Glen Kurio
Glen Kurio
Explore posts from servers
HHonoBABetter Auth
PostsComments
BABetter Auth
Created by Glen Kurio on 4/20/2025 in #help
Stripe plugin triggers multiple create customer events in Stripe
I have 2 different buttons to subscription.upgrade in my app. After user is registered customer is created in stripe according to createCustomerOnSignUp: true, in plugin config. But when I navigate to one of my 'Subscribe' buttons and click on it -> subscription.upgrade just creates new user in stripe instead of triggering checkout session: 
2025-04-20 14:38:59   --> customer.created [evt_1RG3hf4FS9Rcg327BHPwlIez]
2025-04-20 14:38:59  <--  [200] POST http://localhost:3000/api/auth/stripe/webhook [evt_1RG3hf4FS9Rcg327BHPwlIez]
2025-04-20 14:39:30   --> customer.created [evt_1RG3iA4FS9Rcg3277wHm3FS7]
2025-04-20 14:39:30  <--  [200] POST http://localhost:3000/api/auth/stripe/webhook [evt_1RG3iA4FS9Rcg3277wHm3FS7]
2025-04-20 14:39:58   --> customer.created [evt_1RG3ic4FS9Rcg327i3WXWvDt]
2025-04-20 14:39:58  <--  [200] POST http://localhost:3000/api/auth/stripe/webhook [evt_1RG3ic4FS9Rcg327i3WXWvDt]
2025-04-20 14:40:09   --> customer.created [evt_1RG3in4FS9Rcg327ktiFZ3YX]
2025-04-20 14:40:09  <--  [200] POST http://localhost:3000/api/auth/stripe/webhook [evt_1RG3in4FS9Rcg327ktiFZ3YX]
2025-04-20 14:38:59   --> customer.created [evt_1RG3hf4FS9Rcg327BHPwlIez]
2025-04-20 14:38:59  <--  [200] POST http://localhost:3000/api/auth/stripe/webhook [evt_1RG3hf4FS9Rcg327BHPwlIez]
2025-04-20 14:39:30   --> customer.created [evt_1RG3iA4FS9Rcg3277wHm3FS7]
2025-04-20 14:39:30  <--  [200] POST http://localhost:3000/api/auth/stripe/webhook [evt_1RG3iA4FS9Rcg3277wHm3FS7]
2025-04-20 14:39:58   --> customer.created [evt_1RG3ic4FS9Rcg327i3WXWvDt]
2025-04-20 14:39:58  <--  [200] POST http://localhost:3000/api/auth/stripe/webhook [evt_1RG3ic4FS9Rcg327i3WXWvDt]
2025-04-20 14:40:09   --> customer.created [evt_1RG3in4FS9Rcg327ktiFZ3YX]
2025-04-20 14:40:09  <--  [200] POST http://localhost:3000/api/auth/stripe/webhook [evt_1RG3in4FS9Rcg327ktiFZ3YX]
CustomerId also assigned properly to user initially after signup. Does anyone know why this happens and how to fix it ?
2 replies
BABetter Auth
Created by Glen Kurio on 4/20/2025 in #bug-reports
Stripe plugin create a new customer on subscription.upgrade click.
I have 2 different buttons to subscription.upgrade in my app. After user is registered customer is created in stripe according to createCustomerOnSignUp: true, in plugin config. But when I navigate to one of my 'Subscribe' buttons and click on it -> subscription.upgrade just creates new user in stripe instead of triggering checkout session: 
2025-04-20 14:38:59   --> customer.created [evt_1RG3hf4FS9Rcg327BHPwlIez]
2025-04-20 14:38:59  <--  [200] POST http://localhost:3000/api/auth/stripe/webhook [evt_1RG3hf4FS9Rcg327BHPwlIez]
2025-04-20 14:39:30   --> customer.created [evt_1RG3iA4FS9Rcg3277wHm3FS7]
2025-04-20 14:39:30  <--  [200] POST http://localhost:3000/api/auth/stripe/webhook [evt_1RG3iA4FS9Rcg3277wHm3FS7]
2025-04-20 14:39:58   --> customer.created [evt_1RG3ic4FS9Rcg327i3WXWvDt]
2025-04-20 14:39:58  <--  [200] POST http://localhost:3000/api/auth/stripe/webhook [evt_1RG3ic4FS9Rcg327i3WXWvDt]
2025-04-20 14:40:09   --> customer.created [evt_1RG3in4FS9Rcg327ktiFZ3YX]
2025-04-20 14:40:09  <--  [200] POST http://localhost:3000/api/auth/stripe/webhook [evt_1RG3in4FS9Rcg327ktiFZ3YX]
2025-04-20 14:38:59   --> customer.created [evt_1RG3hf4FS9Rcg327BHPwlIez]
2025-04-20 14:38:59  <--  [200] POST http://localhost:3000/api/auth/stripe/webhook [evt_1RG3hf4FS9Rcg327BHPwlIez]
2025-04-20 14:39:30   --> customer.created [evt_1RG3iA4FS9Rcg3277wHm3FS7]
2025-04-20 14:39:30  <--  [200] POST http://localhost:3000/api/auth/stripe/webhook [evt_1RG3iA4FS9Rcg3277wHm3FS7]
2025-04-20 14:39:58   --> customer.created [evt_1RG3ic4FS9Rcg327i3WXWvDt]
2025-04-20 14:39:58  <--  [200] POST http://localhost:3000/api/auth/stripe/webhook [evt_1RG3ic4FS9Rcg327i3WXWvDt]
2025-04-20 14:40:09   --> customer.created [evt_1RG3in4FS9Rcg327ktiFZ3YX]
2025-04-20 14:40:09  <--  [200] POST http://localhost:3000/api/auth/stripe/webhook [evt_1RG3in4FS9Rcg327ktiFZ3YX]
CustomerId also assigned properly to user initially after signup. Does anyone know why this happens and how to fix it ?
2 replies
BABetter Auth
Created by Glen Kurio on 4/16/2025 in #help
Stripe Plugin webhook error
Getting this error in better auth stripe webhook : 2025-04-16T20:24:59.891Z ERROR [Better Auth]: Stripe webhook failed. Error: Invalid time value POST /api/auth/stripe/webhook 200 in 175ms POST /api/auth/stripe/webhook 200 in 14ms POST /api/auth/stripe/webhook 200 in 14ms POST /api/auth/stripe/webhook 200 in 13ms 2025-04-16T20:25:01.676Z ERROR [Better Auth]: Error fetching subscription from Stripe RangeError: Invalid time value at Date1.toISOString (<anonymous>) at Array.map (<anonymous>) at Array.map (<anonymous>) at Array.map (<anonymous>) In stripe there is no error. Checkout is finalized successfully. Does enyone knows what casues this error and how to fix it ?
5 replies
BABetter Auth
Created by Glen Kurio on 4/16/2025 in #help
How to extend Sing-in & Sign-up body with custom fields?
Is there a way to pass a custom field though client.signup.email / social ? 
  await signUp.email({
        email: values.email,
        password: values.password,
        name: `${values.firstName} ${values.lastName}`,
        image: image ? await convertImageToBase64(image) : "",
        callbackURL: "/new",
customField: custom_value <-------- // CAN I PASS A CUSTOM VALUE HERE?
        fetchOptions: {}
})
  await signUp.email({
        email: values.email,
        password: values.password,
        name: `${values.firstName} ${values.lastName}`,
        image: image ? await convertImageToBase64(image) : "",
        callbackURL: "/new",
customField: custom_value <-------- // CAN I PASS A CUSTOM VALUE HERE?
        fetchOptions: {}
})
5 replies
BABetter Auth
Created by Glen Kurio on 4/14/2025 in #help
Avatar Upload Issue: Session Cookie Size and Upload Timing
We're facing a challenge with our avatar upload implementation: Problem: When a user uploads an avatar during signup, the base64-encoded image is stored in the session cookie, making it too large and causing the app to crash Potential solution: We need to disable cache for the Session cookie The key dilemma is determining when to upload the image to Storage during the signup lifecycle: Too early: If we upload before user creation is complete and the signup fails, we'll have orphaned images in storage Too late: If we upload after user creation (e.g., in a DB hook), the session cookie is already created with the base64 image data, which crashes the app We seem to be stuck between two bad options: Use a uncached session cookie with base64 image Use cached session but no image uploads on registration; Also can use cached session and save image in after hook, but make sure to have: requireEmailVerification: true, and sendOnSignUp: true, so session is not created befor user verifies their email -> this woeks fine, but as soon as you disable one of this options - your app goes 'BOOOM' on user creation with image uploaded Has anyone solved a similar problem with avatar uploads during signup? Specifically looking for insights on "Hooks and DB Hooks in the sign-up/email lifecycle" that would help address this timing issue.
5 replies
BABetter Auth
Created by Glen Kurio on 4/14/2025 in #bug-reports
Authentication Flow Issue: Email Verification Not Syncing Across Sign-In Methods
We have a bug in our authentication flow that creates a confusing user experience: User creates an account with email & password User navigates to sign-in page Instead of using their email & password, user chooses "Sign in with Google" (using the same email) System creates a linked account correctly, BUT: Even though the user authenticated through Google (which should verify their email), the email verification status is not updated When the user later tries to sign in with email & password, they're still redirected to the email verification page The expected behavior would be that signing in with Google (or any other social provider) should automatically verify the email address since Google has already validated ownership of that email. This would eliminate the need for a separate email verification step when using the same email. Has anyone encountered a similar issue or have suggestions for fixing this authentication flow problem?
2 replies
BABetter Auth
Created by Glen Kurio on 4/14/2025 in #bug-reports
'/forget-password' rate limit is not working after latest update
After I updated to the latest version of Better-Auth (v1.2.7) built in rate limit for 'forget-password' is not applied anymore. Other paths rate limits seem to work as before
2 replies
BABetter Auth
Created by Glen Kurio on 4/10/2025 in #help
Server side validation
Docs are showing examples of implementation of betterAuth using auth-client, which is great, simple, with callbacks to handle errors, etc. BUT it allows only for client side validation which is NOT SECURE as you can bypass it easily and harm server, db, etc. How do I add server side validation of all the fields for signUp/SignIn? I know I can use auth.api.(whatever) but then I need to handle all the errors and other stuff by myself. Am I missing something? Does betterAuth library makes some server side validation internally? Or I have to choose between simplicity of implementation and security ? Thank you
18 replies
BABetter Auth
Created by Glen Kurio on 4/8/2025 in #help
How to return error from sendVerificationEmail ?
Hi, How do I throw an error in this callback in betterAuth config ? I technically can throw an error but it's not handled properly on the client . Just want to setup a ratelimit which would work in emailVerification for calls from the server not only direct calls from the client.
3 replies
BABetter Auth
Created by Glen Kurio on 4/7/2025 in #help
Ratelimit with Email Verification
Hi, everyone! Can someone tell me why I'm not able to set rate limit to sendVerificationEmail separatley? This rules are applied in such way that if i have different rate limit for sign-in with email and requireEmailVerification: true, emails will be sent as many times as sign-in rate limit allows to call it : 
ts 
customRules: {
      "/sign-in/email": {
        window: 60,
        max: 10,
      },
      "/send-verification-email": {
        window: 300,
        max: 1,
      },
}
ts 
customRules: {
      "/sign-in/email": {
        window: 60,
        max: 10,
      },
      "/send-verification-email": {
        window: 300,
        max: 1,
      },
}
How do I rate limit the sendVerificationEmail fuinction itself ? What type of error I should throw to handle it on the client in the ErrorContext ? Why verification email even sent with every login attempt ??
2 replies
HHono
Created by Glen Kurio on 8/17/2024 in #help
How to separate code into files for each handler without loosing the hono RPC typesafety?
I have an auth route , which i separated into its own file. But each route with method and handler are chained in one file and it already has 400+ lines of code. When trying to separate it into files and chain them all in index.ts with route(), RPC start to loose typesafety. Can someone share some patterns on how to do something like this ?
2 replies