playbooks

home / skills / cameronapak / bknd-skills / bknd-registration

bknd-registration skill

/skills/bknd-registration

This skill guides configuring and validating user self-registration in Bknd apps, simplifying forms, validation, roles, and error handling for smooth

npx playbooks add skill cameronapak/bknd-skills --skill bknd-registration

Review the files below or copy the command above to add this skill to your agents.

Files (1)
SKILL.md
7.9 KB
---
name: bknd-registration
description: Use when setting up user registration flows in a Bknd application. Covers registration configuration, enabling/disabling registration, default roles, password validation, registration forms, and custom fields.
---

# User Registration Setup

Configure and implement user self-registration in Bknd applications.

## Prerequisites

- Bknd project with auth enabled (`bknd-setup-auth`)
- Password strategy configured
- For SDK: `bknd` package installed

## When to Use UI Mode

- Testing registration endpoint via admin panel
- Viewing registered users

**UI steps:** Admin Panel > Auth > Test password/register endpoint

## When to Use Code Mode

- Building registration forms in frontend
- Configuring registration settings
- Adding validation and error handling

## Registration Configuration

### Enable/Disable Registration

```typescript
import { serve } from "bknd/adapter/bun";

serve({
  connection: { url: "file:data.db" },
  config: {
    auth: {
      enabled: true,
      allow_register: true,  // Enable self-registration (default: true)
      default_role_register: "user",  // Role assigned on registration
      strategies: {
        password: {
          type: "password",
          config: {
            hashing: "bcrypt",  // "plain" | "sha256" | "bcrypt"
            minLength: 8,       // Minimum password length
          },
        },
      },
      roles: {
        user: { implicit_allow: false },
      },
    },
  },
});
```

**Config options:**

| Option | Type | Default | Description |
|--------|------|---------|-------------|
| `allow_register` | boolean | `true` | Enable self-registration |
| `default_role_register` | string | - | Role for new users |
| `minLength` | number | 8 | Minimum password length |

## SDK Registration

```typescript
import { Api } from "bknd";

const api = new Api({
  host: "http://localhost:7654",
  storage: localStorage,  // Persist token
});

async function register(email: string, password: string) {
  const { ok, data, status } = await api.auth.register("password", {
    email,
    password,
  });

  if (ok) {
    // Token stored automatically - user is logged in
    return data.user;
  }

  if (status === 409) throw new Error("Email already registered");
  if (status === 400) throw new Error("Invalid email or password");
  throw new Error("Registration failed");
}
```

**Response:**
```typescript
{
  ok: boolean;
  data?: {
    user: { id: number; email: string; role?: string };
    token: string;
  };
  status: number;
}
```

## REST API Registration

```bash
curl -X POST http://localhost:7654/api/auth/password/register \
  -H "Content-Type: application/json" \
  -d '{"email": "[email protected]", "password": "securepassword123"}'
```

**Responses:**

| Status | Meaning |
|--------|---------|
| 201 | Success - returns user + token |
| 400 | Invalid email/password or too short |
| 403 | Registration disabled |
| 409 | Email already registered |

## React Integration

### Registration Form

```tsx
import { useState } from "react";
import { useApp } from "bknd/react";

function RegisterForm({ onSuccess }: { onSuccess?: () => void }) {
  const { api } = useApp();
  const [email, setEmail] = useState("");
  const [password, setPassword] = useState("");
  const [confirmPassword, setConfirmPassword] = useState("");
  const [error, setError] = useState<string | null>(null);
  const [loading, setLoading] = useState(false);

  async function handleSubmit(e: React.FormEvent) {
    e.preventDefault();
    setError(null);

    if (password !== confirmPassword) {
      setError("Passwords do not match");
      return;
    }

    if (password.length < 8) {
      setError("Password must be at least 8 characters");
      return;
    }

    setLoading(true);
    const { ok, status } = await api.auth.register("password", {
      email,
      password,
    });
    setLoading(false);

    if (ok) {
      onSuccess?.();
    } else if (status === 409) {
      setError("Email already registered");
    } else {
      setError("Registration failed");
    }
  }

  return (
    <form onSubmit={handleSubmit}>
      {error && <p className="error">{error}</p>}
      <input
        type="email"
        value={email}
        onChange={(e) => setEmail(e.target.value)}
        placeholder="Email"
        required
      />
      <input
        type="password"
        value={password}
        onChange={(e) => setPassword(e.target.value)}
        placeholder="Password"
        minLength={8}
        required
      />
      <input
        type="password"
        value={confirmPassword}
        onChange={(e) => setConfirmPassword(e.target.value)}
        placeholder="Confirm Password"
        required
      />
      <button disabled={loading}>
        {loading ? "Creating..." : "Create Account"}
      </button>
    </form>
  );
}
```

### Using useAuth Hook

```tsx
import { useAuth } from "@bknd/react";

function RegisterPage() {
  const { user, isLoading, register } = useAuth();

  if (isLoading) return <div>Loading...</div>;
  if (user) return <Navigate to="/dashboard" />;

  async function handleRegister(email: string, password: string) {
    await register("password", { email, password });
  }

  return <RegisterForm onSuccess={() => navigate("/dashboard")} />;
}
```

## Custom Fields After Registration

Registration only accepts `email` and `password`. Add custom fields after:

```typescript
// 1. Extend users entity
const schema = em({
  users: entity("users", {
    email: text().required().unique(),
    name: text(),
    avatar: text(),
  }),
});

// 2. Update user after registration
const { data } = await api.auth.register("password", { email, password });

await api.data.updateOne("users", data.user.id, {
  name: "John Doe",
  avatar: "https://...",
});
```

## Invite-Only Apps

Disable public registration:

```typescript
{
  auth: {
    allow_register: false,  // Disable self-registration
  },
}

// Admin creates users via seed or plugin
await app.module.auth.createUser({
  email: "[email protected]",
  password: tempPassword,
  role: "user",
});
```

## Common Pitfalls

### Registration Disabled

**Problem:** `Registration not allowed` (403)

**Fix:** `{ auth: { allow_register: true } }`

### Role Not Found

**Problem:** `Role "user" not found`

**Fix:** Define role before using:
```typescript
{
  auth: {
    roles: { user: { implicit_allow: false } },
    default_role_register: "user",
  },
}
```

### User Already Exists

**Problem:** 409 error

**Fix:** Handle gracefully:
```tsx
if (status === 409) {
  setError("Email already registered. Try logging in instead.");
}
```

### Token Not Stored

**Problem:** User not logged in after registration

**Fix:** Provide storage:
```typescript
const api = new Api({
  host: "http://localhost:7654",
  storage: localStorage,  // Required for persistence
});
```

### Custom Fields Ignored

**Problem:** Extra fields passed to registration not saved

**Cause:** Registration only accepts email/password

**Fix:** Update user after registration (see Custom Fields section)

## Verification

```bash
# 1. Test registration
curl -X POST http://localhost:7654/api/auth/password/register \
  -H "Content-Type: application/json" \
  -d '{"email": "[email protected]", "password": "password123"}'

# 2. Verify token works
curl http://localhost:7654/api/auth/me \
  -H "Authorization: Bearer <token>"
```

## DOs and DON'Ts

**DO:**
- Use bcrypt hashing in production
- Validate password length client-side to match server config
- Handle 409 error with login suggestion
- Store token with `storage: localStorage`
- Define roles before using `default_role_register`

**DON'T:**
- Use `hashing: "plain"` in production
- Expect custom fields in registration payload
- Forget to handle registration errors
- Disable registration without alternative user creation

## Related Skills

- **bknd-setup-auth** - Configure authentication system
- **bknd-create-user** - Programmatic user creation (admin/seed)
- **bknd-login-flow** - Login/logout functionality
- **bknd-password-reset** - Password reset flow

Overview

This skill helps you set up and manage user self-registration in a Bknd application. It covers enabling/disabling registration, default roles, password policy, SDK and REST registration calls, React integration, and handling custom fields after signup. Use it to implement secure, user-friendly registration flows and avoid common pitfalls.

How this skill works

The skill inspects and configures the auth block of your Bknd app to enable self-registration and define password strategies and default roles. It provides example SDK and REST calls to register users, React form patterns using the provided hooks, and guidance for updating user records with custom fields after registration. It also documents error responses and recommended fixes.

When to use it

  • Building a frontend registration form with the Bknd SDK or REST API
  • Configuring auth settings like allow_register, default_role_register, and password hashing
  • Testing registration endpoints from the admin panel or via curl
  • Creating invite-only apps by disabling public registration and seeding users
  • Adding post-registration custom fields (name, avatar) to the users entity

Best practices

  • Enable bcrypt hashing for production and set a sensible minLength (>=8)
  • Validate password length and matching client-side to mirror server rules
  • Persist tokens by supplying storage (e.g., localStorage) to the Api client
  • Define roles in config before assigning default_role_register
  • Handle 409, 400, and 403 status codes explicitly in the UI

Example use cases

  • Single-page app registration using bknd/react hooks and a RegisterForm component
  • Server-side configuration to toggle allow_register for invite-only deployments
  • Registering via SDK and immediately updating user profile with custom fields
  • Automated tests hitting the REST /api/auth/password/register endpoint
  • Admin workflows that create users programmatically when public registration is disabled

FAQ

What fields can I send to the registration endpoint?

Registration only accepts email and password. Save any extra fields by updating the user record after registration.

Why do I get a 403 when registering?

A 403 means allow_register is false. Enable self-registration in the auth config or create users via admin APIs.

How do I ensure the user is logged in after register?

Provide a storage implementation (like localStorage) to the Api client so the returned token is persisted automatically.