Auth overview

ShipFree uses Better-Auth with a Drizzle adapter, email OTP, and optional social providers.

Key files

src/lib/auth/auth.ts for the server-side auth configuration
src/lib/auth/auth-client.ts for client-side helpers
src/app/api/auth/[...all]/route.ts for Next.js route handlers

Email OTP flow

Email OTP is enabled through Better-Auth plugins and uses the email system for delivery.

OTP length is 6 digits
OTP expires after 15 minutes
OTP emails go through sendEmail in src/lib/messaging/email

Email verification

EMAIL_VERIFICATION_ENABLED toggles email verification enforcement. When verification succeeds, a welcome email is sent through src/components/emails.

If no email provider is configured, OTPs will be logged to the server console by the log provider.

Sessions

Session settings are in src/lib/auth/auth.ts:

30-day session expiry
24-hour refresh interval
1-hour fresh age

Get started

Core

Guides

Premium

Auth Overview

Auth overview

Key files

Email OTP flow

Email verification

Sessions

Get started

Core

Guides

Premium

​Auth overview

​Key files

​Email OTP flow

​Email verification

​Sessions

Auth overview

Key files

Email OTP flow

Email verification

Sessions