Proxy Database Queries
I have a Next.js application using Better Auth, deployed on Vercel. My Better Auth instance is configured to use an Azure MS SQL database. When mounting the handler (cf. https://www.better-auth.com/docs/installation#mount-handler), it creates route handlers (endpoints) that are hosted via Vercel Functions.
These functions have dynamic IP addresses (unless you upgrade to Vercel’s Enterprise plan and use Secure Compute), which creates an issue because the MS SQL database requires IP whitelisting for its firewall.
So how can we proxy database queries through a dedicated API with a static IP address that can be whitelisted in Azure? Or is there another solution?
9 Replies
Here is an diagram of the flows where the top-most is the one not working (with the current setup) and the bottom-most is what I was thinking.
Any help @Ping ?
I don't think that it's a better-auth question
Why don't you think so?
Currently, in a Next-js setup Better-auth integrates directly with the database via. route handlers. I am asking whether there is a way not to directly integrate to the database but via. a proxy API.
Hi there. Not a billion percent sure if I'm right in saying this, I think you can just host the Better Auth instance on Azure or wherever to get that static IP, and then just point better auth client to that instance (via the baseUrl), and whitelist that IP in the database.
Hello. I migrated my stuff to Supabase with their PostgreSQL DB to mitigate the issue. However, anyone who deploys their auth endpoints to some kind of function will have this issue with databases requiring IP whitelisting. Of course, given that the functions all have dynamic IP adresses.
Your suggestion might be doable.. maybe I need to create a thin Next.js app and mount the route handlers and deploy it to Azure and let my Vercel Next.js application point to that for auth, as you said.
But creating a whole Next.js app for only using route handlers sounds hacky
Use something else like Hono
Light weight
Hmm do you think that will work? I am thinking about Next.js and middleware perhaps even cookies when setting them in server actions
Should do. In the nextjs app set the baseUrl to whatever the azure hosted better auth instance is. Make sure to set the trusted origins in the hono server
I dont see what could go wrong