface LeaderboardEntry {
userId: string;
name: string;
email: string;
avatarUrl: string | null;
image: string | null;
count: number;
}

Expand Down Expand Up @@ -97,7 +97,7 @@ export function LeaderboardTable({
<TableCell>
<div className="flex items-center gap-3">
<Avatar className="h-8 w-8">
<AvatarImage src={entry.avatarUrl ?? undefined} />
<AvatarImage src={entry.image ?? undefined} />
<AvatarFallback>
{entry.name
.split(" ")
Expand Down
Loading