fix(cli): added mount handler for elysia-better-auth

[Saibaba161]

Summary by CodeRabbit

• Refactor
  • Optimized authentication handler integration in generated Elysia backend templates with enhanced middleware chain setup.

[vercel]

@Saibaba161 is attempting to deploy a commit to the Better T Stack Team on Vercel.

A member of the Team first needs to authorize it.

[Saibaba161]

Issue - #789

[coderabbitai]

Walkthrough

Two files were updated to add a mount operation for the authentication handler in the Elysia app setup when using Better Auth. This integrates the auth handler as middleware within the server's mounted middleware chain.

Changes

Cohort / File(s)	Summary
Elysia Auth Middleware Setup packages/template-generator/src/templates.generated.ts, packages/template-generator/templates/backend/server/elysia/src/index.ts.hbs	Added .mount(auth.handler) call to integrate the Better Auth handler directly into the Elysia app's middleware chain, enabling auth routes to be served under the same routing context.

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: adding a mount handler for the elysia-better-auth integration in the CLI template generator.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

Tip

Issue Planner is now in beta. Read the docs and try it out! Share your feedback on Discord.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (2)

packages/template-generator/templates/backend/server/elysia/src/index.ts.hbs (2)

57-65: ⚠️ Potential issue | 🟡 Minor

CORS methods list is missing "PUT" and "DELETE" — Better Auth operations may fail.

The cors configuration only permits ["GET", "POST", "OPTIONS"]. The official Better Auth + Elysia CORS example includes methods: ["GET", "POST", "PUT", "DELETE", "OPTIONS"]. Some Better Auth endpoints (e.g., session revocation, account deletion) use DELETE; omitting those methods will cause CORS preflight rejections from browsers.

🐛 Proposed fix

 		cors({
 			origin: env.CORS_ORIGIN,
-			methods: ["GET", "POST", "OPTIONS"],
+			methods: ["GET", "POST", "PUT", "DELETE", "OPTIONS"],
 {{`#if` (eq auth "better-auth")}}
 			allowedHeaders: ["Content-Type", "Authorization"],
 			credentials: true,
 {{/if}}
 		}),

---

67-76: ⚠️ Potential issue | 🟠 Major

Remove the .all("/api/auth/*", ...) handler — .mount(auth.handler) alone is the correct approach.

The .all("/api/auth/*") route intercepts all auth path requests before .mount(auth.handler) can handle them. Since it only allows GET and POST, any other HTTP method (PUT, DELETE, PATCH, etc.) that Better Auth may need gets a 405 response. The official Better Auth + Elysia integration uses only .mount(auth.handler) to handle all auth routes. Delete the .all() block (lines 68–74) and keep only .mount(auth.handler) (line 75).

Additionally, the CORS methods array on line 60 is missing PUT and DELETE, which Better Auth may require. Update it to ["GET", "POST", "PUT", "DELETE", "OPTIONS"].