Due to Better Auth being hosted in the Strapi application, it's now possible for users to interact with it's data through Strapi's document service instead of Better Auth's own api.
strapi.documents('plugin::better-auth.user').create();
// Instead of
import { auth } from '@/lib/auth';
auth.api.signUpEmail();
This is less then ideal, seeing how Better Auth has specific business logic that needs to be executed during the different crud operations. For example, when creating a user a complementary account should be created also.
Solution
We could restrict these actions by creating a document service middleware. Then we can have an option like unsafe_document_service that disables this restriction and let's people do what they want freely.
Due to Better Auth being hosted in the Strapi application, it's now possible for users to interact with it's data through Strapi's document service instead of Better Auth's own api.
This is less then ideal, seeing how Better Auth has specific business logic that needs to be executed during the different crud operations. For example, when creating a user a complementary account should be created also.
Solution
We could restrict these actions by creating a document service middleware. Then we can have an option like
unsafe_document_servicethat disables this restriction and let's people do what they want freely.