Payments & Auth

Authentication (Auth.js)

RapidCore uses Auth.js v5 (formerly NextAuth). Configuration is located in packages/core/src/auth.ts.

Adding a Provider

To add GitHub login, for example:

1. Get Client ID and Secret from GitHub Developer Settings.
2. Add to .env.
3. Update auth.ts:

import GitHub from "next-auth/providers/github";

export const { handlers, auth, signIn, signOut } = NextAuth({
  providers: [
      GitHub({ clientId: process.env.GITHUB_ID, clientSecret: process.env.GITHUB_SECRET }),
      // ... existing providers
  ],
});

Payments (Stripe)

The checkout flow is implemented in apps/web-starter/src/app/api/stripe/checkout/route.ts.

Setting up Products

1. Create a Product in Stripe Dashboard (e.g., "Pro Plan").
2. Get the Price ID (starts with price_...).
3. Update the PRICE_ID constant in your checkout route or passing it dynamically from the frontend.

Don't forget to add the STRIPE_WEBHOOK_SECRET variable to your environment variables.

Security and Webhook Verification

The STRIPE_WEBHOOK_SECRET variable is vital for ensuring the security of payment processes. This key is used for signature verification to confirm that the incoming request actually comes from Stripe.

Moving to Production and URL Settings

Don't forget to update the Webhook URL on the Stripe Dashboard when moving to a production environment:

1. Development URL: http://localhost:3001/api/stripe/webhook (or local test address with Stripe CLI).
2. Production URL: https://rapidcore.io/api/stripe/webhook (Your actual domain).

Webhooks

We use a generic webhook handler to process checkout.session.completed. Logic resides in @rapidcore/core/src/stripe.ts (skeleton). You need to enable the webhook in Stripe Dashboard pointing to:

https://your-domain.com/api/stripe/webhook