louislam · louislam · Oct 25, 2025 · Oct 28, 2025 · Nov 5, 2025 · Nov 9, 2025
diff --git a/.eslintrc.js b/.eslintrc.js
@@ -162,6 +162,8 @@ module.exports = {
                 "jsdoc/require-param-type": "off",
                 "@typescript-eslint/no-explicit-any": "off",
                 "prefer-const": "off",
+                "@typescript-eslint/no-unused-vars": "warn",
+                "eqeqeq": "off",
             }
         }
     ]

diff --git a/db/knex_migrations/2025-10-29-0000-better-auth.js b/db/knex_migrations/2025-10-29-0000-better-auth.js
@@ -0,0 +1,56 @@
+/*
+ * The schema from: https://www.better-auth.com/docs/concepts/database#core-schema
+ */
+exports.up = function (knex) {
+    return knex.schema
+        .createTable("better_auth_user", (t) => {
+            t.string("id").primary();
+            t.string("name").notNullable();
+            t.string("email").notNullable();
+            t.boolean("emailVerified").notNullable();
+            t.string("image");
+            t.timestamp("createdAt").notNullable();
+            t.timestamp("updatedAt").notNullable();
+        })
+        .createTable("better_auth_session", (t) => {
+            t.string("id").primary();
+            t.string("userId").notNullable().references("id").inTable("user");
+            t.string("token").notNullable();
+            t.timestamp("expiresAt").notNullable();
+            t.string("ipAddress");
+            t.string("userAgent");
+            t.timestamp("createdAt").notNullable();
+            t.timestamp("updatedAt").notNullable();
+        })
+        .createTable("better_auth_account", (t) => {
+            t.string("id").primary();
+            t.string("userId").notNullable().references("id").inTable("user");
+            t.string("accountId").notNullable();
+            t.string("providerId").notNullable();
+            t.string("accessToken");
+            t.string("refreshToken");
+            t.timestamp("accessTokenExpiresAt");
+            t.timestamp("refreshTokenExpiresAt");
+            t.string("scope");
+            t.string("idToken");
+            t.string("password");
+            t.timestamp("createdAt").notNullable();
+            t.timestamp("updatedAt").notNullable();
+        })
+        .createTable("better_auth_verification", (t) => {
+            t.string("id").primary();
+            t.string("identifier").notNullable();
+            t.string("value").notNullable();
+            t.timestamp("expiresAt").notNullable();
+            t.timestamp("createdAt").notNullable();
+            t.timestamp("updatedAt").notNullable();
+        });
+};
+
+exports.down = function (knex) {
+    return knex.schema
+        .dropTableIfExists("better_auth_verification")
+        .dropTableIfExists("better_auth_account")
+        .dropTableIfExists("better_auth_session")
+        .dropTableIfExists("better_auth_user");
+};
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -71,6 +71,7 @@
         "axios": "~0.30.0",
         "badge-maker": "~3.3.1",
         "bcryptjs": "~2.4.3",
+        "better-auth": "~1.4.0-beta.18",
         "chardet": "~1.4.0",
         "check-password-strength": "^2.0.5",
         "cheerio": "~1.0.0-rc.12",

diff --git a/server/better-auth.ts b/server/better-auth.ts
@@ -0,0 +1,55 @@
+import { betterAuth } from "better-auth";
+import { DatabaseSync } from "node:sqlite";
+import * as Database from "./database.js";
+import { genSecret, log } from "../src/util";
+import { createPool } from "mysql2/promise";
+
+// Check if Database.initDataDir() has been called before using this function
+if (!Database.dataDir) {
+    throw new Error("Database data directory is not initialized. Please call Database.initDataDir() before using auth.");
+}
+
+let database: DatabaseSync;
+
+// Better Auth is not supported with knex, so we need to create a separate connection here
+if (Database.dbConfig.type == "sqlite") {
+    log.debug("better-auth", "Initializing better-auth with SQLite database at", Database.sqlitePath);
+    database = new DatabaseSync(Database.sqlitePath);
+
+} else if (Database.dbConfig.type == "mariadb") {
+
+    // TODO
+
+} else if (Database.dbConfig.type == "embedded-mariadb") {
+    log.debug("better-auth", "Initializing better-auth with MariaDB database");
+
+    // TODO
+
+}
+
+export const auth = betterAuth({
+    database,
+    secret: getAuthSecret(),
+    trustedOrigins: [ "*" ],
+    emailAndPassword: {
+        enabled: true,
+    },
+});
+
+/**
+ * Get the authentication secret for better-auth
+ * @returns The authentication secret
+ */
+export function getAuthSecret() {
+    const env = process.env.UPTIME_KUMA_AUTH_SECRET;
+    if (env) {
+        return env;
+    }
+
+    if (!Database.dbConfig.authSecret) {
+        Database.dbConfig.authSecret = genSecret();
+        Database.writeDBConfig(Database.dbConfig);
+    }
+
+    return Database.dbConfig.authSecret;
+}
diff --git a/server/server.js b/server/server.js
@@ -188,6 +188,9 @@
         process.exit(1);
     }
 
+    // Init Better Auth
+    const { auth } = await import("./better-auth");
+
     // Database should be ready now
     await server.initAfterDatabaseReady();
     server.entryPage = await Settings.get("entryPage");

diff --git a/src/util.ts b/src/util.ts
@@ -242,7 +242,7 @@ class Logger {
      * @param msg Message to write
      * @returns {void}
      */
-    log(module: string, level: string, ...msg: unknown[]) {
+    private log(module: string, level: string, ...msg: unknown[]) {
         if (level === "DEBUG" && !isDev) {
             return;
         }