Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
26 commits
Select commit Hold shift + click to select a range
acd9a58
roles and invites
maccomaccomaccomacco Mar 23, 2026
5fce7b0
Merge branch 'develop' into roles-and-users-settings
boazpoolman Mar 24, 2026
69cd32e
chore: move the strapiAdapter export to the top level
boazpoolman Mar 30, 2026
9d46ce2
fix: extended strapi type
boazpoolman Mar 30, 2026
205d4ec
refactor: move the api-permissiosn logic in to it's own plugin
boazpoolman Mar 30, 2026
405d77b
chore: clean up code in the better-auth plugin
boazpoolman Mar 30, 2026
a25bad3
feat: dynamically set the roles attribute from the api-permissions pl…
boazpoolman Mar 31, 2026
c565cd7
chore: implement e2e tests with playwright
boazpoolman Apr 1, 2026
bca809d
chore: add missing files and configuration for the api-permissions pl…
boazpoolman Apr 1, 2026
720f0d8
chore: cleanup code
boazpoolman Apr 1, 2026
860e78f
chore: fix linting issues
boazpoolman Apr 1, 2026
edab8fe
chore: add additional tests for auth strat and middlewares
boazpoolman Apr 1, 2026
5ce35c1
fix: linting issues
boazpoolman Apr 1, 2026
d06f9f6
fix: merge conflicts
boazpoolman Apr 1, 2026
20b288b
chore: fix admin formatting issues
boazpoolman Apr 1, 2026
fad86c3
fix: final linting issues
boazpoolman Apr 1, 2026
9cbeb36
chore: remove console logs
boazpoolman Apr 1, 2026
07aea6f
fix: add postinstall script to install playwright executables
boazpoolman Apr 1, 2026
2c00846
fix: explicitly install playwright browsers in Github actions
boazpoolman Apr 1, 2026
7c8a3c6
chore: try to fix the e2e in the pipeline
boazpoolman Apr 1, 2026
2a424f3
chore: try to fix playwright in Github actions
boazpoolman Apr 1, 2026
50701f8
fix: playwright tests in pipeline
boazpoolman Apr 1, 2026
3ef54cc
fix: playwright report uploading
boazpoolman Apr 1, 2026
544d6e3
feat: docs website
boazpoolman Apr 1, 2026
43384c2
chore: rename playground-ts to playground
boazpoolman Apr 1, 2026
4aa3176
chore: add community files
boazpoolman Apr 1, 2026
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 10 additions & 2 deletions .github/workflows/tests.yml
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,14 @@ jobs:
run: pnpm install
- name: Run build
run: pnpm run build
- name: Run tests
run: pnpm run test
- name: Run integration tests
run: pnpm run test:integration
- name: Run e2e tests
run: pnpm run test:e2e
- uses: actions/upload-artifact@v4
if: ${{ !cancelled() }}
with:
name: playwright-report
path: '**/playwright-report/'
retention-days: 30

31 changes: 31 additions & 0 deletions CODE_OF_CONDUCT.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
# Code of Conduct

## Our pledge

We as contributors and maintainers pledge to make participation in this project a harassment-free experience for everyone, regardless of age, body size, disability, ethnicity, gender identity and expression, level of experience, nationality, personal appearance, race, religion, or sexual identity and orientation.

## Our standards

Examples of behavior that contributes to a positive environment:

- Using welcoming and inclusive language.
- Being respectful of differing viewpoints and experiences.
- Gracefully accepting constructive criticism.
- Focusing on what is best for the community.
- Showing empathy towards other community members.

Examples of unacceptable behavior:

- The use of sexualized language or imagery, and unwelcome sexual attention or advances.
- Trolling, insulting or derogatory comments, and personal or political attacks.
- Public or private harassment.
- Publishing others' private information without explicit permission.
- Other conduct which could reasonably be considered inappropriate in a professional setting.

## Enforcement

Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by contacting the maintainers at **boaz@pluginpal.io**. All complaints will be reviewed and investigated promptly and fairly. Maintainers are obligated to maintain confidentiality with regard to the reporter.

## Attribution

This Code of Conduct is adapted from the [Contributor Covenant](https://www.contributor-covenant.org), version 2.1.
77 changes: 77 additions & 0 deletions CONTRIBUTING.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,77 @@
# Contributing to Strapi Auth

Thank you for your interest in contributing! This project is in early alpha, so contributions of all kinds — bug reports, feature ideas, documentation improvements, and code — are especially valuable.

## Getting started

### Prerequisites

- Node.js >= 22
- pnpm >= 10

### Setup

```bash
git clone https://github.com/strapi-community/auth.git
cd auth
pnpm install
pnpm build
pnpm dev
```

## Project structure

```
packages/
plugin-better-auth/ # Better Auth database adapter for Strapi
plugin-api-permissions/ # Content API RBAC (roles & permissions)
apps/
playground/ # Development Strapi app
```

## Making changes

1. Fork the repository and create a branch from `main`.
2. Make your changes in the relevant package under `packages/`.
3. Add or update tests where appropriate.
4. Run the checks below before opening a pull request.

### Checks

```bash
# Type checking
pnpm check-types

# Linting
pnpm lint

# Integration tests
pnpm test:integration

# Integration tests (requires a build first)
pnpm build
pnpm test:e2e
```

## Pull requests

- Keep pull requests focused on a single concern.
- Describe *why* the change is needed, not just what it does.
- Reference any related issues with `Fixes #123` or `Closes #123`.
- All checks must pass before a PR can be merged.

## Reporting issues

Use the [GitHub issue tracker](https://github.com/strapi-community/auth/issues). Please search for an existing issue before opening a new one, and include:

- A clear description of the problem.
- Steps to reproduce it.
- The versions of Node.js, pnpm, and Strapi you are using.

## Code style

This project uses [Biome](https://biomejs.dev/) for formatting and linting. Run `pnpm lint` to auto-fix issues before committing.

## License

By contributing, you agree that your contributions will be licensed under the [MIT License](./LICENSE.md).
19 changes: 14 additions & 5 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,14 +1,23 @@
# Strapi Auth
# 🔐 Strapi Auth

This monorepo contains the tools needed to setup a comprehensive authentication system in Strapi. The recommended approach will be to use Better Auth, but you are free to use other authentication providers.
> [!CAUTION]
> These packages are in **alpha**. Do not use in production.

> [!CAUTION]
> This plugin is in ALPHA state. It is by no means considered stable and should not be used in production. If you want to contribute to it's development, please contact any of the maintainers.
A monorepo of Strapi v5 plugins for modern authentication and Content API authorization.

| Package | Description |
| ------- | ----------- |
| [`plugin-better-auth`](./packages/plugin-better-auth) | Better Auth database adapter for Strapi |
| [`plugin-api-permissions`](./packages/plugin-api-permissions) | Auth-agnostic Content API RBAC |

## Contributing

See [CONTRIBUTING.md](./CONTRIBUTING.md), [CODE_OF_CONDUCT.md](./CODE_OF_CONDUCT.md), and [SECURITY.md](./SECURITY.md).

## Authors

- [Boaz Poolman](https://github.com/boazpoolman)

## License

See the [LICENSE](./LICENSE.md) file for licensing information.
[MIT](./LICENSE.md)
31 changes: 31 additions & 0 deletions SECURITY.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
# Security Policy

## Supported versions

This project is currently in **alpha**. Only the latest published version receives security fixes.

| Version | Supported |
| ------- | --------- |
| latest alpha | yes |
| older releases | no |

## Reporting a vulnerability

**Please do not report security vulnerabilities through public GitHub issues.**

To report a vulnerability, email the maintainers directly:

- Boaz Poolman — boaz.poolman@strapi.io

Include as much of the following as possible:

- A description of the vulnerability and its potential impact.
- The affected package(s) and version(s).
- Steps to reproduce or a proof-of-concept.
- Any suggested mitigations.

You can expect an acknowledgement within **48 hours** and a status update within **7 days**. We will coordinate a fix and disclosure timeline with you.

## Disclosure policy

We follow a coordinated disclosure model. We ask that you give us a reasonable amount of time to address the issue before any public disclosure.
5 changes: 5 additions & 0 deletions apps/docs/.docusaurus/DONT-EDIT-THIS-FOLDER
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
This folder stores temp files that Docusaurus' client bundler accesses.

DO NOT hand-modify files in this folder because they will be overwritten in the
next build. You can clear all build artifacts (including this folder) with the
`docusaurus clear` command.
Loading
Loading