Merge pull request #104 from daveyplate/organizations

Organizations + v2.0.0 Refactor

Author: daveycodez

.cursor/rules/instructions.mdc

@@ -5,4 +5,8 @@ alwaysApply: true
 ---
 Always search the codebase for relevant files and do research before you begin a task.
 
-Never hard code strings, always check AuthLocalization and add it as needed.
+Never hard code strings, always check AuthLocalization and add it as needed.
+
+Icons in Buttons don't need size or Margin it's handled automatically by our shadcn Button component.
+
+Don't run type checks in terminal or create temporary test files.

biome.json

@@ -11,14 +11,12 @@
     },
     "formatter": {
         "indentStyle": "space",
-        "indentWidth": 4,
-        "lineWidth": 100
+        "indentWidth": 4
     },
     "linter": {
         "rules": {
             "a11y": {
-                "noSvgWithoutTitle": "off",
-                "useGenericFontNames": "off"
+                "noSvgWithoutTitle": "off"
             },
             "suspicious": {
                 "noArrayIndexKey": "off",

docs/app/(docs)/[[...slug]]/page.tsx

@@ -3,7 +3,12 @@ import { AutoTypeTable } from "fumadocs-typescript/ui"
 
 import { Tab, Tabs } from "fumadocs-ui/components/tabs"
 import defaultMdxComponents from "fumadocs-ui/mdx"
-import { DocsBody, DocsDescription, DocsPage, DocsTitle } from "fumadocs-ui/page"
+import {
+    DocsBody,
+    DocsDescription,
+    DocsPage,
+    DocsTitle
+} from "fumadocs-ui/page"
 import { notFound } from "next/navigation"
 
 import { source } from "@/lib/source"

docs/app/favicon.ico

@@ -14,14 +14,17 @@ export const metadata = createMetadata({
         template: "%s | Better Auth UI",
         default: "Better Auth UI"
     },
-    description: "UI components for the most comprehensive authentication library for TypeScript.",
+    description:
+        "UI components for the most comprehensive authentication library for TypeScript.",
     metadataBase: baseUrl
 })
 
 export default function Layout({ children }: { children: ReactNode }) {
     return (
         <html lang="en" suppressHydrationWarning>
-            <body className={`${geistSans.className} flex min-h-screen flex-col antialiased`}>
+            <body
+                className={`${geistSans.className} flex min-h-screen flex-col antialiased`}
+            >
                 <RootProvider
                     search={{
                         options: {

docs/app/layout.tsx

@@ -30,8 +30,12 @@ You may use `additionalFields` to define extra fields required during signup or
       validate: (value: string) => parseInt(value) >= 18
     }
   }}
-  settingsFields={["company", "age"]}
-  signUpFields={["company", "age"]}
+  settings={{
+    fields: ["company", "age"]
+  }}
+  signUp={{
+    fields: ["company", "age"]
+  }}
 >
   {children}
 </AuthUIProvider>

docs/content/docs/advanced/additional-fields.mdx

@@ -0,0 +1,221 @@
+---
+title: API Keys
+---
+
+API Keys provide a secure way for applications and services to authenticate with your API programmatically. Better Auth UI includes a complete API key management system with creation, expiration, and revocation capabilities.
+
+## Overview
+
+The API key system provides:
+
+- **Secure Generation**: Cryptographically secure key generation
+- **Expiration Management**: Set expiration dates for keys
+- **Custom Prefixes**: Add custom prefixes to identify key types
+- **Metadata Support**: Attach metadata to keys for tracking
+- **One-Time Display**: Keys are shown only once after creation
+- **Secure Storage**: Keys are hashed before storage
+
+## Enabling API Keys
+
+To enable API keys, configure the `apiKey` prop in your `AuthUIProvider`:
+
+```tsx title="providers.tsx"
+<AuthUIProvider
+  authClient={authClient}
+  apiKey={true} // Simple enable
+>
+  {children}
+</AuthUIProvider>
+```
+
+### Advanced Configuration
+
+```tsx title="providers.tsx"
+<AuthUIProvider
+  authClient={authClient}
+  apiKey={{
+    prefix: "app_",  // Custom prefix for all keys
+    metadata: {      // Default metadata for new keys
+      environment: "production",
+      version: "v1"
+    }
+  }}
+>
+  {children}
+</AuthUIProvider>
+```
+
+## Key Components
+
+### APIKeysCard
+
+The main component for managing API keys:
+
+```tsx
+import { APIKeysCard } from '@daveyplate/better-auth-ui'
+
+<APIKeysCard />
+```
+
+### In SettingsCards
+
+API keys automatically appear in settings when enabled:
+
+```tsx
+import { SettingsCards } from '@daveyplate/better-auth-ui'
+
+// Shows API keys management when view="API_KEYS"
+<SettingsCards view="API_KEYS" />
+```
+
+## API Key Structure
+
+Generated API keys follow this structure:
+```
+[prefix][random_string]
+```
+
+Example: `app_sk_live_a1b2c3d4e5f6g7h8i9j0`
+
+## Using API Keys
+
+### Client-Side Generation
+
+```tsx
+const { authClient } = useContext(AuthUIContext)
+
+// Create a new API key
+const { key } = await authClient.apiKey.create({
+  name: "Production API Key",
+  expiresIn: 30 * 24 * 60 * 60, // 30 days in seconds
+  prefix: "prod_",
+  metadata: {
+    service: "payment-processor"
+  }
+})
+
+console.log(key) // This is the only time you'll see the full key
+```
+
+### Server-Side Validation
+
+```ts
+// In your API endpoint
+import { auth } from '@/lib/auth'
+
+export async function POST(request: Request) {
+  const apiKey = request.headers.get('x-api-key')
+  
+  if (!apiKey) {
+    return new Response('API key required', { status: 401 })
+  }
+  
+  const session = await auth.api.validateAPIKey({
+    apiKey
+  })
+  
+  if (!session) {
+    return new Response('Invalid API key', { status: 401 })
+  }
+  
+  // Access user and metadata
+  console.log(session.user)
+  console.log(session.apiKey.metadata)
+  
+  // Process request...
+}
+```
+
+## Security Features
+
+### One-Time Display
+- Keys are shown in full only once after creation
+- Users must copy the key immediately
+- Lost keys cannot be recovered
+
+### Secure Storage
+- Keys are hashed using bcrypt before storage
+- Original keys are never stored in the database
+- Only the first few characters are stored for identification
+
+### Expiration
+- Keys can have expiration dates
+- Expired keys are automatically rejected
+- No expiration option available for long-lived keys
+
+## Best Practices
+
+1. **Naming Convention**
+   ```
+   "Production - Payment Service"
+   "Development - Local Testing"
+   "CI/CD - GitHub Actions"
+   ```
+
+2. **Expiration Policy**
+   - Development keys: 7-30 days
+   - Production keys: 90-365 days
+   - CI/CD keys: No expiration with rotation
+
+3. **Key Rotation**
+   - Rotate production keys every 90 days
+   - Implement overlap period for smooth transition
+   - Log key usage for audit trails
+
+4. **Access Control**
+   - Limit who can create API keys
+   - Log all key operations
+   - Monitor key usage patterns
+
+5. **Environment Separation**
+   ```tsx
+   apiKey={{
+     prefix: process.env.NODE_ENV === 'production' ? 'pk_' : 'sk_test_'
+   }}
+   ```
+
+## Metadata Usage
+
+Attach metadata to track key usage:
+
+```tsx
+await authClient.apiKey.create({
+  name: "Analytics Service",
+  metadata: {
+    service: "analytics",
+    environment: "production",
+    permissions: ["read:analytics", "write:reports"],
+    rateLimit: 1000
+  }
+})
+```
+
+## Rate Limiting
+
+Implement rate limiting based on metadata:
+
+```ts
+// Server-side
+const session = await auth.api.validateAPIKey({ apiKey })
+const rateLimit = session.apiKey.metadata.rateLimit || 100
+
+// Apply rate limiting logic
+```
+
+## Monitoring
+
+Track API key usage:
+
+1. **Usage Metrics**: Track requests per key
+2. **Error Rates**: Monitor failed authentications
+3. **Expiration Alerts**: Notify before keys expire
+4. **Anomaly Detection**: Detect unusual usage patterns
+
+## Error Handling
+
+Common API key errors:
+
+- `API_KEY_INVALID`: Key doesn't exist or is malformed
+- `API_KEY_EXPIRED`: Key has passed expiration date
+- `API_KEY_REVOKED`: Key has been manually revoked
+- `API_KEY_RATE_LIMITED`: Key has exceeded rate limits 

docs/content/docs/advanced/api-keys.mdx

@@ -28,13 +28,13 @@ export function Providers({ children }: { children: React.ReactNode }) {
             onSessionChange={() => router.refresh()}
             Link={Link}
             viewPaths={{
-                signIn: "login",
-                signOut: "logout",
-                signUp: "register",
-                forgotPassword: "forgot",
-                resetPassword: "reset",
-                magicLink: "magic",
-                settings: "config"
+                SIGN_IN: "login",
+                SIGN_OUT: "logout",
+                SIGN_UP: "register",
+                FORGOT_PASSWORD: "forgot",
+                RESET_PASSWORD: "reset",
+                MAGIC_LINK: "magic",
+                SETTINGS: "config"
             }}
         >
             {children}
@@ -68,13 +68,13 @@ import { authViewPaths } from "@daveyplate/better-auth-ui/server"
 export function generateStaticParams() {
     return Object.values({
         ...authViewPaths,
-        signIn: "login",
-        signOut: "logout",
-        signUp: "register",
-        forgotPassword: "forgot",
-        resetPassword: "reset",
-        magicLink: "magic",
-        settings: "config"
+        SIGN_IN: "login",
+        SIGN_OUT: "logout",
+        SIGN_UP: "register",
+        FORGOT_PASSWORD: "forgot",
+        RESET_PASSWORD: "reset",
+        MAGIC_LINK: "magic",
+        SETTINGS: "config"
     }).map((pathname) => ({ pathname }))
 }
 

docs/content/docs/advanced/custom-auth-paths.mdx

@@ -14,13 +14,13 @@ You have two primary ways to create a custom settings page experience:
 1. Use the built-in plug-and-play `<SettingsCards />` component on your custom route.
 2. Selectively import and use individual components to build your own specific settings page layout.
 
-## Step 1: Setting `settingsURL`
+## Step 1: Setting `settings.url`
 
 To override the default built-in settings page URL (`/auth/settings`) with your custom URL (example: `/dashboard/settings`):
 
 ### With AuthUIProvider:
 
-Set the `settingsURL` prop within your main application provider:
+Set the `settings.url` prop within your main application provider:
 
 ```tsx title="app/providers.tsx"
 "use client"
@@ -39,7 +39,9 @@ export function Providers({ children }: { children: React.ReactNode }) {
             navigate={router.push}
             replace={router.replace}
             onSessionChange={() => router.refresh()}
-            settingsURL="/dashboard/settings" // Your custom settings route
+            settings={{
+                url: "/dashboard/settings" // Your custom settings route
+            }}
             Link={Link}
         >
             {children}
@@ -48,7 +50,7 @@ export function Providers({ children }: { children: React.ReactNode }) {
 }
 ```
 
-> **Important**: Once `settingsURL` is set, the built-in `/auth/settings` route will automatically redirect users visiting `/auth/settings` to your custom path, providing a seamless replacement of the default option.
+> **Important**: Once `settings.url` is set, the built-in `/auth/settings` route will automatically redirect users visiting `/auth/settings` to your custom path, providing a seamless replacement of the default option.
 
 ## Step 2: Implementing Custom Settings UI
 
@@ -162,8 +164,10 @@ This example assumes `additionalFields` are configured via your `<AuthUIProvider
             type: "number"
         }
     }}
-    settingsFields={["age"]}
-    settingsURL="/dashboard/settings"
+    settings={{
+        fields: ["age"],
+        url: "/dashboard/settings"
+    }}
 >
     {children}
 </AuthUIProvider>