import { betterAuth } from "better-auth"; import { drizzleAdapter } from "better-auth/adapters/drizzle"; import { db } from "@/db"; import * as schema from "@/db/schema"; // Validate BETTER_AUTH_SECRET at runtime (not during build) const secret = process.env.BETTER_AUTH_SECRET; if (!secret && process.env.NODE_ENV === "production") { console.warn("WARNING: BETTER_AUTH_SECRET is not set. Authentication will not work properly."); } export const auth = betterAuth({ database: drizzleAdapter(db, { provider: "pg", schema: { user: schema.user, session: schema.session, account: schema.account, verification: schema.verification, }, }), emailAndPassword: { enabled: true, }, secret: secret || "build-time-secret-key-minimum-32-characters-long-temp", baseURL: process.env.BETTER_AUTH_URL || "http://localhost:3000", user: { additionalFields: { role: { type: "string", defaultValue: "user", required: false, input: false, // Don't allow setting role on signup }, }, }, });