feat(auth): add support for cross-subdomain cookies and improve environment variable handling

apps/csms/.env.example

@@ -1,2 +1,5 @@
+BETTER_AUTH_SECRET=
 WEB_ORIGIN=http://localhost:3000
 DATABASE_CONNECTION_STRING=
+# 生产环境跨子域 Cookie，例如 .uniiem.com
+COOKIE_DOMAIN=

apps/csms/src/lib/auth.ts

@@ -5,6 +5,9 @@ import * as schema from "@/db/schema.ts";
 import { admin, bearer, username } from "better-auth/plugins";
 import { passkey } from "@better-auth/passkey";
 
+const webOrigin = process.env.WEB_ORIGIN ?? "http://localhost:3000";
+const rpID = new URL(webOrigin).hostname;
+
 export const auth = betterAuth({
   database: drizzleAdapter(useDrizzle(), {
     provider: "pg",
@@ -12,7 +15,7 @@ export const auth = betterAuth({
       ...schema,
     },
   }),
-  trustedOrigins: [process.env.WEB_ORIGIN ?? "http://localhost:3000"],
+  trustedOrigins: [webOrigin],
   appName: "Helios EVCS",
   user: {
     additionalFields: {},
@@ -20,8 +23,20 @@ export const auth = betterAuth({
   emailAndPassword: {
     enabled: true,
   },
-  plugins: [admin(), username(), bearer(), passkey()],
+  plugins: [
+    admin(),
+    username(),
+    bearer(),
+    passkey({
+      rpID,
+      rpName: "Helios EVCS",
+      origin: webOrigin,
+    }),
+  ],
   advanced: {
     cookiePrefix: "helios_auth",
+    crossSubdomainCookies: process.env.COOKIE_DOMAIN
+      ? { enabled: true, domain: process.env.COOKIE_DOMAIN }
+      : { enabled: false },
   },
 });