From e7b3d7260fd4a6b9ee0edf6ec5a23977c5d62214 Mon Sep 17 00:00:00 2001
From: zias <vanneszias@icloud.com>
Date: Tue, 3 Mar 2026 14:59:45 +0100
Subject: [PATCH] fix:use cloudflare's crypto lib for passwords

---
 packages/auth/src/index.ts | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/packages/auth/src/index.ts b/packages/auth/src/index.ts
index ac20de8..7af413f 100644
--- a/packages/auth/src/index.ts
+++ b/packages/auth/src/index.ts
@@ -1,3 +1,4 @@
+import { randomBytes, scryptSync } from "node:crypto";
 import { db } from "@kk/db";
 import * as schema from "@kk/db/schema/auth";
 import { env } from "@kk/env/server";
@@ -14,6 +15,22 @@ export const auth = betterAuth({
 	trustedOrigins: [env.CORS_ORIGIN],
 	emailAndPassword: {
 		enabled: true,
+		// Use Cloudflare's native scrypt via node:crypto for better performance
+		// This avoids CPU time limit errors on Cloudflare Workers
+		password: {
+			hash: async (password) => {
+				const salt = randomBytes(16).toString("hex");
+				const hash = scryptSync(password, salt, 64).toString("hex");
+				return `${salt}:${hash}`;
+			},
+			verify: async ({ hash, password }) => {
+				const [salt, key] = hash.split(":");
+				if (!salt || !key) return false;
+				const keyBuffer = Buffer.from(key, "hex");
+				const hashBuffer = scryptSync(password, salt, 64);
+				return keyBuffer.equals(hashBuffer);
+			},
+		},
 	},
 	user: {
 		additionalFields: {