♻️ refactor(auth): remove NEXT_PUBLIC_AUTH_URL env variable

[tjx666]

💻 Change Type

• ✨ feat
• 🐛 fix
• ♻️ refactor
• 💄 style
• 👷 build
• ⚡️ perf
• ✅ test
• 📝 docs
• 🔨 chore

🔗 Related Issue

Related to https://linear.app/lobehub/issue/LOBE-3914

🔀 Description of Change

Simplify user configuration by removing the NEXT_PUBLIC_AUTH_URL environment variable:

Client-side:

• Rely on Better Auth's default behavior (uses current page origin automatically)
• Remove baseURL configuration from auth-client.ts

Server-side:

• Use APP_URL directly for:
  • Better Auth baseURL configuration
  • Passkey rpID and origins
  • SSO provider redirectURI
  • Login redirect URLs in middleware (supports CDN/proxy scenarios)

Files changed:

• src/envs/auth.ts - Remove schema, runtimeEnv, resolvePublicAuthUrl() function
• src/libs/better-auth/auth-client.ts - Remove baseURL config
• src/libs/better-auth/define-config.ts - Use process.env.APP_URL for passkey and baseURL
• src/libs/better-auth/sso/index.ts - Use process.env.APP_URL for redirectURI
• src/libs/better-auth/utils/config.ts - Remove from trusted origins defaults
• src/libs/next/proxy/define-config.ts - Use process.env.APP_URL for login redirects
• scripts/prebuild.mts - Remove log output, add Vercel URL env vars
• Config files: .env.example, .env.example.development, Dockerfile
• Docs: docs/self-hosting/environment-variables/auth.mdx, etc.

🧪 How to Test

• Tested locally
• Added/updated tests
• No tests needed

1. Run bunx vitest run 'src/envs/auth.test.ts' - should pass
2. Verify no TypeScript errors in modified files

📸 Screenshots / Videos

N/A - No UI changes

📝 Additional Information

Breaking change: Users who previously set NEXT_PUBLIC_AUTH_URL should remove it from their configuration. The system now uses APP_URL on the server side and the browser's current origin on the client side.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Review	Updated (UTC)
lobehub	Ready	Preview, Comment	Jan 21, 2026 3:49am

[sourcery-ai]

Sorry @tjx666, you have reached your weekly rate limit of 500000 diff characters.

Please try again later or upgrade to continue using Sourcery

[gru-agent]

TestGru Assignment

Summary

Link	CommitId	Status	Reason
Detail	7c0fdb1feac2a8abda871cd752585d40ac8e3ade	🚫 Skipped	No files need to be tested {".env.example":"File path does not match include patterns.",".env.example.development":"File path does not match include patterns.","Dockerfile":"File path does not match include patterns.","docs/self-hosting/advanced/auth.mdx":"File path does not match include patterns.","docs/self-hosting/advanced/auth.zh-CN.mdx":"File path does not match include patterns.","docs/self-hosting/environment-variables/auth.mdx":"File path does not match include patterns.","docs/self-hosting/environment-variables/auth.zh-CN.mdx":"File path does not match include patterns.","scripts/prebuild.mts":"File path does not match include patterns.","src/envs/auth.test.ts":"File path does not match include patterns.","src/envs/auth.ts":"File path does not match include patterns.","src/libs/better-auth/auth-client.ts":"File path does not match include patterns.","src/libs/better-auth/define-config.ts":"File path does not match include patterns.","src/libs/better-auth/sso/index.ts":"File p…

History Assignment

Tip

You can @gru-agent and leave your feedback. TestGru will make adjustments based on your input

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 7c0fdb1fea

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[chatgpt-codex-connector]

Guard redirect URLs when APP_URL is unset

This now uses process.env.APP_URL directly to build callbackUrl and new URL('/next-auth/signin', appUrl). In Vercel deployments where APP_URL is not set (the project previously relied on the fallback from VERCEL_URL in getAppConfig()), appUrl is undefined, which will throw in new URL(...) and will also produce callback URLs prefixed with undefined, breaking auth redirects for protected routes. Consider using the resolved app URL (e.g., appEnv.APP_URL) or restoring the previous fallback logic.

Useful? React with 👍 / 👎.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 74.08%. Comparing base (a8b042f) to head (8a4e6d0).
⚠️ Report is 4 commits behind head on next.

Additional details and impacted files

@@            Coverage Diff            @@
##             next   #11658     +/-   ##
=========================================
  Coverage   74.07%   74.08%             
=========================================
  Files        1187     1187             
  Lines       94491    94473     -18     
  Branches    12860    10823   -2037     
=========================================
- Hits        69997    69993      -4     
+ Misses      24404    24390     -14     
  Partials       90       90             

Flag	Coverage Δ
app	66.93% <100.00%> (+0.01%)	⬆️
database	93.29% <ø> (ø)
packages/agent-runtime	90.20% <ø> (ø)
packages/context-engine	85.29% <ø> (ø)
packages/conversation-flow	92.37% <ø> (ø)
packages/file-loaders	88.66% <ø> (ø)
packages/memory-user-memory	69.75% <ø> (ø)
packages/model-bank	100.00% <ø> (ø)
packages/model-runtime	86.70% <ø> (ø)
packages/prompts	79.33% <ø> (ø)
packages/python-interpreter	92.90% <ø> (ø)
packages/ssrf-safe-fetch	0.00% <ø> (ø)
packages/utils	93.25% <ø> (ø)
packages/web-crawler	95.62% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

Components	Coverage Δ
Store	66.91% <ø> (ø)
Services	50.81% <ø> (ø)
Server	67.82% <100.00%> (+<0.01%)	⬆️
Libs	41.13% <ø> (ø)
Utils	93.82% <ø> (ø)

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[lobehubbot]

❤️ Great PR @tjx666 ❤️

The growth of project is inseparable from user feedback and contribution, thanks for your contribution! If you are interesting with the lobehub developer community, please join our discord and then dm @arvinxx or @canisminor1990. They will invite you to our private developer channel. We are talking about the lobe-chat development or sharing ai newsletter around the world.

[lobehubbot]

🎉 This PR is included in version 2.0.0-next.329 🎉

The release is available on:

• npm package (@next dist-tag)
• GitHub release

Your semantic-release bot 📦🚀