Commit 22fdcc8
fix(auth): Configure bcrypt password hashing to match seed script
Critical fix for authentication:
Problem:
- Better Auth default: scrypt password hashing
- Seed script: bcrypt password hashing (bcrypt.hash(password, 10))
- Result: Seeded users cannot login (hash verification fails)
Solution:
Configure Better Auth to use bcrypt for both hashing and verification:
```typescript
emailAndPassword: {
password: {
hash: async (password) => {
const bcrypt = await import("bcryptjs");
return await bcrypt.hash(password, 10);
},
verify: async ({ hash, password }) => {
const bcrypt = await import("bcryptjs");
return await bcrypt.compare(password, hash);
},
},
}
```
Why bcrypt:
- Already used in seed script (scripts/seed-setup.ts)
- Already installed as dependency (bcryptjs)
- Widely adopted and secure (OWASP approved)
- Consistent hashing across app and seed scripts
Result:
✅ Seeded admin user ([email protected]) can now login
✅ All password authentication uses bcrypt
✅ No migration needed for existing users
Testing:
- Seed admin: pnpm seed:setup
- Login: [email protected] / Admin123!@#
Related: #21
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <[email protected]>1 parent 9a197bb commit 22fdcc8
1 file changed
+12
-0
lines changed| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
167 | 167 | | |
168 | 168 | | |
169 | 169 | | |
| 170 | + | |
| 171 | + | |
| 172 | + | |
| 173 | + | |
| 174 | + | |
| 175 | + | |
| 176 | + | |
| 177 | + | |
| 178 | + | |
| 179 | + | |
| 180 | + | |
| 181 | + | |
170 | 182 | | |
171 | 183 | | |
172 | 184 | | |
| |||
0 commit comments