TheShipStack Docs
Features

Auth

Email/password and Google OAuth authentication powered by Better Auth.

TheShipStack uses Better Auth for authentication.

What's included

  • Email and password sign-up / sign-in
  • Email verification (sent via Resend/Mailpit)
  • Google OAuth
  • Password reset flow
  • Session management

Getting the session

In server components and route handlers:

import { auth } from '@/lib/auth'
import { headers } from 'next/headers'

const session = await auth.api.getSession({ headers: await headers() })
// session is null if not authenticated

In client components:

import { useSession } from '@/lib/auth-client'

export function ProfileButton() {
  const { data: session } = useSession()
  return <span>{session?.user.name}</span>
}

Protecting routes

Protected routes are listed in constants/routes.ts. The middleware in middleware.ts checks the session and redirects unauthenticated users to /sign-in.

To add a new protected route:

// constants/routes.ts
export const protectedRoutes = [
  '/dashboard',
  '/settings',
  '/your-new-route', // add here
]

Customizing the auth config

The auth config lives in lib/auth.ts. You can add providers, change session duration, and configure email verification behavior there.

Onboarding flow

After a user signs up, they are redirected to /onboarding to complete their profile. This flow is gated — users who have already completed onboarding skip it automatically. You can extend the onboarding steps by editing app/(auth)/onboarding/.

Deployment

Deploy TheShipStack to production with Vercel, Neon, and Backblaze B2.

Database

PostgreSQL with Drizzle ORM — schema, migrations, and conventions.

On this page

What's includedGetting the sessionProtecting routesCustomizing the auth configOnboarding flow