KwozyK Posts - Answer Overflow

KwozyK

•Created by KwozyK on 2/18/2025 in #help

seesion not saving when running dev server with --host or when running build

Frontend spa in react Backend is a express server Hi, I am tryint to test my webapp from my phone so i am using the --host option with vite (i do bun run dev --host) but now my cookies are not being set and the session is not being stored. Here is my signin code:

 const { error } = await authClient.signIn.email({
      email,
      password: password,
      callbackURL: url,
    });
    if (error) { console.log(error) }

 const { error } = await authClient.signIn.email({
      email,
      password: password,
      callbackURL: url,
    });
    if (error) { console.log(error) }

which does not log the error and i can see my redirect working, the url is set to my app base path while hosting thats 10.0.0.134:5173, and it correctly redirects me but because the session isnt saved it puts me back to my login page (all other routes are protected) I also know its hitting the auth server because i put a test middleware infront of the auth like so:

const test = async (req: Request, res: Response, next: NextFunction) => {
  console.log("Hello")
  next()
}
app.all("/api/auth/*", test, toNodeHandler(auth));

const test = async (req: Request, res: Response, next: NextFunction) => {
  console.log("Hello")
  next()
}
app.all("/api/auth/*", test, toNodeHandler(auth));

which does print hello when i press sign in on the client (removing the test middleware does nothing to fix it) I have these cors rules set up:

const allowedOrigins = ['http://localhost:5173', 'http://10.0.0.134:5173'];
app.use(cors({
  origin: (origin, callback) => {
    // Allow requests with no origin (like mobile apps or curl)
    if (!origin) return callback(null, true);
    if (allowedOrigins.indexOf(origin) !== -1) {
      callback(null, true);
    } else {
      callback(new Error('Not allowed by CORS'));
    }
  },
  credentials: true,
}));

const allowedOrigins = ['http://localhost:5173', 'http://10.0.0.134:5173'];
app.use(cors({
  origin: (origin, callback) => {
    // Allow requests with no origin (like mobile apps or curl)
    if (!origin) return callback(null, true);
    if (allowedOrigins.indexOf(origin) !== -1) {
      callback(null, true);
    } else {
      callback(new Error('Not allowed by CORS'));
    }
  },
  credentials: true,
}));

and my server auth setup is here:

export const auth = betterAuth({
    database: dialect,
    emailAndPassword: {
        enabled: true,
    },
    trustedOrigins: ["http://10.0.0.134:5173", "http://localhost:5173"],
    cookie: {
        // Cookie configuration example:
        maxAge: 7 * 24 * 60 * 60, 
        httpOnly: true, 
        sameSite: "lax", 
        secure: false, 
    },
});

export const auth = betterAuth({
    database: dialect,
    emailAndPassword: {
        enabled: true,
    },
    trustedOrigins: ["http://10.0.0.134:5173", "http://localhost:5173"],
    cookie: {
        // Cookie configuration example:
        maxAge: 7 * 24 * 60 * 60, 
        httpOnly: true, 
        sameSite: "lax", 
        secure: false, 
    },
});

note i have tried without setting the cookies object and with it.

16 replies

BABetter Auth

•Created by KwozyK on 2/18/2025 in #help

Validate Client Side Auth On Server

Hi. I have a basic SPA written in react with a client side auth object to handle auth. Now i have other routes on my backend (with the auth server) which are used for different parts of the web app. How can i make sure the user is authenticated on the server for these routes. any help would be appreciated, and sorry if there is a straight forward answer but i couldn't find it. (Unless thats what a server useSession is for??) Here is the code for the routes in question and the auth logic (taken from the get started docs) Routes:

app.all("/api/auth/*", toNodeHandler(auth));
app.get("/api/v1/recipe/:videoId", recipeHandler);
app.post("/api/v1/video", downloadHandler)

app.all("/api/auth/*", toNodeHandler(auth));
app.get("/api/v1/recipe/:videoId", recipeHandler);
app.post("/api/v1/video", downloadHandler)

Auth Logic:

export const dialect = new BunWorkerDialect({
    url: "./sqlite.db",
});
export const auth = betterAuth({
    database: dialect,
    emailAndPassword: {
        enabled: true,
    }
})

export const dialect = new BunWorkerDialect({
    url: "./sqlite.db",
});
export const auth = betterAuth({
    database: dialect,
    emailAndPassword: {
        enabled: true,
    }
})

5 replies

Gaming

Programming