@onmax/nuxt-better-auth 0.0.2-alpha.10 → 0.0.2-alpha.12

package/dist/module.json

@@ -4,7 +4,7 @@
   "compatibility": {
     "nuxt": ">=3.0.0"
   },
-  "version": "0.0.2-alpha.10",
+  "version": "0.0.2-alpha.12",
   "builder": {
     "@nuxt/module-builder": "1.0.2",
     "unbuild": "3.6.1"

package/dist/module.mjs

@@ -1,6 +1,6 @@
 import { existsSync } from 'node:fs';
 import { mkdir, writeFile } from 'node:fs/promises';
-import { defineNuxtModule, createResolver, hasNuxtModule, addTemplate, addTypeTemplate, updateTemplates, addServerImportsDir, addServerScanDir, addServerHandler, addImportsDir, addPlugin, addComponentsDir, extendPages } from '@nuxt/kit';
+import { defineNuxtModule, createResolver, hasNuxtModule, addTemplate, addTypeTemplate, updateTemplates, addServerImportsDir, addServerImports, addServerScanDir, addServerHandler, addImportsDir, addPlugin, addComponentsDir, extendPages } from '@nuxt/kit';
 import { consola as consola$1 } from 'consola';
 import { defu } from 'defu';
 import { join } from 'pathe';
@@ -162,7 +162,15 @@ function getMysqlType(type, fieldName) {
 }
 async function loadUserAuthConfig(configPath, throwOnError = false) {
   const { createJiti } = await import('jiti');
-  const jiti = createJiti(import.meta.url, { interopDefault: true });
+  const { defineServerAuth } = await import('../dist/runtime/config.js');
+  const jiti = createJiti(import.meta.url, { interopDefault: true, moduleCache: false });
+  const key = "defineServerAuth";
+  const g = globalThis;
+  if (!g[key]) {
+    defineServerAuth._count = 0;
+    g[key] = defineServerAuth;
+  }
+  g[key]._count++;
   try {
     const mod = await jiti.import(configPath);
     const configFn = typeof mod === "object" && mod !== null && "default" in mod ? mod.default : mod;
@@ -179,6 +187,11 @@ async function loadUserAuthConfig(configPath, throwOnError = false) {
     }
     consola$1.error("[@onmax/nuxt-better-auth] Failed to load auth config for schema generation. Schema may be incomplete:", error);
     return {};
+  } finally {
+    g[key]._count--;
+    if (!g[key]._count) {
+      delete g[key];
+    }
   }
 }
 
@@ -200,6 +213,7 @@ const consola = consola$1.withTag("nuxt-better-auth");
 const module$1 = defineNuxtModule({
   meta: { name: "@onmax/nuxt-better-auth", configKey: "auth", compatibility: { nuxt: ">=3.0.0" } },
   defaults: {
+    clientOnly: false,
     serverConfig: "server/auth.config",
     clientConfig: "app/auth.config",
     redirects: { login: "/login", guest: "/" },
@@ -207,44 +221,63 @@ const module$1 = defineNuxtModule({
   },
   async setup(options, nuxt) {
     const resolver = createResolver(import.meta.url);
+    const clientOnly = options.clientOnly;
     const serverConfigFile = options.serverConfig;
     const clientConfigFile = options.clientConfig;
     const serverConfigPath = resolver.resolve(nuxt.options.rootDir, serverConfigFile);
     const clientConfigPath = resolver.resolve(nuxt.options.rootDir, clientConfigFile);
     const serverConfigExists = existsSync(`${serverConfigPath}.ts`) || existsSync(`${serverConfigPath}.js`);
     const clientConfigExists = existsSync(`${clientConfigPath}.ts`) || existsSync(`${clientConfigPath}.js`);
-    if (!serverConfigExists)
+    if (!clientOnly && !serverConfigExists)
       throw new Error(`[nuxt-better-auth] Missing ${serverConfigFile}.ts - create with defineServerAuth()`);
     if (!clientConfigExists)
       throw new Error(`[nuxt-better-auth] Missing ${clientConfigFile}.ts - export createAppAuthClient()`);
     const hasNuxtHub = hasNuxtModule("@nuxthub/core", nuxt);
     const hub = hasNuxtHub ? nuxt.options.hub : void 0;
-    const hasHubDb = hasNuxtHub && !!hub?.db;
+    const hasHubDb = !clientOnly && hasNuxtHub && !!hub?.db;
     let secondaryStorageEnabled = options.secondaryStorage ?? false;
-    if (secondaryStorageEnabled && (!hasNuxtHub || !hub?.kv)) {
+    if (secondaryStorageEnabled && clientOnly) {
+      consola.warn("secondaryStorage is not available in clientOnly mode. Disabling.");
+      secondaryStorageEnabled = false;
+    } else if (secondaryStorageEnabled && (!hasNuxtHub || !hub?.kv)) {
       consola.warn("secondaryStorage requires @nuxthub/core with hub.kv: true. Disabling.");
       secondaryStorageEnabled = false;
     }
     nuxt.options.runtimeConfig.public = nuxt.options.runtimeConfig.public || {};
     nuxt.options.runtimeConfig.public.auth = defu(nuxt.options.runtimeConfig.public.auth, {
       redirects: { login: options.redirects?.login ?? "/login", guest: options.redirects?.guest ?? "/" },
-      useDatabase: hasHubDb
+      useDatabase: hasHubDb,
+      clientOnly
     });
-    const betterAuthSecret = process.env.BETTER_AUTH_SECRET || process.env.NUXT_BETTER_AUTH_SECRET || nuxt.options.runtimeConfig.betterAuthSecret || "";
-    if (!nuxt.options.dev && !betterAuthSecret) {
-      throw new Error("[nuxt-better-auth] BETTER_AUTH_SECRET is required in production. Set BETTER_AUTH_SECRET or NUXT_BETTER_AUTH_SECRET environment variable.");
+    if (clientOnly) {
+      const siteUrl = process.env.NUXT_PUBLIC_SITE_URL || nuxt.options.runtimeConfig.public.siteUrl;
+      if (!siteUrl) {
+        consola.warn("clientOnly mode: NUXT_PUBLIC_SITE_URL should be set to your frontend URL");
+      }
+      consola.info("clientOnly mode enabled - server utilities (serverAuth, getUserSession, requireUserSession) are not available");
     }
-    if (betterAuthSecret && betterAuthSecret.length < 32) {
-      throw new Error("[nuxt-better-auth] BETTER_AUTH_SECRET must be at least 32 characters for security");
+    if (!clientOnly) {
+      const betterAuthSecret = process.env.BETTER_AUTH_SECRET || process.env.NUXT_BETTER_AUTH_SECRET || nuxt.options.runtimeConfig.betterAuthSecret || "";
+      if (!nuxt.options.dev && !betterAuthSecret) {
+        throw new Error("[nuxt-better-auth] BETTER_AUTH_SECRET is required in production. Set BETTER_AUTH_SECRET or NUXT_BETTER_AUTH_SECRET environment variable.");
+      }
+      if (betterAuthSecret && betterAuthSecret.length < 32) {
+        throw new Error("[nuxt-better-auth] BETTER_AUTH_SECRET must be at least 32 characters for security");
+      }
+      nuxt.options.runtimeConfig.betterAuthSecret = betterAuthSecret;
+      nuxt.options.runtimeConfig.auth = defu(nuxt.options.runtimeConfig.auth, {
+        secondaryStorage: secondaryStorageEnabled
+      });
     }
-    nuxt.options.runtimeConfig.betterAuthSecret = betterAuthSecret;
-    nuxt.options.runtimeConfig.auth = defu(nuxt.options.runtimeConfig.auth, {
-      secondaryStorage: secondaryStorageEnabled
-    });
     nuxt.options.alias["#nuxt-better-auth"] = resolver.resolve("./runtime/types/augment");
-    nuxt.options.alias["#auth/server"] = serverConfigPath;
+    if (!clientOnly)
+      nuxt.options.alias["#auth/server"] = serverConfigPath;
     nuxt.options.alias["#auth/client"] = clientConfigPath;
-    const secondaryStorageCode = secondaryStorageEnabled ? `import { kv } from '../hub/kv.mjs'
+    if (!clientOnly) {
+      if (secondaryStorageEnabled && !nuxt.options.alias["hub:kv"]) {
+        throw new Error("[nuxt-better-auth] hub:kv not found. Ensure @nuxthub/core is loaded before this module and hub.kv is enabled.");
+      }
+      const secondaryStorageCode = secondaryStorageEnabled ? `import { kv } from '../hub/kv.mjs'
 export function createSecondaryStorage() {
   return {
     get: async (key) => kv.get(\`_auth:\${key}\`),
@@ -252,21 +285,24 @@ export function createSecondaryStorage() {
     delete: async (key) => kv.del(\`_auth:\${key}\`),
   }
 }` : `export function createSecondaryStorage() { return undefined }`;
-    const secondaryStorageTemplate = addTemplate({ filename: "better-auth/secondary-storage.mjs", getContents: () => secondaryStorageCode, write: true });
-    nuxt.options.alias["#auth/secondary-storage"] = secondaryStorageTemplate.dst;
-    const hubDialect = getHubDialect(hub) ?? "sqlite";
-    const databaseCode = hasHubDb ? `import { db, schema } from '../hub/db.mjs'
+      const secondaryStorageTemplate = addTemplate({ filename: "better-auth/secondary-storage.mjs", getContents: () => secondaryStorageCode, write: true });
+      nuxt.options.alias["#auth/secondary-storage"] = secondaryStorageTemplate.dst;
+      if (hasHubDb && !nuxt.options.alias["hub:db"]) {
+        throw new Error("[nuxt-better-auth] hub:db not found. Ensure @nuxthub/core is loaded before this module and hub.db is configured.");
+      }
+      const hubDialect = getHubDialect(hub) ?? "sqlite";
+      const databaseCode = hasHubDb ? `import { db, schema } from '../hub/db.mjs'
 import { drizzleAdapter } from 'better-auth/adapters/drizzle'
 const rawDialect = '${hubDialect}'
 const dialect = rawDialect === 'postgresql' ? 'pg' : rawDialect
 export function createDatabase() { return drizzleAdapter(db, { provider: dialect, schema }) }
 export { db }` : `export function createDatabase() { return undefined }
 export const db = undefined`;
-    const databaseTemplate = addTemplate({ filename: "better-auth/database.mjs", getContents: () => databaseCode, write: true });
-    nuxt.options.alias["#auth/database"] = databaseTemplate.dst;
-    addTypeTemplate({
-      filename: "types/auth-secondary-storage.d.ts",
-      getContents: () => `
+      const databaseTemplate = addTemplate({ filename: "better-auth/database.mjs", getContents: () => databaseCode, write: true });
+      nuxt.options.alias["#auth/database"] = databaseTemplate.dst;
+      addTypeTemplate({
+        filename: "types/auth-secondary-storage.d.ts",
+        getContents: () => `
 declare module '#auth/secondary-storage' {
   interface SecondaryStorage {
     get: (key: string) => Promise<string | null>
@@ -276,28 +312,21 @@ declare module '#auth/secondary-storage' {
   export function createSecondaryStorage(): SecondaryStorage | undefined
 }
 `
-    });
-    addTypeTemplate({
-      filename: "types/auth-database.d.ts",
-      getContents: () => `
+      });
+      addTypeTemplate({
+        filename: "types/auth-database.d.ts",
+        getContents: () => `
 declare module '#auth/database' {
   import type { drizzleAdapter } from 'better-auth/adapters/drizzle'
   export function createDatabase(): ReturnType<typeof drizzleAdapter> | undefined
   export const db: unknown
 }
 `
-    });
-    addTypeTemplate({
-      filename: "types/nuxt-better-auth.d.ts",
-      getContents: () => `
-export * from '${resolver.resolve("./runtime/types/augment")}'
-export type { AuthMeta, AuthMode, AuthRouteRules, UserMatch, RequireSessionOptions, Auth, InferUser, InferSession } from '${resolver.resolve("./runtime/types")}'
-`
-    });
-    addTypeTemplate({
-      filename: "types/nuxt-better-auth-infer.d.ts",
-      getContents: () => `
-import type { InferUser, InferSession } from 'better-auth'
+      });
+      addTypeTemplate({
+        filename: "types/nuxt-better-auth-infer.d.ts",
+        getContents: () => `
+import type { InferUser, InferSession, InferPluginTypes } from 'better-auth'
 import type { RuntimeConfig } from 'nuxt/schema'
 import type configFn from '${serverConfigPath}'
 
@@ -305,12 +334,55 @@ type _Config = ReturnType<typeof configFn>
 
 declare module '#nuxt-better-auth' {
   interface AuthUser extends InferUser<_Config> {}
-  interface AuthSession { session: InferSession<_Config>['session'], user: InferUser<_Config> }
+  interface AuthSession extends InferSession<_Config> {}
   interface ServerAuthContext {
     runtimeConfig: RuntimeConfig
     ${hasHubDb ? `db: typeof import('hub:db')['db']` : ""}
   }
+  type PluginTypes = InferPluginTypes<_Config>
+}
+
+// Augment the config module to use the extended ServerAuthContext
+interface _AugmentedServerAuthContext {
+  runtimeConfig: RuntimeConfig
+  ${hasHubDb ? `db: typeof import('hub:db')['db']` : "db: unknown"}
+}
+
+declare module '@onmax/nuxt-better-auth/config' {
+  import type { BetterAuthOptions } from 'better-auth'
+  type ServerAuthConfig = Omit<BetterAuthOptions, 'database' | 'secret' | 'baseURL'>
+  export function defineServerAuth<T extends ServerAuthConfig>(config: (ctx: _AugmentedServerAuthContext) => T): (ctx: _AugmentedServerAuthContext) => T
 }
+`
+      });
+      addTypeTemplate({
+        filename: "types/nuxt-better-auth-nitro.d.ts",
+        getContents: () => `
+declare module 'nitropack' {
+  interface NitroRouteRules {
+    auth?: import('${resolver.resolve("./runtime/types")}').AuthMeta
+  }
+  interface NitroRouteConfig {
+    auth?: import('${resolver.resolve("./runtime/types")}').AuthMeta
+  }
+}
+declare module 'nitropack/types' {
+  interface NitroRouteRules {
+    auth?: import('${resolver.resolve("./runtime/types")}').AuthMeta
+  }
+  interface NitroRouteConfig {
+    auth?: import('${resolver.resolve("./runtime/types")}').AuthMeta
+  }
+}
+export {}
+`
+      }, { nuxt: true, nitro: true, node: true });
+    }
+    addTypeTemplate({
+      filename: "types/nuxt-better-auth.d.ts",
+      getContents: () => `
+export * from '${resolver.resolve("./runtime/types/augment")}'
+export type { AuthMeta, AuthMode, AuthRouteRules, UserMatch, RequireSessionOptions, Auth, InferUser, InferSession } from '${resolver.resolve("./runtime/types")}'
 `
     });
     addTypeTemplate({
@@ -320,16 +392,6 @@ import type { createAppAuthClient } from '${clientConfigPath}'
 declare module '#nuxt-better-auth' {
   export type AppAuthClient = ReturnType<typeof createAppAuthClient>
 }
-`
-    });
-    addTypeTemplate({
-      filename: "types/nuxt-better-auth-nitro.d.ts",
-      getContents: () => `
-declare module 'nitropack/types' {
-  interface NitroRouteRules {
-    auth?: import('${resolver.resolve("./runtime/types")}').AuthMeta
-  }
-}
 `
     });
     nuxt.hook("builder:watch", async (_event, relativePath) => {
@@ -337,12 +399,16 @@ declare module 'nitropack/types' {
         await updateTemplates({ filter: (t) => t.filename.includes("nuxt-better-auth") });
       }
     });
-    addServerImportsDir(resolver.resolve("./runtime/server/utils"));
-    addServerScanDir(resolver.resolve("./runtime/server/middleware"));
-    addServerHandler({ route: "/api/auth/**", handler: resolver.resolve("./runtime/server/api/auth/[...all]") });
+    if (!clientOnly) {
+      addServerImportsDir(resolver.resolve("./runtime/server/utils"));
+      addServerImports([{ name: "defineServerAuth", from: resolver.resolve("./runtime/config") }]);
+      addServerScanDir(resolver.resolve("./runtime/server/middleware"));
+      addServerHandler({ route: "/api/auth/**", handler: resolver.resolve("./runtime/server/api/auth/[...all]") });
+    }
     addImportsDir(resolver.resolve("./runtime/app/composables"));
     addImportsDir(resolver.resolve("./runtime/utils"));
-    addPlugin({ src: resolver.resolve("./runtime/app/plugins/session.server"), mode: "server" });
+    if (!clientOnly)
+      addPlugin({ src: resolver.resolve("./runtime/app/plugins/session.server"), mode: "server" });
     addPlugin({ src: resolver.resolve("./runtime/app/plugins/session.client"), mode: "client" });
     addComponentsDir({ path: resolver.resolve("./runtime/app/components") });
     nuxt.hook("app:resolve", (app) => {
@@ -352,7 +418,7 @@ declare module 'nitropack/types' {
       await setupBetterAuthSchema(nuxt, serverConfigPath, options);
     }
     const isProduction = process.env.NODE_ENV === "production" || !nuxt.options.dev;
-    if (!isProduction) {
+    if (!isProduction && !clientOnly) {
       setupDevTools(nuxt);
       addServerHandler({ route: "/api/_better-auth/config", method: "get", handler: resolver.resolve("./runtime/server/api/_better-auth/config.get") });
       if (hasHubDb) {

package/dist/runtime/app/components/BetterAuthState.vue

@@ -1,4 +1,5 @@
 <script setup>
+import { useUserSession } from "#imports";
 const { loggedIn, user, session, signOut, ready } = useUserSession();
 </script>
 

package/dist/runtime/app/plugins/session.client.js

@@ -1,5 +1,4 @@
-import { defineNuxtPlugin } from "#imports";
-import { useUserSession } from "../composables/useUserSession.js";
+import { defineNuxtPlugin, useUserSession } from "#imports";
 export default defineNuxtPlugin(async (nuxtApp) => {
   const { fetchSession } = useUserSession();
   const safeFetch = async () => {

package/dist/runtime/config.d.ts

@@ -13,6 +13,8 @@ type ClientAuthConfig = Omit<ClientOptions, 'baseURL'> & {
 export type ServerAuthConfigFn = (ctx: ServerAuthContext) => ServerAuthConfig;
 export type ClientAuthConfigFn = (ctx: ClientAuthContext) => ClientAuthConfig;
 export interface BetterAuthModuleOptions {
+    /** Client-only mode - skip server setup for external auth backends */
+    clientOnly?: boolean;
     /** Server config path relative to rootDir. Default: 'server/auth.config' */
     serverConfig?: string;
     /** Client config path relative to rootDir. Default: 'app/auth.config' */
@@ -36,6 +38,8 @@ export interface AuthRuntimeConfig {
         login: string;
         guest: string;
     };
+    useDatabase: boolean;
+    clientOnly: boolean;
 }
 export interface AuthPrivateRuntimeConfig {
     secondaryStorage: boolean;

package/dist/runtime/server/api/_better-auth/config.get.js

@@ -1,9 +1,9 @@
 import { defineEventHandler } from "h3";
 import { useRuntimeConfig } from "nitropack/runtime";
 import { serverAuth } from "../../utils/auth.js";
-export default defineEventHandler(async (event) => {
+export default defineEventHandler(async () => {
   try {
-    const auth = await serverAuth(event);
+    const auth = serverAuth();
     const options = auth.options;
     const runtimeConfig = useRuntimeConfig();
     const publicAuth = runtimeConfig.public?.auth;

package/dist/runtime/server/api/auth/[...all].js

@@ -1,6 +1,6 @@
 import { defineEventHandler, toWebRequest } from "h3";
 import { serverAuth } from "../../utils/auth.js";
 export default defineEventHandler(async (event) => {
-  const auth = await serverAuth(event);
+  const auth = serverAuth();
   return auth.handler(toWebRequest(event));
 });

package/dist/runtime/server/utils/auth.d.ts

@@ -1,11 +1,5 @@
 import type { Auth } from 'better-auth';
-import type { H3Event } from 'h3';
 import createServerAuth from '#auth/server';
 type AuthInstance = Auth<ReturnType<typeof createServerAuth>>;
-declare module 'h3' {
-    interface H3EventContext {
-        _betterAuth?: AuthInstance;
-    }
-}
-export declare function serverAuth(event: H3Event): Promise<AuthInstance>;
+export declare function serverAuth(): AuthInstance;
 export {};

package/dist/runtime/server/utils/auth.js

@@ -2,31 +2,23 @@ import { createDatabase, db } from "#auth/database";
 import { createSecondaryStorage } from "#auth/secondary-storage";
 import createServerAuth from "#auth/server";
 import { betterAuth } from "better-auth";
-import { consola } from "consola";
-import { getRequestURL } from "h3";
 import { useRuntimeConfig } from "nitropack/runtime";
-const logger = consola.withTag("nuxt-better-auth");
-function getBaseURL(event, siteUrl) {
-  if (siteUrl)
-    return siteUrl;
-  const origin = getRequestURL(event).origin;
-  if (process.env.NODE_ENV === "production")
-    throw new Error("siteUrl must be configured in production. Set NUXT_PUBLIC_SITE_URL or configure in nuxt.config.");
-  logger.warn("siteUrl not set, auto-detected:", origin);
-  return origin;
-}
-export async function serverAuth(event) {
-  if (event.context._betterAuth)
-    return event.context._betterAuth;
+let _auth = null;
+export function serverAuth() {
+  if (_auth)
+    return _auth;
   const runtimeConfig = useRuntimeConfig();
+  const siteUrl = runtimeConfig.public.siteUrl;
+  if (!siteUrl)
+    throw new Error("siteUrl must be configured. Set NUXT_PUBLIC_SITE_URL or configure in nuxt.config.");
   const database = createDatabase();
   const userConfig = createServerAuth({ runtimeConfig, db });
-  event.context._betterAuth = betterAuth({
+  _auth = betterAuth({
     ...userConfig,
     ...database && { database },
     secondaryStorage: createSecondaryStorage(),
     secret: runtimeConfig.betterAuthSecret,
-    baseURL: getBaseURL(event, runtimeConfig.public.siteUrl)
+    baseURL: siteUrl
   });
-  return event.context._betterAuth;
+  return _auth;
 }

package/dist/runtime/server/utils/session.js

@@ -2,7 +2,7 @@ import { createError } from "h3";
 import { matchesUser } from "../../utils/match-user.js";
 import { serverAuth } from "./auth.js";
 export async function getUserSession(event) {
-  const auth = await serverAuth(event);
+  const auth = serverAuth();
   const session = await auth.api.getSession({ headers: event.headers });
   return session;
 }

package/dist/runtime/types.d.ts

@@ -1,7 +1,7 @@
 import type { NitroRouteRules } from 'nitropack/types';
 import type { AuthSession, AuthUser } from './types/augment.js';
 export type { AuthSession, AuthUser, ServerAuthContext, UserSessionComposable } from './types/augment.js';
-export type { Auth, InferSession, InferUser } from 'better-auth';
+export type { Auth, InferPluginTypes, InferSession, InferUser } from 'better-auth';
 export type AuthMode = 'guest' | 'user';
 export type UserMatch<T> = {
     [K in keyof T]?: T[K] | T[K][];

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@onmax/nuxt-better-auth",
   "type": "module",
-  "version": "0.0.2-alpha.10",
+  "version": "0.0.2-alpha.12",
   "packageManager": "pnpm@10.15.1",
   "description": "Nuxt module for Better Auth integration with NuxtHub, route protection, session management, and role-based access",
   "author": "onmax",