Skip to main content

Auth System

Stocks Signalist uses Better Auth for authentication, supporting both traditional email/password and passwordless magic link sign-in.

Sign-In Methods

Email & Password

Traditional sign-up with email verification. Users must verify their email before signing in (production only).

Magic Link

Passwordless one-click authentication via email. Links expire in 5 minutes.

Features

Email Verification

  • Development: Disabled — users auto sign-in after signup, verification URLs logged to console
  • Production: Required — emails sent via Nodemailer with 24-hour token expiration
See Email Verification for the full flow.

Password Reset

  • Users request a reset via email
  • Secure token-based flow with 1-hour expiration
  • In development, reset URLs are logged to console

Session Management

  • Secure session handling with HTTP-only cookies
  • Managed by Better Auth via the nextCookies() plugin
  • Sessions stored in the session MongoDB collection

Configuration

Authentication is configured in lib/better-auth/auth.ts: 
import { betterAuth } from "better-auth";
import { nextCookies } from "better-auth/next-js";
import { magicLink } from "better-auth/plugins";

export const auth = betterAuth({
  database: { /* MongoDB config */ },
  emailAndPassword: {
    enabled: true,
    requireEmailVerification: process.env.NODE_ENV === "production",
  },
  plugins: [
    nextCookies(),
    magicLink({ expiresIn: 60 * 5 }),
  ],
});
The client is set up in lib/auth-client.ts: 
import { createAuthClient } from "better-auth/client";
import { magicLinkClient } from "better-auth/client/plugins";

export const authClient = createAuthClient({
  baseURL: process.env.NEXT_PUBLIC_BASE_URL || "http://localhost:3000",
  plugins: [magicLinkClient()],
});

Database Collections

Better Auth creates these collections automatically (all singular names):
CollectionPurpose
userUser accounts with emailVerified flag
accountLinked auth providers
sessionActive sessions
verificationEphemeral tokens (verification, reset, magic link)