Auth

ShipAny Next uses better-auth with the Drizzle adapter. The auth config lives in src/core/auth/index.ts; all requests are handled by the catch-all route /api/auth/[...all].

All provider credentials below are configured in admin panel → Settings → Auth (stored in the config table); same-named env vars work as fallbacks.

Email / Password

Enabled by default (email_auth_enabled). Optional email verification:

• Turn on email_verification_enabled and configure Resend (resend_api_key, resend_sender_email)
• Verification links expire after 24 hours; resend is rate-limited to once per 60 seconds
• Password reset emails also go through Resend (1-hour expiration)

Without verification enabled, users are signed in automatically after registration.

Google Login

1. Create an OAuth client in the Google Cloud Console (type: Web application)
2. Add the authorized redirect URI:

https://your-domain.com/api/auth/callback/google

3. Fill google_client_id / google_client_secret in admin Settings
4. Optionally enable Google One Tap (google_one_tap_enabled)

GitHub Login

1. Create an OAuth App in GitHub → Settings → Developer settings
2. Set the callback URL:

https://your-domain.com/api/auth/callback/github

3. Fill github_client_id / github_client_secret in admin Settings

Sessions

Sessions are stored in the session table as httpOnly cookies, with ipAddress and userAgent captured. The user table carries extra fields: utmSource, ip, and locale.