@onmax/nuxt-better-auth 0.0.2-alpha.1 → 0.0.2-alpha.3

package/dist/module.json

@@ -4,7 +4,7 @@
   "compatibility": {
     "nuxt": ">=3.0.0"
   },
-  "version": "0.0.2-alpha.1",
+  "version": "0.0.2-alpha.3",
   "builder": {
     "@nuxt/module-builder": "1.0.2",
     "unbuild": "3.6.1"

package/dist/module.mjs

@@ -22,46 +22,60 @@ function setupDevTools(nuxt) {
   });
 }
 
-function generateDrizzleSchema(tables, dialect) {
-  const imports = getImports(dialect);
-  const tableDefinitions = Object.entries(tables).map(([tableName, table]) => generateTable(tableName, table, dialect, tables)).join("\n\n");
+function generateDrizzleSchema(tables, dialect, options) {
+  const typedTables = tables;
+  const imports = getImports(dialect, options);
+  const tableDefinitions = Object.entries(typedTables).map(([tableName, table]) => generateTable(tableName, table, dialect, typedTables, options)).join("\n\n");
   return `${imports}
 
 ${tableDefinitions}
 `;
 }
-function getImports(dialect) {
+function getImports(dialect, options) {
   switch (dialect) {
     case "sqlite":
       return `import { integer, sqliteTable, text } from 'drizzle-orm/sqlite-core'`;
     case "postgresql":
-      return `import { boolean, pgTable, text, timestamp, integer } from 'drizzle-orm/pg-core'`;
+      return options?.useUuid ? `import { boolean, integer, pgTable, text, timestamp, uuid } from 'drizzle-orm/pg-core'` : `import { boolean, integer, pgTable, text, timestamp } from 'drizzle-orm/pg-core'`;
     case "mysql":
       return `import { boolean, int, mysqlTable, text, timestamp, varchar } from 'drizzle-orm/mysql-core'`;
   }
 }
-function generateTable(tableName, table, dialect, allTables) {
+function generateTable(tableName, table, dialect, allTables, options) {
   const tableFunc = dialect === "sqlite" ? "sqliteTable" : dialect === "postgresql" ? "pgTable" : "mysqlTable";
-  const dbTableName = table.modelName || tableName;
-  const fields = Object.entries(table.fields).map(([fieldName, field]) => generateField(fieldName, field, dialect, allTables)).join(",\n    ");
-  const idField = generateIdField(dialect);
+  let dbTableName = table.modelName || tableName;
+  if (options?.usePlural && !table.modelName) {
+    dbTableName = `${tableName}s`;
+  }
+  const fields = Object.entries(table.fields).map(([fieldName, field]) => generateField(fieldName, field, dialect, allTables, options)).join(",\n    ");
+  const idField = generateIdField(dialect, options);
   return `export const ${tableName} = ${tableFunc}('${dbTableName}', {
     ${idField},
     ${fields}
   })`;
 }
-function generateIdField(dialect) {
+function generateIdField(dialect, options) {
   switch (dialect) {
     case "sqlite":
-    case "postgresql":
+      if (options?.useUuid)
+        consola$1.warn("[@onmax/nuxt-better-auth] useUuid ignored for SQLite (no native uuid type). Using text.");
       return `id: text('id').primaryKey()`;
+    case "postgresql":
+      return options?.useUuid ? `id: uuid('id').defaultRandom().primaryKey()` : `id: text('id').primaryKey()`;
     case "mysql":
       return `id: varchar('id', { length: 36 }).primaryKey()`;
   }
 }
-function generateField(fieldName, field, dialect, allTables) {
+function generateField(fieldName, field, dialect, allTables, options) {
   const dbFieldName = fieldName;
-  let fieldDef = getFieldType(field.type, dialect, dbFieldName);
+  const isFkToId = options?.useUuid && field.references?.field === "id";
+  let fieldDef;
+  if (isFkToId && dialect === "postgresql")
+    fieldDef = `uuid('${dbFieldName}')`;
+  else if (isFkToId && dialect === "mysql")
+    fieldDef = `varchar('${dbFieldName}', { length: 36 })`;
+  else
+    fieldDef = getFieldType(field.type, dialect, dbFieldName);
   if (field.required && field.defaultValue === void 0)
     fieldDef += ".notNull()";
   if (field.unique)
@@ -136,17 +150,23 @@ function getMysqlType(type, fieldName) {
       return `text('${fieldName}')`;
   }
 }
-async function loadUserAuthConfig(configPath) {
+async function loadUserAuthConfig(configPath, throwOnError = false) {
   const { createJiti } = await import('jiti');
   const jiti = createJiti(import.meta.url, { interopDefault: true });
   try {
     const mod = await jiti.import(configPath);
-    const configFn = mod.default || mod;
+    const configFn = typeof mod === "object" && mod !== null && "default" in mod ? mod.default : mod;
     if (typeof configFn === "function") {
       return configFn({ runtimeConfig: {}, db: null });
     }
+    if (throwOnError) {
+      throw new Error("auth.config.ts must export default defineServerAuth(...)");
+    }
     return {};
   } catch (error) {
+    if (throwOnError) {
+      throw new Error(`Failed to load auth config: ${error instanceof Error ? error.message : error}`);
+    }
     consola$1.error("[@onmax/nuxt-better-auth] Failed to load auth config for schema generation. Schema may be incomplete:", error);
     return {};
   }
@@ -186,7 +206,14 @@ const module$1 = defineNuxtModule({
       redirects: { login: options.redirects?.login ?? "/login", guest: options.redirects?.guest ?? "/" },
       useDatabase: hasHubDb
     });
-    nuxt.options.runtimeConfig.betterAuthSecret ||= process.env.BETTER_AUTH_SECRET || process.env.NUXT_BETTER_AUTH_SECRET || "";
+    const betterAuthSecret = process.env.BETTER_AUTH_SECRET || process.env.NUXT_BETTER_AUTH_SECRET || nuxt.options.runtimeConfig.betterAuthSecret || "";
+    if (!nuxt.options.dev && !betterAuthSecret) {
+      throw new Error("[nuxt-better-auth] BETTER_AUTH_SECRET is required in production. Set BETTER_AUTH_SECRET or NUXT_BETTER_AUTH_SECRET environment variable.");
+    }
+    if (betterAuthSecret && betterAuthSecret.length < 32) {
+      throw new Error("[nuxt-better-auth] BETTER_AUTH_SECRET must be at least 32 characters for security");
+    }
+    nuxt.options.runtimeConfig.betterAuthSecret = betterAuthSecret;
     nuxt.options.runtimeConfig.auth = defu(nuxt.options.runtimeConfig.auth, {
       secondaryStorage: secondaryStorageEnabled
     });
@@ -204,9 +231,13 @@ export function createSecondaryStorage() {
     const secondaryStorageTemplate = addTemplate({ filename: "better-auth/secondary-storage.mjs", getContents: () => secondaryStorageCode, write: true });
     nuxt.options.alias["#auth/secondary-storage"] = secondaryStorageTemplate.dst;
     const hubDbPath = nuxt.options.alias["hub:db"];
+    if (hasHubDb && !hubDbPath) {
+      throw new Error("[nuxt-better-auth] hub:db alias not found. Ensure @nuxthub/core is loaded before this module.");
+    }
+    const hubDialect = typeof hub?.db === "string" ? hub.db : (typeof hub?.db === "object" ? hub.db.dialect : void 0) ?? "sqlite";
     const databaseCode = hasHubDb && hubDbPath ? `import { db, schema } from '${hubDbPath}'
 import { drizzleAdapter } from 'better-auth/adapters/drizzle'
-const rawDialect = '${hub?.db?.dialect ?? "sqlite"}'
+const rawDialect = '${hubDialect}'
 const dialect = rawDialect === 'postgresql' ? 'pg' : rawDialect
 export function createDatabase() { return drizzleAdapter(db, { provider: dialect, schema }) }
 export { db }` : `export function createDatabase() { return undefined }
@@ -298,9 +329,10 @@ declare module 'nitropack/types' {
       app.middleware.push({ name: "auth", path: resolver.resolve("./runtime/app/middleware/auth.global"), global: true });
     });
     if (hasHubDb) {
-      await setupBetterAuthSchema(nuxt, serverConfigPath);
+      await setupBetterAuthSchema(nuxt, serverConfigPath, options);
     }
-    if (nuxt.options.dev && process.env.NODE_ENV !== "production") {
+    const isProduction = process.env.NODE_ENV === "production" || !nuxt.options.dev;
+    if (!isProduction) {
       setupDevTools(nuxt);
       addServerHandler({ route: "/api/_better-auth/config", method: "get", handler: resolver.resolve("./runtime/server/api/_better-auth/config.get") });
       if (hasHubDb) {
@@ -333,22 +365,25 @@ declare module 'nitropack/types' {
     });
   }
 });
-async function setupBetterAuthSchema(nuxt, serverConfigPath) {
+async function setupBetterAuthSchema(nuxt, serverConfigPath, options) {
   const hub = nuxt.options.hub;
-  const dialect = typeof hub.db === "string" ? hub.db : hub.db?.dialect;
+  const dialect = typeof hub?.db === "string" ? hub.db : typeof hub?.db === "object" ? hub.db.dialect : void 0;
   if (!dialect || !["sqlite", "postgresql", "mysql"].includes(dialect)) {
     consola.warn(`Unsupported database dialect: ${dialect}`);
     return;
   }
+  const isProduction = !nuxt.options.dev;
   try {
     const configFile = `${serverConfigPath}.ts`;
-    const userConfig = await loadUserAuthConfig(configFile);
+    const userConfig = await loadUserAuthConfig(configFile, isProduction);
     const extendedConfig = {};
     await nuxt.callHook("better-auth:config:extend", extendedConfig);
     const plugins = [...userConfig.plugins || [], ...extendedConfig.plugins || []];
     const { getAuthTables } = await import('better-auth/db');
     const tables = getAuthTables({ plugins });
-    const schemaCode = generateDrizzleSchema(tables, dialect);
+    const useUuid = userConfig.advanced?.database?.generateId === "uuid";
+    const schemaOptions = { ...options.schema, useUuid };
+    const schemaCode = generateDrizzleSchema(tables, dialect, schemaOptions);
     const schemaDir = join(nuxt.options.buildDir, "better-auth");
     const schemaPath = join(schemaDir, `schema.${dialect}.ts`);
     await mkdir(schemaDir, { recursive: true });
@@ -356,12 +391,16 @@ async function setupBetterAuthSchema(nuxt, serverConfigPath) {
     addTemplate({ filename: `better-auth/schema.${dialect}.ts`, getContents: () => schemaCode, write: true });
     consola.info(`Generated ${dialect} schema with ${Object.keys(tables).length} tables`);
   } catch (error) {
+    if (isProduction) {
+      throw error;
+    }
     consola.error("Failed to generate schema:", error);
   }
-  nuxt.hook("hub:db:schema:extend", ({ paths, dialect: hookDialect }) => {
+  const nuxtWithHubHooks = nuxt;
+  nuxtWithHubHooks.hook("hub:db:schema:extend", ({ paths, dialect: hookDialect }) => {
     const schemaPath = join(nuxt.options.buildDir, "better-auth", `schema.${hookDialect}.ts`);
     if (existsSync(schemaPath)) {
-      paths.push(schemaPath);
+      paths.unshift(schemaPath);
     }
   });
 }

package/dist/runtime/app/composables/useUserSession.js

@@ -1,6 +1,5 @@
 import { createAppAuthClient } from "#auth/client";
-import { computed, useRequestHeaders, useRequestURL, useRuntimeConfig, useState, watch } from "#imports";
-import { consola } from "consola";
+import { computed, nextTick, useRequestHeaders, useRequestURL, useRuntimeConfig, useState, watch } from "#imports";
 let _client = null;
 function getClient(baseURL) {
   if (!_client)
@@ -30,7 +29,8 @@ export function useUserSession() {
       () => clientSession.value,
       (newSession) => {
         if (newSession?.data?.session && newSession?.data?.user) {
-          session.value = newSession.data.session;
+          const { token: _, ...safeSession } = newSession.data.session;
+          session.value = safeSession;
           user.value = newSession.data.user;
         } else if (!newSession?.isPending) {
           clearSession();
@@ -62,6 +62,9 @@ export function useUserSession() {
   function wrapOnSuccess(cb) {
     return async (ctx) => {
       await fetchSession({ force: true });
+      if (!loggedIn.value)
+        await waitForSession();
+      await nextTick();
       await cb(ctx);
     };
   }
@@ -79,10 +82,11 @@ export function useUserSession() {
   }
   const signIn = client?.signIn ? new Proxy(client.signIn, {
     get(target, prop) {
-      const method = target[prop];
+      const targetRecord = target;
+      const method = targetRecord[prop];
       if (typeof method !== "function")
         return method;
-      return wrapAuthMethod((...args) => target[prop](...args));
+      return wrapAuthMethod((...args) => targetRecord[prop](...args));
     }
   }) : new Proxy({}, {
     get: (_, prop) => {
@@ -91,10 +95,11 @@ export function useUserSession() {
   });
   const signUp = client?.signUp ? new Proxy(client.signUp, {
     get(target, prop) {
-      const method = target[prop];
+      const targetRecord = target;
+      const method = targetRecord[prop];
       if (typeof method !== "function")
         return method;
-      return wrapAuthMethod((...args) => target[prop](...args));
+      return wrapAuthMethod((...args) => targetRecord[prop](...args));
     }
   }) : new Proxy({}, {
     get: (_, prop) => {
@@ -115,15 +120,15 @@ export function useUserSession() {
         const result = await client.getSession({ query }, fetchOptions);
         const data = result.data;
         if (data?.session && data?.user) {
-          session.value = data.session;
+          const { token: _, ...safeSession } = data.session;
+          session.value = safeSession;
           user.value = data.user;
         } else {
           clearSession();
         }
       } catch (error) {
         clearSession();
-        if (import.meta.dev)
-          consola.error("Failed to fetch auth session:", error);
+        console.error("[nuxt-better-auth] Failed to fetch session:", error);
       } finally {
         if (!authReady.value)
           authReady.value = true;

package/dist/runtime/app/middleware/auth.global.js

@@ -1,6 +1,12 @@
-import { createError, defineNuxtRouteMiddleware, getRouteRules, navigateTo, useRequestHeaders, useRuntimeConfig } from "#imports";
+import { createError, defineNuxtRouteMiddleware, getRouteRules, navigateTo, useNuxtApp, useRequestHeaders, useRuntimeConfig } from "#imports";
 import { matchesUser } from "../../utils/match-user.js";
 export default defineNuxtRouteMiddleware(async (to) => {
+  const nuxtApp = useNuxtApp();
+  if (import.meta.client) {
+    const isPrerendered = nuxtApp.payload.prerenderedAt || nuxtApp.payload.isCached;
+    if (isPrerendered && nuxtApp.isHydrating)
+      return;
+  }
   if (to.meta.auth === void 0) {
     const rules = await getRouteRules({ path: to.path });
     if (rules.auth !== void 0)
@@ -10,8 +16,8 @@ export default defineNuxtRouteMiddleware(async (to) => {
   if (auth === void 0 || auth === false)
     return;
   const config = useRuntimeConfig().public.auth;
-  const { fetchSession, user, loggedIn, ready } = useUserSession();
-  if (!loggedIn.value && !ready.value) {
+  const { fetchSession, user, loggedIn } = useUserSession();
+  if (!loggedIn.value) {
     const headers = import.meta.server ? useRequestHeaders(["cookie"]) : void 0;
     await fetchSession({ headers });
   }

package/dist/runtime/app/plugins/session.server.js

@@ -12,7 +12,8 @@ export default defineNuxtPlugin({
         const headers = useRequestHeaders(["cookie"]);
         const data = await $fetch("/api/auth/get-session", { headers });
         if (data?.session && data?.user) {
-          session.value = data.session;
+          const { token: _, ...safeSession } = data.session;
+          session.value = safeSession;
           user.value = data.user;
         }
       } catch {

package/dist/runtime/config.d.ts

@@ -22,6 +22,11 @@ export interface BetterAuthModuleOptions {
     };
     /** Enable KV secondary storage for sessions. Requires hub.kv: true */
     secondaryStorage?: boolean;
+    /** Schema generation options. Must match drizzleAdapter config. */
+    schema?: {
+        /** Plural table names: user → users. Default: false */
+        usePlural?: boolean;
+    };
 }
 export interface AuthRuntimeConfig {
     redirects: {

package/dist/runtime/server/api/_better-auth/config.get.d.ts

@@ -12,7 +12,7 @@ declare const _default: import("h3").EventHandler<import("h3").EventHandlerReque
             baseURL: string | undefined;
             basePath: string;
             socialProviders: string[];
-            plugins: any[];
+            plugins: string[];
             trustedOrigins: string[] | ((request: Request) => string[] | Promise<string[]>);
             session: {
                 expiresIn: string;
@@ -30,6 +30,6 @@ declare const _default: import("h3").EventHandler<import("h3").EventHandlerReque
     error?: undefined;
 } | {
     config: null;
-    error: any;
+    error: string;
 }>>;
 export default _default;

package/dist/runtime/server/api/_better-auth/config.get.js

@@ -41,6 +41,7 @@ export default defineEventHandler(async (event) => {
       }
     };
   } catch (error) {
-    return { config: null, error: error.message || "Failed to fetch config" };
+    console.error("[DevTools] Config fetch failed:", error);
+    return { config: null, error: "Failed to fetch configuration" };
   }
 });

package/dist/runtime/server/api/_better-auth/sessions.get.js

@@ -26,7 +26,16 @@ export default defineEventHandler(async (event) => {
       dbQuery.orderBy(desc(schema.session.createdAt)).limit(limit).offset(offset),
       countQuery
     ]);
-    return { sessions, total: totalResult[0]?.count ?? 0, page, limit };
+    const safeSessions = sessions.map((s) => ({
+      id: s.id,
+      userId: s.userId,
+      createdAt: s.createdAt,
+      updatedAt: s.updatedAt,
+      expiresAt: s.expiresAt,
+      ipAddress: s.ipAddress,
+      userAgent: s.userAgent
+    }));
+    return { sessions: safeSessions, total: totalResult[0]?.count ?? 0, page, limit };
   } catch (error) {
     console.error("[DevTools] Fetch sessions failed:", error);
     return { sessions: [], total: 0, error: "Failed to fetch sessions" };

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@onmax/nuxt-better-auth",
   "type": "module",
-  "version": "0.0.2-alpha.1",
+  "version": "0.0.2-alpha.3",
   "packageManager": "pnpm@10.15.1",
   "description": "Nuxt module for Better Auth integration with NuxtHub, route protection, session management, and role-based access",
   "author": "onmax",
@@ -95,9 +95,11 @@
   },
   "pnpm": {
     "onlyBuiltDependencies": [
+      "@parcel/watcher",
       "better-sqlite3",
       "esbuild",
-      "@parcel/watcher"
+      "sharp",
+      "workerd"
     ],
     "patchedDependencies": {
       "@peculiar/x509@1.14.2": "patches/@peculiar__x509@1.14.2.patch",