Auth Module¶
Purpose¶
The Auth module is the core security perimeter of Atlas ERP. It handles user registration, login, session management, password resets, and integrates tightly with Better Auth.
Responsibilities¶
- User Registration and Email Verification
- Login (Email/Password, OAuth, Magic Links)
- Session Management (stateful sessions via Better Auth, caching in Redis)
- Password Reset flows
- Providing the custom
AuthGuardandWorkspaceGuard - CAPTCHA validation via Cloudflare Turnstile
File Structure¶
Database Models¶
(Models managed by Better Auth plugin) - AuthUser - AuthSession - AuthAccount - AuthVerification
Key Flows¶
Standard Login¶
sequenceDiagram
participant Client
participant API
participant BetterAuth
participant DB
Client->>API: POST /auth/login (email, password)
API->>BetterAuth: Validate Credentials
BetterAuth->>DB: Check User & Password Hash
DB-->>BetterAuth: Valid
BetterAuth->>API: Generate Session
API-->>Client: Set HttpOnly Cookie (Session)
Selecting a Workspace¶
Because Atlas is multi-tenant, after login, a user must select which workspace they want to operate in.
sequenceDiagram
participant Client
participant API
participant DB
Client->>API: POST /auth/select-workspace { workspaceId }
API->>DB: Validate User is member of workspaceId
API->>API: Update Session Payload with active workspaceId
API-->>Client: Updated Session Cookie