auth
Auto-generated from project docs
North Star
Booklet Status
| Booklet | Status | Branch | Notes |
|---|---|---|---|
| B1: Resend SMTP + Authelia | NEARLY COMPLETE | booklet/auth-b1 | Authelia live server-wide, SMTP still TODO |
| B2: Product Auth (GoTrue) | PLANNED | — | Login pages, magic links, first product |
| B3: Multi-Tenant + White-Label | PLANNED | — | Org model, RLS, client-branded login |
| ID | Type | Deliverable | Priority |
| ---- | ------ | ------------- | ---------- |
| B1-D1 | infra | Resend SMTP configured in Supabase | P0 |
| B1-D2 | infra | Authelia deployed (Docker, 127.0.0.1:9091) | P0 |
| B1-D3 | infra | auth.hitcreate.io login portal live | P0 |
Recent Decisions
| Date | Decision | Rationale |
|---|---|---|
| ------ | ---------- | ----------- |
| 2026-03-30 | Project kickstarted | Auth is cross-cutting infra that blocks all products needing user login |
| 2026-03-30 | Authelia for infra auth | RESEARCH-111: 5 options evaluated. Lowest effort, lowest RAM, purpose-built. |
| 2026-03-30 | GoTrue for product auth | RESEARCH-114: Already running, $0, multi-tenant capable, mobile-friendly |
| 2026-03-30 | Resend for email | Free tier sufficient (100/day). Mister already has account from Lovable. |
| 2026-03-30 | Rejected: caddy-security | 10 CVEs in 2024, requires custom Caddy build |
| 2026-03-30 | Rejected: Authentik | ~860MB RAM — would destabilize server |
| 2026-03-30 | Rejected: custom middleware | 17-33 hours to build a worse Authelia |
| 2026-04-04 | Health check fixed | RESEARCH-156: authelia config validate replaces nonexistent healthcheck command |
| 2026-04-04 | Server-wide migration complete | 63 subdomains migrated from basic_auth to Authelia forward_auth |
Source: /root/projects/auth/