fix: remove elysia-rate-limit, update dependencies and scripts

- Added "cross-env" as a dev dependency in the root package.json.
- Removed "elysia-rate-limit" from dependencies in the root package.json. because it somehow made better-auth unable to access db (doesn't affect other func)
- Updated scripts in packages/s3/package.json to use the correct commands for building and running the worker preview.

Author: FaiiFaiipuipui

apps/api/src/index.ts

@@ -14,20 +14,18 @@ import cron from "@elysiajs/cron";
 import { createDb } from "./drizzle/client.js";
 import {sql} from 'drizzle-orm'
 import { uploadRouter } from "./modules/image/upload-multipart.js";
-import { rateLimit } from "elysia-rate-limit";
 
 const db = createDb({ databaseUrl: process.env.DATABASE_URL });
 
 const app = new Elysia()
-  .use(rateLimit({duration: 60000, max: 500, scoping: 'global'}))
-  .use(betterAuthMiddleware)
-  .use(cron({
-    name: 'alphaRecalcQueueDelete',
-    pattern: '0 */4 * * *',
-    async run() {
-      await db.execute(sql`DELETE FROM item_effective_recalc_queue WHERE enqueued_at < now() - interval '2 days';`)
-    }
-  }))
+.use(betterAuthMiddleware)
+.use(cron({
+  name: 'alphaRecalcQueueDelete',
+  pattern: '0 */4 * * *',
+  async run() {
+    await db.execute(sql`DELETE FROM item_effective_recalc_queue WHERE enqueued_at < now() - interval '2 days';`)
+  }
+}))
   .use(
     cors({
       origin: [

apps/api/src/modules/auth/route.ts

@@ -51,7 +51,7 @@ export const auth = betterAuth({
   advanced: {
     defaultCookieAttributes: {
       sameSite: "lax",
-      secure: false, // TODO Set to true in production with HTTPS
+      secure: true, // TODO Set to true in production with HTTPS
     },
     database: {
       generateId: (options: {}) => {
@@ -118,7 +118,8 @@ export const betterAuthMiddleware = new Elysia({ name: "better-auth" })
   .all("/api/auth/*", async (context: Context) => {
     if (["POST", "GET"].includes(context.request.method)) {
       const response = await auth.handler(context.request);
-
+  
+      console.log(response);
       // If it's a redirect response, make sure to return it properly
       if (response && response.status >= 300 && response.status < 400) {
         const location = response.headers.get("Location");
@@ -139,7 +140,6 @@ export const betterAuthMiddleware = new Elysia({ name: "better-auth" })
 
     context.status(405);
   })
-  .mount(auth.handler)
   .macro({
     // Boolean or object config; context always includes user/session (nullable when unauthenticated)
     auth: (config: { allowPublic: boolean }) => ({