Better Auth•2w ago

getSession always returns null

i have the following auth-middleware that i can confirm is receiving a proper header. I manually search for the session and was able to get a matching record from the db. I did this both inside a db client and within the middleware using the db adapter to retrieve the record. I see that have bee others with similiar issues. I was wondering if this is a known issue (i don't see a open issue on github) or if there is a work around. I'm setting up the server so i don't have a client setup. I'm using a rest client to make calls into the server. I'm on the latest version of better-auth auth-middleware

import { Session, User } from "better-auth/types";
import { auth } from "../libs/auth/auth";
import Elysia, { Context, error } from "elysia";

export const userMiddleware = new Elysia()
  .derive(async (c: Context) => {
    const session = await auth.api.getSession({ headers: c.request.headers });
    console.log("session", session);

    if (!session) {
      return error(401, {
        message: 'Unauthorized Access: Token is missing'
      });
    }

    return {
      user: session.user,
      session: session.session
    }
  })
  .as("plugin");

import { Session, User } from "better-auth/types";
import { auth } from "../libs/auth/auth";
import Elysia, { Context, error } from "elysia";

export const userMiddleware = new Elysia()
  .derive(async (c: Context) => {
    const session = await auth.api.getSession({ headers: c.request.headers });
    console.log("session", session);

    if (!session) {
      return error(401, {
        message: 'Unauthorized Access: Token is missing'
      });
    }

    return {
      user: session.user,
      session: session.session
    }
  })
  .as("plugin");

auth.ts

import { betterAuth } from "better-auth";
import { drizzleAdapter } from "better-auth/adapters/drizzle";
import { db } from "../db";
import { account, session, user, verification } from "../db/schema";

export const auth = betterAuth({
  database: drizzleAdapter(db, { // We're using Drizzle as our database
    provider: "pg",
    /*
    * Map your schema into a better-auth schema
    */
    schema: {
      user,
      session,
      verification,
      account,
    },
  }),
  emailAndPassword: {
    enabled: true // If you want to use email and password auth
  },
});

import { betterAuth } from "better-auth";
import { drizzleAdapter } from "better-auth/adapters/drizzle";
import { db } from "../db";
import { account, session, user, verification } from "../db/schema";

export const auth = betterAuth({
  database: drizzleAdapter(db, { // We're using Drizzle as our database
    provider: "pg",
    /*
    * Map your schema into a better-auth schema
    */
    schema: {
      user,
      session,
      verification,
      account,
    },
  }),
  emailAndPassword: {
    enabled: true // If you want to use email and password auth
  },
});

index.ts - app and routing setup

import { Elysia, t } from "elysia";
import { cors } from "@elysiajs/cors";
import betterAuthView from "./libs/auth/auth-view";
import { swagger } from "@elysiajs/swagger";
import { userMiddleware } from "./middlewares/auth-middleware";
import { auth } from "./libs/auth/auth";
import { error } from "elysia";

const app = new Elysia()
  .use(cors({
    origin: ['http://localhost:3000'],
    allowedHeaders: ['Content-Type', 'Authorization'],
    methods: ['GET', 'POST', 'PUT', 'DELETE', 'OPTIONS'],
    credentials: true,
  }))
  .use(swagger())
  .all("/api/auth/*", betterAuthView)
  .group("/api", (app) => app
    .use(userMiddleware)
    .get("/test", () => "Hello Elysia")
  )
  .get("/auth/register", async ({ body }) => {
    // TODO: Implement registration logic with Better Auth

    const response = await auth.api.signUpEmail({
      body: {
        email: body.email,
        password: body.password,
        name: body.name,
      }
    })

    return response;
  }, {
    body: t.Object({
      email: t.String(),
      password: t.String(),
      name: t.String(),
    })
  })
  .post("/auth/login", async ({ body }) => {
    const response = await auth.api.signInEmail({
      body: {
        email: body.email,
        password: body.password,
      }
    });

    return {
      ...response,
    };
  }, {
    body: t.Object({
      email: t.String(),
      password: t.String(),
    }),
    // response: t.Object({
    //   token: t.String(),
    // })
  })
  .listen(3000);

console.log(
  `🦊 Elysia is running at ${app.server?.hostname}:${app.server?.port}`
);

import { Elysia, t } from "elysia";
import { cors } from "@elysiajs/cors";
import betterAuthView from "./libs/auth/auth-view";
import { swagger } from "@elysiajs/swagger";
import { userMiddleware } from "./middlewares/auth-middleware";
import { auth } from "./libs/auth/auth";
import { error } from "elysia";

const app = new Elysia()
  .use(cors({
    origin: ['http://localhost:3000'],
    allowedHeaders: ['Content-Type', 'Authorization'],
    methods: ['GET', 'POST', 'PUT', 'DELETE', 'OPTIONS'],
    credentials: true,
  }))
  .use(swagger())
  .all("/api/auth/*", betterAuthView)
  .group("/api", (app) => app
    .use(userMiddleware)
    .get("/test", () => "Hello Elysia")
  )
  .get("/auth/register", async ({ body }) => {
    // TODO: Implement registration logic with Better Auth

    const response = await auth.api.signUpEmail({
      body: {
        email: body.email,
        password: body.password,
        name: body.name,
      }
    })

    return response;
  }, {
    body: t.Object({
      email: t.String(),
      password: t.String(),
      name: t.String(),
    })
  })
  .post("/auth/login", async ({ body }) => {
    const response = await auth.api.signInEmail({
      body: {
        email: body.email,
        password: body.password,
      }
    });

    return {
      ...response,
    };
  }, {
    body: t.Object({
      email: t.String(),
      password: t.String(),
    }),
    // response: t.Object({
    //   token: t.String(),
    // })
  })
  .listen(3000);

console.log(
  `🦊 Elysia is running at ${app.server?.hostname}:${app.server?.port}`
);

1 Reply

JoshuadeleonOP•2w ago

he token value is saved in cookie actually [1:58 PM]ririxi: like, better-auth client handles saving cookie [1:58 PM]ririxi: but server responds with that "token" [1:58 PM]ririxi: you would need to enable bearer to work with tokens normally [1:59 PM]Joshuadeleon: Ahh gotcha. Makes sense. thanks for the help!

Gaming

Programming

getSession always returns null

Did you find this page helpful?