@onmax/nuxt-better-auth 0.0.1 → 0.0.2-alpha.10

package/dist/runtime/server/api/_better-auth/config.get.js

@@ -0,0 +1,47 @@
+import { defineEventHandler } from "h3";
+import { useRuntimeConfig } from "nitropack/runtime";
+import { serverAuth } from "../../utils/auth.js";
+export default defineEventHandler(async (event) => {
+  try {
+    const auth = await serverAuth(event);
+    const options = auth.options;
+    const runtimeConfig = useRuntimeConfig();
+    const publicAuth = runtimeConfig.public?.auth;
+    const privateAuth = runtimeConfig.auth;
+    const sessionConfig = options.session || {};
+    const expiresInDays = sessionConfig.expiresIn ? Math.round(sessionConfig.expiresIn / 86400) : 7;
+    const updateAgeDays = sessionConfig.updateAge ? Math.round(sessionConfig.updateAge / 86400) : 1;
+    return {
+      config: {
+        // Module config (nuxt.config.ts)
+        module: {
+          redirects: publicAuth?.redirects || { login: "/login", guest: "/" },
+          secondaryStorage: privateAuth?.secondaryStorage ?? false,
+          useDatabase: publicAuth?.useDatabase ?? false
+        },
+        // Server config (server/auth.config.ts)
+        server: {
+          baseURL: options.baseURL,
+          basePath: options.basePath || "/api/auth",
+          socialProviders: Object.keys(options.socialProviders || {}),
+          plugins: (options.plugins || []).map((p) => p.id || "unknown"),
+          trustedOrigins: options.trustedOrigins || [],
+          session: {
+            expiresIn: `${expiresInDays} days`,
+            updateAge: `${updateAgeDays} days`,
+            cookieCache: sessionConfig.cookieCache?.enabled ?? false
+          },
+          emailAndPassword: !!options.emailAndPassword,
+          rateLimit: options.rateLimit?.enabled ?? false,
+          advanced: {
+            useSecureCookies: options.advanced?.useSecureCookies ?? "auto",
+            disableCSRFCheck: options.advanced?.disableCSRFCheck ?? false
+          }
+        }
+      }
+    };
+  } catch (error) {
+    console.error("[DevTools] Config fetch failed:", error);
+    return { config: null, error: "Failed to fetch configuration" };
+  }
+});

package/dist/runtime/server/api/_better-auth/sessions.delete.d.ts

@@ -0,0 +1,4 @@
+declare const _default: import("h3").EventHandler<import("h3").EventHandlerRequest, Promise<{
+    success: boolean;
+}>>;
+export default _default;

package/dist/runtime/server/api/_better-auth/sessions.delete.js

@@ -0,0 +1,22 @@
+import { createError, defineEventHandler, readBody } from "h3";
+import { z } from "zod";
+const deleteSessionSchema = z.object({
+  id: z.string().min(1, "Session ID required")
+});
+export default defineEventHandler(async (event) => {
+  try {
+    const body = deleteSessionSchema.parse(await readBody(event));
+    const { db, schema } = await import("hub:db");
+    if (!schema.session)
+      throw createError({ statusCode: 500, message: "Session table not found" });
+    const { eq } = await import("drizzle-orm");
+    await db.delete(schema.session).where(eq(schema.session.id, body.id));
+    return { success: true };
+  } catch (error) {
+    if (error instanceof z.ZodError) {
+      throw createError({ statusCode: 400, message: error.errors[0]?.message || "Invalid request" });
+    }
+    console.error("[DevTools] Delete session failed:", error);
+    throw createError({ statusCode: 500, message: "Failed to delete session" });
+  }
+});

package/dist/runtime/server/api/_better-auth/sessions.get.d.ts

@@ -0,0 +1,14 @@
+declare const _default: import("h3").EventHandler<import("h3").EventHandlerRequest, Promise<{
+    sessions: never[];
+    total: number;
+    error: string;
+    page?: undefined;
+    limit?: undefined;
+} | {
+    sessions: any;
+    total: any;
+    page: number;
+    limit: number;
+    error?: undefined;
+}>>;
+export default _default;

package/dist/runtime/server/api/_better-auth/sessions.get.js

@@ -0,0 +1,43 @@
+import { defineEventHandler, getQuery } from "h3";
+import { paginationQuerySchema, sanitizeSearchPattern } from "./_schema.js";
+export default defineEventHandler(async (event) => {
+  try {
+    const { db, schema } = await import("hub:db");
+    if (!schema.session)
+      return { sessions: [], total: 0, error: "Session table not found" };
+    const query = paginationQuerySchema.parse(getQuery(event));
+    const { page, limit, search } = query;
+    const offset = (page - 1) * limit;
+    const { count, like, or, desc } = await import("drizzle-orm");
+    let dbQuery = db.select().from(schema.session);
+    let countQuery = db.select({ count: count() }).from(schema.session);
+    if (search) {
+      const pattern = sanitizeSearchPattern(search);
+      const searchCondition = or(
+        like(schema.session.userId, pattern),
+        schema.session.ipAddress ? like(schema.session.ipAddress, pattern) : void 0
+      );
+      if (searchCondition) {
+        dbQuery = dbQuery.where(searchCondition);
+        countQuery = countQuery.where(searchCondition);
+      }
+    }
+    const [sessions, totalResult] = await Promise.all([
+      dbQuery.orderBy(desc(schema.session.createdAt)).limit(limit).offset(offset),
+      countQuery
+    ]);
+    const safeSessions = sessions.map((s) => ({
+      id: s.id,
+      userId: s.userId,
+      createdAt: s.createdAt,
+      updatedAt: s.updatedAt,
+      expiresAt: s.expiresAt,
+      ipAddress: s.ipAddress,
+      userAgent: s.userAgent
+    }));
+    return { sessions: safeSessions, total: totalResult[0]?.count ?? 0, page, limit };
+  } catch (error) {
+    console.error("[DevTools] Fetch sessions failed:", error);
+    return { sessions: [], total: 0, error: "Failed to fetch sessions" };
+  }
+});

package/dist/runtime/server/api/_better-auth/users.get.d.ts

@@ -0,0 +1,14 @@
+declare const _default: import("h3").EventHandler<import("h3").EventHandlerRequest, Promise<{
+    users: never[];
+    total: number;
+    error: string;
+    page?: undefined;
+    limit?: undefined;
+} | {
+    users: any;
+    total: any;
+    page: number;
+    limit: number;
+    error?: undefined;
+}>>;
+export default _default;

package/dist/runtime/server/api/_better-auth/users.get.js

@@ -0,0 +1,34 @@
+import { defineEventHandler, getQuery } from "h3";
+import { paginationQuerySchema, sanitizeSearchPattern } from "./_schema.js";
+export default defineEventHandler(async (event) => {
+  try {
+    const { db, schema } = await import("hub:db");
+    if (!schema.user)
+      return { users: [], total: 0, error: "User table not found" };
+    const query = paginationQuerySchema.parse(getQuery(event));
+    const { page, limit, search } = query;
+    const offset = (page - 1) * limit;
+    const { count, like, or, desc } = await import("drizzle-orm");
+    let dbQuery = db.select().from(schema.user);
+    let countQuery = db.select({ count: count() }).from(schema.user);
+    if (search) {
+      const pattern = sanitizeSearchPattern(search);
+      const searchCondition = or(
+        like(schema.user.name, pattern),
+        like(schema.user.email, pattern)
+      );
+      if (searchCondition) {
+        dbQuery = dbQuery.where(searchCondition);
+        countQuery = countQuery.where(searchCondition);
+      }
+    }
+    const [users, totalResult] = await Promise.all([
+      dbQuery.orderBy(desc(schema.user.createdAt)).limit(limit).offset(offset),
+      countQuery
+    ]);
+    return { users, total: totalResult[0]?.count ?? 0, page, limit };
+  } catch (error) {
+    console.error("[DevTools] Fetch users failed:", error);
+    return { users: [], total: 0, error: "Failed to fetch users" };
+  }
+});

package/dist/runtime/server/api/auth/[...all].d.ts

@@ -0,0 +1,2 @@
+declare const _default: import("h3").EventHandler<import("h3").EventHandlerRequest, Promise<Response>>;
+export default _default;

package/dist/runtime/server/api/auth/[...all].js

@@ -0,0 +1,6 @@
+import { defineEventHandler, toWebRequest } from "h3";
+import { serverAuth } from "../../utils/auth.js";
+export default defineEventHandler(async (event) => {
+  const auth = await serverAuth(event);
+  return auth.handler(toWebRequest(event));
+});

package/dist/runtime/server/middleware/route-access.d.ts

@@ -0,0 +1,2 @@
+declare const _default: import("h3").EventHandler<import("h3").EventHandlerRequest, Promise<void>>;
+export default _default;

package/dist/runtime/server/middleware/route-access.js

@@ -0,0 +1,28 @@
+import { createError, defineEventHandler, getRequestURL } from "h3";
+import { getRouteRules } from "nitropack/runtime";
+import { matchesUser } from "../../utils/match-user.js";
+export default defineEventHandler(async (event) => {
+  const path = getRequestURL(event).pathname;
+  if (!path.startsWith("/api/"))
+    return;
+  if (path.startsWith("/api/auth/"))
+    return;
+  const rules = getRouteRules(event);
+  if (!rules.auth)
+    return;
+  const auth = rules.auth;
+  const mode = typeof auth === "string" ? auth : auth?.only ?? "user";
+  if (mode === "guest") {
+    const session = await getUserSession(event);
+    if (session)
+      throw createError({ statusCode: 403, statusMessage: "Authenticated users not allowed" });
+    return;
+  }
+  if (mode === "user") {
+    const session = await requireUserSession(event);
+    if (typeof auth === "object" && auth.user) {
+      if (!matchesUser(session.user, auth.user))
+        throw createError({ statusCode: 403, statusMessage: "Access denied" });
+    }
+  }
+});

package/dist/runtime/server/tsconfig.json

@@ -0,0 +1,3 @@
+{
+  "extends": "../../../.nuxt/tsconfig.server.json"
+}

package/dist/runtime/server/utils/auth.d.ts

@@ -0,0 +1,11 @@
+import type { Auth } from 'better-auth';
+import type { H3Event } from 'h3';
+import createServerAuth from '#auth/server';
+type AuthInstance = Auth<ReturnType<typeof createServerAuth>>;
+declare module 'h3' {
+    interface H3EventContext {
+        _betterAuth?: AuthInstance;
+    }
+}
+export declare function serverAuth(event: H3Event): Promise<AuthInstance>;
+export {};

package/dist/runtime/server/utils/auth.js

@@ -0,0 +1,32 @@
+import { createDatabase, db } from "#auth/database";
+import { createSecondaryStorage } from "#auth/secondary-storage";
+import createServerAuth from "#auth/server";
+import { betterAuth } from "better-auth";
+import { consola } from "consola";
+import { getRequestURL } from "h3";
+import { useRuntimeConfig } from "nitropack/runtime";
+const logger = consola.withTag("nuxt-better-auth");
+function getBaseURL(event, siteUrl) {
+  if (siteUrl)
+    return siteUrl;
+  const origin = getRequestURL(event).origin;
+  if (process.env.NODE_ENV === "production")
+    throw new Error("siteUrl must be configured in production. Set NUXT_PUBLIC_SITE_URL or configure in nuxt.config.");
+  logger.warn("siteUrl not set, auto-detected:", origin);
+  return origin;
+}
+export async function serverAuth(event) {
+  if (event.context._betterAuth)
+    return event.context._betterAuth;
+  const runtimeConfig = useRuntimeConfig();
+  const database = createDatabase();
+  const userConfig = createServerAuth({ runtimeConfig, db });
+  event.context._betterAuth = betterAuth({
+    ...userConfig,
+    ...database && { database },
+    secondaryStorage: createSecondaryStorage(),
+    secret: runtimeConfig.betterAuthSecret,
+    baseURL: getBaseURL(event, runtimeConfig.public.siteUrl)
+  });
+  return event.context._betterAuth;
+}

package/dist/runtime/server/utils/session.d.ts

@@ -0,0 +1,9 @@
+import type { H3Event } from 'h3';
+import type { AuthSession, AuthUser, RequireSessionOptions } from '../../types.js';
+interface FullSession {
+    user: AuthUser;
+    session: AuthSession;
+}
+export declare function getUserSession(event: H3Event): Promise<FullSession | null>;
+export declare function requireUserSession(event: H3Event, options?: RequireSessionOptions): Promise<FullSession>;
+export {};

package/dist/runtime/server/utils/session.js

@@ -0,0 +1,23 @@
+import { createError } from "h3";
+import { matchesUser } from "../../utils/match-user.js";
+import { serverAuth } from "./auth.js";
+export async function getUserSession(event) {
+  const auth = await serverAuth(event);
+  const session = await auth.api.getSession({ headers: event.headers });
+  return session;
+}
+export async function requireUserSession(event, options) {
+  const session = await getUserSession(event);
+  if (!session)
+    throw createError({ statusCode: 401, statusMessage: "Authentication required" });
+  if (options?.user) {
+    if (!matchesUser(session.user, options.user))
+      throw createError({ statusCode: 403, statusMessage: "Access denied" });
+  }
+  if (options?.rule) {
+    const allowed = await options.rule({ user: session.user, session: session.session });
+    if (!allowed)
+      throw createError({ statusCode: 403, statusMessage: "Access denied" });
+  }
+  return session;
+}

package/dist/runtime/types/augment.d.ts

@@ -0,0 +1,42 @@
+import type { ComputedRef, Ref } from 'vue';
+export interface AuthUser {
+    id: string;
+    createdAt: Date;
+    updatedAt: Date;
+    email: string;
+    emailVerified: boolean;
+    name: string;
+    image?: string | null;
+}
+export interface AuthSession {
+    id: string;
+    createdAt: Date;
+    updatedAt: Date;
+    userId: string;
+    expiresAt: Date;
+    token: string;
+    ipAddress?: string | null;
+    userAgent?: string | null;
+}
+export interface ServerAuthContext {
+    runtimeConfig: Record<string, unknown>;
+    db: unknown;
+}
+export interface UserSessionComposable {
+    client: unknown;
+    user: Ref<AuthUser | null>;
+    session: Ref<AuthSession | null>;
+    loggedIn: ComputedRef<boolean>;
+    ready: ComputedRef<boolean>;
+    signIn: unknown;
+    signUp: unknown;
+    fetchSession: (options?: {
+        headers?: HeadersInit;
+        force?: boolean;
+    }) => Promise<void>;
+    waitForSession: () => Promise<void>;
+    signOut: (options?: {
+        onSuccess?: () => void | Promise<void>;
+    }) => Promise<void>;
+    updateUser: (updates: Partial<AuthUser>) => void;
+}

package/dist/runtime/types.d.ts

@@ -0,0 +1,23 @@
+import type { NitroRouteRules } from 'nitropack/types';
+import type { AuthSession, AuthUser } from './types/augment.js';
+export type { AuthSession, AuthUser, ServerAuthContext, UserSessionComposable } from './types/augment.js';
+export type { Auth, InferSession, InferUser } from 'better-auth';
+export type AuthMode = 'guest' | 'user';
+export type UserMatch<T> = {
+    [K in keyof T]?: T[K] | T[K][];
+};
+export type AuthMeta = false | AuthMode | {
+    only?: AuthMode;
+    redirectTo?: string;
+    user?: UserMatch<AuthUser>;
+};
+export type AuthRouteRules = NitroRouteRules & {
+    auth?: AuthMeta;
+};
+export interface RequireSessionOptions {
+    user?: UserMatch<AuthUser>;
+    rule?: (ctx: {
+        user: AuthUser;
+        session: AuthSession;
+    }) => boolean | Promise<boolean>;
+}

package/dist/runtime/utils/match-user.d.ts

@@ -0,0 +1,2 @@
+import type { UserMatch } from '../types.js';
+export declare function matchesUser<T extends object>(user: T, match: UserMatch<T>): boolean;

package/dist/runtime/utils/match-user.js

@@ -0,0 +1,13 @@
+export function matchesUser(user, match) {
+  for (const [key, expected] of Object.entries(match)) {
+    const actual = user[key];
+    if (Array.isArray(expected)) {
+      if (!expected.includes(actual))
+        return false;
+    } else {
+      if (actual !== expected)
+        return false;
+    }
+  }
+  return true;
+}

package/dist/types.d.mts

@@ -1,13 +1,11 @@
-import type { ModuleHooks, ModuleRuntimeHooks, ModuleRuntimeConfig, ModulePublicRuntimeConfig } from './module.mjs'
+import type { NuxtModule } from '@nuxt/schema'
 
-declare module '#app' {
-  interface RuntimeNuxtHooks extends ModuleRuntimeHooks {}
-}
+import type { default as Module } from './module.mjs'
 
-declare module '@nuxt/schema' {
-  interface NuxtHooks extends ModuleHooks {}
-  interface RuntimeConfig extends ModuleRuntimeConfig {}
-  interface PublicRuntimeConfig extends ModulePublicRuntimeConfig {}
-}
+export type ModuleOptions = typeof Module extends NuxtModule<infer O> ? Partial<O> : Record<string, any>
 
-export * from "./module.mjs"
+export { type BetterAuthModuleOptions, type defineClientAuth, type defineServerAuth } from '../dist/runtime/config.js'
+
+export { type Auth, type AuthMeta, type AuthMode, type AuthRouteRules, type AuthSession, type AuthUser, type InferSession, type InferUser, type RequireSessionOptions, type ServerAuthContext, type UserMatch } from '../dist/runtime/types.js'
+
+export { default } from './module.mjs'

package/package.json

@@ -1,10 +1,11 @@
 {
   "name": "@onmax/nuxt-better-auth",
   "type": "module",
-  "version": "0.0.1",
+  "version": "0.0.2-alpha.10",
+  "packageManager": "pnpm@10.15.1",
   "description": "Nuxt module for Better Auth integration with NuxtHub, route protection, session management, and role-based access",
-  "license": "MIT",
   "author": "onmax",
+  "license": "MIT",
   "repository": {
     "type": "git",
     "url": "https://github.com/onmax/nuxt-better-auth"
@@ -13,6 +14,10 @@
     ".": {
       "types": "./dist/types.d.mts",
       "import": "./dist/module.mjs"
+    },
+    "./config": {
+      "types": "./dist/runtime/config.d.ts",
+      "import": "./dist/runtime/config.js"
     }
   },
   "main": "./dist/module.mjs",
@@ -20,6 +25,9 @@
     "*": {
       ".": [
         "./dist/types.d.mts"
+      ],
+      "config": [
+        "./dist/runtime/config.d.ts"
       ]
     }
   },
@@ -31,8 +39,9 @@
     "dev": "pnpm dev:prepare && nuxi dev playground",
     "dev:build": "nuxi build playground",
     "dev:prepare": "nuxt-module-build build --stub && nuxi prepare playground",
-    "prepare": "nuxt-module-build build --stub && nuxi prepare playground",
-    "release": "pnpm lint && pnpm test && pnpm prepack && changelogen --release && npm publish && git push --follow-tags",
+    "dev:docs": "nuxi dev docs",
+    "build:docs": "nuxi build docs",
+    "release": "bumpp --push",
     "lint": "eslint .",
     "lint:fix": "eslint . --fix",
     "typecheck": "vue-tsc --noEmit",
@@ -42,14 +51,19 @@
   },
   "peerDependencies": {
     "@nuxthub/core": ">=0.10.0",
-    "better-auth": ">=1.0.0",
-    "drizzle-orm": ">=0.30.0"
+    "better-auth": ">=1.0.0"
+  },
+  "peerDependenciesMeta": {
+    "@nuxthub/core": {
+      "optional": true
+    }
   },
   "dependencies": {
     "@nuxt/kit": "^4.2.2",
     "defu": "^6.1.4",
     "jiti": "^2.4.2",
     "pathe": "^2.0.3",
+    "pluralize": "^8.0.0",
     "radix3": "^1.1.2"
   },
   "devDependencies": {
@@ -57,29 +71,44 @@
     "@better-auth/cli": "^1.4.6",
     "@libsql/client": "^0.15.15",
     "@nuxt/devtools": "^3.1.1",
+    "@nuxt/devtools-kit": "^3.1.1",
     "@nuxt/module-builder": "^1.0.2",
     "@nuxt/schema": "^4.2.2",
     "@nuxt/test-utils": "^3.21.0",
-    "@nuxthub/core": "^0.10.0",
+    "@nuxthub/core": "^0.10.3",
     "@types/better-sqlite3": "^7.6.13",
     "@types/node": "latest",
-    "better-auth": "^1.2.8",
+    "@types/pluralize": "^0.0.33",
+    "better-auth": "^1.4.7",
     "better-sqlite3": "^11.9.1",
+    "bumpp": "^10.3.2",
     "changelogen": "^0.6.2",
     "consola": "^3.4.2",
     "drizzle-kit": "^0.31.8",
     "drizzle-orm": "^0.38.4",
     "eslint": "^9.39.1",
     "nuxt": "^4.2.2",
+    "tinyexec": "^1.0.2",
     "typescript": "~5.9.3",
     "vitest": "^4.0.15",
-    "vue-tsc": "^3.1.7"
+    "vitest-package-exports": "^0.1.1",
+    "vue-tsc": "^3.1.7",
+    "yaml": "^2.8.2"
   },
   "pnpm": {
     "onlyBuiltDependencies": [
+      "@parcel/watcher",
       "better-sqlite3",
       "esbuild",
-      "@parcel/watcher"
-    ]
+      "sharp",
+      "workerd"
+    ],
+    "patchedDependencies": {
+      "@peculiar/x509@1.14.2": "patches/@peculiar__x509@1.14.2.patch",
+      "unenv@2.0.0-rc.24": "patches/unenv@2.0.0-rc.24.patch"
+    },
+    "overrides": {
+      "reka-ui": "^2.6.1"
+    }
   }
 }

package/dist/module.d.cts

@@ -1,2 +0,0 @@
-export * from "/home/maxi/nuxt/better-auth/src/module.js";
-export { default } from "/home/maxi/nuxt/better-auth/src/module.js";