better_auth-rails 0.8.0 → 0.10.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: d53af856a214f6ba70cca2dc5f8ff61c9429adf62fa8850cd8a41ba66154ee8b
-  data.tar.gz: 1cd3587e1ded94d8600908036a80b900495de4f49647404b17d28cd3141e3581
+  metadata.gz: 9fc15052f4d320ccab9d999008d9207285c443f478c3db4391c83aa07b99e5ac
+  data.tar.gz: d7d386939905a2af32351bcfcf07252060a69250856db09a746f119b7ac13d74
 SHA512:
-  metadata.gz: 1e55f73a678d9e328543ca7082a981df44340a41d61dc9978b37eb74121ef8d5d7e6874fa4f0021cf2422cd65d1c7ab2c08906c0f676f9d9ef33ef5a71540706
-  data.tar.gz: 1b004d2801b43274b8bb3803e943424e7c434813560856f369e294978d41747927e37e84815df71732040a8a58be889f8172013b8b3ad59898bb1bba4a52a91d
+  metadata.gz: 33243ae75ed8e845d78c2931fb894000a3d62fe00b6db495019cd20f74fe32025e003b590191625ec4228f94c1e6dd3593d74d8aa43be9f56b175c9c1d26b8ea
+  data.tar.gz: '089f99e56796caeb863d1f5ffe1d62ecbac7b28f0dee8b2c09f867e20115690368e2b0b9a1236aa1fcedde79e930fefc1a6eef92dc38e576a3e1d2713f0fd7a5'

data/CHANGELOG.md

@@ -7,6 +7,13 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [0.10.0] - 2026-05-21
+
+### Fixed
+
+- Preserved mounted auth responses in Rails apps.
+- Improved migration generation, Active Record adapter behavior, routing, and database integration coverage.
+
 ## [0.7.0] - 2026-05-05
 
 ### Fixed

data/README.md

@@ -63,9 +63,13 @@ To generate only the base migration:
 ```bash
 bin/rails generate better_auth:migration
 bin/rails better_auth:generate:migration
+bin/rails better_auth:doctor
 ```
 
 The generators skip an existing `config/initializers/better_auth.rb` or existing `*_create_better_auth_tables.rb` migration instead of overwriting them.
+When the base migration already exists and Rails can connect to the current
+database, `better_auth:generate:migration` creates a new incremental update
+migration for missing plugin tables, additional fields, and indexes.
 
 ### Configuration
 
@@ -78,10 +82,10 @@ BetterAuth::Rails.configure do |config|
     Rails.application.credentials.secret_key_base ||
     Rails.application.secret_key_base
 
-  config.base_url = ENV["BETTER_AUTH_URL"]
+  config.base_url = BetterAuth::Env.get("BETTER_AUTH_URL")
   config.base_path = "/api/auth"
   config.trusted_origins = [
-    ENV["BETTER_AUTH_URL"]
+    BetterAuth::Env.get("BETTER_AUTH_URL")
   ].compact
 
   config.session do |session|
@@ -140,7 +144,7 @@ Core Better Auth also reads `BETTER_AUTH_SECRETS` when `secrets` is not configur
 
 #### Trusted origins
 
-The generated initializer derives `trusted_origins` from `ENV["BETTER_AUTH_URL"]`. If that environment variable is unset, Rails passes an empty list. Browser clients should set trusted origins explicitly in deployment so origin checks and callback URLs do not depend on an empty environment value. See [`host-app-responsibilities.md`](../../.docs/features/host-app-responsibilities.md) for the boundary between Better Auth origin checks, browser CORS headers, and host-app CSRF policy.
+The generated initializer derives `trusted_origins` from `BetterAuth::Env.get("BETTER_AUTH_URL")`. If that environment variable is unset, Rails passes an empty list. Browser clients should set trusted origins explicitly in deployment so origin checks and callback URLs do not depend on an empty environment value. See [`host-app-responsibilities.md`](../../.docs/features/host-app-responsibilities.md) for the boundary between Better Auth origin checks, browser CORS headers, and host-app CSRF policy.
 
 #### Option builder keys
 
@@ -227,13 +231,13 @@ end
 
 ## Development
 
-Full documentation is being adapted in the root [`docs/`](/Users/sebastiansala/projects/better-auth/docs/README.md) app. The Rails guide lives at `docs/content/docs/integrations/rails.mdx`; pages with a Ruby port warning still contain upstream TypeScript examples for reference.
+Full documentation is being adapted in the root `docs/` app. The Rails guide lives at `docs/content/docs/integrations/rails.mdx`; pages with a Ruby port warning still contain upstream TypeScript examples for reference.
 
 ### Setup
 
 ```bash
 # Clone the monorepo
-git clone --recursive https://github.com/sebasxsala/better-auth.git
+git clone --recursive https://github.com/sebasxsala/better-auth-rb.git
 cd better-auth/packages/better_auth-rails
 
 # Install dependencies
@@ -267,7 +271,7 @@ RUBOCOP_CACHE_ROOT=/private/var/folders/7x/jrsz946d2w73n42fb1_ff5000000gn/T/rubo
 
 ## Contributing
 
-Bug reports and pull requests are welcome on GitHub at https://github.com/sebasxsala/better-auth.
+Bug reports and pull requests are welcome on GitHub at https://github.com/sebasxsala/better-auth-rb.
 
 When contributing:
 1. Fork the repository

data/lib/better_auth/rails/active_record_adapter.rb

@@ -56,16 +56,21 @@ module BetterAuth
 
       def update(model:, where:, update:)
         model = model.to_s
-        existing = find_one(model: model, where: where, select: ["id"])
+        ensure_update_input_has_fields!(model, update)
+        existing = find_one(model: model, where: where)
         return nil unless existing
 
         update_many(model: model, where: where, update: update)
-        find_one(model: model, where: [{field: "id", value: existing.fetch("id")}])
+        lookup = record_lookup(model, existing)
+        lookup ? find_one(model: model, where: [lookup]) : find_one(model: model, where: where)
       end
 
       def update_many(model:, where:, update:, returning: false)
         model = model.to_s
-        attributes = physical_attributes(model, transform_input(model, update, "update", true))
+        ensure_update_input_has_fields!(model, update)
+        data = transform_input(model, update, "update", true)
+        ensure_update_data!(data)
+        attributes = physical_attributes(model, data)
         relation = relation_for(model, where: where)
         if returning
           relation.map do |record|
@@ -103,7 +108,7 @@ module BetterAuth
         klass = Class.new(ApplicationRecord)
         model_namespace.const_set(class_name_for(model), klass)
         klass.table_name = table_for(model) if klass.respond_to?(:table_name=)
-        klass.primary_key = storage_field(model, "id") if klass.respond_to?(:primary_key=)
+        klass.primary_key = storage_field(model, "id") if klass.respond_to?(:primary_key=) && schema_for(model).fetch(:fields).key?("id")
         @models[model] = klass
         define_join_associations(model, klass)
         klass
@@ -228,10 +233,37 @@ module BetterAuth
           end
           output[field] = coerce_value(value, attributes) if value_provided
         end
-        output["id"] = generated_id if action == "create" && !output.key?("id")
+        output["id"] = generated_id if action == "create" && !output.key?("id") && fields.key?("id")
         output
       end
 
+      def ensure_update_data!(data)
+        raise APIError.new("BAD_REQUEST", message: "No fields to update") if data.empty?
+      end
+
+      def ensure_update_input_has_fields!(model, update)
+        raise APIError.new("BAD_REQUEST", message: "No fields to update") unless update.is_a?(Hash)
+
+        fields = schema_for(model).fetch(:fields)
+        input = stringify_keys(update)
+        has_updatable_field = input.any? do |field, _value|
+          next false if field == "id" || field == "_id"
+
+          fields.key?(field) || fields.any? { |logical_field, attributes| storage_key(attributes[:field_name] || logical_field) == field }
+        end
+        raise APIError.new("BAD_REQUEST", message: "No fields to update") unless has_updatable_field
+      end
+
+      def record_lookup(model, record)
+        fields = schema_for(model).fetch(:fields)
+        return {field: "id", value: record.fetch("id")} if fields.key?("id") && record.key?("id")
+
+        unique_field = fields.find { |field, attributes| attributes[:unique] && record.key?(field) }
+        return {field: unique_field.first, value: record.fetch(unique_field.first)} if unique_field
+
+        nil
+      end
+
       def physical_attributes(model, logical)
         logical.each_with_object({}) do |(field, value), attributes|
           attributes[storage_field(model, field)] = value

data/lib/better_auth/rails/controller_helpers.rb

@@ -26,6 +26,10 @@ module BetterAuth
 
       private
 
+      def better_auth_auth
+        BetterAuth::Rails.auth_for_mount
+      end
+
       def better_auth_session_data
         return request.env["better_auth.session"] if request.env.key?("better_auth.session")
 
@@ -33,7 +37,7 @@ module BetterAuth
       end
 
       def resolve_better_auth_session
-        auth_context = BetterAuth::Rails.auth.context
+        auth_context = better_auth_auth.context
         auth_context.prepare_for_request!(request) if auth_context.respond_to?(:prepare_for_request!)
         context = BetterAuth::Endpoint::Context.new(
           path: request.path,
@@ -46,6 +50,32 @@ module BetterAuth
           request: request
         )
         BetterAuth::Session.find_current(context, disable_refresh: true)
+      ensure
+        copy_better_auth_response_headers(context) if defined?(context) && context
+        auth_context.clear_runtime! if defined?(auth_context) && auth_context&.respond_to?(:clear_runtime!)
+      end
+
+      def copy_better_auth_response_headers(context)
+        return unless respond_to?(:response) && response
+
+        context.response_headers.each do |key, value|
+          write_better_auth_response_header(key, value)
+        end
+      end
+
+      def write_better_auth_response_header(key, value)
+        header_name = canonical_response_header(key)
+        if response.respond_to?(:set_header)
+          response.set_header(header_name, value)
+        elsif response.respond_to?(:headers)
+          response.headers[header_name] = value
+        end
+      end
+
+      def canonical_response_header(key)
+        return "Set-Cookie" if key.to_s.downcase == "set-cookie"
+
+        key.to_s.split("-").map(&:capitalize).join("-")
       end
     end
   end

data/lib/better_auth/rails/migration.rb

@@ -1,12 +1,17 @@
 # frozen_string_literal: true
 
+require "better_auth/sql_migration"
+
 module BetterAuth
   module Rails
     module Migration
+      BOUNDED_STRING_LIMIT = 191
+
       module_function
 
-      def render(options, migration_version: nil)
+      def render(options, migration_version: nil, dialect: nil)
         migration_version ||= self.migration_version
+        dialect ||= active_record_connection ? active_record_dialect(active_record_connection) : :rails
         tables = BetterAuth::Schema.auth_tables(options)
         lines = [
           "# frozen_string_literal: true",
@@ -14,36 +19,132 @@ module BetterAuth
           "class CreateBetterAuthTables < ActiveRecord::Migration[#{migration_version}]",
           "  def change"
         ]
-        tables.each_value { |table| lines.concat(create_table_lines(table)) }
-        tables.each_value { |table| lines.concat(primary_key_lines(table)) }
+        tables.each_value { |table| lines.concat(create_table_lines(table, dialect: dialect)) }
         tables.each_value { |table| lines.concat(index_lines(table)) }
         tables.each_value { |table| lines.concat(foreign_key_lines(table, options)) }
         lines.concat(["  end", "end", ""])
         lines.join("\n")
       end
 
+      def render_pending(plan, class_name: "UpdateBetterAuthTables", migration_version: nil)
+        migration_version ||= self.migration_version
+        created_tables = plan.to_create.map(&:table_name).to_set
+        lines = [
+          "# frozen_string_literal: true",
+          "",
+          "class #{class_name} < ActiveRecord::Migration[#{migration_version}]",
+          "  def change"
+        ]
+        plan.to_create.each { |change| lines.concat(create_table_lines(change.table, dialect: plan.dialect)) }
+        plan.to_create.each { |change| lines.concat(index_lines(change.table)) }
+        plan.to_create.each { |change| lines.concat(foreign_key_lines(change.table, plan.tables)) }
+        plan.to_add.each { |change| lines.concat(add_column_lines(change, dialect: plan.dialect)) }
+        plan.to_index.reject { |change| created_tables.include?(change.table_name) }.each do |change|
+          lines << index_line(change.table_name, change.field_name, unique: change.unique)
+        end
+        plan.to_add.each do |change|
+          lines.concat(foreign_key_lines({model_name: change.table_name, fields: change.fields}, plan.tables))
+        end
+        lines.concat(["  end", "end", ""])
+        lines.join("\n")
+      end
+
+      def plan_pending(options, connection: active_record_connection)
+        dialect = active_record_dialect(connection)
+        BetterAuth::SQLMigration.plan_from_existing(
+          options,
+          existing: current_schema(connection),
+          dialect: dialect
+        )
+      end
+
+      def active_record_connection
+        ::ActiveRecord::Base.connection if defined?(::ActiveRecord::Base)
+      rescue
+        nil
+      end
+
+      def active_record_dialect(connection)
+        adapter = connection.respond_to?(:adapter_name) ? connection.adapter_name.to_s.downcase : ""
+        case adapter
+        when /postgres/
+          :postgres
+        when /mysql/
+          :mysql
+        when /sqlite/
+          :sqlite
+        when /sqlserver|sql_server|mssql/
+          :mssql
+        else
+          :postgres
+        end
+      end
+
+      def current_schema(connection)
+        connection.tables.each_with_object({}) do |table_name, schema|
+          columns = connection.columns(table_name).each_with_object({}) do |column, result|
+            result[column.name.to_s] = column.respond_to?(:sql_type) ? column.sql_type.to_s : column.type.to_s
+          end
+          indexes = {names: Set.new, columns: Set.new, unique_columns: Set.new}
+          connection.indexes(table_name).each do |index|
+            indexes[:names] << index.name.to_s
+            Array(index.columns).each do |column|
+              column = column.to_s
+              indexes[:columns] << column
+              indexes[:unique_columns] << column if index.unique
+            end
+          end
+          schema[table_name.to_s] = {name: table_name.to_s, columns: columns, indexes: indexes}
+        end
+      end
+
       def migration_version
         return ::ActiveRecord::Migration.current_version if defined?(::ActiveRecord::Migration)
 
         "7.0"
       end
 
-      def create_table_lines(table)
+      def create_table_lines(table, dialect: :rails)
         table_name = table.fetch(:model_name)
-        lines = ["", "    create_table :#{table_name}, id: false do |t|"]
+        lines = ["", "    create_table :#{table_name}, #{primary_key_options(table, dialect: dialect)} do |t|"]
         table.fetch(:fields).each do |logical_field, attributes|
-          lines << column_line(logical_field, attributes)
+          next if logical_field == "id"
+
+          lines << column_line(logical_field, attributes, dialect: dialect)
         end
         lines << "    end"
       end
 
-      def column_line(logical_field, attributes)
+      def primary_key_options(table, dialect: :rails)
+        attributes = table.fetch(:fields)["id"]
+        return "id: false" unless attributes
+
+        column = attributes[:field_name] || physical_name("id")
+        parts = ["id: :#{rails_type("id", attributes, dialect)}"]
+        parts << "limit: #{BOUNDED_STRING_LIMIT}" if limited_string?("id", attributes)
+        parts << "primary_key: :#{column}" unless column == "id"
+        parts.join(", ")
+      end
+
+      def column_line(logical_field, attributes, dialect: :rails)
         column = attributes[:field_name] || physical_name(logical_field)
-        parts = ["t.#{rails_type(attributes)} :#{column}"]
+        type = rails_type(logical_field, attributes, dialect)
+        parts = if type == "timestamptz"
+          ["t.column :#{column}, :timestamptz"]
+        else
+          ["t.#{type} :#{column}"]
+        end
+        parts.concat(column_options(logical_field, attributes))
+        "      #{parts.join(", ")}"
+      end
+
+      def column_options(logical_field, attributes)
+        parts = []
+        parts << "limit: #{BOUNDED_STRING_LIMIT}" if limited_string?(logical_field, attributes)
         parts << "null: false" if attributes[:required]
         default = default_value(attributes)
         parts << "default: #{default}" unless default.nil?
-        "      #{parts.join(", ")}"
+        parts
       end
 
       def index_lines(table)
@@ -52,43 +153,66 @@ module BetterAuth
           next unless attributes[:unique] || attributes[:index]
 
           column = attributes[:field_name] || physical_name(logical_field)
-          unique = attributes[:unique] ? ", unique: true" : ""
-          "    add_index :#{table_name}, :#{column}#{unique}"
+          index_line(table_name, column, unique: attributes[:unique])
         end
       end
 
-      def primary_key_lines(table)
-        table_name = table.fetch(:model_name)
-        return [] unless table.fetch(:fields).key?("id")
+      def add_column_lines(change, dialect: :rails)
+        change.fields.map do |logical_field, attributes|
+          column = attributes[:field_name] || physical_name(logical_field)
+          parts = ["    add_column :#{change.table_name}, :#{column}, :#{rails_type(logical_field, attributes, dialect)}"]
+          parts.concat(column_options(logical_field, attributes))
+          parts.join(", ")
+        end
+      end
 
-        [
-          %(    execute "ALTER TABLE \#{quote_table_name(:#{table_name})} ADD PRIMARY KEY (\#{quote_column_name(:id)})")
-        ]
+      def index_line(table_name, column, unique: false)
+        unique_option = unique ? ", unique: true" : ""
+        "    add_index :#{table_name}, :#{column}#{unique_option}"
       end
 
       def foreign_key_lines(table, options)
         table_name = table.fetch(:model_name)
+        tables = table_map(options)
         table.fetch(:fields).filter_map do |logical_field, attributes|
           reference = attributes[:references]
           next unless reference
 
           column = attributes[:field_name] || physical_name(logical_field)
-          target = foreign_key_target(reference.fetch(:model), options)
+          target_table = foreign_key_target_table(reference, tables)
+          target = target_table&.fetch(:model_name) || reference.fetch(:model)
+          target_field = foreign_key_target_field(reference, target_table)
+          primary_key = (target_field.to_s == "id") ? "" : ", primary_key: :#{target_field}"
           on_delete = reference[:on_delete] ? ", on_delete: :#{reference[:on_delete]}" : ""
-          "    add_foreign_key :#{table_name}, :#{target}, column: :#{column}#{on_delete}"
+          "    add_foreign_key :#{table_name}, :#{target}, column: :#{column}#{primary_key}#{on_delete}"
         end
       end
 
-      def rails_type(attributes)
+      def rails_type(logical_field, attributes, dialect = :rails)
         case attributes[:type]
         when "boolean" then "boolean"
-        when "date" then "datetime"
+        when "date" then (dialect == :postgres) ? "timestamptz" : "datetime"
         when "number" then attributes[:bigint] ? "bigint" : "integer"
-        when "json", "string[]", "number[]" then "json"
-        else "string"
+        when "json", "string[]", "number[]" then (dialect == :postgres) ? "jsonb" : "json"
+        when "string" then bounded_string?(logical_field, attributes) ? "string" : "text"
+        else "text"
         end
       end
 
+      def bounded_string?(logical_field, attributes)
+        logical_field.to_s == "id" ||
+          logical_field.to_s.end_with?("Id") ||
+          attributes[:unique] ||
+          attributes[:index] ||
+          attributes[:sortable] ||
+          attributes[:references] ||
+          attributes.key?(:default_value)
+      end
+
+      def limited_string?(logical_field, attributes)
+        attributes[:type] == "string" && bounded_string?(logical_field, attributes)
+      end
+
       def default_value(attributes)
         default = attributes[:default_value]
         return if default.respond_to?(:call)
@@ -105,8 +229,32 @@ module BetterAuth
         BetterAuth::Schema.send(:physical_name, value)
       end
 
-      def foreign_key_target(model, options)
-        BetterAuth::Schema.auth_tables(options).fetch(model.to_s, nil)&.fetch(:model_name) || model
+      def table_map(options)
+        if options.respond_to?(:values) && options.values.all? { |value| value.respond_to?(:fetch) && value.key?(:fields) }
+          options
+        else
+          BetterAuth::Schema.auth_tables(options)
+        end
+      end
+
+      def foreign_key_target_table(reference, tables)
+        model = reference.fetch(:model).to_s
+        tables.fetch(model, nil) || tables.each_value.find { |table| table.fetch(:model_name).to_s == model }
+      end
+
+      def foreign_key_target_field(reference, target_table)
+        field = reference.fetch(:field).to_s
+        return field unless target_table
+
+        fields = target_table.fetch(:fields)
+        attributes = fields.fetch(field, nil)
+        return attributes[:field_name] || physical_name(field) if attributes
+
+        if fields.each_value.any? { |data| data[:field_name].to_s == field }
+          field
+        else
+          physical_name(field)
+        end
       end
     end
   end

data/lib/better_auth/rails/mounted_app.rb

@@ -1,5 +1,7 @@
 # frozen_string_literal: true
 
+require "json"
+
 module BetterAuth
   module Rails
     class MountedApp
@@ -10,18 +12,19 @@ module BetterAuth
 
       def call(env)
         @auth.call(env.merge("PATH_INFO" => mounted_path_info(env)))
+      rescue BetterAuth::APIError, JSON::ParserError
+        raise
+      rescue => error
+        handle_unexpected_error(error, env)
       end
 
       private
 
       def mounted_path_info(env)
         path_info = normalize_path(env["PATH_INFO"])
-        script_name = normalize_path(env["SCRIPT_NAME"])
-        prefix = (script_name == "/") ? @mount_path : script_name
-
-        return path_info if path_info == prefix || path_info.start_with?("#{prefix}/")
+        return path_info if path_info == @mount_path || path_info.start_with?("#{@mount_path}/")
 
-        normalize_path("#{prefix}/#{path_info.delete_prefix("/")}")
+        normalize_path("#{@mount_path}/#{path_info.delete_prefix("/")}")
       end
 
       def normalize_path(path)
@@ -31,6 +34,46 @@ module BetterAuth
         normalized = normalized.delete_suffix("/") unless normalized == "/"
         normalized.empty? ? "/" : normalized
       end
+
+      def handle_unexpected_error(error, env)
+        log_unexpected_error(error, env)
+        options = @auth.respond_to?(:options) ? @auth.options : nil
+        on_api_error = options&.on_api_error || {}
+        raise error if on_api_error[:throw] || on_api_error["throw"]
+
+        callback = on_api_error[:on_error] || on_api_error[:onError] || on_api_error["on_error"] || on_api_error["onError"]
+        callback.call(error, error_context(env)) if callback.respond_to?(:call)
+
+        api_error = BetterAuth::APIError.new("INTERNAL_SERVER_ERROR")
+        [
+          api_error.status_code,
+          {"content-type" => "application/json"},
+          [JSON.generate(api_error.to_h)]
+        ]
+      end
+
+      def log_unexpected_error(error, env)
+        message = "BetterAuth::Rails mounted app error: #{error.class}: #{error.message}\n"
+        message << Array(error.backtrace).join("\n")
+
+        if env["rack.errors"]
+          env["rack.errors"].puts(message)
+        elsif defined?(::Rails) && ::Rails.respond_to?(:logger) && ::Rails.logger
+          ::Rails.logger.error(message)
+        end
+      rescue
+        nil
+      end
+
+      def error_context(env)
+        path = mounted_path_info(env)
+        route_path = if path == @mount_path
+          "/"
+        else
+          path.delete_prefix(@mount_path)
+        end
+        Struct.new(:path, :env).new(normalize_path(route_path), env)
+      end
     end
   end
 end

data/lib/better_auth/rails/routing.rb

@@ -6,6 +6,7 @@ module BetterAuth
       def better_auth(auth: nil, at: BetterAuth::Configuration::DEFAULT_BASE_PATH)
         mount_path = normalize_better_auth_mount_path(at)
         auth ||= BetterAuth::Rails.auth(base_path: mount_path)
+        BetterAuth::Rails.register_auth(auth, mount_path: mount_path)
         mount BetterAuth::Rails::MountedApp.new(auth, mount_path: mount_path), at: mount_path
       end
 

data/lib/better_auth/rails/version.rb

@@ -2,6 +2,6 @@
 
 module BetterAuth
   module Rails
-    VERSION = "0.8.0"
+    VERSION = "0.10.0"
   end
 end

data/lib/better_auth/rails.rb

@@ -21,6 +21,7 @@ module BetterAuth
       def configure
         yield configuration
         @auth = nil
+        @mounted_auth = nil
       end
 
       def auth(overrides = nil)
@@ -29,6 +30,29 @@ module BetterAuth
 
         BetterAuth.auth(options.merge(overrides))
       end
+
+      def register_auth(auth, mount_path:)
+        mounted_auth[normalize_mount_path(mount_path)] = auth
+      end
+
+      def auth_for_mount(mount_path = nil)
+        return mounted_auth[normalize_mount_path(mount_path)] if mount_path
+
+        mounted_auth[configuration.base_path] || mounted_auth.values.first || auth
+      end
+
+      private
+
+      def mounted_auth
+        @mounted_auth ||= {}
+      end
+
+      def normalize_mount_path(path)
+        normalized = path.to_s
+        normalized = "/#{normalized}" unless normalized.start_with?("/")
+        normalized = normalized.squeeze("/")
+        (normalized == "/") ? normalized : normalized.delete_suffix("/")
+      end
     end
   end
 end

data/lib/generators/better_auth/migration/migration_generator.rb

@@ -8,7 +8,7 @@ module BetterAuth
     class MigrationGenerator < ::Rails::Generators::Base
       def create_migration
         if existing_migration?
-          say_status :skip, "db/migrate/*_create_better_auth_tables.rb already exists"
+          create_incremental_migration
           return
         end
 
@@ -21,12 +21,32 @@ module BetterAuth
         Dir[File.join(destination_root, "db/migrate/*_create_better_auth_tables.rb")].any?
       end
 
+      def create_incremental_migration
+        plan = BetterAuth::Rails::Migration.plan_pending(generator_config)
+        if plan.empty?
+          say_status :skip, "Better Auth schema is up to date"
+          return
+        end
+
+        create_file incremental_migration_path, BetterAuth::Rails::Migration.render_pending(plan, class_name: incremental_class_name)
+      rescue => _error
+        say_status :skip, "db/migrate/*_create_better_auth_tables.rb already exists"
+      end
+
       def migration_path
         File.join("db/migrate", "#{timestamp}_create_better_auth_tables.rb")
       end
 
+      def incremental_migration_path
+        File.join("db/migrate", "#{timestamp}_update_better_auth_tables_#{timestamp}.rb")
+      end
+
+      def incremental_class_name
+        "UpdateBetterAuthTables#{timestamp}"
+      end
+
       def timestamp
-        Time.now.utc.strftime("%Y%m%d%H%M%S")
+        @timestamp ||= Time.now.utc.strftime("%Y%m%d%H%M%S")
       end
 
       def generator_config

data/lib/tasks/better_auth.rake

@@ -2,16 +2,24 @@
 
 namespace :better_auth do
   desc "Create the Better Auth initializer and base migration"
-  task :init do
+  task init: :environment do
     require "generators/better_auth/install/install_generator"
     BetterAuth::Generators::InstallGenerator.start([])
   end
 
   namespace :generate do
     desc "Create the Better Auth base migration"
-    task :migration do
+    task migration: :environment do
       require "generators/better_auth/migration/migration_generator"
       BetterAuth::Generators::MigrationGenerator.start([])
     end
   end
+
+  desc "Check Better Auth configuration and schema health"
+  task doctor: :environment do
+    options = BetterAuth::Rails.configuration.to_auth_options
+    config = BetterAuth::Configuration.new(options)
+    exit_code = BetterAuth::Doctor.print(BetterAuth::Doctor.check(config), stdout: $stdout, stderr: $stderr)
+    abort if exit_code != 0
+  end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: better_auth-rails
 version: !ruby/object:Gem::Version
-  version: 0.8.0
+  version: 0.10.0
 platform: ruby
 authors:
 - Sebastian Sala
@@ -181,6 +181,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '0.5'
+- !ruby/object:Gem::Dependency
+  name: better_auth-passkey
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.8'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.8'
 description: Rails integration for Better Auth Ruby. Better Auth Ruby is an independent
   modern authentication framework for Ruby inspired by Better Auth. Provides middleware,
   controller helpers, and generators.
@@ -208,14 +222,14 @@ files:
 - lib/generators/better_auth/install/templates/initializer.rb.tt
 - lib/generators/better_auth/migration/migration_generator.rb
 - lib/tasks/better_auth.rake
-homepage: https://github.com/sebasxsala/better-auth
+homepage: https://github.com/sebasxsala/better-auth-rb
 licenses:
 - MIT
 metadata:
-  homepage_uri: https://github.com/sebasxsala/better-auth
-  source_code_uri: https://github.com/sebasxsala/better-auth
-  changelog_uri: https://github.com/sebasxsala/better-auth/blob/main/packages/better_auth-rails/CHANGELOG.md
-  bug_tracker_uri: https://github.com/sebasxsala/better-auth/issues
+  homepage_uri: https://github.com/sebasxsala/better-auth-rb
+  source_code_uri: https://github.com/sebasxsala/better-auth-rb
+  changelog_uri: https://github.com/sebasxsala/better-auth-rb/blob/main/packages/better_auth-rails/CHANGELOG.md
+  bug_tracker_uri: https://github.com/sebasxsala/better-auth-rb/issues
 rdoc_options: []
 require_paths:
 - lib