> ## Documentation Index
> Fetch the complete documentation index at: https://shipfree.revoks.dev/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Auth Overview

> Better-Auth setup, session handling, and email OTP flows.

# Auth overview

ShipFree uses Better-Auth with a Drizzle adapter, email OTP, and optional social providers.

## Key files

* `src/lib/auth/auth.ts` for the server-side auth configuration
* `src/lib/auth/auth-client.ts` for client-side helpers
* `src/app/api/auth/[...all]/route.ts` for Next.js route handlers

## Email OTP flow

Email OTP is enabled through Better-Auth plugins and uses the email system for delivery.

* OTP length is 6 digits
* OTP expires after 15 minutes
* OTP emails go through `sendEmail` in `src/lib/messaging/email`

## Email verification

`EMAIL_VERIFICATION_ENABLED` toggles email verification enforcement. When verification succeeds, a welcome email is sent through `src/components/emails`.

<Info>
  If no email provider is configured, OTPs will be logged to the server console by the log provider.
</Info>

## Sessions

Session settings are in `src/lib/auth/auth.ts`:

* 30-day session expiry
* 24-hour refresh interval
* 1-hour fresh age
