feat: Add email domain filtering and passwordless login toggle#2362
Closed
brianmjohnson wants to merge 11 commits into
Closed
feat: Add email domain filtering and passwordless login toggle#2362brianmjohnson wants to merge 11 commits into
brianmjohnson wants to merge 11 commits into
Conversation
- Update Prisma schema with Better Auth models (User, Session, Account, Verification, Passkey, TwoFactor, Jwks) - Change User.id from CUID to UUID format - Change emailVerified from DateTime? to Boolean - Add cross-subdomain cookie support for SSO on .usefoundry.ai domain - Create Better Auth configuration for builder and viewer apps - Update SignInForm and SocialLoginButtons to use Better Auth client - Add public environment variables for auth provider visibility - Configure shared database sessions for SSO across apps BREAKING: Requires new environment variables BETTER_AUTH_URL and BETTER_AUTH_SECRET Brian Johnson in useFoundry.ai (cherry picked from commit 1c39a71bf834d0c422d62f8230a9196289cfe4d3)
- Update verificationToken → verification model references - Fix user schema to match Better Auth fields (emailVerified: boolean, etc.) - Update workspace member schema for required name/email fields - Add getMe TRPC query for fetching full user data - Create getSessionFromContext helper for SSR pages - Update UserProvider to fetch full user from DB instead of session - Fix imports: nextAuth → Better Auth client - Remove NextAuth SessionProvider from _app.tsx - Update email verification flow for new schema structure Brian Johnson in useFoundry.ai (cherry picked from commit 5896a5444a82ce47b61c6be818a9624b11019876)
- Fix verificationToken → verification in whatsapp package handler - Fix cleanExpiredData to use Better Auth schema (verification + expiresAt) - Add opentelemetry/winston-transport override to fix inngest dependency Brian Johnson in useFoundry.ai (cherry picked from commit 80b79e4706f46df66f19b95aaa2148babb339c1e)
The signin page was showing "no providers configured" because it relied on NEXT_PUBLIC_*_ENABLED environment variables that weren't set. This fix: - Creates getAvailableProviders() helper that checks actual OAuth credentials - Uses getServerSideProps to pass available providers to the signin pages - Removes dependency on build-time NEXT_PUBLIC_*_ENABLED flags - Providers are now automatically detected from GITHUB_CLIENT_ID, etc. Brian Johnson in useFoundry.ai (cherry picked from commit 13057a8539f144bf245435e8d26cb44e3531b80b)
Complete migration to Better Auth by removing all NEXTAUTH_URL references: - Remove NEXTAUTH_URL from env schema (packages/env/src/index.ts) - Replace all env.NEXTAUTH_URL usages with env.BETTER_AUTH_URL - Update turbo.json env configurations - Update .env.example and .env.dev.example - Update GitHub workflow files - Update CLAUDE.md documentation This makes the codebase purely Better Auth based with no NextAuth remnants. Brian Johnson in useFoundry.ai (cherry picked from commit 61e26b559b0370f0a0ab88cb0076af9a666ce53b)
- Rename expiresAt to accessTokenExpiresAt - Add refreshTokenExpiresAt field Brian Johnson in useFoundry.ai (cherry picked from commit 8461b8c5a45034f77b73dbaee426c3971efad402)
- Add BUILDER_URL env var for viewer to link to builder dashboard - Create proper Prisma migration for Account schema changes: - Rename expiresAt → accessTokenExpiresAt - Add refreshTokenExpiresAt field Brian Johnson in useFoundry.ai (cherry picked from commit 7b28e6623d3e9abe8915992df3d20524121ad680)
- Add AUTH_COOKIE_DOMAIN env var for cross-subdomain SSO - Add APP_NAME env var for email branding (defaults to "Typebot") - Remove hardcoded ".usefoundry.ai" cookie domain - Remove hardcoded "Foundry" branding in emails This makes the fork upstream-friendly with no internal references. Brian Johnson in useFoundry.ai (cherry picked from commit 527b9a59fb16593b2ba45220f0975b04de65e77d)
- Fixed getAuthenticatedUser to fetch full user from DB (Better Auth
session only returns basic fields, causing schema validation errors)
- Added workspace creation in Better Auth's databaseHooks.user.create.after
- Fixed onboardingCategories default from "{}" to "[]" (must be array)
- Added createMissingWorkspaces script to fix existing users without workspaces
This resolves the 500 errors on /api/trpc routes and the "upgrade plan
to create folders" issue caused by missing workspace records.
Brian Johnson in useFoundry.ai
(cherry picked from commit f0da2b3d297d04b7093f06b3ed64bd8ef1c2ad53)
The domain filtering functionality (ALLOWED_EMAIL_DOMAINS and EMAIL_LOGIN_ENABLED) will be submitted in a separate follow-up PR. This commit keeps the core Better Auth migration clean and focused. Brian Johnson in useFoundry.ai
- ALLOWED_EMAIL_DOMAINS: Restrict signin to specific email domains - EMAIL_LOGIN_ENABLED: Enable/disable magic link passwordless signin - emailAndPassword always disabled (no passwords in system) - Domain filtering via databaseHooks on user creation Brian Johnson in useFoundry.ai (cherry picked from commit acda04d207e962c8469773bab6a75adea42e319f)
|
@brianmjohnson is attempting to deploy a commit to the Typebot Team on Vercel. A member of the Team first needs to authorize it. |
Owner
|
Ideally we'll wait for BetterAuth migration to be done. Will report on the issue once ready 🙏 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds configurable email domain filtering and passwordless login toggle for self-hosters.
Addresses #2361
Changes
ALLOWED_EMAIL_DOMAINSenv var to restrict signups to specific domainsEMAIL_LOGIN_ENABLEDenv var to enable/disable magic link authenticationNew Environment Variables
ALLOWED_EMAIL_DOMAINScompany.com,subsidiary.com). When set, only users with emails from these domains can sign in.EMAIL_LOGIN_ENABLEDtruefalseto disable magic link/passwordless email authentication.Use Cases
ALLOWED_EMAIL_DOMAINS=company.com,subsidiary.com)EMAIL_LOGIN_ENABLED=false)Dependencies
This PR depends on the Better Auth migration (#2360).
Testing