bump better auth

.gitignore

@@ -41,4 +41,6 @@ coverage/
 .cache/
 
 # Production
-.env.production 
+.env.production 
+
+.cursor/

client/package-lock.json

@@ -26,7 +26,7 @@
         "@tanstack/react-table": "^8.21.2",
         "@types/country-flag-icons": "^1.2.2",
         "@uidotdev/usehooks": "^2.4.1",
-        "better-auth": "^1.1.16",
+        "better-auth": "^1.2.2",
         "boring-avatars": "^1.11.2",
         "class-variance-authority": "^0.7.1",
         "clsx": "^2.1.1",
@@ -214,9 +214,9 @@
       }
     },
     "node_modules/@better-fetch/fetch": {
-      "version": "1.1.12",
+      "version": "1.1.15",
-      "resolved": "https://registry.npmjs.org/@better-fetch/fetch/-/fetch-1.1.12.tgz",
+      "resolved": "https://registry.npmjs.org/@better-fetch/fetch/-/fetch-1.1.15.tgz",
-      "integrity": "sha512-B3bfloI/2UBQWIATRN6qmlORrvx3Mp0kkNjmXLv0b+DtbtR+pP4/I5kQA/rDUv+OReLywCCldf6co4LdDmh8JA=="
+      "integrity": "sha512-0Bl8YYj1f8qCTNHeSn5+1DWv2hy7rLBrQ8rS8Y9XYloiwZEfc3k4yspIG0llRxafxqhGCwlGRg+F8q1HZRCMXA=="
     },
     "node_modules/@drizzle-team/brocli": {
       "version": "0.10.2",
@@ -3818,33 +3818,34 @@
       "integrity": "sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw=="
     },
     "node_modules/better-auth": {
-      "version": "1.1.16",
+      "version": "1.2.2",
-      "resolved": "https://registry.npmjs.org/better-auth/-/better-auth-1.1.16.tgz",
+      "resolved": "https://registry.npmjs.org/better-auth/-/better-auth-1.2.2.tgz",
-      "integrity": "sha512-Xc5pxafKZw4QVU8WYfkV2z4Hd8KCXXbphrgOpe2gA/EfanysLBhE1G/F7cEi5e0bW2pGR+vw6gf0ARHA7VFihg==",
+      "integrity": "sha512-zsynKwkMKeuKq1QQy80zLV9UehcM8yG0fjJSlGsb7oXWwgfgek5RVBptBFckZcq7z1e84WIqDvtypcgXx0xmlg==",
       "dependencies": {
         "@better-auth/utils": "0.2.3",
-        "@better-fetch/fetch": "1.1.12",
+        "@better-fetch/fetch": "^1.1.15",
         "@noble/ciphers": "^0.6.0",
         "@noble/hashes": "^1.6.1",
         "@simplewebauthn/browser": "^13.0.0",
         "@simplewebauthn/server": "^13.0.0",
-        "better-call": "0.3.3",
+        "better-call": "^1.0.3",
         "defu": "^6.1.4",
         "jose": "^5.9.6",
         "kysely": "^0.27.4",
         "nanostores": "^0.11.3",
+        "valibot": "1.0.0-beta.15",
         "zod": "^3.24.1"
       }
     },
     "node_modules/better-call": {
-      "version": "0.3.3",
+      "version": "1.0.4",
-      "resolved": "https://registry.npmjs.org/better-call/-/better-call-0.3.3.tgz",
+      "resolved": "https://registry.npmjs.org/better-call/-/better-call-1.0.4.tgz",
-      "integrity": "sha512-N4lDVm0NGmFfDJ0XMQ4O83Zm/3dPlvIQdxvwvgSLSkjFX5PM4GUYSVAuxNzXN27QZMHDkrJTWUqxBrm4tPC3eA==",
+      "integrity": "sha512-NdAihYdkS0IOz1mtz8mw1gWacCxR9r921U8YqB+VB6++rt8edMG13vVL16Y4TBL4XkjMK/DUewEsOOFkw9LJYQ==",
       "dependencies": {
         "@better-fetch/fetch": "^1.1.4",
         "rou3": "^0.5.1",
-        "uncrypto": "^0.1.3",
+        "set-cookie-parser": "^2.7.1",
-        "zod": "^3.24.1"
+        "uncrypto": "^0.1.3"
       }
     },
     "node_modules/binary-extensions": {
@@ -6719,6 +6720,11 @@
         "node": ">=10"
       }
     },
+    "node_modules/set-cookie-parser": {
+      "version": "2.7.1",
+      "resolved": "https://registry.npmjs.org/set-cookie-parser/-/set-cookie-parser-2.7.1.tgz",
+      "integrity": "sha512-IOc8uWeOZgnb3ptbCURJWNjWUPcO3ZnTTdzsurqERrP6nPyv+paC55vJM0LpOlT2ne+Ix+9+CRG1MNLlyZ4GjQ=="
+    },
     "node_modules/sharp": {
       "version": "0.33.5",
       "resolved": "https://registry.npmjs.org/sharp/-/sharp-0.33.5.tgz",
@@ -7350,6 +7356,19 @@
       "integrity": "sha512-EPD5q1uXyFxJpCrLnCc1nHnq3gOa6DZBocAIiI2TaSCA7VCJ1UJDMagCzIkXNsUYfD1daK//LTEQ8xiIbrHtcw==",
       "dev": true
     },
+    "node_modules/valibot": {
+      "version": "1.0.0-beta.15",
+      "resolved": "https://registry.npmjs.org/valibot/-/valibot-1.0.0-beta.15.tgz",
+      "integrity": "sha512-BKy8XosZkDHWmYC+cJG74LBzP++Gfntwi33pP3D3RKztz2XV9jmFWnkOi21GoqARP8wAWARwhV6eTr1JcWzjGw==",
+      "peerDependencies": {
+        "typescript": ">=5"
+      },
+      "peerDependenciesMeta": {
+        "typescript": {
+          "optional": true
+        }
+      }
+    },
     "node_modules/validate-npm-package-license": {
       "version": "3.0.4",
       "resolved": "https://registry.npmjs.org/validate-npm-package-license/-/validate-npm-package-license-3.0.4.tgz",
@@ -7482,9 +7501,9 @@
       }
     },
     "node_modules/zod": {
-      "version": "3.24.1",
+      "version": "3.24.2",
-      "resolved": "https://registry.npmjs.org/zod/-/zod-3.24.1.tgz",
+      "resolved": "https://registry.npmjs.org/zod/-/zod-3.24.2.tgz",
-      "integrity": "sha512-muH7gBL9sI1nciMZV67X5fTKKBLtwpZ5VBp1vsOQzj1MhrBZ4wlVCm3gedKZWLp0Oyel8sIGfeiz54Su+OVT+A==",
+      "integrity": "sha512-lY7CDW43ECgW9u1TcT3IoXHflywfVqDYze4waEz812jR/bZ8FHDsl7pFQoSZTz5N+2NqRXs8GBwnAwo3ZNxqhQ==",
       "funding": {
         "url": "https://github.com/sponsors/colinhacks"
       }

client/package.json

@@ -27,7 +27,7 @@
     "@tanstack/react-table": "^8.21.2",
     "@types/country-flag-icons": "^1.2.2",
     "@uidotdev/usehooks": "^2.4.1",
-    "better-auth": "^1.1.16",
+    "better-auth": "^1.2.2",
     "boring-avatars": "^1.11.2",
     "class-variance-authority": "^0.7.1",
     "clsx": "^2.1.1",

client/src/lib/auth.ts

@@ -1,9 +1,13 @@
-import { usernameClient, adminClient } from "better-auth/client/plugins";
+import {
+  usernameClient,
+  adminClient,
+  organizationClient,
+} from "better-auth/client/plugins";
 import { createAuthClient } from "better-auth/react";
 
 export const authClient = createAuthClient({
   baseURL: process.env.NEXT_PUBLIC_BACKEND_URL,
-  plugins: [usernameClient(), adminClient()],
+  plugins: [usernameClient(), adminClient(), organizationClient()],
   fetchOptions: {
     credentials: "include",
   },

server/package-lock.json

@@ -12,10 +12,10 @@
         "@fastify/cors": "^10.0.2",
         "@fastify/one-line-logger": "^1.4.0",
         "@fastify/static": "^8.0.4",
-        "better-auth": "^1.1.16",
+        "better-auth": "^1.2.2",
         "dotenv": "^16.4.7",
         "fastify": "^5.1.0",
-        "fastify-better-auth": "^1.0.0",
+        "fastify-better-auth": "^1.0.1",
         "luxon": "^3.5.0",
         "node-cron": "^3.0.3",
         "pg": "^8.13.1",
@@ -41,9 +41,9 @@
       }
     },
     "node_modules/@better-fetch/fetch": {
-      "version": "1.1.12",
+      "version": "1.1.15",
-      "resolved": "https://registry.npmjs.org/@better-fetch/fetch/-/fetch-1.1.12.tgz",
+      "resolved": "https://registry.npmjs.org/@better-fetch/fetch/-/fetch-1.1.15.tgz",
-      "integrity": "sha512-B3bfloI/2UBQWIATRN6qmlORrvx3Mp0kkNjmXLv0b+DtbtR+pP4/I5kQA/rDUv+OReLywCCldf6co4LdDmh8JA=="
+      "integrity": "sha512-0Bl8YYj1f8qCTNHeSn5+1DWv2hy7rLBrQ8rS8Y9XYloiwZEfc3k4yspIG0llRxafxqhGCwlGRg+F8q1HZRCMXA=="
     },
     "node_modules/@clickhouse/client": {
       "version": "1.10.1",
@@ -680,33 +680,34 @@
       ]
     },
     "node_modules/better-auth": {
-      "version": "1.1.16",
+      "version": "1.2.2",
-      "resolved": "https://registry.npmjs.org/better-auth/-/better-auth-1.1.16.tgz",
+      "resolved": "https://registry.npmjs.org/better-auth/-/better-auth-1.2.2.tgz",
-      "integrity": "sha512-Xc5pxafKZw4QVU8WYfkV2z4Hd8KCXXbphrgOpe2gA/EfanysLBhE1G/F7cEi5e0bW2pGR+vw6gf0ARHA7VFihg==",
+      "integrity": "sha512-zsynKwkMKeuKq1QQy80zLV9UehcM8yG0fjJSlGsb7oXWwgfgek5RVBptBFckZcq7z1e84WIqDvtypcgXx0xmlg==",
       "dependencies": {
         "@better-auth/utils": "0.2.3",
-        "@better-fetch/fetch": "1.1.12",
+        "@better-fetch/fetch": "^1.1.15",
         "@noble/ciphers": "^0.6.0",
         "@noble/hashes": "^1.6.1",
         "@simplewebauthn/browser": "^13.0.0",
         "@simplewebauthn/server": "^13.0.0",
-        "better-call": "0.3.3",
+        "better-call": "^1.0.3",
         "defu": "^6.1.4",
         "jose": "^5.9.6",
         "kysely": "^0.27.4",
         "nanostores": "^0.11.3",
+        "valibot": "1.0.0-beta.15",
         "zod": "^3.24.1"
       }
     },
     "node_modules/better-call": {
-      "version": "0.3.3",
+      "version": "1.0.4",
-      "resolved": "https://registry.npmjs.org/better-call/-/better-call-0.3.3.tgz",
+      "resolved": "https://registry.npmjs.org/better-call/-/better-call-1.0.4.tgz",
-      "integrity": "sha512-N4lDVm0NGmFfDJ0XMQ4O83Zm/3dPlvIQdxvwvgSLSkjFX5PM4GUYSVAuxNzXN27QZMHDkrJTWUqxBrm4tPC3eA==",
+      "integrity": "sha512-NdAihYdkS0IOz1mtz8mw1gWacCxR9r921U8YqB+VB6++rt8edMG13vVL16Y4TBL4XkjMK/DUewEsOOFkw9LJYQ==",
       "dependencies": {
         "@better-fetch/fetch": "^1.1.4",
         "rou3": "^0.5.1",
-        "uncrypto": "^0.1.3",
+        "set-cookie-parser": "^2.7.1",
-        "zod": "^3.24.1"
+        "uncrypto": "^0.1.3"
       }
     },
     "node_modules/binary-extensions": {
@@ -1082,9 +1083,9 @@
       }
     },
     "node_modules/fastify-better-auth": {
-      "version": "1.0.0",
+      "version": "1.0.1",
-      "resolved": "https://registry.npmjs.org/fastify-better-auth/-/fastify-better-auth-1.0.0.tgz",
+      "resolved": "https://registry.npmjs.org/fastify-better-auth/-/fastify-better-auth-1.0.1.tgz",
-      "integrity": "sha512-3sSPlcwOVp9tZAQaniu7LeAX8U237jBjHoPs5cAVMBRCdSHRveb20dGf762mtFSxUygMYciAd431sRpRuJFc1Q==",
+      "integrity": "sha512-MCDUKa9TeVH/k8/bjz0xYhYTZCWmq8K1zkywetGXqRr0aW0u0VCoCaWqtOKF1+QvgLeE4X6rs9G2EQ906wY/Ag==",
       "dependencies": {
         "fastify-plugin": "^5.0.1"
       },
@@ -2586,6 +2587,19 @@
       "integrity": "sha512-wa7YjyUGfNZngI/vtK0UHAN+lgDCxBPCylVXGp0zu59Fz5aiGtNXaq3DhIov063MorB+VfufLh3JlF2KdTK3xg==",
       "dev": true
     },
+    "node_modules/valibot": {
+      "version": "1.0.0-beta.15",
+      "resolved": "https://registry.npmjs.org/valibot/-/valibot-1.0.0-beta.15.tgz",
+      "integrity": "sha512-BKy8XosZkDHWmYC+cJG74LBzP++Gfntwi33pP3D3RKztz2XV9jmFWnkOi21GoqARP8wAWARwhV6eTr1JcWzjGw==",
+      "peerDependencies": {
+        "typescript": ">=5"
+      },
+      "peerDependenciesMeta": {
+        "typescript": {
+          "optional": true
+        }
+      }
+    },
     "node_modules/which": {
       "version": "2.0.2",
       "resolved": "https://registry.npmjs.org/which/-/which-2.0.2.tgz",
@@ -2707,9 +2721,9 @@
       }
     },
     "node_modules/zod": {
-      "version": "3.24.1",
+      "version": "3.24.2",
-      "resolved": "https://registry.npmjs.org/zod/-/zod-3.24.1.tgz",
+      "resolved": "https://registry.npmjs.org/zod/-/zod-3.24.2.tgz",
-      "integrity": "sha512-muH7gBL9sI1nciMZV67X5fTKKBLtwpZ5VBp1vsOQzj1MhrBZ4wlVCm3gedKZWLp0Oyel8sIGfeiz54Su+OVT+A==",
+      "integrity": "sha512-lY7CDW43ECgW9u1TcT3IoXHflywfVqDYze4waEz812jR/bZ8FHDsl7pFQoSZTz5N+2NqRXs8GBwnAwo3ZNxqhQ==",
       "funding": {
         "url": "https://github.com/sponsors/colinhacks"
       }

server/package.json

@@ -14,10 +14,10 @@
     "@fastify/cors": "^10.0.2",
     "@fastify/one-line-logger": "^1.4.0",
     "@fastify/static": "^8.0.4",
-    "better-auth": "^1.1.16",
+    "better-auth": "^1.2.2",
     "dotenv": "^16.4.7",
     "fastify": "^5.1.0",
-    "fastify-better-auth": "^1.0.0",
+    "fastify-better-auth": "^1.0.1",
     "luxon": "^3.5.0",
     "node-cron": "^3.0.3",
     "pg": "^8.13.1",

server/src/lib/auth.ts

@@ -1,5 +1,5 @@
 import { betterAuth } from "better-auth";
-import { username, admin } from "better-auth/plugins";
+import { username, admin, organization } from "better-auth/plugins";
 import dotenv from "dotenv";
 import pg from "pg";
 
@@ -22,8 +22,8 @@ export let auth: AuthType | null = betterAuth({
   deleteUser: {
     enabled: true,
   },
-  plugins: [username(), admin()],
+  plugins: [username(), admin(), organization()],
-  trustedOrigins: [],
+  trustedOrigins: ["http://localhost:3002"],
   advanced: {
     useSecureCookies: process.env.NODE_ENV === "production", // don't mark Secure in dev
     defaultCookieAttributes: {
@@ -49,7 +49,7 @@ export const initAuth = (allowList: string[]) => {
     deleteUser: {
       enabled: true,
     },
-    plugins: [username(), admin()],
+    plugins: [username(), admin(), organization()],
     trustedOrigins: allowList,
     advanced: {
       useSecureCookies: process.env.NODE_ENV === "production", // don't mark Secure in dev