From 2fc03566d11694f0f013ec1a9b26e6bf6a5c1f38 Mon Sep 17 00:00:00 2001
From: Sean O'Connor <sean@soconnor.dev>
Date: Sat, 29 Nov 2025 02:47:30 -0500
Subject: [PATCH] feat: introduce `BETTER_AUTH_URL` and `NEXT_PUBLIC_APP_URL`
 environment variables and update password reset link.

---
 .env.example                              | 37 +++++++++++++----------
 src/app/api/auth/forgot-password/route.ts |  2 +-
 src/env.js                                |  5 ++-
 3 files changed, 26 insertions(+), 18 deletions(-)

diff --git a/.env.example b/.env.example
index 6ec8127..c149708 100644
--- a/.env.example
+++ b/.env.example
@@ -1,27 +1,32 @@
-# Base application env (example)
-NODE_ENV=production
-PORT=3000
-HOSTNAME=0.0.0.0
+# Base application env
+NODE_ENV="development"
+PORT="3000"
+HOSTNAME="0.0.0.0"
 
-# NextAuth
-AUTH_SECRET=replace-with-strong-secret
+# Auth
+# You can generate a new secret on the command line with:
+# openssl rand -base64 32
+AUTH_SECRET="your-auth-secret"
+BETTER_AUTH_URL="http://localhost:3000" # Set to your production URL in production
+
+# App URL
+# Used for client-side redirects and base URLs
+NEXT_PUBLIC_APP_URL="http://localhost:3000"
 
 # Database (Postgres)
 # These are required for Docker container initialization
-POSTGRES_USER=beenvoice
-POSTGRES_PASSWORD=beenvoice
-POSTGRES_DB=beenvoice
+POSTGRES_USER="postgres"
+POSTGRES_PASSWORD="postgres"
+POSTGRES_DB="postgres"
 
 # Connect string for the app
-DATABASE_URL=postgres://beenvoice:beenvoice@db:5432/beenvoice
+DATABASE_URL="postgres://postgres:postgres@localhost:5432/postgres"
 # Disable SSL for Docker local Postgres; set to false or remove for managed Postgres
-DB_DISABLE_SSL=true
+DB_DISABLE_SSL="true"
 
 # Email (Resend). Replace with real keys in production
-RESEND_API_KEY=replace-or-remove
-RESEND_DOMAIN=
+RESEND_API_KEY="your-resend-api-key"
+RESEND_DOMAIN=""
 
 # Build tweaks
-SKIP_ENV_VALIDATION=1
-
-
+# SKIP_ENV_VALIDATION=1
diff --git a/src/app/api/auth/forgot-password/route.ts b/src/app/api/auth/forgot-password/route.ts
index 7109247..cf78c7c 100644
--- a/src/app/api/auth/forgot-password/route.ts
+++ b/src/app/api/auth/forgot-password/route.ts
@@ -58,7 +58,7 @@ export async function POST(request: NextRequest) {
     // Send password reset email using Resend
     try {
       const resend = new Resend(env.RESEND_API_KEY);
-      const resetUrl = `${process.env.NEXTAUTH_URL ?? "http://localhost:3000"}/auth/reset-password?token=${resetToken}`;
+      const resetUrl = `${process.env.BETTER_AUTH_URL ?? "http://localhost:3000"}/auth/reset-password?token=${resetToken}`;
 
       const emailTemplate = generatePasswordResetEmailTemplate({
         userEmail: email,
diff --git a/src/env.js b/src/env.js
index c7acd70..52831d5 100644
--- a/src/env.js
+++ b/src/env.js
@@ -12,6 +12,7 @@ export const env = createEnv({
         ? z.string()
         : z.string().optional(),
     DATABASE_URL: z.string().url(),
+    BETTER_AUTH_URL: z.string().url().optional(),
     RESEND_API_KEY:
       process.env.NODE_ENV === "production"
         ? z.string().min(1)
@@ -29,7 +30,7 @@ export const env = createEnv({
    * `NEXT_PUBLIC_`.
    */
   client: {
-    // NEXT_PUBLIC_CLIENTVAR: z.string(),
+    NEXT_PUBLIC_APP_URL: z.string().url().optional(),
   },
 
   /**
@@ -39,10 +40,12 @@ export const env = createEnv({
   runtimeEnv: {
     AUTH_SECRET: process.env.AUTH_SECRET,
     DATABASE_URL: process.env.DATABASE_URL,
+    BETTER_AUTH_URL: process.env.BETTER_AUTH_URL,
     RESEND_API_KEY: process.env.RESEND_API_KEY,
     RESEND_DOMAIN: process.env.RESEND_DOMAIN,
     NODE_ENV: process.env.NODE_ENV,
     DB_DISABLE_SSL: process.env.DB_DISABLE_SSL,
+    NEXT_PUBLIC_APP_URL: process.env.NEXT_PUBLIC_APP_URL,
   },
   /**
    * Run `build` or `dev` with `SKIP_ENV_VALIDATION` to skip env validation. This is especially