19 replies

Server side validation

Docs are showing examples of implementation of betterAuth using auth-client, which is great, simple, with callbacks to handle errors, etc. BUT it allows only for client side validation which is NOT SECURE as you can bypass it easily and harm server, db, etc. How do I add server side validation of all the fields for signUp/SignIn? I know I can use auth.api.(whatever) but then I need to handle all the errors and other stuff by myself. Am I missing something? Does betterAuth library makes some server side validation internally? Or I have to choose between simplicity of implementation and security ? Thank you

Solution

you can use try catch if u want -

import { APIError } from "better-auth/api";

try {
  const result = await auth.api.signInEmail({
    body: {
      email: "user@example.com",
      password: "password"
    }
  });
    
} catch (error) {
  if (error instanceof APIError) {
    switch (error.status) {
      case 429: // Too Many Requests
        console.error("Rate limit exceeded. Please try again later.");
        break;
        
      case 401: // Unauthorized
        console.error("Invalid credentials");
        break;
        
      case 403: // Forbidden
        console.error("Access denied");
        break;
        
      case "BAD_REQUEST":
        console.error(error.message);
        break;
        
      case "USER_NOT_FOUND":
        console.error("User not found");
        break;
        
      case "INVALID_EMAIL":
        console.error("Invalid email format");
        break;
        
      case "PASSWORD_TOO_SHORT":
      case "PASSWORD_TOO_LONG":
        console.error(error.message);
        break;
        
      default:
         console.error("An unexpected error occurred");
    }
  } else {
    console.error("An unexpected error occurred", error);
  }
}

import { APIError } from "better-auth/api";

try {
  const result = await auth.api.signInEmail({
    body: {
      email: "user@example.com",
      password: "password"
    }
  });
    
} catch (error) {
  if (error instanceof APIError) {
    switch (error.status) {
      case 429: // Too Many Requests
        console.error("Rate limit exceeded. Please try again later.");
        break;
        
      case 401: // Unauthorized
        console.error("Invalid credentials");
        break;
        
      case 403: // Forbidden
        console.error("Access denied");
        break;
        
      case "BAD_REQUEST":
        console.error(error.message);
        break;
        
      case "USER_NOT_FOUND":
        console.error("User not found");
        break;
        
      case "INVALID_EMAIL":
        console.error("Invalid email format");
        break;
        
      case "PASSWORD_TOO_SHORT":
      case "PASSWORD_TOO_LONG":
        console.error(error.message);
        break;
        
      default:
         console.error("An unexpected error occurred");
    }
  } else {
    console.error("An unexpected error occurred", error);
  }
}

Jump to solution

Server side validation

Solution

you can use try catch if u want -

import { APIError } from "better-auth/api";

try {
  const result = await auth.api.signInEmail({
    body: {
      email: "user@example.com",
      password: "password"
    }
  });
    
} catch (error) {
  if (error instanceof APIError) {
    switch (error.status) {
      case 429: // Too Many Requests
        console.error("Rate limit exceeded. Please try again later.");
        break;
        
      case 401: // Unauthorized
        console.error("Invalid credentials");
        break;
        
      case 403: // Forbidden
        console.error("Access denied");
        break;
        
      case "BAD_REQUEST":
        console.error(error.message);
        break;
        
      case "USER_NOT_FOUND":
        console.error("User not found");
        break;
        
      case "INVALID_EMAIL":
        console.error("Invalid email format");
        break;
        
      case "PASSWORD_TOO_SHORT":
      case "PASSWORD_TOO_LONG":
        console.error(error.message);
        break;
        
      default:
         console.error("An unexpected error occurred");
    }
  } else {
    console.error("An unexpected error occurred", error);
  }
}

import { APIError } from "better-auth/api";

try {
  const result = await auth.api.signInEmail({
    body: {
      email: "user@example.com",
      password: "password"
    }
  });
    
} catch (error) {
  if (error instanceof APIError) {
    switch (error.status) {
      case 429: // Too Many Requests
        console.error("Rate limit exceeded. Please try again later.");
        break;
        
      case 401: // Unauthorized
        console.error("Invalid credentials");
        break;
        
      case 403: // Forbidden
        console.error("Access denied");
        break;
        
      case "BAD_REQUEST":
        console.error(error.message);
        break;
        
      case "USER_NOT_FOUND":
        console.error("User not found");
        break;
        
      case "INVALID_EMAIL":
        console.error("Invalid email format");
        break;
        
      case "PASSWORD_TOO_SHORT":
      case "PASSWORD_TOO_LONG":
        console.error(error.message);
        break;
        
      default:
         console.error("An unexpected error occurred");
    }
  } else {
    console.error("An unexpected error occurred", error);
  }
}

Jump to solution

Server side validation

Similar Threads

Server side validation

Similar Threads

Similar Threads

Similar Threads