53 lines
1.5 KiB
TypeScript
53 lines
1.5 KiB
TypeScript
import { betterAuth } from "better-auth";
|
||
import { drizzleAdapter } from "better-auth/adapters/drizzle";
|
||
import { useDrizzle } from "./db.js";
|
||
import * as schema from "@/db/schema.ts";
|
||
import { admin, bearer, username } from "better-auth/plugins";
|
||
import { passkey } from "@better-auth/passkey";
|
||
|
||
const webOrigin = process.env.WEB_ORIGIN ?? "http://localhost:3000";
|
||
const rpID = new URL(webOrigin).hostname;
|
||
|
||
// 从 WEB_ORIGIN 的主机名推导父域(如 csms.uniiem.com → uniiem.com),
|
||
// 用于跨子域共享 session cookie;本地开发时返回 undefined 不启用。
|
||
function getParentDomain(hostname: string): string | undefined {
|
||
if (hostname === "localhost" || /^\d/.test(hostname)) return undefined;
|
||
const parts = hostname.split(".");
|
||
return parts.length >= 3 ? parts.slice(1).join(".") : undefined;
|
||
}
|
||
|
||
const cookieDomain = process.env.COOKIE_DOMAIN ?? getParentDomain(rpID);
|
||
|
||
export const auth = betterAuth({
|
||
database: drizzleAdapter(useDrizzle(), {
|
||
provider: "pg",
|
||
schema: {
|
||
...schema,
|
||
},
|
||
}),
|
||
trustedOrigins: [webOrigin],
|
||
appName: "Helios EVCS",
|
||
user: {
|
||
additionalFields: {},
|
||
},
|
||
emailAndPassword: {
|
||
enabled: true,
|
||
},
|
||
plugins: [
|
||
admin(),
|
||
username(),
|
||
bearer(),
|
||
passkey({
|
||
rpID,
|
||
rpName: "Helios EVCS",
|
||
origin: webOrigin,
|
||
}),
|
||
],
|
||
advanced: {
|
||
cookiePrefix: "helios_auth",
|
||
crossSubdomainCookies: cookieDomain
|
||
? { enabled: true, domain: cookieDomain }
|
||
: { enabled: false },
|
||
},
|
||
});
|