@floatingpixels/supabase-nuxt 0.6.0 → 0.6.2

package/README.md

@@ -7,9 +7,9 @@
 
 ## Features
 
-[@floatingpixels/supabase-nuxt](https://github.com/nuxt-modules/supabase) is a Nuxt module for first class integration with Supabase. It makes it easy to use Supabase authentication, database and realtime features in your Nuxt 3 application. Especially when using server-side rendering SSR, using Supabase can be tricky, this module takes care of the intricacies and lets you simply use the power of Supabase!
+[@floatingpixels/supabase-nuxt](https://github.com/floatingpixels/supabase-nuxt) is a Nuxt module for first-class integration with Supabase. It makes it easy to use Supabase authentication, database and realtime features in your Nuxt 3 or Nuxt 4 application. Especially when using server-side rendering (SSR), using Supabase can be tricky, this module takes care of the intricacies and lets you simply use the power of Supabase!
 
-Checkout the [Nuxt 3](https://v3.nuxtjs.org) documentation and [Supabase](https://supabase.com) to learn more.
+Check out the [Nuxt](https://nuxt.com/docs) documentation and [Supabase](https://supabase.com/docs) to learn more.
 
 ## Testing
 
@@ -37,14 +37,14 @@ export default defineNuxtConfig({
 })
 ```
 
-Add `SUPABASE_URL` and `SUPABASE_PUBLISHABLE_KEY` to `.env`:
+Add `NUXT_PUBLIC_SUPABASE_URL` and `NUXT_PUBLIC_SUPABASE_PUBLISHABLE_KEY` to `.env`:
 
 ```zsh
 NUXT_PUBLIC_SUPABASE_URL="https://example.supabase.co"
 NUXT_PUBLIC_SUPABASE_PUBLISHABLE_KEY=""
 ```
 
-When dynamically setting the variables during in an environment, make sure to prefix the environment variables with `NUXT_PUBLIC_` in order to use `runtimeConfig`.
+When dynamically setting the variables in an environment, make sure to prefix the public environment variables with `NUXT_PUBLIC_` in order to use `runtimeConfig`.
 
 The public keys are required to be set in the environment for the module to work. If the service role is needed, you should also set `NUXT_SUPABASE_SERVICE_ROLE_KEY` in the environment, which will be only available on the server side as a private runtime variable.
 
@@ -61,6 +61,8 @@ export default defineNuxtConfig({
 }
 ```
 
+The module extends existing `runtimeConfig.public.supabase` and `runtimeConfig.supabase` values instead of replacing them. This lets explicit runtime config and `NUXT_*` environment overrides take precedence over module defaults.
+
 ### `url`
 
 Default: `process.env.NUXT_PUBLIC_SUPABASE_URL` (e.g.: `https://example.supabase.co`)
@@ -83,7 +85,7 @@ Supabase 'service role key', has super admin rights and can bypass your Row Leve
 
 Default: `false`
 
-Re-direct automatically to the configured login page if a non authenticated user is navigating to a page. When set to `true` a global middleware is used to check for a logged-in Supabase use on all non-excluded routes.
+Re-direct automatically to the configured login page if a non authenticated user is navigating to a page. When set to `true` a global middleware is used to check for a logged-in Supabase user on all non-excluded routes.
 
 ### `redirectOptions`
 
@@ -169,9 +171,9 @@ When using e-mail authentication, a confirmation e-mail is sent to new users, an
 
 The confirmation route on your server is provided by this module, so you don't need to implement it yourself. It's available at `/auth/confirm`. It will automatically confirm the user and re-direct to the `redirect_to` route.
 
-If you want to customize the confirmation route, you can do so by creating a server route to handle the request, and point to it in your Supabase e-mail template. Your custom route will receive the `token_hash` and `type` URL parameters, and the `redirect_to` URL parameter if provided. You can use the `useSupabaseClient` composable to confirm the user and re-direct to the `next` route:
+If you want to customize the confirmation route, you can do so by creating a server route to handle the request, and point to it in your Supabase e-mail template. Your custom route will receive the `token_hash` and `type` URL parameters, and the `redirect_to` URL parameter if provided. You can use the `supabaseServerClient` server helper to confirm the user and re-direct to the next route:
 
-> ⚠️ You can use the provided confirm route at `/supabase/confirm`, the implementation of a custom route is optional!
+> ⚠️ You can use the provided confirm route at `/auth/confirm`, the implementation of a custom route is optional!
 
 ```ts [server/api/confirm.ts]
 import { EmailOtpType } from '@supabase/supabase-js'
@@ -278,7 +280,7 @@ This composable can be used to make requests to the Supabase API. It's auto-impo
 
 Please check [Supabase](https://supabase.com/docs/reference/javascript/select) documentation on how to fully use the Supabase client.
 
-Here is an example of fetching from the database using the Supabase client's `select` method with Nuxt 3 [useAsyncData](https://nuxt.com/docs/getting-started/data-fetching#useasyncdata).
+Here is an example of fetching from the database using the Supabase client's `select` method with Nuxt's [useAsyncData](https://nuxt.com/docs/getting-started/data-fetching#useasyncdata).
 
 ```vue
 <script setup lang="ts">
@@ -356,7 +358,7 @@ const signInWithOAuth = async () => {
   const { error } = await supabase.auth.signInWithOAuth({
     provider: 'github',
     options: {
-      redirectTo: 'http://localhost:3000/confirm',
+      redirectTo: 'http://localhost:3000/auth/callback',
     },
   })
   if (error) console.log(error)
@@ -395,7 +397,7 @@ Make requests with super admin rights to the Supabase API with the `supabaseServ
 
 It provides similar functionality as the `supabaseServerClient` but it provides a client with super admin rights that can bypass your [Row Level Security](https://supabase.com/docs/guides/auth/row-level-security).
 
-The client is initialized with the `SUPABASE_SERVICE_ROLE_KEY` you must have in your environment. Checkout the doc if you want to know more about [Supabase keys](https://supabase.com/docs/learn/auth-deep-dive/auth-deep-dive-jwts#jwts-in-supabase).
+The client is initialized with the `NUXT_SUPABASE_SERVICE_ROLE_KEY` you must have in your environment. Check out the doc if you want to know more about [Supabase keys](https://supabase.com/docs/learn/auth-deep-dive/auth-deep-dive-jwts#jwts-in-supabase).
 
 > ⚠️ The service key gives admin access to your database, be careful to not expose it in your client side code or in your git repository.
 
@@ -405,7 +407,7 @@ In your server route use the `supabaseServiceRole` from `#supabase/server`.
 import { supabaseServiceRole } from '#supabase/server'
 
 export default eventHandler(async event => {
-  const client = supabaseServiceRole(event)
+  const client = await supabaseServiceRole(event)
 
   const { data } = await client.from('rls-protected-table').select()
 

package/dist/module.json

@@ -4,9 +4,9 @@
   "compatibility": {
     "nuxt": ">3.0.0"
   },
-  "version": "0.6.0",
+  "version": "0.6.2",
   "builder": {
     "@nuxt/module-builder": "1.0.2",
-    "unbuild": "3.6.1"
+    "unbuild": "unknown"
   }
 }

package/dist/module.mjs

@@ -1,4 +1,5 @@
-import { defineNuxtModule, createResolver, addServerHandler, addPlugin, addTypeTemplate, extendViteConfig } from '@nuxt/kit';
+import { defineNuxtModule, createResolver, addServerHandler, addPlugin, addImportsDir, addTypeTemplate, extendViteConfig } from '@nuxt/kit';
+import { defu } from 'defu';
 
 const module$1 = defineNuxtModule({
   meta: {
@@ -28,24 +29,36 @@ const module$1 = defineNuxtModule({
   },
   setup(options, nuxt) {
     const { resolve } = createResolver(import.meta.url);
-    if (!process.env.NUXT_PUBLIC_SUPABASE_URL && !options.url) {
+    const publicSupabaseConfig = nuxt.options.runtimeConfig.public.supabase;
+    const supabaseConfig = nuxt.options.runtimeConfig.supabase;
+    if (!process.env.NUXT_PUBLIC_SUPABASE_URL && !options.url && !publicSupabaseConfig?.url) {
       console.warn("Missing `NUXT_PUBLIC_SUPABASE_URL` in environment or `url` in module options");
     }
-    if (!process.env.NUXT_PUBLIC_SUPABASE_PUBLISHABLE_KEY && !options.publishableKey) {
+    if (!process.env.NUXT_PUBLIC_SUPABASE_PUBLISHABLE_KEY && !options.publishableKey && !publicSupabaseConfig?.publishableKey) {
       console.warn(
         "Missing `NUXT_PUBLIC_SUPABASE_PUBLISHABLE_KEY` in environment or `publishableKey` in module options"
       );
     }
-    nuxt.options.runtimeConfig.public.supabase = {
-      url: options.url,
-      publishableKey: options.publishableKey,
-      redirect: options.redirect,
-      redirectOptions: options.redirectOptions,
-      clientOptions: options.clientOptions
-    };
-    nuxt.options.runtimeConfig.supabase = {
-      serviceRoleKey: options.secretKey
-    };
+    nuxt.options.runtimeConfig.public.supabase = defu(publicSupabaseConfig, {
+      url: options.url ?? "",
+      publishableKey: options.publishableKey ?? "",
+      redirect: options.redirect ?? false,
+      redirectOptions: options.redirectOptions ?? {
+        login: "/login",
+        exclude: []
+      },
+      clientOptions: options.clientOptions ?? {
+        auth: {
+          flowType: "pkce",
+          detectSessionInUrl: true,
+          persistSession: true,
+          autoRefreshToken: true
+        }
+      }
+    });
+    nuxt.options.runtimeConfig.supabase = defu(supabaseConfig, {
+      serviceRoleKey: options.secretKey ?? ""
+    });
     nuxt.options.alias = {
       ...nuxt.options.alias,
       "#supabase/server": resolve("./runtime/server/services")
@@ -62,9 +75,7 @@ const module$1 = defineNuxtModule({
     });
     addPlugin(resolve("./runtime/plugins/supabase.server"));
     addPlugin(resolve("./runtime/plugins/supabase.client"));
-    nuxt.hook("imports:dirs", (dirs) => {
-      dirs.push(resolve("./runtime/composables"));
-    });
+    addImportsDir(resolve("./runtime/composables"));
     if (options.redirect) {
       addPlugin(resolve("./runtime/plugins/middleware-auth-redirect"));
     }

package/dist/runtime/plugins/supabase.server.js

@@ -1,6 +1,6 @@
 import { defineNuxtPlugin, useRuntimeConfig, useRequestEvent } from "nuxt/app";
 import { createServerClient } from "@supabase/ssr";
-import { setCookie, parseCookies } from "h3";
+import { setCookie, parseCookies, setResponseHeaders } from "h3";
 export default defineNuxtPlugin({
   name: "supabase",
   enforce: "pre",
@@ -20,11 +20,12 @@ export default defineNuxtPlugin({
             value
           }));
         },
-        setAll(cookiesToSet) {
+        setAll(cookiesToSet, headers = {}) {
           try {
             cookiesToSet.forEach(({ name, value, options }) => {
               setCookie(event, name, value, options);
             });
+            setResponseHeaders(event, headers);
           } catch {
             console.error("Error setting cookies", cookiesToSet);
           }

package/dist/runtime/server/services/supabaseServerClient.js

@@ -1,10 +1,10 @@
 import { createServerClient } from "@supabase/ssr";
-import { setCookie, parseCookies } from "h3";
+import { setCookie, parseCookies, setResponseHeaders } from "h3";
 import { useRuntimeConfig } from "#imports";
 export const supabaseServerClient = async (event) => {
   const {
     supabase: { url, publishableKey, clientOptions }
-  } = useRuntimeConfig().public;
+  } = useRuntimeConfig(event).public;
   let supabaseClient = event.context._supabaseClient;
   const createTypedServerClient = createServerClient;
   if (!supabaseClient) {
@@ -18,11 +18,12 @@ export const supabaseServerClient = async (event) => {
             value
           }));
         },
-        setAll(cookiesToSet) {
+        setAll(cookiesToSet, headers = {}) {
           try {
             cookiesToSet.forEach(({ name, value, options }) => {
               setCookie(event, name, value, options);
             });
+            setResponseHeaders(event, headers);
           } catch {
             console.error("Error setting cookies", cookiesToSet);
           }

package/dist/runtime/server/services/supabaseServiceRole.js

@@ -1,5 +1,5 @@
 import { createServerClient } from "@supabase/ssr";
-import { setCookie, parseCookies } from "h3";
+import { setCookie, parseCookies, setResponseHeaders } from "h3";
 import { useRuntimeConfig } from "#imports";
 export const supabaseServiceRole = async (event) => {
   const {
@@ -7,7 +7,7 @@ export const supabaseServiceRole = async (event) => {
     public: {
       supabase: { url, clientOptions }
     }
-  } = useRuntimeConfig();
+  } = useRuntimeConfig(event);
   if (!serviceRoleKey) {
     throw new Error("Missing `SUPABASE_SERVICE_ROLE_KEY` in `.env`");
   }
@@ -24,11 +24,12 @@ export const supabaseServiceRole = async (event) => {
             value
           }));
         },
-        setAll(cookiesToSet) {
+        setAll(cookiesToSet, headers = {}) {
           try {
             cookiesToSet.forEach(({ name, value, options }) => {
               setCookie(event, name, value, options);
             });
+            setResponseHeaders(event, headers);
           } catch {
             console.error("Error setting cookies", cookiesToSet);
           }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@floatingpixels/supabase-nuxt",
-  "version": "0.6.0",
+  "version": "0.6.2",
   "description": "Supabase module for Nuxt",
   "repository": "floatingpixels/supabase-nuxt",
   "license": "MIT",
@@ -43,14 +43,13 @@
     "test:pw": "playwright test test/playwright/",
     "test:e2e": "pnpm run --silent db:start && pnpm run --silent db:reset && pnpm run --silent test:pw && pnpm run --silent db:stop",
     "test:types": "vue-tsc --noEmit && cd playground && vue-tsc --noEmit",
-    "supa": "./node_modules/supabase/bin/supabase",
     "db:fullreset": "pnpm run --silent db:reset && pnpm run --silent db:types && pnpm run --silent db:sync && pnpm run --silent db:seed",
-    "db:start": "pnpm run --silent supa start",
-    "db:stop": "pnpm run --silent supa stop",
-    "db:types": "pnpm run --silent supa gen types --lang=typescript --local > ./playground/types/supabase.d.ts",
+    "db:start": "supabase start",
+    "db:stop": "supabase stop",
+    "db:types": "supabase gen types --lang=typescript --local > ./playground/types/supabase.d.ts",
     "db:lint": "sqlfluff lint --dialect postgres ./supabase/migrations/*.sql",
     "db:format": "sqlfluff format --dialect postgres ./supabase/migrations/*.sql",
-    "db:reset": "pnpm run --silent supa db reset",
+    "db:reset": "supabase db reset",
     "db:seed": "npx tsx seed.ts",
     "db:sync": "npx @snaplet/seed sync",
     "db:fullseed": "(npx @snaplet/seed sync) -and (npx tsx seed.ts)",
@@ -58,46 +57,38 @@
     "cleanup": "pnpm nuxi cleanup && rm -rf node_modules pnpm-lock.yaml && pnpm i"
   },
   "dependencies": {
-    "@supabase/ssr": "^0.9.0",
-    "@supabase/supabase-js": "^2.99.1",
-    "cookie": "^1.1.1"
+    "@supabase/ssr": "^0.10.3",
+    "@supabase/supabase-js": "^2.106.2",
+    "cookie": "^1.1.1",
+    "defu": "^6.1.7"
   },
   "devDependencies": {
-    "@nuxt/devtools": "3.2.3",
+    "@nuxt/devtools": "4.0.0-alpha.6",
     "@nuxt/eslint-config": "^1.15.2",
-    "@nuxt/kit": "^4.4.2",
+    "@nuxt/kit": "^4.4.6",
     "@nuxt/module-builder": "^1.0.2",
-    "@nuxt/schema": "^4.4.2",
-    "@nuxt/test-utils": "4.0.0",
-    "@playwright/test": "^1.58.2",
+    "@nuxt/schema": "^4.4.6",
+    "@nuxt/test-utils": "4.0.3",
+    "@playwright/test": "^1.60.0",
     "@snaplet/copycat": "^6.0.0",
     "@snaplet/seed": "^0.98.0",
     "@types/eslint-config-prettier": "^6.11.3",
-    "@types/node": "^25.5.0",
-    "@vitest/coverage-v8": "4.1.0",
-    "@vue/test-utils": "^2.4.6",
+    "@types/node": "^25.9.1",
+    "@vitest/coverage-v8": "4.1.7",
+    "@vue/test-utils": "^2.4.10",
     "changelogen": "^0.6.2",
-    "eslint": "^10.0.3",
+    "eslint": "^10.4.1",
     "eslint-config-prettier": "^10.1.8",
-    "happy-dom": "^20.8.4",
-    "nuxt": "^4.4.2",
-    "playwright-core": "^1.58.2",
-    "postgres": "^3.4.8",
-    "prettier": "^3.8.1",
-    "release-it": "^19.2.4",
-    "supabase": "^2.78.1",
-    "typescript": "5.9.3",
-    "vitest": "^4.1.0",
-    "vue-tsc": "^3.2.5"
-  },
-  "pnpm": {
-    "onlyBuiltDependencies": [
-      "@parcel/watcher",
-      "@prisma/engines",
-      "@snaplet/seed",
-      "esbuild",
-      "supabase",
-      "unrs-resolver"
-    ]
+    "happy-dom": "^20.9.0",
+    "nuxt": "^4.4.6",
+    "playwright-core": "^1.60.0",
+    "postgres": "^3.4.9",
+    "prettier": "^3.8.3",
+    "release-it": "^20.2.0",
+    "std-env": "^4.1.0",
+    "supabase": "^2.102.0",
+    "typescript": "6.0.3",
+    "vitest": "^4.1.7",
+    "vue-tsc": "^3.3.3"
   }
 }