fix: use UUID for Better Auth ID generation to match Prisma schema

Better Auth generates nanoid-style IDs by default, but our Prisma schema uses @db.Uuid columns for all auth tables. This caused P2023 errors when Better Auth tried to insert non-UUID IDs into the verification table during OAuth sign-in. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
fix: add CORS env vars to Swarm/Portainer compose and log trusted origins
2026-02-16 22:48:17 -06:00 · 2026-02-16 22:31:29 -06:00
3 changed files with 9 additions and 1 deletions
--- a/apps/api/src/auth/auth.config.ts
+++ b/apps/api/src/auth/auth.config.ts
@@ -1,3 +1,4 @@
+import { randomUUID } from "node:crypto";
 import { betterAuth } from "better-auth";
 import { prismaAdapter } from "better-auth/adapters/prisma";
 import { genericOAuth } from "better-auth/plugins";
@@ -216,6 +217,7 @@ export function createAuth(prisma: PrismaClient) {
      updateAge: 60 * 60 * 2, // 2 hours — minimum session age before BetterAuth refreshes the expiry on next request
    },
    advanced: {
+      generateId: () => randomUUID(),
      defaultCookieAttributes: {
        httpOnly: true,
        secure: process.env.NODE_ENV === "production",
--- a/apps/api/src/main.ts
+++ b/apps/api/src/main.ts
@@ -49,8 +49,10 @@ async function bootstrap() {

  // Configure CORS for cookie-based authentication
  // Origin list is shared with BetterAuth trustedOrigins via getTrustedOrigins()
+  const trustedOrigins = getTrustedOrigins();
+  console.log(`[CORS] Trusted origins: ${JSON.stringify(trustedOrigins)}`);
  app.enableCors({
-    origin: getTrustedOrigins(),
+    origin: trustedOrigins,
    credentials: true, // Required for cookie-based authentication
    methods: ["GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS"],
    allowedHeaders: ["Content-Type", "Authorization", "Cookie", "X-CSRF-Token", "X-Workspace-Id"],
--- a/docker-compose.swarm.portainer.yml
+++ b/docker-compose.swarm.portainer.yml
@@ -138,6 +138,10 @@ services:
      MOSAIC_TELEMETRY_API_KEY: ${MOSAIC_TELEMETRY_API_KEY:-}
      MOSAIC_TELEMETRY_INSTANCE_ID: ${MOSAIC_TELEMETRY_INSTANCE_ID:-}
      MOSAIC_TELEMETRY_DRY_RUN: ${MOSAIC_TELEMETRY_DRY_RUN:-false}
+      # Frontend URLs (for CORS and auth redirects)
+      NEXT_PUBLIC_APP_URL: ${NEXT_PUBLIC_APP_URL}
+      NEXT_PUBLIC_API_URL: ${NEXT_PUBLIC_API_URL}
+      TRUSTED_ORIGINS: ${TRUSTED_ORIGINS:-}
    healthcheck:
      test:
        [
Author	SHA1	Message	Date
Jason Woltje	027fee1afa	fix: use UUID for Better Auth ID generation to match Prisma schema All checks were successful ci/woodpecker/push/api Pipeline was successful Details ci/woodpecker/manual/infra Pipeline was successful Details ci/woodpecker/manual/coordinator Pipeline was successful Details ci/woodpecker/manual/orchestrator Pipeline was successful Details ci/woodpecker/manual/web Pipeline was successful Details ci/woodpecker/manual/api Pipeline was successful Details Better Auth generates nanoid-style IDs by default, but our Prisma schema uses @db.Uuid columns for all auth tables. This caused P2023 errors when Better Auth tried to insert non-UUID IDs into the verification table during OAuth sign-in. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-16 22:48:17 -06:00
Jason Woltje	abe57621cd	fix: add CORS env vars to Swarm/Portainer compose and log trusted origins The Swarm deployment uses docker-compose.swarm.portainer.yml, not the root docker-compose.yml. Add NEXT_PUBLIC_APP_URL, NEXT_PUBLIC_API_URL, and TRUSTED_ORIGINS to the API service environment. Also log trusted origins at startup for easier CORS debugging. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-16 22:31:29 -06:00