hammer/network-app-api
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: use Better Auth internal API for invite user creation

Browse Source
This commit is contained in:
Hammer
2026-01-28 22:03:59 +00:00
parent 3e63a4be8d
commit ead71ae0a7
1 changed files with 18 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

41
src/routes/invite.ts
View File

@@ -1,7 +1,8 @@
import { Elysia, t } from 'elysia'; import { Elysia, t } from 'elysia';
import { db } from '../db'; import { db } from '../db';
import { invites, users, accounts } from '../db/schema'; import { invites, users } from '../db/schema';
import { eq, and } from 'drizzle-orm'; import { eq, and } from 'drizzle-orm';
import { auth } from '../lib/auth';
export const inviteRoutes = new Elysia({ prefix: '/auth/invite' }) export const inviteRoutes = new Elysia({ prefix: '/auth/invite' })
// Validate invite token (public - no auth required) // Validate invite token (public - no auth required)
@@ -36,7 +37,7 @@ export const inviteRoutes = new Elysia({ prefix: '/auth/invite' })
}) })
// Accept invite (public - no auth required) // Accept invite (public - no auth required)
// Creates user directly in DB, bypassing Better Auth's blocked signup endpoint // Uses Better Auth's internal API to create the user properly
.post('/:token/accept', async ({ params, body, set }: { .post('/:token/accept', async ({ params, body, set }: {
params: { token: string }; params: { token: string };
body: { password: string; name?: string }; body: { password: string; name?: string };
@@ -72,32 +73,21 @@ export const inviteRoutes = new Elysia({ prefix: '/auth/invite' })
} }
try { try {
const now = new Date(); // Use Better Auth's internal API to create the user properly
const userId = crypto.randomUUID(); const result = await auth.api.signUpEmail({
const accountId = crypto.randomUUID(); body: {
const hashedPassword = await Bun.password.hash(body.password, { algorithm: 'bcrypt', cost: 10 });
// Create user record
await db.insert(users).values({
id: userId,
email: invite.email, email: invite.email,
password: body.password,
name: body.name || invite.name, name: body.name || invite.name,
role: invite.role, },
emailVerified: false,
createdAt: now,
updatedAt: now,
}); });
// Create credential account record (how Better Auth stores email/password) // Set the role from the invite
await db.insert(accounts).values({ if (invite.role && invite.role !== 'user') {
id: accountId, await db.update(users)
userId, .set({ role: invite.role })
accountId: userId, .where(eq(users.email, invite.email));
providerId: 'credential', }
password: hashedPassword,
createdAt: now,
updatedAt: now,
});
// Mark invite as accepted // Mark invite as accepted
await db.update(invites) await db.update(invites)
@@ -107,13 +97,14 @@ export const inviteRoutes = new Elysia({ prefix: '/auth/invite' })
return { return {
success: true, success: true,
user: { user: {
id: userId, id: result.user?.id,
email: invite.email, email: invite.email,
name: body.name || invite.name, name: body.name || invite.name,
role: invite.role, role: invite.role,
}, },
}; };
} catch (error: any) { } catch (error: any) {
console.error('Invite accept error:', error);
set.status = 400; set.status = 400;
throw new Error(error.message || 'Failed to create account'); throw new Error(error.message || 'Failed to create account');
} }