43 lines
1.4 KiB
Markdown
43 lines
1.4 KiB
Markdown
---
|
|
id: TASK-3
|
|
title: Add Better Auth admin authentication
|
|
status: To Do
|
|
assignee: []
|
|
created_date: '2026-06-03 19:12'
|
|
labels:
|
|
- mvp
|
|
- auth
|
|
- security
|
|
dependencies:
|
|
- TASK-2
|
|
references:
|
|
- PRD.md
|
|
priority: high
|
|
ordinal: 3000
|
|
---
|
|
|
|
## Description
|
|
|
|
<!-- SECTION:DESCRIPTION:BEGIN -->
|
|
Add the MVP authentication layer using Better Auth with Convex integration. The MVP is single-user focused: one admin user protects the dashboard while public audit pages remain accessible without login according to their publication status.
|
|
<!-- SECTION:DESCRIPTION:END -->
|
|
|
|
## Acceptance Criteria
|
|
<!-- AC:BEGIN -->
|
|
- [ ] #1 Better Auth is integrated with Convex and the Next.js app
|
|
- [ ] #2 Email/password login protects all internal dashboard routes
|
|
- [ ] #3 Public audit routes remain accessible without dashboard authentication
|
|
- [ ] #4 Session handling survives refreshes and rejects unauthenticated dashboard access
|
|
- [ ] #5 Password-change or admin-account maintenance path is available or explicitly documented for MVP operation
|
|
<!-- AC:END -->
|
|
|
|
## Implementation Plan
|
|
|
|
<!-- SECTION:PLAN:BEGIN -->
|
|
1. Install and configure Better Auth with Convex integration.
|
|
2. Add login/logout flows using shadcn-compatible UI.
|
|
3. Protect dashboard route groups with server-side/session checks.
|
|
4. Keep public audit pages outside the protected route boundary.
|
|
5. Test authenticated, unauthenticated, and logout flows.
|
|
<!-- SECTION:PLAN:END -->
|