forgejo-lila/lila
1
0
Fork 0
Code Issues 5 Pull requests Projects 1 Releases Packages Wiki Activity Actions

docs: update auth references from OpenAuth to Better Auth

Browse source
This commit is contained in:
lila 2026-04-12 10:18:16 +02:00
parent 2058d0d542
commit cbe638b1af
3 changed files with 19 additions and 21 deletions
Download patch file Download diff file Expand all files Collapse all files

8
documentation/decisions.md
View file

@ -22,9 +22,9 @@ Drizzle is lighter — no binary, no engine. Queries map closely to SQL. Migrati
For rooms of 24 players, Socket.io's room management, transport fallbacks, and reconnection abstractions are unnecessary overhead. The WS protocol is defined explicitly as a Zod discriminated union in `packages/shared`, giving the same type safety guarantees. Reconnection logic is deferred to Phase 7.
### Auth: OpenAuth (not rolling own JWT)
### Auth: Better Auth (not OpenAuth or Keycloak)
All auth delegated to OpenAuth service at `auth.yourdomain.com`. Providers: Google, GitHub. The API validates the JWT on every protected request. User rows are created or updated on first login via the `sub` claim as the primary key.
Better Auth embeds as middleware in the Express API — no separate auth service or Docker container. It connects to the existing PostgreSQL via the Drizzle adapter and manages its own tables (user, session, account, verification). Social providers (Google, GitHub) are configured in a single config object. Session validation is a function call within the same process, not a network request. OpenAuth was considered but requires a standalone service and leaves user management to you. Keycloak is too heavy for a single-app project.
---
@ -198,9 +198,9 @@ Vitest coverage configuration lives in the root `vitest.config.ts` only. Produce
## Data Model
### Users: internal UUID + openauth_sub (not sub as PK)
### Users: Better Auth manages the user table
Embeds auth provider in the primary key would cascade through all FKs if OpenAuth changes format. `users.id` = internal UUID (stable FK target). `users.openauth_sub` = text UNIQUE (auth provider claim).
Better Auth creates and owns the user table (plus session, account, verification). The account table links social provider identities to users — one user can have both Google and GitHub linked. Other tables (rooms, stats) reference user.id via FK. No need to design a custom user schema or handle provider-specific claims manually.
### Rooms: `updated_at` for stale recovery only