captjay98/Better Auth
.claude/skills/better-auth/SKILL.md
Authentication and session management with Better Auth in LivestockAI
$ install --global
skillsauthnpx skillsauth add captjay98/gemini-livestockai Better AuthInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 16, 2026, 12:54 AM8.1s1 file scanned
SKILL.md
- name:
- Better Auth
- description:
- Authentication and session management with Better Auth in LivestockAI
Better Auth
LivestockAI uses Better Auth for authentication. It provides secure session management with email/password authentication.
Table Structure
Better Auth uses two tables:
| Table | Purpose |
| --------- | --------------------------------------------------- |
| users | User profile data (name, email, role) - NO password |
| account | Authentication credentials (password, providerId) |
Important: Passwords are stored in account, not users.
Creating Users Programmatically
ALWAYS use the createUserWithAuth helper:
import { createUserWithAuth } from '~/lib/db/seeds/helpers'
const result = await createUserWithAuth(db, {
email: '[email protected]',
password: 'securepassword',
name: 'John Doe',
role: 'user', // or 'admin'
})
This helper:
- Hashes the password using PBKDF2 (100,000 iterations, SHA-256)
- Creates entry in
userstable - Creates entry in
accounttable withproviderId: 'credential'
Wrong Way
// ❌ WRONG - users table has no password field!
await db
.insertInto('users')
.values({
email: '[email protected]',
password: 'hashedpassword', // This field doesn't exist!
})
.execute()
Auth Configuration
The auth config is in app/features/auth/config.ts:
import { betterAuth } from 'better-auth'
export const auth = betterAuth({
database: {
type: 'postgres',
url: process.env.DATABASE_URL,
},
emailAndPassword: {
enabled: true,
},
session: {
expiresIn: 60 * 60 * 24 * 7, // 7 days
updateAge: 60 * 60 * 24, // 1 day
},
})
Server Middleware
Use requireAuth() in server functions:
export const myServerFn = createServerFn({ method: 'GET' }).handler(
async () => {
const { requireAuth } = await import('../auth/server-middleware')
const session = await requireAuth()
// session.user contains:
// - id: string
// - email: string
// - name: string
// - role: 'user' | 'admin'
return { userId: session.user.id }
},
)
Auth Utilities
// app/features/auth/utils.ts
// Check if user has access to a farm
export async function checkFarmAccess(
userId: string,
farmId: string,
): Promise<boolean>
// Get all farms a user has access to
export async function getUserFarms(userId: string): Promise<string[]>
Client-Side Auth
import { useSession, signIn, signOut } from '~/features/auth/client'
function LoginButton() {
const { data: session, isLoading } = useSession()
if (isLoading) return <Spinner />
if (session) {
return (
<Button onClick={() => signOut()}>
Sign Out ({session.user.email})
</Button>
)
}
return (
<Button onClick={() => signIn('credential', { email, password })}>
Sign In
</Button>
)
}
Protected Routes
The _auth.tsx layout protects routes:
// app/routes/_auth.tsx
export const Route = createFileRoute('/_auth')({
beforeLoad: async () => {
const session = await getSession()
if (!session) {
throw redirect({ to: '/login' })
}
return { session }
},
})
User Roles
LivestockAI supports roles:
| Role | Access |
| ----------------- | -------------------- |
| user | Standard farm access |
| admin | Full system access |
| extension_agent | District-level view |
// Check role in server function
const session = await requireAuth()
if (session.user.role !== 'admin') {
throw new AppError('ACCESS_DENIED')
}
Session Data
The session object contains:
interface Session {
user: {
id: string
email: string
name: string
role: 'user' | 'admin' | 'extension_agent'
image?: string
}
expires: Date
}
Related Skills
three-layer-architecture- Auth in server layererror-handling- Auth error handlingtanstack-start- Server function patterns
Related Skills
captjay98/Zod Validation
data-ai
VerifiedTrustedCommunity
Input validation patterns with Zod in LivestockAI server functions
6SKILL.mdUpdated Apr 16, 2026
captjay98/Vitest Patterns
testing
VerifiedTrustedCommunity
Unit testing patterns with Vitest in LivestockAI
6SKILL.mdUpdated Apr 16, 2026
captjay98/Three-Layer Architecture
tools
VerifiedTrustedCommunity
Server → Service → Repository pattern for feature organization
6SKILL.mdUpdated Apr 16, 2026
captjay98/TanStack Start
data-ai
VerifiedTrustedCommunity
Server-side rendering and server functions with TanStack Start in LivestockAI
6SKILL.mdUpdated Apr 16, 2026