refactor(auth): localize admin auth and replace latest ranges

2026-02-10 12:49:59 +01:00
parent ba8abb3b1b
commit 24eca3e740
15 changed files with 81 additions and 132 deletions
--- a/apps/admin/package.json
+++ b/apps/admin/package.json
@@ -11,27 +11,27 @@
    "typecheck": "tsc -p tsconfig.json --noEmit"
  },
  "dependencies": {
-    "@cms/auth": "workspace:*",
    "@cms/content": "workspace:*",
    "@cms/db": "workspace:*",
    "@cms/ui": "workspace:*",
-    "@tanstack/react-form": "latest",
-    "@tanstack/react-query": "latest",
-    "@tanstack/react-query-devtools": "latest",
-    "@tanstack/react-table": "latest",
-    "next": "latest",
-    "react": "latest",
-    "react-dom": "latest",
-    "zustand": "latest"
+    "@tanstack/react-form": "1.28.0",
+    "@tanstack/react-query": "5.90.20",
+    "@tanstack/react-query-devtools": "5.91.3",
+    "@tanstack/react-table": "8.21.3",
+    "better-auth": "1.4.18",
+    "next": "16.1.6",
+    "react": "19.2.4",
+    "react-dom": "19.2.4",
+    "zustand": "5.0.11"
  },
  "devDependencies": {
    "@cms/config": "workspace:*",
-    "@biomejs/biome": "latest",
-    "@tailwindcss/postcss": "latest",
-    "@types/node": "latest",
-    "@types/react": "latest",
-    "@types/react-dom": "latest",
-    "tailwindcss": "latest",
-    "typescript": "latest"
+    "@biomejs/biome": "2.3.14",
+    "@tailwindcss/postcss": "4.1.18",
+    "@types/node": "25.2.2",
+    "@types/react": "19.2.13",
+    "@types/react-dom": "19.2.3",
+    "tailwindcss": "4.1.18",
+    "typescript": "5.9.3"
  }
 }
--- a/apps/admin/src/app/api/auth/[...all]/route.ts
+++ b/apps/admin/src/app/api/auth/[...all]/route.ts
@@ -1,3 +1,5 @@
-import { authRouteHandlers } from "@cms/auth/server"
+import { authRouteHandlers } from "@/lib/auth/server"
+
+export const runtime = "nodejs"

 export const { GET, POST, PATCH, PUT, DELETE } = authRouteHandlers
--- a/apps/admin/src/app/login/page.tsx
+++ b/apps/admin/src/app/login/page.tsx
@@ -1,7 +1,7 @@
-import { isAdminRegistrationEnabled } from "@cms/auth/server"
 import { redirect } from "next/navigation"

 import { resolveRoleFromServerContext } from "@/lib/access-server"
+import { isAdminRegistrationEnabled } from "@/lib/auth/server"

 import { LoginForm } from "./login-form"

--- a/apps/admin/src/lib/access-server.ts
+++ b/apps/admin/src/lib/access-server.ts
@@ -1,7 +1,9 @@
-import { auth, resolveRoleFromAuthSession } from "@cms/auth/server"
+import "server-only"
+
 import type { Role } from "@cms/content/rbac"
 import { cookies, headers } from "next/headers"

+import { auth, resolveRoleFromAuthSession } from "@/lib/auth/server"
 import { resolveDefaultRole, resolveRoleFromRawValue } from "./access"

 export async function resolveRoleFromServerContext(): Promise<Role | null> {
--- a/apps/admin/src/lib/auth/server.ts
+++ b/apps/admin/src/lib/auth/server.ts
@@ -1,3 +1,5 @@
+import "server-only"
+
 import { normalizeRole, type Role } from "@cms/content/rbac"
 import { db } from "@cms/db"
 import { betterAuth } from "better-auth"
--- a/apps/web/package.json
+++ b/apps/web/package.json
@@ -14,21 +14,21 @@
    "@cms/content": "workspace:*",
    "@cms/db": "workspace:*",
    "@cms/ui": "workspace:*",
-    "@tanstack/react-query": "latest",
-    "@tanstack/react-query-devtools": "latest",
-    "next": "latest",
-    "react": "latest",
-    "react-dom": "latest",
-    "zustand": "latest"
+    "@tanstack/react-query": "5.90.20",
+    "@tanstack/react-query-devtools": "5.91.3",
+    "next": "16.1.6",
+    "react": "19.2.4",
+    "react-dom": "19.2.4",
+    "zustand": "5.0.11"
  },
  "devDependencies": {
    "@cms/config": "workspace:*",
-    "@biomejs/biome": "latest",
-    "@tailwindcss/postcss": "latest",
-    "@types/node": "latest",
-    "@types/react": "latest",
-    "@types/react-dom": "latest",
-    "tailwindcss": "latest",
-    "typescript": "latest"
+    "@biomejs/biome": "2.3.14",
+    "@tailwindcss/postcss": "4.1.18",
+    "@types/node": "25.2.2",
+    "@types/react": "19.2.13",
+    "@types/react-dom": "19.2.3",
+    "tailwindcss": "4.1.18",
+    "typescript": "5.9.3"
  }
 }
--- a/bun.lock
+++ b/bun.lock
@@ -28,7 +28,6 @@
      "name": "@cms/admin",
      "version": "0.0.1",
      "dependencies": {
-        "@cms/auth": "workspace:*",
        "@cms/content": "workspace:*",
        "@cms/db": "workspace:*",
        "@cms/ui": "workspace:*",
@@ -36,6 +35,7 @@
        "@tanstack/react-query": "latest",
        "@tanstack/react-query-devtools": "latest",
        "@tanstack/react-table": "latest",
+        "better-auth": "1.4.18",
        "next": "latest",
        "react": "latest",
        "react-dom": "latest",
@@ -77,21 +77,6 @@
        "typescript": "latest",
      },
    },
-    "packages/auth": {
-      "name": "@cms/auth",
-      "version": "0.0.1",
-      "dependencies": {
-        "@cms/content": "workspace:*",
-        "@cms/db": "workspace:*",
-        "better-auth": "^1.4.18",
-      },
-      "devDependencies": {
-        "@biomejs/biome": "latest",
-        "@cms/config": "workspace:*",
-        "@types/node": "latest",
-        "typescript": "latest",
-      },
-    },
    "packages/config": {
      "name": "@cms/config",
      "version": "0.0.1",
@@ -123,7 +108,7 @@
        "@cms/config": "workspace:*",
        "@types/node": "latest",
        "@types/pg": "latest",
-        "better-auth": "^1.4.18",
+        "better-auth": "1.4.18",
        "prisma": "latest",
        "typescript": "latest",
      },
@@ -274,8 +259,6 @@

    "@cms/admin": ["@cms/admin@workspace:apps/admin"],

-    "@cms/auth": ["@cms/auth@workspace:packages/auth"],
-
    "@cms/config": ["@cms/config@workspace:packages/config"],

    "@cms/content": ["@cms/content@workspace:packages/content"],
--- a/docs/product-engineering/auth-baseline.md
+++ b/docs/product-engineering/auth-baseline.md
@@ -6,7 +6,7 @@ This baseline activates Better Auth for the admin app with email/password login

 Implemented in MVP0:

- Shared auth package: `@cms/auth`
+- Admin-local auth config: `apps/admin/src/lib/auth/server.ts`
 - Admin auth API routes: `apps/admin/src/app/api/auth/[...all]/route.ts`
 - Admin login page: `/login`
 - Prisma auth models (`user`, `session`, `account`, `verification`)
--- a/package.json
+++ b/package.json
@@ -40,22 +40,22 @@
    "docker:production:down": "docker compose -f docker-compose.production.yml down"
  },
  "devDependencies": {
-    "@playwright/test": "latest",
-    "@commitlint/cli": "latest",
-    "@commitlint/config-conventional": "latest",
-    "@testing-library/jest-dom": "latest",
-    "@testing-library/react": "latest",
-    "@testing-library/user-event": "latest",
-    "@vitejs/plugin-react": "latest",
-    "@vitest/coverage-istanbul": "latest",
-    "@biomejs/biome": "latest",
-    "jsdom": "latest",
-    "msw": "latest",
-    "conventional-changelog-cli": "latest",
-    "turbo": "latest",
-    "typescript": "latest",
-    "vitepress": "latest",
-    "vite-tsconfig-paths": "latest",
-    "vitest": "latest"
+    "@playwright/test": "1.58.2",
+    "@commitlint/cli": "20.4.1",
+    "@commitlint/config-conventional": "20.4.1",
+    "@testing-library/jest-dom": "6.9.1",
+    "@testing-library/react": "16.3.2",
+    "@testing-library/user-event": "14.6.1",
+    "@vitejs/plugin-react": "5.1.3",
+    "@vitest/coverage-istanbul": "4.0.18",
+    "@biomejs/biome": "2.3.14",
+    "jsdom": "28.0.0",
+    "msw": "2.12.9",
+    "conventional-changelog-cli": "5.0.0",
+    "turbo": "2.8.3",
+    "typescript": "5.9.3",
+    "vitepress": "1.6.4",
+    "vite-tsconfig-paths": "6.1.0",
+    "vitest": "4.0.18"
  }
 }
--- a/packages/auth/package.json
+++ b/packages/auth/package.json
@@ -1,25 +0,0 @@
-{
-  "name": "@cms/auth",
-  "version": "0.0.1",
-  "private": true,
-  "type": "module",
-  "exports": {
-    ".": "./src/index.ts",
-    "./server": "./src/server.ts"
-  },
-  "scripts": {
-    "lint": "biome check src",
-    "typecheck": "tsc -p tsconfig.json --noEmit"
-  },
-  "dependencies": {
-    "@cms/content": "workspace:*",
-    "@cms/db": "workspace:*",
-    "better-auth": "^1.4.18"
-  },
-  "devDependencies": {
-    "@cms/config": "workspace:*",
-    "@biomejs/biome": "latest",
-    "@types/node": "latest",
-    "typescript": "latest"
-  }
-}
--- a/packages/auth/src/index.ts
+++ b/packages/auth/src/index.ts
@@ -1,7 +0,0 @@
-export {
-  type AuthSession,
-  auth,
-  authRouteHandlers,
-  isAdminRegistrationEnabled,
-  resolveRoleFromAuthSession,
-} from "./server"
--- a/packages/auth/tsconfig.json
+++ b/packages/auth/tsconfig.json
@@ -1,8 +0,0 @@
-{
-  "extends": "@cms/config/tsconfig/base",
-  "compilerOptions": {
-    "noEmit": false,
-    "outDir": "dist"
-  },
-  "include": ["src/**/*.ts"]
-}
--- a/packages/content/package.json
+++ b/packages/content/package.json
@@ -13,11 +13,11 @@
    "typecheck": "tsc -p tsconfig.json --noEmit"
  },
  "dependencies": {
-    "zod": "latest"
+    "zod": "4.3.6"
  },
  "devDependencies": {
    "@cms/config": "workspace:*",
-    "@biomejs/biome": "latest",
-    "typescript": "latest"
+    "@biomejs/biome": "2.3.14",
+    "typescript": "5.9.3"
  }
 }
--- a/packages/db/package.json
+++ b/packages/db/package.json
@@ -10,7 +10,7 @@
    "build": "tsc -p tsconfig.json",
    "lint": "biome check src prisma/seed.ts",
    "typecheck": "tsc -p tsconfig.json --noEmit",
-    "db:auth:generate": "mkdir -p prisma/generated && set -a && . ../../.env && set +a && bunx @better-auth/cli@latest generate --config prisma/better-auth.config.ts --output prisma/generated/better-auth.prisma --yes",
+    "db:auth:generate": "mkdir -p prisma/generated && set -a && . ../../.env && set +a && bunx @better-auth/cli@1.4.18 generate --config prisma/better-auth.config.ts --output prisma/generated/better-auth.prisma --yes",
    "db:generate": "bun --env-file=../../.env prisma generate",
    "db:migrate": "bun --env-file=../../.env prisma migrate dev --name init",
    "db:migrate:named": "bun --env-file=../../.env prisma migrate dev",
@@ -20,19 +20,19 @@
  },
  "dependencies": {
    "@cms/content": "workspace:*",
-    "@prisma/adapter-pg": "latest",
-    "@prisma/client": "latest",
-    "pg": "latest",
-    "zod": "latest"
+    "@prisma/adapter-pg": "7.3.0",
+    "@prisma/client": "7.3.0",
+    "pg": "8.18.0",
+    "zod": "4.3.6"
  },
  "devDependencies": {
    "@cms/config": "workspace:*",
-    "@biomejs/biome": "latest",
-    "@types/node": "latest",
-    "@types/pg": "latest",
-    "better-auth": "^1.4.18",
-    "prisma": "latest",
-    "typescript": "latest"
+    "@biomejs/biome": "2.3.14",
+    "@types/node": "25.2.2",
+    "@types/pg": "8.16.0",
+    "better-auth": "1.4.18",
+    "prisma": "7.3.0",
+    "typescript": "5.9.3"
  },
  "prisma": {
    "seed": "bun --env-file=../../.env prisma/seed.ts"
--- a/packages/ui/package.json
+++ b/packages/ui/package.json
@@ -14,19 +14,19 @@
    "typecheck": "tsc -p tsconfig.json --noEmit"
  },
  "dependencies": {
-    "class-variance-authority": "latest",
-    "clsx": "latest",
-    "tailwind-merge": "latest"
+    "class-variance-authority": "0.7.1",
+    "clsx": "2.1.1",
+    "tailwind-merge": "3.4.0"
  },
  "peerDependencies": {
-    "react": "latest",
-    "react-dom": "latest"
+    "react": "19.2.4",
+    "react-dom": "19.2.4"
  },
  "devDependencies": {
    "@cms/config": "workspace:*",
-    "@biomejs/biome": "latest",
-    "@types/react": "latest",
-    "@types/react-dom": "latest",
-    "typescript": "latest"
+    "@biomejs/biome": "2.3.14",
+    "@types/react": "19.2.13",
+    "@types/react-dom": "19.2.3",
+    "typescript": "5.9.3"
  }
 }