fix: Patch better-auth to force delete image of the session cache #727
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| @@ -0,0 +1,12 @@ | ||||||||||||||||||||||||||||||||||||||||||
| diff --git a/dist/cookies/index.mjs b/dist/cookies/index.mjs | ||||||||||||||||||||||||||||||||||||||||||
| index f4c53b8b90f61589ffe873e22d756bf081144f2f..993b62d63705fe3ffee1bfea69386d939b482c77 100644 | ||||||||||||||||||||||||||||||||||||||||||
| --- a/dist/cookies/index.mjs | ||||||||||||||||||||||||||||||||||||||||||
| +++ b/dist/cookies/index.mjs | ||||||||||||||||||||||||||||||||||||||||||
| @@ -259,6 +259,7 @@ async function setCookieCache(ctx, session) { | ||||||||||||||||||||||||||||||||||||||||||
| }, | ||||||||||||||||||||||||||||||||||||||||||
| {} | ||||||||||||||||||||||||||||||||||||||||||
| ); | ||||||||||||||||||||||||||||||||||||||||||
| + session.user.image = null; | ||||||||||||||||||||||||||||||||||||||||||
| const sessionData = { session: filteredSession, user: session.user }; | ||||||||||||||||||||||||||||||||||||||||||
| const expiresAtDate = getDate( | ||||||||||||||||||||||||||||||||||||||||||
| ctx.context.authCookies.sessionData.options.maxAge || 60, | ||||||||||||||||||||||||||||||||||||||||||
|
Comment on lines
+1
to
+12
Contributor
There was a problem hiding this comment. 💡 Verification agent 🧩 Analysis chainRegenerate the patch rather than hand-editing to keep headers consistent. After changing the hunk, use pnpm patch / patch-commit to re-create the patch so it applies cleanly across environments. 🏁 Script executed: #!/bin/bash
set -euo pipefail
echo "Quick sanity check: ensure the patch reflects 'userWithoutImage' lines"
rg -nC2 'userWithoutImage' patches/better-auth@1.3.4.patch || { echo "Patch not updated"; exit 1; }Length of output: 289 Regenerate the patch using pnpm patch / patch-commit 🤖 Prompt for AI Agents
Comment on lines
+5
to
+12
Contributor
There was a problem hiding this comment. 🛠️ Refactor suggestion Avoid mutating session.user; safely omit image from the cached payload. Current code sets session.user.image = null, which:
Update the patch to construct a user object without image: @@ -259,6 +259,7 @@ async function setCookieCache(ctx, session) {
},
{}
);
-+ session.user.image = null;
-+ const sessionData = { session: filteredSession, user: session.user };
++ const user = session.user ?? {};
++ const { image: _omit, ...userWithoutImage } = user;
++ const sessionData = { session: filteredSession, user: userWithoutImage };
const expiresAtDate = getDate(
ctx.context.authCookies.sessionData.options.maxAge || 60,This removes the image field entirely, minimizes cookie size, and avoids side effects. 📝 Committable suggestion
Suggested change
🤖 Prompt for AI Agents |
||||||||||||||||||||||||||||||||||||||||||
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
💡 Verification agent
🧩 Analysis chain
Commit the updated lockfile and verify the patch is wired.
Ensure pnpm-lock.yaml captures the patch; otherwise CI or new installs may miss it.
🏁 Script executed:
Length of output: 361
Commit updated lockfile with patch entry
pnpm-lock.yaml is missing the
patch:better-auth@1.3.4entry; runpnpm install, commit the updated pnpm-lock.yaml to include it, and confirmpatches/better-auth@1.3.4.patchexists so the patch is wired.🤖 Prompt for AI Agents
🛠️ Refactor suggestion
Pin better-auth to 1.3.4 in pnpm.overrides so the patch always applies.
Without an override, a transitive resolution to a different better-auth version will bypass the patch.
Apply:
"pnpm": { "overrides": { + "better-auth": "1.3.4", "@types/react": "19.0.10", "@types/react-dom": "19.0.4" }, "patchedDependencies": { "better-auth@1.3.4": "patches/better-auth@1.3.4.patch" } }🤖 Prompt for AI Agents