feat(auth): improve BETTER_AUTH_URL handling for Railway environments…

[JoachimLK]

… and enhance validation

Summary

• What does this PR change?
• Why is this needed?

Type of change

• Bug fix
• Feature
• Refactor
• Docs
• Chore

Validation

• I tested locally
• I added/updated relevant documentation
• I verified multi-tenant scoping and auth behavior for affected API paths

DCO

• All commits in this PR are signed off (Signed-off-by) via git commit -s

Summary by CodeRabbit

• Improvements
  • Simplified authentication URL resolution to automatically use Railway public domain when available
  • Updated environment variable requirements: BETTER_AUTH_URL now conditionally required only when Railway domain is unavailable
  • Enhanced BETTER_AUTH_TRUSTED_ORIGINS to accept comma-separated values with improved parsing
  • Clarified error messages for better configuration guidance

[railway-app]

🚅 Deployed to the reqcore-pr-112 environment in applirank

Service	Status	Web	Updated (UTC)
applirank	✅ Success (View Logs)		Mar 16, 2026 at 12:35 pm

[coderabbitai]

Caution

Review failed

Pull request was closed or merged during review

📝 Walkthrough

Walkthrough

The PR simplifies authentication URL resolution by removing PR/preview environment detection logic, consolidates validation conditions to check Railway public domain availability, and updates related error messages to provide clearer guidance on configuration requirements.

Changes

Cohort / File(s)	Summary
Configuration Documentation .env.example	Comment clarified regarding Railway auto-resolution behavior for custom domains, emphasizing "only set for custom domains" using em dash notation.
Authentication URL Resolution server/utils/auth.ts, server/utils/env.ts	Removed PR/preview environment detection logic. resolveBetterAuthUrl now derives from Railway public domain or explicit URL setting. Updated BETTER_AUTH_URL validation to conditionally require the setting only when Railway domain unavailable, with custom preprocessor handling and enhanced error messaging.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Poem

🐰 The rabbit hops through simpler code,
No PR paths, a lighter load,
Railway domains lead the way,
With clearer clues to save the day,
Auth flows smooth, no branching fright! ✨

🚥 Pre-merge checks | ✅ 1 | ❌ 2

❌ Failed checks (2 warnings)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The description is a template with unfilled sections. The 'Summary' section lacks specific details about what changed and why, and all validation checkboxes remain unchecked.	Complete the Summary section with specific details about the changes and reasoning. Check appropriate boxes under Type of change and Validation, and confirm DCO compliance.
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (1 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately describes the main change: improving BETTER_AUTH_URL handling for Railway environments and enhancing validation, which aligns with the file modifications.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

• 📝 Generate docstrings (stacked PR)
• 📝 Generate docstrings (commit on current branch)

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch feat/better-demo

📝 Coding Plan

• Generate coding plan for human review comments

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}