Skip to content

Auth & edit mode

Louise ships the editor and the field contract; you own authentication. Any auth that can answer “is this request an editor?” works. This guide describes one concrete, secure approach as a baseline.

Edit mode is a sticky cookie the host app resolves per request (toggled by a query param):

  • ?louise → enter edit mode (admins only) and set the cookie
  • ?louise=off → clear it

When an admin is in edit mode, middleware exposes two separate facts to the request:

  • locals.editMode — the page renders edit affordances (markers, the bar).
  • locals.editor — the save/media endpoints trust the write.

In this example, login is at /louise, passwordless via Better Auth magic-link delivered through Cloudflare Email Sending (Louise’s email primitive). Notable choices:

  • Owner-allowlisted. The auth route rejects any email that isn’t the configured owner before Better Auth runs, returning an enumeration-safe response — so an anonymous caller can’t relay magic links to third parties or mint user rows.
  • Passkeys for fast re-entry after a one-time, session-gated enrollment; magic link remains the bootstrap/fallback.
  • Per-request construction. Better Auth is built per request (getAuth(env, baseURL)) because bindings and the signing secret only exist at request time on Workers.
  • Rate-limited & captcha’d public POSTs (sign-in, contact, checkout).

None of this is in the louisecms package — it’s the host app’s wiring. Louise’s contribution is the email primitive the magic link rides on and the client that only renders once your middleware says “editor”.