chore: update @better-auth/sso and better-auth to version 1.5.0-beta.16; rename session_temp table to session and adjust related constraints; add new SQL migration for session table; implement getTrustedProviders function for dynamic provider retrieval

packages/server/package.json

@@ -44,13 +44,13 @@
     "@oslojs/crypto": "1.0.1",
     "@oslojs/encoding": "1.1.0",
     "@react-email/components": "^0.0.21",
-    "@better-auth/sso": "1.4.18",
+    "@better-auth/sso": "1.5.0-beta.16",
     "@trpc/server": "^10.45.2",
     "adm-zip": "^0.5.16",
     "ai": "^6.0.86",
     "ai-sdk-ollama": "^3.7.0",
     "bcrypt": "5.1.1",
-    "better-auth": "1.4.18",
+    "better-auth": "1.5.0-beta.16",
     "bl": "6.0.11",
     "boxen": "^7.1.1",
     "date-fns": "3.6.0",

packages/server/src/db/schema/session.ts

@@ -2,7 +2,7 @@ import { pgTable, text, timestamp } from "drizzle-orm/pg-core";
 import { user } from "./user";
 
 // OLD TABLE
-export const session = pgTable("session_temp", {
+export const session = pgTable("session", {
 	id: text("id").primaryKey(),
 	expiresAt: timestamp("expires_at").notNull(),
 	token: text("token").notNull().unique(),

packages/server/src/lib/auth.ts

@@ -9,7 +9,11 @@ import { and, desc, eq } from "drizzle-orm";
 import { BETTER_AUTH_SECRET, IS_CLOUD } from "../constants";
 import { db } from "../db";
 import * as schema from "../db/schema";
-import { getTrustedOrigins, getUserByToken } from "../services/admin";
+import {
+	getTrustedOrigins,
+	getTrustedProviders,
+	getUserByToken,
+} from "../services/admin";
 import {
 	getWebServerSettings,
 	updateWebServerSettings,
@@ -18,8 +22,6 @@ import { getHubSpotUTK, submitToHubSpot } from "../utils/tracking/hubspot";
 import { sendEmail } from "../verification/send-verification-email";
 import { getPublicIpWithFallback } from "../wss/utils";
 
-const trustedProviders = process.env?.TRUSTED_PROVIDERS?.split(",") || [];
-
 const { handler, api } = betterAuth({
 	database: drizzleAdapter(db, {
 		provider: "pg",
@@ -49,7 +51,10 @@ const { handler, api } = betterAuth({
 	account: {
 		accountLinking: {
 			enabled: true,
-			trustedProviders: ["github", "google", ...(trustedProviders || [])],
+			async trustedProviders() {
+				const fromDb = await getTrustedProviders();
+				return ["github", "google", ...fromDb];
+			},
 			allowDifferentEmails: true,
 		},
 	},
@@ -228,6 +233,7 @@ const { handler, api } = betterAuth({
 								message: "Provider not found",
 							});
 						}
+						console.log("provider", provider);
 						await db.insert(schema.member).values({
 							userId: user.id,
 							organizationId: provider?.organizationId || "",
@@ -460,11 +466,16 @@ export const validateRequest = async (request: IncomingMessage) => {
 		const member = await db.query.member.findFirst({
 			where: and(
 				eq(schema.member.userId, session.user.id),
-				eq(
-					schema.member.organizationId,
-					session.session.activeOrganizationId || "",
-				),
+				...(session.session.activeOrganizationId
+					? [
+							eq(
+								schema.member.organizationId,
+								session.session.activeOrganizationId || "",
+							),
+						]
+					: []),
 			),
+			orderBy: [desc(schema.member.isDefault), desc(schema.member.createdAt)],
 			with: {
 				organization: true,
 				user: true,
@@ -476,6 +487,7 @@ export const validateRequest = async (request: IncomingMessage) => {
 			member?.user.enableEnterpriseFeatures || false;
 		session.user.isValidEnterpriseLicense =
 			member?.user.isValidEnterpriseLicense || false;
+		session.session.activeOrganizationId = member?.organization.id || "";
 		if (member) {
 			session.user.ownerId = member.organization.ownerId;
 		} else {

packages/server/src/services/admin.ts

@@ -135,3 +135,12 @@ export const getTrustedOrigins = async () => {
 
 	return Array.from(new Set(trustedOrigins));
 };
+
+export const getTrustedProviders = async () => {
+	try {
+		const providers = await db.query.ssoProvider.findMany();
+		return providers.map((provider) => provider.providerId);
+	} catch (error) {
+		return [];
+	}
+};