@lenne.tech/nuxt-extensions 1.3.0 → 1.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (12) hide show
  1. package/README.md +68 -1
  2. package/dist/module.d.mts +1 -1
  3. package/dist/module.json +1 -1
  4. package/dist/module.mjs +8 -1
  5. package/dist/runtime/composables/auth/use-lt-auth.js +4 -2
  6. package/dist/runtime/composables/use-lt-auth-client.d.ts +11 -4
  7. package/dist/runtime/composables/use-lt-auth-client.js +6 -4
  8. package/dist/runtime/lib/auth-client.d.ts +379 -90
  9. package/dist/runtime/lib/auth-state.d.ts +29 -3
  10. package/dist/runtime/lib/auth-state.js +10 -6
  11. package/dist/runtime/types/module.d.ts +18 -1
  12. package/package.json +26 -19
package/README.md CHANGED
@@ -42,6 +42,58 @@ npm install tus-js-client
42
42
  - **i18n Support** - English and German translations (works without i18n too)
43
43
  - **Auto-imports** - All composables and components are auto-imported
44
44
 
45
+ ## Environment Variables
46
+
47
+ | Variable | Context | Description |
48
+ |----------|---------|-------------|
49
+ | `NUXT_PUBLIC_API_URL` | Client + Server | Public API URL. Primary way to configure the API endpoint. Used for client-side requests and as SSR fallback. |
50
+ | `NUXT_API_URL` | Server only | Internal API URL for SSR requests. Use when the backend has a private network address that should not be exposed to the client. |
51
+ | `NUXT_PUBLIC_API_PROXY` | Client | Set to `true` to enable the Vite dev proxy. Routes client requests through `/api/` for same-origin cookies. **Only for local development.** |
52
+
53
+ ### How URL Resolution Works
54
+
55
+ All environment variables are resolved **at runtime** (not build time). This means you can build a Docker image once and deploy it to different environments by changing env vars — no rebuild needed.
56
+
57
+ **SSR fallback chain:**
58
+ `NUXT_API_URL` → `NUXT_PUBLIC_API_URL` → `auth.baseURL` (from nuxt.config.ts) → `http://localhost:3000`
59
+
60
+ **Client fallback chain (no proxy):**
61
+ `NUXT_PUBLIC_API_URL` → `auth.baseURL` (from nuxt.config.ts) → `http://localhost:3000`
62
+
63
+ **Client with proxy (`NUXT_PUBLIC_API_PROXY=true`):**
64
+ All requests go to `/api/{path}` — the Vite dev proxy forwards them to the backend.
65
+
66
+ > **Security:** `NUXT_API_URL` is never exposed to the client bundle. It stays in `runtimeConfig.apiUrl` (server only). This is important when using internal network addresses like `http://api.svc.cluster.local`.
67
+
68
+ ### Deployment Scenarios
69
+
70
+ **Local development** — Frontend and backend on different ports, proxy ensures same-origin cookies:
71
+ ```bash
72
+ NUXT_PUBLIC_API_URL=http://localhost:3000
73
+ NUXT_PUBLIC_API_PROXY=true
74
+ ```
75
+
76
+ **Production (simple)** — Backend reachable via public URL from both SSR and client:
77
+ ```bash
78
+ NUXT_PUBLIC_API_URL=https://api.example.com
79
+ ```
80
+
81
+ **Production (internal network)** — SSR uses fast internal route, client uses public URL:
82
+ ```bash
83
+ NUXT_PUBLIC_API_URL=https://api.example.com
84
+ NUXT_API_URL=http://api-internal:3000
85
+ ```
86
+
87
+ **Legacy (nuxt.config.ts only)** — Works but env vars are preferred for runtime flexibility:
88
+ ```typescript
89
+ // nuxt.config.ts
90
+ ltExtensions: {
91
+ auth: {
92
+ baseURL: 'https://api.example.com',
93
+ },
94
+ }
95
+ ```
96
+
45
97
  ## Configuration
46
98
 
47
99
  ```typescript
@@ -53,7 +105,7 @@ export default defineNuxtConfig({
53
105
  // Auth configuration
54
106
  auth: {
55
107
  enabled: true, // Enable auth features
56
- baseURL: '', // API base URL (empty = use Nuxt proxy)
108
+ baseURL: '', // API base URL (empty = use env vars)
57
109
  basePath: '/iam', // Better-Auth endpoint prefix
58
110
  loginPath: '/auth/login', // Login redirect path
59
111
  twoFactorRedirectPath: '/auth/2fa', // 2FA redirect path
@@ -68,6 +120,18 @@ export default defineNuxtConfig({
68
120
  enabled: true, // 401 auto-handler
69
121
  publicPaths: ['/auth/login', '/auth/register'],
70
122
  },
123
+
124
+ // System setup (first admin user creation)
125
+ systemSetup: {
126
+ enabled: false, // Enable setup flow
127
+ setupPath: '/auth/setup', // Setup page path
128
+ },
129
+ },
130
+
131
+ // Error translation configuration
132
+ errorTranslation: {
133
+ enabled: true, // Translate backend error codes
134
+ defaultLocale: 'de', // Fallback locale
71
135
  },
72
136
 
73
137
  // TUS upload configuration
@@ -298,9 +362,12 @@ The package works **with or without** `@nuxtjs/i18n`:
298
362
  | Composable | Description |
299
363
  |------------|-------------|
300
364
  | `useLtAuth()` | Better-Auth integration with session, passkey, 2FA |
365
+ | `useLtAuthClient()` | Direct access to the Better-Auth client singleton |
366
+ | `useLtErrorTranslation()` | Translate backend error codes to user-friendly messages |
301
367
  | `useLtTusUpload()` | TUS protocol file uploads with pause/resume |
302
368
  | `useLtFile()` | File utilities (size formatting, URLs) |
303
369
  | `useLtShare()` | Web Share API with clipboard fallback |
370
+ | `useSystemSetup()` | System setup flow for initial admin user creation |
304
371
 
305
372
  ### Components
306
373
 
package/dist/module.d.mts CHANGED
@@ -6,7 +6,7 @@ export { LtAuthModuleOptions, LtErrorTranslationModuleOptions, LtExtensionsModul
6
6
  export { LtErrorTranslationResponse, LtParsedError, UseLtErrorTranslationReturn } from '../dist/runtime/types/error.js';
7
7
 
8
8
  declare const name = "@lenne.tech/nuxt-extensions";
9
- declare const version = "1.3.0";
9
+ declare const version = "1.4.0";
10
10
  declare const configKey = "ltExtensions";
11
11
  declare const _default: _nuxt_schema.NuxtModule<LtExtensionsModuleOptions, LtExtensionsModuleOptions, false>;
12
12
 
package/dist/module.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "configKey": "ltExtensions",
3
3
  "name": "@lenne.tech/nuxt-extensions",
4
- "version": "1.3.0",
4
+ "version": "1.4.0",
5
5
  "builder": {
6
6
  "@nuxt/module-builder": "1.0.2",
7
7
  "unbuild": "3.6.1"
package/dist/module.mjs CHANGED
@@ -1,7 +1,7 @@
1
1
  import { defineNuxtModule, createResolver, addImports, addComponent, addPlugin, addRouteMiddleware } from '@nuxt/kit';
2
2
 
3
3
  const name = "@lenne.tech/nuxt-extensions";
4
- const version = "1.3.0";
4
+ const version = "1.4.0";
5
5
  const configKey = "ltExtensions";
6
6
  const defaultOptions = {
7
7
  auth: {
@@ -54,6 +54,13 @@ const module$1 = defineNuxtModule({
54
54
  i18n: { ...defaultOptions.i18n, ...options.i18n },
55
55
  tus: { ...defaultOptions.tus, ...options.tus }
56
56
  };
57
+ const rc = nuxt.options.runtimeConfig;
58
+ if (!rc.apiUrl) {
59
+ rc.apiUrl = "";
60
+ }
61
+ if (!rc.public.apiUrl) {
62
+ rc.public.apiUrl = "";
63
+ }
57
64
  nuxt.options.runtimeConfig.public.ltExtensions = {
58
65
  auth: {
59
66
  basePath: resolvedOptions.auth?.basePath || "/iam",
package/dist/runtime/composables/auth/use-lt-auth.js CHANGED
@@ -61,7 +61,8 @@ export function useLtAuth() {
61
61
  authState.value = newState;
62
62
  if (import.meta.client) {
63
63
  const maxAge = 60 * 60 * 24 * 7;
64
- document.cookie = `lt-auth-state=${encodeURIComponent(JSON.stringify(newState))}; path=/; max-age=${maxAge}; samesite=lax`;
64
+ const secure = globalThis.location?.protocol === "https:" ? "; secure" : "";
65
+ document.cookie = `lt-auth-state=${encodeURIComponent(JSON.stringify(newState))}; path=/; max-age=${maxAge}; samesite=lax${secure}`;
65
66
  }
66
67
  }
67
68
  function clearUser() {
@@ -70,7 +71,8 @@ export function useLtAuth() {
70
71
  jwtToken.value = null;
71
72
  if (import.meta.client) {
72
73
  const maxAge = 60 * 60 * 24 * 7;
73
- document.cookie = `lt-auth-state=${encodeURIComponent(JSON.stringify(clearedState))}; path=/; max-age=${maxAge}; samesite=lax`;
74
+ const secure = globalThis.location?.protocol === "https:" ? "; secure" : "";
75
+ document.cookie = `lt-auth-state=${encodeURIComponent(JSON.stringify(clearedState))}; path=/; max-age=${maxAge}; samesite=lax${secure}`;
74
76
  document.cookie = `lt-jwt-token=; path=/; max-age=0`;
75
77
  const sessionCookieNames = [
76
78
  "better-auth.session_token",
package/dist/runtime/composables/use-lt-auth-client.d.ts CHANGED
@@ -27,10 +27,17 @@ export declare function resetLtAuthClient(): void;
27
27
  * The client is created once and reused across all calls.
28
28
  * Configuration is read from RuntimeConfig on first call.
29
29
  *
30
- * IMPORTANT: When the API proxy is enabled (NUXT_PUBLIC_API_PROXY=true),
31
- * the basePath is automatically prefixed with '/api' so the Vite dev proxy
32
- * can forward requests to the backend. This is required for same-origin
33
- * cookies and WebAuthn/Passkey to work correctly.
30
+ * ## baseURL resolution
31
+ * Prefers `runtimeConfig.public.apiUrl` (set at runtime via `NUXT_PUBLIC_API_URL`)
32
+ * over `ltExtensions.auth.baseURL` (baked at build time from nuxt.config.ts).
33
+ * This ensures Docker containers can be reconfigured without rebuilding.
34
+ * Trailing slashes are automatically stripped.
35
+ *
36
+ * ## Proxy mode (`NUXT_PUBLIC_API_PROXY=true`)
37
+ * When enabled, `baseURL` is set to `""` (same-origin) and `basePath` is
38
+ * prefixed with `/api` (e.g., `/api/iam`). The Vite dev proxy forwards
39
+ * these requests to the backend. This is required for same-origin cookies
40
+ * and WebAuthn/Passkey to work in local development.
34
41
  */
35
42
  export declare function useLtAuthClient(): LtAuthClient;
36
43
  export declare const ltAuthClient: {
package/dist/runtime/composables/use-lt-auth-client.js CHANGED
@@ -1,4 +1,4 @@
1
- import { useNuxtApp } from "#imports";
1
+ import { useRuntimeConfig } from "#imports";
2
2
  import {
3
3
  getOrCreateLtAuthClient,
4
4
  resetLtAuthClientSingleton
@@ -9,15 +9,17 @@ export function resetLtAuthClient() {
9
9
  }
10
10
  export function useLtAuthClient() {
11
11
  try {
12
- const nuxtApp = useNuxtApp();
13
- const config = nuxtApp.$config?.public?.ltExtensions?.auth || {};
12
+ const runtimeConfig = useRuntimeConfig();
13
+ const config = runtimeConfig.public?.ltExtensions?.auth || {};
14
+ const publicApiUrl = String(runtimeConfig.public?.apiUrl || "");
14
15
  const useProxy = isLocalDevApiProxy();
15
16
  let basePath = config.basePath || "/iam";
16
17
  if (useProxy && basePath && !basePath.startsWith("/api")) {
17
18
  basePath = `/api${basePath}`;
18
19
  }
20
+ const authBaseURL = (publicApiUrl || config.baseURL || "").replace(/\/+$/, "");
19
21
  return getOrCreateLtAuthClient({
20
- baseURL: useProxy ? "" : config.baseURL,
22
+ baseURL: useProxy ? "" : authBaseURL,
21
23
  basePath,
22
24
  twoFactorRedirectPath: config.twoFactorRedirectPath,
23
25
  enableAdmin: config.enableAdmin,
package/dist/runtime/lib/auth-client.d.ts CHANGED
@@ -136,7 +136,7 @@ export declare function createLtAuthClient(config?: LtAuthClientConfig): {
136
136
  }>>;
137
137
  <F extends (...args: any) => any>(useFetch: F): Promise<{
138
138
  data: import("vue").Ref<{
139
- user: {
139
+ user: import("better-auth").StripEmptyObjects<{
140
140
  id: string;
141
141
  createdAt: Date;
142
142
  updatedAt: Date;
@@ -144,8 +144,8 @@ export declare function createLtAuthClient(config?: LtAuthClientConfig): {
144
144
  emailVerified: boolean;
145
145
  name: string;
146
146
  image?: string | null | undefined;
147
- };
148
- session: {
147
+ }>;
148
+ session: import("better-auth").StripEmptyObjects<{
149
149
  id: string;
150
150
  createdAt: Date;
151
151
  updatedAt: Date;
@@ -154,9 +154,9 @@ export declare function createLtAuthClient(config?: LtAuthClientConfig): {
154
154
  token: string;
155
155
  ipAddress?: string | null | undefined;
156
156
  userAgent?: string | null | undefined;
157
- };
157
+ }>;
158
158
  } | null, {
159
- user: {
159
+ user: import("better-auth").StripEmptyObjects<{
160
160
  id: string;
161
161
  createdAt: Date;
162
162
  updatedAt: Date;
@@ -164,8 +164,8 @@ export declare function createLtAuthClient(config?: LtAuthClientConfig): {
164
164
  emailVerified: boolean;
165
165
  name: string;
166
166
  image?: string | null | undefined;
167
- };
168
- session: {
167
+ }>;
168
+ session: import("better-auth").StripEmptyObjects<{
169
169
  id: string;
170
170
  createdAt: Date;
171
171
  updatedAt: Date;
@@ -174,7 +174,7 @@ export declare function createLtAuthClient(config?: LtAuthClientConfig): {
174
174
  token: string;
175
175
  ipAddress?: string | null | undefined;
176
176
  userAgent?: string | null | undefined;
177
- };
177
+ }>;
178
178
  } | null>;
179
179
  isPending: false;
180
180
  error: import("vue").Ref<{
@@ -188,7 +188,7 @@ export declare function createLtAuthClient(config?: LtAuthClientConfig): {
188
188
  admin: any;
189
189
  $Infer: {
190
190
  Session: {
191
- user: {
191
+ user: import("better-auth").StripEmptyObjects<{
192
192
  id: string;
193
193
  createdAt: Date;
194
194
  updatedAt: Date;
@@ -196,8 +196,8 @@ export declare function createLtAuthClient(config?: LtAuthClientConfig): {
196
196
  emailVerified: boolean;
197
197
  name: string;
198
198
  image?: string | null | undefined;
199
- };
200
- session: {
199
+ }>;
200
+ session: import("better-auth").StripEmptyObjects<{
201
201
  id: string;
202
202
  createdAt: Date;
203
203
  updatedAt: Date;
@@ -206,7 +206,7 @@ export declare function createLtAuthClient(config?: LtAuthClientConfig): {
206
206
  token: string;
207
207
  ipAddress?: string | null | undefined;
208
208
  userAgent?: string | null | undefined;
209
- };
209
+ }>;
210
210
  };
211
211
  };
212
212
  $fetch: import("better-auth/client").BetterFetch<{
@@ -227,22 +227,22 @@ export declare function createLtAuthClient(config?: LtAuthClientConfig): {
227
227
  };
228
228
  })[];
229
229
  cache?: RequestCache | undefined;
230
- method: string;
231
- window?: null | undefined;
230
+ priority?: RequestPriority | undefined;
231
+ credentials?: RequestCredentials;
232
232
  headers?: (HeadersInit & (HeadersInit | {
233
233
  accept: "application/json" | "text/plain" | "application/octet-stream";
234
234
  "content-type": "application/json" | "text/plain" | "application/x-www-form-urlencoded" | "multipart/form-data" | "application/octet-stream";
235
235
  authorization: "Bearer" | "Basic";
236
236
  })) | undefined;
237
- redirect?: RequestRedirect | undefined;
238
- credentials?: RequestCredentials;
239
237
  integrity?: string | undefined;
240
238
  keepalive?: boolean | undefined;
239
+ method: string;
241
240
  mode?: RequestMode | undefined;
242
- priority?: RequestPriority | undefined;
241
+ redirect?: RequestRedirect | undefined;
243
242
  referrer?: string | undefined;
244
243
  referrerPolicy?: ReferrerPolicy | undefined;
245
244
  signal?: (AbortSignal | null) | undefined;
245
+ window?: null | undefined;
246
246
  onRetry?: ((response: import("better-auth/client").ResponseContext) => Promise<void> | void) | undefined;
247
247
  hookOptions?: {
248
248
  cloneResponse?: boolean;
@@ -301,7 +301,7 @@ export declare function createLtAuthClient(config?: LtAuthClientConfig): {
301
301
  changePassword: (params: {
302
302
  currentPassword: string;
303
303
  newPassword: string;
304
- }, options?: any) => Promise<{
304
+ }, options?: any) => Promise<(Omit<{
305
305
  token: string | null;
306
306
  user: {
307
307
  id: string;
@@ -311,9 +311,27 @@ export declare function createLtAuthClient(config?: LtAuthClientConfig): {
311
311
  emailVerified: boolean;
312
312
  name: string;
313
313
  image?: string | null | undefined;
314
- } & Record<string, any>;
315
- } | {
316
- data: {
314
+ } & Record<string, any> & {
315
+ id: string;
316
+ createdAt: Date;
317
+ updatedAt: Date;
318
+ email: string;
319
+ emailVerified: boolean;
320
+ name: string;
321
+ image?: string | null | undefined;
322
+ };
323
+ }, "user"> & {
324
+ user: import("better-auth").StripEmptyObjects<{
325
+ id: string;
326
+ createdAt: Date;
327
+ updatedAt: Date;
328
+ email: string;
329
+ emailVerified: boolean;
330
+ name: string;
331
+ image?: string | null | undefined;
332
+ }>;
333
+ }) | {
334
+ data: Omit<{
317
335
  token: string | null;
318
336
  user: {
319
337
  id: string;
@@ -323,7 +341,25 @@ export declare function createLtAuthClient(config?: LtAuthClientConfig): {
323
341
  emailVerified: boolean;
324
342
  name: string;
325
343
  image?: string | null | undefined;
326
- } & Record<string, any>;
344
+ } & Record<string, any> & {
345
+ id: string;
346
+ createdAt: Date;
347
+ updatedAt: Date;
348
+ email: string;
349
+ emailVerified: boolean;
350
+ name: string;
351
+ image?: string | null | undefined;
352
+ };
353
+ }, "user"> & {
354
+ user: import("better-auth").StripEmptyObjects<{
355
+ id: string;
356
+ createdAt: Date;
357
+ updatedAt: Date;
358
+ email: string;
359
+ emailVerified: boolean;
360
+ name: string;
361
+ image?: string | null | undefined;
362
+ }>;
327
363
  };
328
364
  error: null;
329
365
  } | {
@@ -365,7 +401,7 @@ export declare function createLtAuthClient(config?: LtAuthClientConfig): {
365
401
  email: string;
366
402
  password: string;
367
403
  rememberMe?: boolean;
368
- }, options?: any) => Promise<{
404
+ }, options?: any) => Promise<(Omit<{
369
405
  redirect: boolean;
370
406
  token: string;
371
407
  url?: string | undefined;
@@ -378,8 +414,18 @@ export declare function createLtAuthClient(config?: LtAuthClientConfig): {
378
414
  name: string;
379
415
  image?: string | null | undefined | undefined;
380
416
  };
381
- } | {
382
- data: {
417
+ }, "user"> & {
418
+ user: import("better-auth").StripEmptyObjects<{
419
+ id: string;
420
+ createdAt: Date;
421
+ updatedAt: Date;
422
+ email: string;
423
+ emailVerified: boolean;
424
+ name: string;
425
+ image?: string | null | undefined;
426
+ }>;
427
+ }) | {
428
+ data: Omit<{
383
429
  redirect: boolean;
384
430
  token: string;
385
431
  url?: string | undefined;
@@ -392,6 +438,16 @@ export declare function createLtAuthClient(config?: LtAuthClientConfig): {
392
438
  name: string;
393
439
  image?: string | null | undefined | undefined;
394
440
  };
441
+ }, "user"> & {
442
+ user: import("better-auth").StripEmptyObjects<{
443
+ id: string;
444
+ createdAt: Date;
445
+ updatedAt: Date;
446
+ email: string;
447
+ emailVerified: boolean;
448
+ name: string;
449
+ image?: string | null | undefined;
450
+ }>;
395
451
  };
396
452
  error: null;
397
453
  } | {
@@ -409,7 +465,7 @@ export declare function createLtAuthClient(config?: LtAuthClientConfig): {
409
465
  */
410
466
  passkey: any;
411
467
  social: <FetchOptions extends import("better-auth").ClientFetchOption<Partial<{
412
- provider: (string & {}) | "github" | "apple" | "atlassian" | "cognito" | "discord" | "facebook" | "figma" | "microsoft" | "google" | "huggingface" | "slack" | "spotify" | "twitch" | "twitter" | "dropbox" | "kick" | "linear" | "linkedin" | "gitlab" | "tiktok" | "reddit" | "roblox" | "salesforce" | "vk" | "zoom" | "notion" | "kakao" | "naver" | "line" | "paybin" | "paypal" | "polar" | "vercel";
468
+ provider: (string & {}) | "linear" | "huggingface" | "github" | "apple" | "atlassian" | "cognito" | "discord" | "facebook" | "figma" | "microsoft" | "google" | "slack" | "spotify" | "twitch" | "twitter" | "dropbox" | "kick" | "linkedin" | "gitlab" | "tiktok" | "reddit" | "roblox" | "salesforce" | "vk" | "zoom" | "notion" | "kakao" | "naver" | "line" | "paybin" | "paypal" | "polar" | "railway" | "vercel";
413
469
  callbackURL?: string | undefined;
414
470
  newUserCallbackURL?: string | undefined;
415
471
  errorCallbackURL?: string | undefined;
@@ -420,13 +476,20 @@ export declare function createLtAuthClient(config?: LtAuthClientConfig): {
420
476
  accessToken?: string | undefined;
421
477
  refreshToken?: string | undefined;
422
478
  expiresAt?: number | undefined;
479
+ user?: {
480
+ name?: {
481
+ firstName?: string | undefined;
482
+ lastName?: string | undefined;
483
+ } | undefined;
484
+ email?: string | undefined;
485
+ } | undefined;
423
486
  } | undefined;
424
487
  scopes?: string[] | undefined;
425
488
  requestSignUp?: boolean | undefined;
426
489
  loginHint?: string | undefined;
427
490
  additionalData?: Record<string, any> | undefined;
428
491
  }> & Record<string, any>, Partial<Record<string, any>> & Record<string, any>, Record<string, any> | undefined>>(data_0: import("better-auth").Prettify<{
429
- provider: (string & {}) | "github" | "apple" | "atlassian" | "cognito" | "discord" | "facebook" | "figma" | "microsoft" | "google" | "huggingface" | "slack" | "spotify" | "twitch" | "twitter" | "dropbox" | "kick" | "linear" | "linkedin" | "gitlab" | "tiktok" | "reddit" | "roblox" | "salesforce" | "vk" | "zoom" | "notion" | "kakao" | "naver" | "line" | "paybin" | "paypal" | "polar" | "vercel";
492
+ provider: (string & {}) | "linear" | "huggingface" | "github" | "apple" | "atlassian" | "cognito" | "discord" | "facebook" | "figma" | "microsoft" | "google" | "slack" | "spotify" | "twitch" | "twitter" | "dropbox" | "kick" | "linkedin" | "gitlab" | "tiktok" | "reddit" | "roblox" | "salesforce" | "vk" | "zoom" | "notion" | "kakao" | "naver" | "line" | "paybin" | "paypal" | "polar" | "railway" | "vercel";
430
493
  callbackURL?: string | undefined;
431
494
  newUserCallbackURL?: string | undefined;
432
495
  errorCallbackURL?: string | undefined;
@@ -437,6 +500,13 @@ export declare function createLtAuthClient(config?: LtAuthClientConfig): {
437
500
  accessToken?: string | undefined;
438
501
  refreshToken?: string | undefined;
439
502
  expiresAt?: number | undefined;
503
+ user?: {
504
+ name?: {
505
+ firstName?: string | undefined;
506
+ lastName?: string | undefined;
507
+ } | undefined;
508
+ email?: string | undefined;
509
+ } | undefined;
440
510
  } | undefined;
441
511
  scopes?: string[] | undefined;
442
512
  requestSignUp?: boolean | undefined;
@@ -444,10 +514,10 @@ export declare function createLtAuthClient(config?: LtAuthClientConfig): {
444
514
  additionalData?: Record<string, any> | undefined;
445
515
  } & {
446
516
  fetchOptions?: FetchOptions | undefined;
447
- }>, data_1?: FetchOptions | undefined) => Promise<import("better-auth/client").BetterFetchResponse<NonNullable<{
517
+ }>, data_1?: FetchOptions | undefined) => Promise<import("better-auth/client").BetterFetchResponse<{
448
518
  redirect: boolean;
449
519
  url: string;
450
- } | {
520
+ } | (Omit<{
451
521
  redirect: boolean;
452
522
  token: string;
453
523
  url: undefined;
@@ -460,7 +530,17 @@ export declare function createLtAuthClient(config?: LtAuthClientConfig): {
460
530
  name: string;
461
531
  image?: string | null | undefined | undefined;
462
532
  };
463
- }>, {
533
+ }, "user"> & {
534
+ user: import("better-auth").StripEmptyObjects<{
535
+ id: string;
536
+ createdAt: Date;
537
+ updatedAt: Date;
538
+ email: string;
539
+ emailVerified: boolean;
540
+ name: string;
541
+ image?: string | null | undefined;
542
+ }>;
543
+ }), {
464
544
  code?: string | undefined;
465
545
  message?: string | undefined;
466
546
  }, FetchOptions["throw"] extends true ? true : false>>;
@@ -482,7 +562,7 @@ export declare function createLtAuthClient(config?: LtAuthClientConfig): {
482
562
  email: string;
483
563
  name: string;
484
564
  password: string;
485
- } & Record<string, unknown>, options?: any) => Promise<NonNullable<{
565
+ } & Record<string, unknown>, options?: any) => Promise<(Omit<{
486
566
  token: null;
487
567
  user: {
488
568
  id: string;
@@ -493,7 +573,17 @@ export declare function createLtAuthClient(config?: LtAuthClientConfig): {
493
573
  name: string;
494
574
  image?: string | null | undefined | undefined;
495
575
  };
496
- } | {
576
+ }, "user"> & {
577
+ user: import("better-auth").StripEmptyObjects<{
578
+ id: string;
579
+ createdAt: Date;
580
+ updatedAt: Date;
581
+ email: string;
582
+ emailVerified: boolean;
583
+ name: string;
584
+ image?: string | null | undefined;
585
+ }>;
586
+ }) | (Omit<{
497
587
  token: string;
498
588
  user: {
499
589
  id: string;
@@ -504,8 +594,18 @@ export declare function createLtAuthClient(config?: LtAuthClientConfig): {
504
594
  name: string;
505
595
  image?: string | null | undefined | undefined;
506
596
  };
507
- }> | {
508
- data: NonNullable<{
597
+ }, "user"> & {
598
+ user: import("better-auth").StripEmptyObjects<{
599
+ id: string;
600
+ createdAt: Date;
601
+ updatedAt: Date;
602
+ email: string;
603
+ emailVerified: boolean;
604
+ name: string;
605
+ image?: string | null | undefined;
606
+ }>;
607
+ }) | {
608
+ data: (Omit<{
509
609
  token: null;
510
610
  user: {
511
611
  id: string;
@@ -516,7 +616,17 @@ export declare function createLtAuthClient(config?: LtAuthClientConfig): {
516
616
  name: string;
517
617
  image?: string | null | undefined | undefined;
518
618
  };
519
- } | {
619
+ }, "user"> & {
620
+ user: import("better-auth").StripEmptyObjects<{
621
+ id: string;
622
+ createdAt: Date;
623
+ updatedAt: Date;
624
+ email: string;
625
+ emailVerified: boolean;
626
+ name: string;
627
+ image?: string | null | undefined;
628
+ }>;
629
+ }) | (Omit<{
520
630
  token: string;
521
631
  user: {
522
632
  id: string;
@@ -527,7 +637,17 @@ export declare function createLtAuthClient(config?: LtAuthClientConfig): {
527
637
  name: string;
528
638
  image?: string | null | undefined | undefined;
529
639
  };
530
- }>;
640
+ }, "user"> & {
641
+ user: import("better-auth").StripEmptyObjects<{
642
+ id: string;
643
+ createdAt: Date;
644
+ updatedAt: Date;
645
+ email: string;
646
+ emailVerified: boolean;
647
+ name: string;
648
+ image?: string | null | undefined;
649
+ }>;
650
+ });
531
651
  error: null;
532
652
  } | {
533
653
  data: null;
@@ -583,14 +703,34 @@ export declare function createLtAuthClient(config?: LtAuthClientConfig): {
583
703
  code?: string | undefined;
584
704
  message?: string | undefined;
585
705
  }, FetchOptions["throw"] extends true ? true : false>>;
706
+ updateSession: <FetchOptions extends import("better-auth").ClientFetchOption<Partial<Partial<{}>> & Record<string, any>, Partial<Record<string, any>> & Record<string, any>, Record<string, any> | undefined>>(data_0?: import("better-auth").Prettify<Partial<{}> & {
707
+ fetchOptions?: FetchOptions | undefined;
708
+ }> | undefined, data_1?: FetchOptions | undefined) => Promise<import("better-auth/client").BetterFetchResponse<{
709
+ session: {
710
+ id: string;
711
+ createdAt: Date;
712
+ updatedAt: Date;
713
+ userId: string;
714
+ expiresAt: Date;
715
+ token: string;
716
+ ipAddress?: string | null | undefined;
717
+ userAgent?: string | null | undefined;
718
+ };
719
+ }, {
720
+ code?: string | undefined;
721
+ message?: string | undefined;
722
+ }, FetchOptions["throw"] extends true ? true : false>>;
586
723
  updateUser: <FetchOptions extends import("better-auth").ClientFetchOption<Partial<Partial<{}> & {
587
724
  name?: string | undefined;
588
725
  image?: string | undefined | null;
589
- }> & Record<string, any>, Partial<Record<string, any>> & Record<string, any>, Record<string, any> | undefined>>(data_0?: import("better-auth").Prettify<{
590
- image?: (string | null) | undefined;
591
- name?: string | undefined;
592
- fetchOptions?: FetchOptions | undefined;
593
- } & Partial<{}>> | undefined, data_1?: FetchOptions | undefined) => Promise<import("better-auth/client").BetterFetchResponse<{
726
+ }> & Record<string, any>, Partial<Record<string, any>> & Record<string, any>, Record<string, any> | undefined>>(data_0?: import("better-auth").Prettify<import("better-auth/client").InferUserUpdateCtx<{
727
+ basePath: string;
728
+ baseURL: any;
729
+ fetchOptions: {
730
+ customFetchImpl: (input: RequestInfo | URL, init?: RequestInit) => Promise<Response>;
731
+ };
732
+ plugins: any[];
733
+ }, FetchOptions>> | undefined, data_1?: FetchOptions | undefined) => Promise<import("better-auth/client").BetterFetchResponse<{
594
734
  status: boolean;
595
735
  }, {
596
736
  code?: string | undefined;
@@ -756,9 +896,9 @@ export declare function createLtAuthClient(config?: LtAuthClientConfig): {
756
896
  fetchOptions?: FetchOptions | undefined;
757
897
  }>, data_1?: FetchOptions | undefined) => Promise<import("better-auth/client").BetterFetchResponse<{
758
898
  accessToken: string | undefined;
759
- refreshToken: string | undefined;
899
+ refreshToken: string;
760
900
  accessTokenExpiresAt: Date | undefined;
761
- refreshTokenExpiresAt: Date | undefined;
901
+ refreshTokenExpiresAt: Date | null | undefined;
762
902
  scope: string | null | undefined;
763
903
  idToken: string | null | undefined;
764
904
  providerId: string;
@@ -810,7 +950,7 @@ export declare function createLtAuthClient(config?: LtAuthClientConfig): {
810
950
  } | undefined;
811
951
  fetchOptions?: FetchOptions | undefined;
812
952
  }> | undefined, data_1?: FetchOptions | undefined) => Promise<import("better-auth/client").BetterFetchResponse<{
813
- user: {
953
+ user: import("better-auth").StripEmptyObjects<{
814
954
  id: string;
815
955
  createdAt: Date;
816
956
  updatedAt: Date;
@@ -818,8 +958,8 @@ export declare function createLtAuthClient(config?: LtAuthClientConfig): {
818
958
  emailVerified: boolean;
819
959
  name: string;
820
960
  image?: string | null | undefined;
821
- };
822
- session: {
961
+ }>;
962
+ session: import("better-auth").StripEmptyObjects<{
823
963
  id: string;
824
964
  createdAt: Date;
825
965
  updatedAt: Date;
@@ -828,55 +968,204 @@ export declare function createLtAuthClient(config?: LtAuthClientConfig): {
828
968
  token: string;
829
969
  ipAddress?: string | null | undefined;
830
970
  userAgent?: string | null | undefined;
831
- };
971
+ }>;
832
972
  } | null, {
833
973
  code?: string | undefined;
834
974
  message?: string | undefined;
835
975
  }, FetchOptions["throw"] extends true ? true : false>>;
836
976
  $ERROR_CODES: {
837
- readonly USER_NOT_FOUND: "User not found";
838
- readonly FAILED_TO_CREATE_USER: "Failed to create user";
839
- readonly FAILED_TO_CREATE_SESSION: "Failed to create session";
840
- readonly FAILED_TO_UPDATE_USER: "Failed to update user";
841
- readonly FAILED_TO_GET_SESSION: "Failed to get session";
842
- readonly INVALID_PASSWORD: "Invalid password";
843
- readonly INVALID_EMAIL: "Invalid email";
844
- readonly INVALID_EMAIL_OR_PASSWORD: "Invalid email or password";
845
- readonly SOCIAL_ACCOUNT_ALREADY_LINKED: "Social account already linked";
846
- readonly PROVIDER_NOT_FOUND: "Provider not found";
847
- readonly INVALID_TOKEN: "Invalid token";
848
- readonly ID_TOKEN_NOT_SUPPORTED: "id_token not supported";
849
- readonly FAILED_TO_GET_USER_INFO: "Failed to get user info";
850
- readonly USER_EMAIL_NOT_FOUND: "User email not found";
851
- readonly EMAIL_NOT_VERIFIED: "Email not verified";
852
- readonly PASSWORD_TOO_SHORT: "Password too short";
853
- readonly PASSWORD_TOO_LONG: "Password too long";
854
- readonly USER_ALREADY_EXISTS: "User already exists.";
855
- readonly USER_ALREADY_EXISTS_USE_ANOTHER_EMAIL: "User already exists. Use another email.";
856
- readonly EMAIL_CAN_NOT_BE_UPDATED: "Email can not be updated";
857
- readonly CREDENTIAL_ACCOUNT_NOT_FOUND: "Credential account not found";
858
- readonly SESSION_EXPIRED: "Session expired. Re-authenticate to perform this action.";
859
- readonly FAILED_TO_UNLINK_LAST_ACCOUNT: "You can't unlink your last account";
860
- readonly ACCOUNT_NOT_FOUND: "Account not found";
861
- readonly USER_ALREADY_HAS_PASSWORD: "User already has a password. Provide that to delete the account.";
862
- readonly CROSS_SITE_NAVIGATION_LOGIN_BLOCKED: "Cross-site navigation login blocked. This request appears to be a CSRF attack.";
863
- readonly VERIFICATION_EMAIL_NOT_ENABLED: "Verification email isn't enabled";
864
- readonly EMAIL_ALREADY_VERIFIED: "Email is already verified";
865
- readonly EMAIL_MISMATCH: "Email mismatch";
866
- readonly SESSION_NOT_FRESH: "Session is not fresh";
867
- readonly LINKED_ACCOUNT_ALREADY_EXISTS: "Linked account already exists";
868
- readonly INVALID_ORIGIN: "Invalid origin";
869
- readonly INVALID_CALLBACK_URL: "Invalid callbackURL";
870
- readonly INVALID_REDIRECT_URL: "Invalid redirectURL";
871
- readonly INVALID_ERROR_CALLBACK_URL: "Invalid errorCallbackURL";
872
- readonly INVALID_NEW_USER_CALLBACK_URL: "Invalid newUserCallbackURL";
873
- readonly MISSING_OR_NULL_ORIGIN: "Missing or null Origin";
874
- readonly CALLBACK_URL_REQUIRED: "callbackURL is required";
875
- readonly FAILED_TO_CREATE_VERIFICATION: "Unable to create verification";
876
- readonly FIELD_NOT_ALLOWED: "Field not allowed to be set";
877
- readonly ASYNC_VALIDATION_NOT_SUPPORTED: "Async validation is not supported";
878
- readonly VALIDATION_ERROR: "Validation Error";
879
- readonly MISSING_FIELD: "Field is required";
977
+ USER_NOT_FOUND: {
978
+ readonly code: "USER_NOT_FOUND";
979
+ message: string;
980
+ };
981
+ FAILED_TO_CREATE_USER: {
982
+ readonly code: "FAILED_TO_CREATE_USER";
983
+ message: string;
984
+ };
985
+ FAILED_TO_CREATE_SESSION: {
986
+ readonly code: "FAILED_TO_CREATE_SESSION";
987
+ message: string;
988
+ };
989
+ FAILED_TO_UPDATE_USER: {
990
+ readonly code: "FAILED_TO_UPDATE_USER";
991
+ message: string;
992
+ };
993
+ FAILED_TO_GET_SESSION: {
994
+ readonly code: "FAILED_TO_GET_SESSION";
995
+ message: string;
996
+ };
997
+ INVALID_PASSWORD: {
998
+ readonly code: "INVALID_PASSWORD";
999
+ message: string;
1000
+ };
1001
+ INVALID_EMAIL: {
1002
+ readonly code: "INVALID_EMAIL";
1003
+ message: string;
1004
+ };
1005
+ INVALID_EMAIL_OR_PASSWORD: {
1006
+ readonly code: "INVALID_EMAIL_OR_PASSWORD";
1007
+ message: string;
1008
+ };
1009
+ INVALID_USER: {
1010
+ readonly code: "INVALID_USER";
1011
+ message: string;
1012
+ };
1013
+ SOCIAL_ACCOUNT_ALREADY_LINKED: {
1014
+ readonly code: "SOCIAL_ACCOUNT_ALREADY_LINKED";
1015
+ message: string;
1016
+ };
1017
+ PROVIDER_NOT_FOUND: {
1018
+ readonly code: "PROVIDER_NOT_FOUND";
1019
+ message: string;
1020
+ };
1021
+ INVALID_TOKEN: {
1022
+ readonly code: "INVALID_TOKEN";
1023
+ message: string;
1024
+ };
1025
+ TOKEN_EXPIRED: {
1026
+ readonly code: "TOKEN_EXPIRED";
1027
+ message: string;
1028
+ };
1029
+ ID_TOKEN_NOT_SUPPORTED: {
1030
+ readonly code: "ID_TOKEN_NOT_SUPPORTED";
1031
+ message: string;
1032
+ };
1033
+ FAILED_TO_GET_USER_INFO: {
1034
+ readonly code: "FAILED_TO_GET_USER_INFO";
1035
+ message: string;
1036
+ };
1037
+ USER_EMAIL_NOT_FOUND: {
1038
+ readonly code: "USER_EMAIL_NOT_FOUND";
1039
+ message: string;
1040
+ };
1041
+ EMAIL_NOT_VERIFIED: {
1042
+ readonly code: "EMAIL_NOT_VERIFIED";
1043
+ message: string;
1044
+ };
1045
+ PASSWORD_TOO_SHORT: {
1046
+ readonly code: "PASSWORD_TOO_SHORT";
1047
+ message: string;
1048
+ };
1049
+ PASSWORD_TOO_LONG: {
1050
+ readonly code: "PASSWORD_TOO_LONG";
1051
+ message: string;
1052
+ };
1053
+ USER_ALREADY_EXISTS: {
1054
+ readonly code: "USER_ALREADY_EXISTS";
1055
+ message: string;
1056
+ };
1057
+ USER_ALREADY_EXISTS_USE_ANOTHER_EMAIL: {
1058
+ readonly code: "USER_ALREADY_EXISTS_USE_ANOTHER_EMAIL";
1059
+ message: string;
1060
+ };
1061
+ EMAIL_CAN_NOT_BE_UPDATED: {
1062
+ readonly code: "EMAIL_CAN_NOT_BE_UPDATED";
1063
+ message: string;
1064
+ };
1065
+ CREDENTIAL_ACCOUNT_NOT_FOUND: {
1066
+ readonly code: "CREDENTIAL_ACCOUNT_NOT_FOUND";
1067
+ message: string;
1068
+ };
1069
+ ACCOUNT_NOT_FOUND: {
1070
+ readonly code: "ACCOUNT_NOT_FOUND";
1071
+ message: string;
1072
+ };
1073
+ SESSION_EXPIRED: {
1074
+ readonly code: "SESSION_EXPIRED";
1075
+ message: string;
1076
+ };
1077
+ FAILED_TO_UNLINK_LAST_ACCOUNT: {
1078
+ readonly code: "FAILED_TO_UNLINK_LAST_ACCOUNT";
1079
+ message: string;
1080
+ };
1081
+ USER_ALREADY_HAS_PASSWORD: {
1082
+ readonly code: "USER_ALREADY_HAS_PASSWORD";
1083
+ message: string;
1084
+ };
1085
+ CROSS_SITE_NAVIGATION_LOGIN_BLOCKED: {
1086
+ readonly code: "CROSS_SITE_NAVIGATION_LOGIN_BLOCKED";
1087
+ message: string;
1088
+ };
1089
+ VERIFICATION_EMAIL_NOT_ENABLED: {
1090
+ readonly code: "VERIFICATION_EMAIL_NOT_ENABLED";
1091
+ message: string;
1092
+ };
1093
+ EMAIL_ALREADY_VERIFIED: {
1094
+ readonly code: "EMAIL_ALREADY_VERIFIED";
1095
+ message: string;
1096
+ };
1097
+ EMAIL_MISMATCH: {
1098
+ readonly code: "EMAIL_MISMATCH";
1099
+ message: string;
1100
+ };
1101
+ SESSION_NOT_FRESH: {
1102
+ readonly code: "SESSION_NOT_FRESH";
1103
+ message: string;
1104
+ };
1105
+ LINKED_ACCOUNT_ALREADY_EXISTS: {
1106
+ readonly code: "LINKED_ACCOUNT_ALREADY_EXISTS";
1107
+ message: string;
1108
+ };
1109
+ INVALID_ORIGIN: {
1110
+ readonly code: "INVALID_ORIGIN";
1111
+ message: string;
1112
+ };
1113
+ INVALID_CALLBACK_URL: {
1114
+ readonly code: "INVALID_CALLBACK_URL";
1115
+ message: string;
1116
+ };
1117
+ INVALID_REDIRECT_URL: {
1118
+ readonly code: "INVALID_REDIRECT_URL";
1119
+ message: string;
1120
+ };
1121
+ INVALID_ERROR_CALLBACK_URL: {
1122
+ readonly code: "INVALID_ERROR_CALLBACK_URL";
1123
+ message: string;
1124
+ };
1125
+ INVALID_NEW_USER_CALLBACK_URL: {
1126
+ readonly code: "INVALID_NEW_USER_CALLBACK_URL";
1127
+ message: string;
1128
+ };
1129
+ MISSING_OR_NULL_ORIGIN: {
1130
+ readonly code: "MISSING_OR_NULL_ORIGIN";
1131
+ message: string;
1132
+ };
1133
+ CALLBACK_URL_REQUIRED: {
1134
+ readonly code: "CALLBACK_URL_REQUIRED";
1135
+ message: string;
1136
+ };
1137
+ FAILED_TO_CREATE_VERIFICATION: {
1138
+ readonly code: "FAILED_TO_CREATE_VERIFICATION";
1139
+ message: string;
1140
+ };
1141
+ FIELD_NOT_ALLOWED: {
1142
+ readonly code: "FIELD_NOT_ALLOWED";
1143
+ message: string;
1144
+ };
1145
+ ASYNC_VALIDATION_NOT_SUPPORTED: {
1146
+ readonly code: "ASYNC_VALIDATION_NOT_SUPPORTED";
1147
+ message: string;
1148
+ };
1149
+ VALIDATION_ERROR: {
1150
+ readonly code: "VALIDATION_ERROR";
1151
+ message: string;
1152
+ };
1153
+ MISSING_FIELD: {
1154
+ readonly code: "MISSING_FIELD";
1155
+ message: string;
1156
+ };
1157
+ METHOD_NOT_ALLOWED_DEFER_SESSION_REQUIRED: {
1158
+ readonly code: "METHOD_NOT_ALLOWED_DEFER_SESSION_REQUIRED";
1159
+ message: string;
1160
+ };
1161
+ BODY_MUST_BE_AN_OBJECT: {
1162
+ readonly code: "BODY_MUST_BE_AN_OBJECT";
1163
+ message: string;
1164
+ };
1165
+ PASSWORD_ALREADY_SET: {
1166
+ readonly code: "PASSWORD_ALREADY_SET";
1167
+ message: string;
1168
+ };
880
1169
  };
881
1170
  };
882
1171
  export type LtAuthClient = ReturnType<typeof createLtAuthClient>;
package/dist/runtime/lib/auth-state.d.ts CHANGED
@@ -49,9 +49,35 @@ export declare function isLocalDevApiProxy(): boolean;
49
49
  /**
50
50
  * Build a full API URL for a given path, handling SSR, proxy, and direct modes.
51
51
  *
52
- * - **SSR**: `runtimeConfig.apiUrl` + path (direct backend call)
53
- * - **Client + Proxy** (`NUXT_PUBLIC_API_PROXY=true`): `/api` + path (Vite proxy)
54
- * - **Client direct**: `runtimeConfig.public.apiUrl` + path
52
+ * ## Resolution Strategy
53
+ *
54
+ * All environment variables are resolved **at runtime** by Nuxt's built-in
55
+ * `NUXT_*` → `runtimeConfig` mapping. The module only declares empty default
56
+ * keys at build time so Nuxt knows which keys to override.
57
+ *
58
+ * ### SSR (Server-Side Rendering)
59
+ * Fallback chain: `NUXT_API_URL` → `NUXT_PUBLIC_API_URL` → `auth.baseURL` → `localhost:3000`
60
+ *
61
+ * `NUXT_API_URL` allows using an internal network address (e.g., `http://api.svc.cluster.local`)
62
+ * that is never exposed to the client bundle. If not set, the public URL is used.
63
+ *
64
+ * ### Client + Proxy (`NUXT_PUBLIC_API_PROXY=true`)
65
+ * Returns `/api{path}` — the Vite dev proxy forwards to the backend and strips `/api`.
66
+ * This ensures same-origin requests for cookies/WebAuthn. **Only for local development.**
67
+ *
68
+ * ### Client direct (deployed instances)
69
+ * Fallback chain: `NUXT_PUBLIC_API_URL` → `auth.baseURL` → `localhost:3000`
70
+ *
71
+ * ## Deployment Scenarios
72
+ *
73
+ * | Scenario | Env Vars | SSR Result | Client Result |
74
+ * |--------------------------|-----------------------------------------------|-------------------------|-------------------------|
75
+ * | Local dev + proxy | `PUBLIC_API_URL=localhost:3000, API_PROXY=true`| `localhost:3000{path}` | `/api{path}` (proxy) |
76
+ * | Production (simple) | `PUBLIC_API_URL=api.example.com` | `api.example.com{path}` | `api.example.com{path}` |
77
+ * | Production (internal) | `PUBLIC_API_URL=..., API_URL=api-internal:3000`| `api-internal:3000{path}` | `api.example.com{path}` |
78
+ * | Legacy (nuxt.config only)| `auth.baseURL` in config | `{baseURL}{path}` | `{baseURL}{path}` |
79
+ *
80
+ * Trailing slashes on the base URL are automatically stripped.
55
81
  *
56
82
  * @param path - The API path (e.g., `/system-setup/status`, `/i18n/errors/de`)
57
83
  */
package/dist/runtime/lib/auth-state.js CHANGED
@@ -28,15 +28,17 @@ export function isLocalDevApiProxy() {
28
28
  export function buildLtApiUrl(path) {
29
29
  try {
30
30
  const runtimeConfig = useRuntimeConfig();
31
+ const publicUrl = runtimeConfig.public.apiUrl || "";
32
+ const authBaseURL = runtimeConfig.public?.ltExtensions?.auth?.baseURL || "";
31
33
  if (import.meta.server) {
32
- const apiUrl2 = runtimeConfig.apiUrl || "http://localhost:3000";
33
- return `${apiUrl2}${path}`;
34
+ const apiUrl2 = runtimeConfig.apiUrl || publicUrl || authBaseURL || "http://localhost:3000";
35
+ return `${apiUrl2.replace(/\/+$/, "")}${path}`;
34
36
  }
35
37
  if (isLocalDevApiProxy()) {
36
38
  return `/api${path}`;
37
39
  }
38
- const apiUrl = runtimeConfig.public.apiUrl || runtimeConfig.public?.ltExtensions?.auth?.baseURL || "http://localhost:3000";
39
- return `${apiUrl}${path}`;
40
+ const apiUrl = publicUrl || authBaseURL || "http://localhost:3000";
41
+ return `${apiUrl.replace(/\/+$/, "")}${path}`;
40
42
  } catch {
41
43
  return `http://localhost:3000${path}`;
42
44
  }
@@ -74,8 +76,9 @@ export function getLtJwtToken() {
74
76
  export function setLtJwtToken(token) {
75
77
  if (import.meta.server) return;
76
78
  const maxAge = 60 * 60 * 24 * 7;
79
+ const secure = globalThis.location?.protocol === "https:" ? "; secure" : "";
77
80
  if (token) {
78
- document.cookie = `lt-jwt-token=${encodeURIComponent(JSON.stringify(token))}; path=/; max-age=${maxAge}; samesite=lax`;
81
+ document.cookie = `lt-jwt-token=${encodeURIComponent(JSON.stringify(token))}; path=/; max-age=${maxAge}; samesite=lax${secure}`;
79
82
  } else {
80
83
  document.cookie = `lt-jwt-token=; path=/; max-age=0`;
81
84
  }
@@ -91,7 +94,8 @@ export function setLtAuthMode(mode) {
91
94
  state = { ...JSON.parse(value), authMode: mode };
92
95
  }
93
96
  const maxAge = 60 * 60 * 24 * 7;
94
- document.cookie = `lt-auth-state=${encodeURIComponent(JSON.stringify(state))}; path=/; max-age=${maxAge}; samesite=lax`;
97
+ const secure = globalThis.location?.protocol === "https:" ? "; secure" : "";
98
+ document.cookie = `lt-auth-state=${encodeURIComponent(JSON.stringify(state))}; path=/; max-age=${maxAge}; samesite=lax${secure}`;
95
99
  } catch {
96
100
  }
97
101
  }
package/dist/runtime/types/module.d.ts CHANGED
@@ -1,5 +1,22 @@
1
1
  /**
2
- * Auth module configuration options
2
+ * System setup module configuration options
3
+ *
4
+ * When enabled, a global middleware redirects to the setup page if no admin user exists.
5
+ *
6
+ * @example
7
+ * ```typescript
8
+ * // nuxt.config.ts
9
+ * export default defineNuxtConfig({
10
+ * ltExtensions: {
11
+ * auth: {
12
+ * systemSetup: {
13
+ * enabled: true,
14
+ * setupPath: '/auth/setup',
15
+ * },
16
+ * },
17
+ * },
18
+ * });
19
+ * ```
3
20
  */
4
21
  export interface LtSystemSetupModuleOptions {
5
22
  /** Enable system setup flow (default: false) */
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@lenne.tech/nuxt-extensions",
3
- "version": "1.3.0",
3
+ "version": "1.5.0",
4
4
  "description": "Reusable Nuxt 4 composables, components, and Better-Auth integration for lenne.tech projects",
5
5
  "repository": {
6
6
  "type": "git",
@@ -12,7 +12,7 @@
12
12
  },
13
13
  "author": "lenne.Tech <info@lenne.tech> (https://lenne.tech)",
14
14
  "license": "MIT",
15
- "packageManager": "pnpm@10.29.2",
15
+ "packageManager": "pnpm@10.32.1",
16
16
  "type": "module",
17
17
  "exports": {
18
18
  ".": {
@@ -69,7 +69,7 @@
69
69
  "release": "pnpm format:check && pnpm lint && pnpm test:types && pnpm test && pnpm prepack"
70
70
  },
71
71
  "dependencies": {
72
- "@nuxt/kit": "4.3.0"
72
+ "@nuxt/kit": "4.4.2"
73
73
  },
74
74
  "peerDependencies": {
75
75
  "@better-auth/passkey": ">=1.0.0",
@@ -93,30 +93,37 @@
93
93
  }
94
94
  },
95
95
  "devDependencies": {
96
- "@better-auth/passkey": "1.4.18",
97
- "@nuxt/devtools": "3.1.1",
98
- "@playwright/test": "1.58.1",
96
+ "@better-auth/passkey": "1.5.5",
97
+ "@nuxt/devtools": "3.2.3",
99
98
  "@nuxt/module-builder": "1.0.2",
100
- "@nuxt/schema": "4.3.0",
101
- "@nuxt/test-utils": "3.23.0",
102
- "@types/node": "25.2.0",
103
- "@vitest/coverage-v8": "4.0.18",
104
- "@vue/test-utils": "2.4.6",
105
- "better-auth": "1.4.18",
106
- "happy-dom": "20.5.0",
107
- "nuxt": "4.3.0",
108
- "oxfmt": "0.28.0",
109
- "oxlint": "1.43.0",
99
+ "@nuxt/schema": "4.4.2",
100
+ "@playwright/test": "1.58.2",
101
+ "@types/node": "25.5.0",
102
+ "@vitest/coverage-v8": "4.1.0",
103
+ "better-auth": "1.5.5",
104
+ "happy-dom": "20.8.4",
105
+ "nuxt": "4.4.2",
106
+ "oxfmt": "0.40.0",
107
+ "oxlint": "1.55.0",
110
108
  "tus-js-client": "4.3.1",
111
109
  "typescript": "5.9.3",
112
- "vitest": "4.0.18",
113
- "vue-tsc": "3.2.4"
110
+ "vitest": "4.1.0",
111
+ "vue-tsc": "3.2.5"
114
112
  },
115
113
  "pnpm": {
116
114
  "onlyBuiltDependencies": [
117
115
  "@parcel/watcher",
118
116
  "esbuild"
119
- ]
117
+ ],
118
+ "overrides": {
119
+ "minimatch@>=5.0.0 <5.1.8": "5.1.8",
120
+ "minimatch@>=9.0.0 <9.0.7": "9.0.7",
121
+ "minimatch@>=10.0.0 <10.2.3": "10.2.3",
122
+ "rollup@>=4.0.0 <4.59.0": ">=4.59.0",
123
+ "serialize-javascript@<=7.0.2": ">=7.0.3",
124
+ "svgo@=4.0.0": ">=4.0.1",
125
+ "tar@<7.5.11": "7.5.11"
126
+ }
120
127
  },
121
128
  "keywords": [
122
129
  "nuxt",