@onmax/nuxt-better-auth 0.0.2-alpha.11 → 0.0.2-alpha.13

package/dist/module.json

@@ -4,7 +4,7 @@
   "compatibility": {
     "nuxt": ">=3.0.0"
   },
-  "version": "0.0.2-alpha.11",
+  "version": "0.0.2-alpha.13",
   "builder": {
     "@nuxt/module-builder": "1.0.2",
     "unbuild": "3.6.1"

package/dist/module.mjs

@@ -213,6 +213,7 @@ const consola = consola$1.withTag("nuxt-better-auth");
 const module$1 = defineNuxtModule({
   meta: { name: "@onmax/nuxt-better-auth", configKey: "auth", compatibility: { nuxt: ">=3.0.0" } },
   defaults: {
+    clientOnly: false,
     serverConfig: "server/auth.config",
     clientConfig: "app/auth.config",
     redirects: { login: "/login", guest: "/" },
@@ -220,47 +221,63 @@ const module$1 = defineNuxtModule({
   },
   async setup(options, nuxt) {
     const resolver = createResolver(import.meta.url);
+    const clientOnly = options.clientOnly;
     const serverConfigFile = options.serverConfig;
     const clientConfigFile = options.clientConfig;
     const serverConfigPath = resolver.resolve(nuxt.options.rootDir, serverConfigFile);
     const clientConfigPath = resolver.resolve(nuxt.options.rootDir, clientConfigFile);
     const serverConfigExists = existsSync(`${serverConfigPath}.ts`) || existsSync(`${serverConfigPath}.js`);
     const clientConfigExists = existsSync(`${clientConfigPath}.ts`) || existsSync(`${clientConfigPath}.js`);
-    if (!serverConfigExists)
+    if (!clientOnly && !serverConfigExists)
       throw new Error(`[nuxt-better-auth] Missing ${serverConfigFile}.ts - create with defineServerAuth()`);
     if (!clientConfigExists)
       throw new Error(`[nuxt-better-auth] Missing ${clientConfigFile}.ts - export createAppAuthClient()`);
     const hasNuxtHub = hasNuxtModule("@nuxthub/core", nuxt);
     const hub = hasNuxtHub ? nuxt.options.hub : void 0;
-    const hasHubDb = hasNuxtHub && !!hub?.db;
+    const hasHubDb = !clientOnly && hasNuxtHub && !!hub?.db;
     let secondaryStorageEnabled = options.secondaryStorage ?? false;
-    if (secondaryStorageEnabled && (!hasNuxtHub || !hub?.kv)) {
+    if (secondaryStorageEnabled && clientOnly) {
+      consola.warn("secondaryStorage is not available in clientOnly mode. Disabling.");
+      secondaryStorageEnabled = false;
+    } else if (secondaryStorageEnabled && (!hasNuxtHub || !hub?.kv)) {
       consola.warn("secondaryStorage requires @nuxthub/core with hub.kv: true. Disabling.");
       secondaryStorageEnabled = false;
     }
     nuxt.options.runtimeConfig.public = nuxt.options.runtimeConfig.public || {};
     nuxt.options.runtimeConfig.public.auth = defu(nuxt.options.runtimeConfig.public.auth, {
       redirects: { login: options.redirects?.login ?? "/login", guest: options.redirects?.guest ?? "/" },
-      useDatabase: hasHubDb
+      useDatabase: hasHubDb,
+      clientOnly
     });
-    const betterAuthSecret = process.env.BETTER_AUTH_SECRET || process.env.NUXT_BETTER_AUTH_SECRET || nuxt.options.runtimeConfig.betterAuthSecret || "";
-    if (!nuxt.options.dev && !betterAuthSecret) {
-      throw new Error("[nuxt-better-auth] BETTER_AUTH_SECRET is required in production. Set BETTER_AUTH_SECRET or NUXT_BETTER_AUTH_SECRET environment variable.");
+    if (clientOnly) {
+      const siteUrl = process.env.NUXT_PUBLIC_SITE_URL || nuxt.options.runtimeConfig.public.siteUrl;
+      if (!siteUrl) {
+        consola.warn("clientOnly mode: NUXT_PUBLIC_SITE_URL should be set to your frontend URL");
+      }
+      consola.info("clientOnly mode enabled - server utilities (serverAuth, getUserSession, requireUserSession) are not available");
     }
-    if (betterAuthSecret && betterAuthSecret.length < 32) {
-      throw new Error("[nuxt-better-auth] BETTER_AUTH_SECRET must be at least 32 characters for security");
+    if (!clientOnly) {
+      const betterAuthSecret = process.env.BETTER_AUTH_SECRET || process.env.NUXT_BETTER_AUTH_SECRET || nuxt.options.runtimeConfig.betterAuthSecret || "";
+      if (!nuxt.options.dev && !betterAuthSecret) {
+        throw new Error("[nuxt-better-auth] BETTER_AUTH_SECRET is required in production. Set BETTER_AUTH_SECRET or NUXT_BETTER_AUTH_SECRET environment variable.");
+      }
+      if (betterAuthSecret && betterAuthSecret.length < 32) {
+        throw new Error("[nuxt-better-auth] BETTER_AUTH_SECRET must be at least 32 characters for security");
+      }
+      nuxt.options.runtimeConfig.betterAuthSecret = betterAuthSecret;
+      nuxt.options.runtimeConfig.auth = defu(nuxt.options.runtimeConfig.auth, {
+        secondaryStorage: secondaryStorageEnabled
+      });
     }
-    nuxt.options.runtimeConfig.betterAuthSecret = betterAuthSecret;
-    nuxt.options.runtimeConfig.auth = defu(nuxt.options.runtimeConfig.auth, {
-      secondaryStorage: secondaryStorageEnabled
-    });
     nuxt.options.alias["#nuxt-better-auth"] = resolver.resolve("./runtime/types/augment");
-    nuxt.options.alias["#auth/server"] = serverConfigPath;
+    if (!clientOnly)
+      nuxt.options.alias["#auth/server"] = serverConfigPath;
     nuxt.options.alias["#auth/client"] = clientConfigPath;
-    if (secondaryStorageEnabled && !nuxt.options.alias["hub:kv"]) {
-      throw new Error("[nuxt-better-auth] hub:kv not found. Ensure @nuxthub/core is loaded before this module and hub.kv is enabled.");
-    }
-    const secondaryStorageCode = secondaryStorageEnabled ? `import { kv } from '../hub/kv.mjs'
+    if (!clientOnly) {
+      if (secondaryStorageEnabled && !nuxt.options.alias["hub:kv"]) {
+        throw new Error("[nuxt-better-auth] hub:kv not found. Ensure @nuxthub/core is loaded before this module and hub.kv is enabled.");
+      }
+      const secondaryStorageCode = secondaryStorageEnabled ? `import { kv } from '../hub/kv.mjs'
 export function createSecondaryStorage() {
   return {
     get: async (key) => kv.get(\`_auth:\${key}\`),
@@ -268,24 +285,24 @@ export function createSecondaryStorage() {
     delete: async (key) => kv.del(\`_auth:\${key}\`),
   }
 }` : `export function createSecondaryStorage() { return undefined }`;
-    const secondaryStorageTemplate = addTemplate({ filename: "better-auth/secondary-storage.mjs", getContents: () => secondaryStorageCode, write: true });
-    nuxt.options.alias["#auth/secondary-storage"] = secondaryStorageTemplate.dst;
-    if (hasHubDb && !nuxt.options.alias["hub:db"]) {
-      throw new Error("[nuxt-better-auth] hub:db not found. Ensure @nuxthub/core is loaded before this module and hub.db is configured.");
-    }
-    const hubDialect = getHubDialect(hub) ?? "sqlite";
-    const databaseCode = hasHubDb ? `import { db, schema } from '../hub/db.mjs'
+      const secondaryStorageTemplate = addTemplate({ filename: "better-auth/secondary-storage.mjs", getContents: () => secondaryStorageCode, write: true });
+      nuxt.options.alias["#auth/secondary-storage"] = secondaryStorageTemplate.dst;
+      if (hasHubDb && !nuxt.options.alias["hub:db"]) {
+        throw new Error("[nuxt-better-auth] hub:db not found. Ensure @nuxthub/core is loaded before this module and hub.db is configured.");
+      }
+      const hubDialect = getHubDialect(hub) ?? "sqlite";
+      const databaseCode = hasHubDb ? `import { db, schema } from '../hub/db.mjs'
 import { drizzleAdapter } from 'better-auth/adapters/drizzle'
 const rawDialect = '${hubDialect}'
 const dialect = rawDialect === 'postgresql' ? 'pg' : rawDialect
 export function createDatabase() { return drizzleAdapter(db, { provider: dialect, schema }) }
 export { db }` : `export function createDatabase() { return undefined }
 export const db = undefined`;
-    const databaseTemplate = addTemplate({ filename: "better-auth/database.mjs", getContents: () => databaseCode, write: true });
-    nuxt.options.alias["#auth/database"] = databaseTemplate.dst;
-    addTypeTemplate({
-      filename: "types/auth-secondary-storage.d.ts",
-      getContents: () => `
+      const databaseTemplate = addTemplate({ filename: "better-auth/database.mjs", getContents: () => databaseCode, write: true });
+      nuxt.options.alias["#auth/database"] = databaseTemplate.dst;
+      addTypeTemplate({
+        filename: "types/auth-secondary-storage.d.ts",
+        getContents: () => `
 declare module '#auth/secondary-storage' {
   interface SecondaryStorage {
     get: (key: string) => Promise<string | null>
@@ -295,28 +312,21 @@ declare module '#auth/secondary-storage' {
   export function createSecondaryStorage(): SecondaryStorage | undefined
 }
 `
-    });
-    addTypeTemplate({
-      filename: "types/auth-database.d.ts",
-      getContents: () => `
+      }, { nitro: true, node: true });
+      addTypeTemplate({
+        filename: "types/auth-database.d.ts",
+        getContents: () => `
 declare module '#auth/database' {
   import type { drizzleAdapter } from 'better-auth/adapters/drizzle'
   export function createDatabase(): ReturnType<typeof drizzleAdapter> | undefined
   export const db: unknown
 }
 `
-    });
-    addTypeTemplate({
-      filename: "types/nuxt-better-auth.d.ts",
-      getContents: () => `
-export * from '${resolver.resolve("./runtime/types/augment")}'
-export type { AuthMeta, AuthMode, AuthRouteRules, UserMatch, RequireSessionOptions, Auth, InferUser, InferSession } from '${resolver.resolve("./runtime/types")}'
-`
-    });
-    addTypeTemplate({
-      filename: "types/nuxt-better-auth-infer.d.ts",
-      getContents: () => `
-import type { InferUser, InferSession } from 'better-auth'
+      }, { nitro: true, node: true });
+      addTypeTemplate({
+        filename: "types/nuxt-better-auth-infer.d.ts",
+        getContents: () => `
+import type { InferUser, InferSession, InferPluginTypes } from 'better-auth'
 import type { RuntimeConfig } from 'nuxt/schema'
 import type configFn from '${serverConfigPath}'
 
@@ -324,11 +334,12 @@ type _Config = ReturnType<typeof configFn>
 
 declare module '#nuxt-better-auth' {
   interface AuthUser extends InferUser<_Config> {}
-  interface AuthSession { session: InferSession<_Config>['session'], user: InferUser<_Config> }
+  interface AuthSession extends InferSession<_Config> {}
   interface ServerAuthContext {
     runtimeConfig: RuntimeConfig
     ${hasHubDb ? `db: typeof import('hub:db')['db']` : ""}
   }
+  type PluginTypes = InferPluginTypes<_Config>
 }
 
 // Augment the config module to use the extended ServerAuthContext
@@ -343,19 +354,10 @@ declare module '@onmax/nuxt-better-auth/config' {
   export function defineServerAuth<T extends ServerAuthConfig>(config: (ctx: _AugmentedServerAuthContext) => T): (ctx: _AugmentedServerAuthContext) => T
 }
 `
-    });
-    addTypeTemplate({
-      filename: "types/nuxt-better-auth-client.d.ts",
-      getContents: () => `
-import type { createAppAuthClient } from '${clientConfigPath}'
-declare module '#nuxt-better-auth' {
-  export type AppAuthClient = ReturnType<typeof createAppAuthClient>
-}
-`
-    });
-    addTypeTemplate({
-      filename: "types/nuxt-better-auth-nitro.d.ts",
-      getContents: () => `
+      }, { nuxt: true, nitro: true, node: true });
+      addTypeTemplate({
+        filename: "types/nuxt-better-auth-nitro.d.ts",
+        getContents: () => `
 declare module 'nitropack' {
   interface NitroRouteRules {
     auth?: import('${resolver.resolve("./runtime/types")}').AuthMeta
@@ -374,19 +376,39 @@ declare module 'nitropack/types' {
 }
 export {}
 `
-    }, { nuxt: true, nitro: true, node: true });
+      }, { nuxt: true, nitro: true, node: true });
+    }
+    addTypeTemplate({
+      filename: "types/nuxt-better-auth.d.ts",
+      getContents: () => `
+export * from '${resolver.resolve("./runtime/types/augment")}'
+export type { AuthMeta, AuthMode, AuthRouteRules, UserMatch, RequireSessionOptions, Auth, InferUser, InferSession } from '${resolver.resolve("./runtime/types")}'
+`
+    });
+    addTypeTemplate({
+      filename: "types/nuxt-better-auth-client.d.ts",
+      getContents: () => `
+import type { createAppAuthClient } from '${clientConfigPath}'
+declare module '#nuxt-better-auth' {
+  export type AppAuthClient = ReturnType<typeof createAppAuthClient>
+}
+`
+    });
     nuxt.hook("builder:watch", async (_event, relativePath) => {
       if (relativePath.includes("auth.config")) {
         await updateTemplates({ filter: (t) => t.filename.includes("nuxt-better-auth") });
       }
     });
-    addServerImportsDir(resolver.resolve("./runtime/server/utils"));
-    addServerImports([{ name: "defineServerAuth", from: resolver.resolve("./runtime/config") }]);
-    addServerScanDir(resolver.resolve("./runtime/server/middleware"));
-    addServerHandler({ route: "/api/auth/**", handler: resolver.resolve("./runtime/server/api/auth/[...all]") });
+    if (!clientOnly) {
+      addServerImportsDir(resolver.resolve("./runtime/server/utils"));
+      addServerImports([{ name: "defineServerAuth", from: resolver.resolve("./runtime/config") }]);
+      addServerScanDir(resolver.resolve("./runtime/server/middleware"));
+      addServerHandler({ route: "/api/auth/**", handler: resolver.resolve("./runtime/server/api/auth/[...all]") });
+    }
     addImportsDir(resolver.resolve("./runtime/app/composables"));
     addImportsDir(resolver.resolve("./runtime/utils"));
-    addPlugin({ src: resolver.resolve("./runtime/app/plugins/session.server"), mode: "server" });
+    if (!clientOnly)
+      addPlugin({ src: resolver.resolve("./runtime/app/plugins/session.server"), mode: "server" });
     addPlugin({ src: resolver.resolve("./runtime/app/plugins/session.client"), mode: "client" });
     addComponentsDir({ path: resolver.resolve("./runtime/app/components") });
     nuxt.hook("app:resolve", (app) => {
@@ -396,7 +418,7 @@ export {}
       await setupBetterAuthSchema(nuxt, serverConfigPath, options);
     }
     const isProduction = process.env.NODE_ENV === "production" || !nuxt.options.dev;
-    if (!isProduction) {
+    if (!isProduction && !clientOnly) {
       setupDevTools(nuxt);
       addServerHandler({ route: "/api/_better-auth/config", method: "get", handler: resolver.resolve("./runtime/server/api/_better-auth/config.get") });
       if (hasHubDb) {

package/dist/runtime/app/components/BetterAuthState.vue

@@ -1,4 +1,5 @@
 <script setup>
+import { useUserSession } from "#imports";
 const { loggedIn, user, session, signOut, ready } = useUserSession();
 </script>
 

package/dist/runtime/app/plugins/session.client.js

@@ -1,5 +1,4 @@
-import { defineNuxtPlugin } from "#imports";
-import { useUserSession } from "../composables/useUserSession.js";
+import { defineNuxtPlugin, useUserSession } from "#imports";
 export default defineNuxtPlugin(async (nuxtApp) => {
   const { fetchSession } = useUserSession();
   const safeFetch = async () => {

package/dist/runtime/config.d.ts

@@ -13,6 +13,8 @@ type ClientAuthConfig = Omit<ClientOptions, 'baseURL'> & {
 export type ServerAuthConfigFn = (ctx: ServerAuthContext) => ServerAuthConfig;
 export type ClientAuthConfigFn = (ctx: ClientAuthContext) => ClientAuthConfig;
 export interface BetterAuthModuleOptions {
+    /** Client-only mode - skip server setup for external auth backends */
+    clientOnly?: boolean;
     /** Server config path relative to rootDir. Default: 'server/auth.config' */
     serverConfig?: string;
     /** Client config path relative to rootDir. Default: 'app/auth.config' */
@@ -36,6 +38,8 @@ export interface AuthRuntimeConfig {
         login: string;
         guest: string;
     };
+    useDatabase: boolean;
+    clientOnly: boolean;
 }
 export interface AuthPrivateRuntimeConfig {
     secondaryStorage: boolean;

package/dist/runtime/server/api/_better-auth/config.get.js

@@ -1,9 +1,9 @@
 import { defineEventHandler } from "h3";
 import { useRuntimeConfig } from "nitropack/runtime";
 import { serverAuth } from "../../utils/auth.js";
-export default defineEventHandler(async () => {
+export default defineEventHandler(async (event) => {
   try {
-    const auth = serverAuth();
+    const auth = serverAuth(event);
     const options = auth.options;
     const runtimeConfig = useRuntimeConfig();
     const publicAuth = runtimeConfig.public?.auth;

package/dist/runtime/server/api/auth/[...all].js

@@ -1,6 +1,6 @@
 import { defineEventHandler, toWebRequest } from "h3";
 import { serverAuth } from "../../utils/auth.js";
 export default defineEventHandler(async (event) => {
-  const auth = serverAuth();
+  const auth = serverAuth(event);
   return auth.handler(toWebRequest(event));
 });

package/dist/runtime/server/utils/auth.d.ts

@@ -1,5 +1,7 @@
 import type { Auth } from 'better-auth';
+import type { H3Event } from 'h3';
 import createServerAuth from '#auth/server';
 type AuthInstance = Auth<ReturnType<typeof createServerAuth>>;
-export declare function serverAuth(): AuthInstance;
+/** Returns Better Auth instance. Pass event for accurate URL detection on first call. */
+export declare function serverAuth(event?: H3Event): AuthInstance;
 export {};

package/dist/runtime/server/utils/auth.js

@@ -2,15 +2,37 @@ import { createDatabase, db } from "#auth/database";
 import { createSecondaryStorage } from "#auth/secondary-storage";
 import createServerAuth from "#auth/server";
 import { betterAuth } from "better-auth";
+import { getRequestURL } from "h3";
 import { useRuntimeConfig } from "nitropack/runtime";
 let _auth = null;
-export function serverAuth() {
+function validateURL(url) {
+  try {
+    return new URL(url).origin;
+  } catch {
+    throw new Error(`Invalid siteUrl: "${url}". Must be a valid URL.`);
+  }
+}
+function getBaseURL(event) {
+  const config = useRuntimeConfig();
+  if (config.public.siteUrl && typeof config.public.siteUrl === "string")
+    return validateURL(config.public.siteUrl);
+  if (event)
+    return getRequestURL(event).origin;
+  if (process.env.VERCEL_URL)
+    return validateURL(`https://${process.env.VERCEL_URL}`);
+  if (process.env.CF_PAGES_URL)
+    return validateURL(`https://${process.env.CF_PAGES_URL}`);
+  if (process.env.URL)
+    return validateURL(process.env.URL.startsWith("http") ? process.env.URL : `https://${process.env.URL}`);
+  if (import.meta.dev)
+    return "http://localhost:3000";
+  throw new Error("siteUrl required. Set NUXT_PUBLIC_SITE_URL.");
+}
+export function serverAuth(event) {
   if (_auth)
     return _auth;
   const runtimeConfig = useRuntimeConfig();
-  const siteUrl = runtimeConfig.public.siteUrl;
-  if (!siteUrl)
-    throw new Error("siteUrl must be configured. Set NUXT_PUBLIC_SITE_URL or configure in nuxt.config.");
+  const siteUrl = getBaseURL(event);
   const database = createDatabase();
   const userConfig = createServerAuth({ runtimeConfig, db });
   _auth = betterAuth({

package/dist/runtime/server/utils/session.js

@@ -2,7 +2,7 @@ import { createError } from "h3";
 import { matchesUser } from "../../utils/match-user.js";
 import { serverAuth } from "./auth.js";
 export async function getUserSession(event) {
-  const auth = serverAuth();
+  const auth = serverAuth(event);
   const session = await auth.api.getSession({ headers: event.headers });
   return session;
 }

package/dist/runtime/types.d.ts

@@ -1,7 +1,7 @@
 import type { NitroRouteRules } from 'nitropack/types';
 import type { AuthSession, AuthUser } from './types/augment.js';
 export type { AuthSession, AuthUser, ServerAuthContext, UserSessionComposable } from './types/augment.js';
-export type { Auth, InferSession, InferUser } from 'better-auth';
+export type { Auth, InferPluginTypes, InferSession, InferUser } from 'better-auth';
 export type AuthMode = 'guest' | 'user';
 export type UserMatch<T> = {
     [K in keyof T]?: T[K] | T[K][];

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@onmax/nuxt-better-auth",
   "type": "module",
-  "version": "0.0.2-alpha.11",
+  "version": "0.0.2-alpha.13",
   "packageManager": "pnpm@10.15.1",
   "description": "Nuxt module for Better Auth integration with NuxtHub, route protection, session management, and role-based access",
   "author": "onmax",