Understand the security measures and data privacy practices employed by AI Docs to protect user and code information.
AI Docs prioritizes the security and privacy of your data, from how you authenticate to how your code is processed and stored. This section provides a deep dive into the robust security measures and privacy-conscious design principles integrated throughout the platform, ensuring your documentation generation process is both powerful and protected.
AI Docs employs a comprehensive authentication and user management system built on the better-auth library, designed for security and ease of use.
The system is configured to exclusively use social authentication providers, specifically Google and GitHub. This approach leverages the robust security infrastructure of these providers, eliminating the need for AI Docs to manage sensitive password credentials directly. Email and password authentication is explicitly disabled.
// lib/auth.ts (simplified)
import { betterAuth } from "better-auth";
// ... other imports ...
export const auth = betterAuth({
// ... database configuration ...
emailAndPassword: {
enabled: false, // Email/password authentication is disabled
},
socialProviders: {
google: {
clientId: process.env.GOOGLE_CLIENT_ID!,
clientSecret: process.env.GOOGLE_CLIENT_SECRET!,
},
github: {
clientId: process.env.GITHUB_CLIENT_ID!,
clientSecret: process.env.GITHUB_CLIENT_SECRET!,
scope: ["repo"], // Requesting 'repo' scope for GitHub access
},
},
// ... other configurations ...
});
You can find more details on how to configure these providers in Environment Configuration and Authentication and User Management.
User sessions are managed securely using encrypted cookies. A critical component of this security is the BETTER_AUTH_SECRET environment variable, which is used to sign and encrypt session cookies. It is imperative that this secret is a long, random, and unique string, kept confidential to prevent session hijacking and tampering.
AI Docs also implements trustedOrigins to prevent unauthorized redirects and ensure that authentication callbacks only occur from expected domains.
// lib/auth.ts (simplified)
export const auth = betterAuth({
// ...
session: {
cookieCache: {
enabled: true,
maxAge: 5 * 60, // Sessions cached for 5 minutes
},
},
trustedOrigins: [
// Dynamically generated trusted domains for secure redirects
// e.g., https://docup.dev, http://localhost:3000
],
secret: process.env.BETTER_AUTH_SECRET!, // Critical for session encryption
// ...
});
To safeguard sensitive operations and data, AI Docs employs server-side session validation for all API routes. The withAuth higher-order function ensures that only authenticated users can access protected endpoints. If a request lacks a valid session, an "Unauthorized" response is returned, preventing unauthenticated access.
// lib/api/with-auth.ts (simplified)
import { NextResponse, NextRequest } from "next/server";
import { getUser } from "@/lib/session";
export function withAuth>(
handler: (
req: NextRequest,
user: AuthUser,
context: RouteContext
) => Promise
) {
return async (
req: NextRequest,
context: RouteContext
): Promise => {
const user = await getUser();
if (!user) {
return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
}
try {
return await handler(req, user, context);
} catch (error: any) {
console.error(`API error [${req.method} ${req.url}]:`, error);
return NextResponse.json(
{ error: error.message || "Internal server error" },
{ status: 500 }
);
}
};
}
This flow can be visualized as follows:
All sensitive authentication credentials, such as GOOGLE_CLIENT_ID, GOOGLE_CLIENT_SECRET, GITHUB_CLIENT_ID, GITHUB_CLIENT_SECRET, and BETTER_AUTH_SECRET, are stored as environment variables. These variables are never exposed to client-side code, ensuring they remain confidential. Refer to Environment Configuration for detailed setup instructions.
AI Docs' core functionality relies on integrating with GitHub to access your repository code for documentation generation. This integration is designed with privacy and minimal access in mind.
repo ScopeWhen you connect a GitHub repository, AI Docs requests the repo OAuth scope. This scope grants AI Docs read access to both public and private repositories that you own or have access to. This permission is essential for the application to:
Granting the repo scope allows AI Docs to read your repository content. While AI Docs is designed to only read and process this data for documentation generation, you should be aware of the implications of this access.
AI Docs processes your repository's code to generate documentation. It does not store your raw source code files long-term. Instead, it extracts relevant information, analyzes it with AI models, and stores vector embeddings in Vector Search with Qdrant for semantic search capabilities. The generated documentation itself is stored and served. This approach minimizes the storage of your proprietary code while maximizing the utility of the documentation.
AI Docs handles various types of data, each with specific privacy considerations and storage mechanisms.
User-specific information, such as your name, email address, and authentication account details, is securely stored in a PostgreSQL database. This data is managed using Drizzle ORM, ensuring structured and secure storage. The database schema includes tables for user, session, account, and verification to maintain data integrity and relationships.
Upon successful sign-up, AI Docs sends a welcome email to the user. This process is handled by Resend, an email service provider. The email contains essential information to help you get started with AI Docs. Your email address is used solely for transactional communications related to your account and for important product updates.
// lib/auth.ts (simplified)
import { Resend } from "resend";
// ...
const resend = new Resend(process.env.RESEND_API_KEY);
export const auth = betterAuth({
// ...
databaseHooks: {
user: {
create: {
after: async (user) => {
// Sends a welcome email to the new user
await resend.emails.send({
from: "Docup <noreply@docup.dev>",
to: user.email,
subject: "Welcome to Docup 👋",
html: getWelcomeEmailHtml(user.name || user.email.split("@")[0]),
});
},
},
},
},
});
AI Docs provides functionality for users to delete their accounts. This is a permanent and irreversible action designed to thoroughly remove all associated user data from the platform. Users are typically warned about the finality of this action.
AI Docs integrates with several third-party services, each requiring API keys or secrets. All such credentials are treated as highly sensitive and are managed exclusively as server-side environment variables. They are never exposed to the client-side application.
Key examples include:
OPENAI_API_KEY and GOOGLE_GENERATIVE_AI_API_KEY for AI-Powered Generation.QDRANT_API_KEY for Vector Search with Qdrant.RESEND_API_KEY for email communication.DODO_PAYMENTS_API_KEY and DODO_WEBHOOK_SECRET for Billing API and Webhooks.Ensuring these keys are kept confidential is paramount to the security of your AI Docs instance.
Beyond authentication and data handling, AI Docs implements several operational security measures to maintain a secure and reliable service.
To protect against abuse, denial-of-service attacks, and ensure fair usage of its resources, AI Docs incorporates rate limiting. This mechanism restricts the number of requests a user or IP address can make to certain API endpoints within a given timeframe, especially those interacting with expensive AI models.
The underlying PostgreSQL database is secured with best practices including strong passwords, network firewalls, and regular backups. Access to the database is restricted to authorized services and personnel.
The trustedOrigins configuration within the authentication system plays a vital role in preventing cross-site request forgery (CSRF) and other redirect-based attacks by ensuring that authentication flows only originate from and return to legitimate application domains.
When deploying AI Docs to a production environment, you should always: