@onmax/nuxt-better-auth 0.0.2-alpha.14 → 0.0.2-alpha.15

package/dist/module.json

@@ -1,10 +1,10 @@
 {
   "name": "@onmax/nuxt-better-auth",
+  "version": "0.0.2-alpha.15",
   "configKey": "auth",
   "compatibility": {
     "nuxt": ">=3.0.0"
   },
-  "version": "0.0.2-alpha.14",
   "builder": {
     "@nuxt/module-builder": "1.0.2",
     "unbuild": "3.6.1"

package/dist/module.mjs

@@ -1,13 +1,17 @@
-import { existsSync } from 'node:fs';
+import { randomBytes } from 'node:crypto';
+import { existsSync, writeFileSync, readFileSync } from 'node:fs';
 import { mkdir, writeFile } from 'node:fs/promises';
-import { defineNuxtModule, createResolver, hasNuxtModule, addTemplate, addTypeTemplate, updateTemplates, addServerImportsDir, addServerImports, addServerScanDir, addServerHandler, addImportsDir, addPlugin, addComponentsDir, extendPages } from '@nuxt/kit';
+import { defineNuxtModule, createResolver, hasNuxtModule, addTemplate, addTypeTemplate, updateTemplates, addServerImportsDir, addServerImports, addServerScanDir, addServerHandler, addImportsDir, addPlugin, addComponentsDir, installModule, extendPages } from '@nuxt/kit';
 import { consola as consola$1 } from 'consola';
 import { defu } from 'defu';
-import { join } from 'pathe';
+import { join, dirname } from 'pathe';
 import { toRouteMatcher, createRouter } from 'radix3';
+import { isCI, isTest } from 'std-env';
 import { generateDrizzleSchema as generateDrizzleSchema$1 } from '@better-auth/cli/api';
 export { defineClientAuth, defineServerAuth } from '../dist/runtime/config.js';
 
+const version = "0.0.2-alpha.15";
+
 function setupDevTools(nuxt) {
   nuxt.hook("devtools:customTabs", (tabs) => {
     tabs.push({
@@ -63,11 +67,11 @@ async function loadUserAuthConfig(configPath, throwOnError = false) {
   globalThis.defineServerAuth._count++;
   try {
     const mod = await jiti.import(configPath);
-    const configFn = typeof mod === "object" && mod !== null && "default" in mod ? mod.default : mod;
+    const configFn = mod.default;
     if (typeof configFn === "function") {
       return configFn({ runtimeConfig: {}, db: null });
     }
-    consola$1.warn("[@onmax/nuxt-better-auth] auth.config.ts does not export a function. Expected: export default defineServerAuth(...)");
+    consola$1.warn("[@onmax/nuxt-better-auth] auth.config.ts does not export default. Expected: export default defineServerAuth(...)");
     if (throwOnError) {
       throw new Error("auth.config.ts must export default defineServerAuth(...)");
     }
@@ -101,8 +105,72 @@ function getHubCasing(hub) {
   return hub.db.casing;
 }
 const consola = consola$1.withTag("nuxt-better-auth");
+const generateSecret = () => randomBytes(32).toString("hex");
+function readEnvFile(rootDir) {
+  const envPath = join(rootDir, ".env");
+  return existsSync(envPath) ? readFileSync(envPath, "utf-8") : "";
+}
+function hasEnvSecret(rootDir) {
+  const match = readEnvFile(rootDir).match(/^BETTER_AUTH_SECRET=(.+)$/m);
+  return !!match && !!match[1] && match[1].trim().length > 0;
+}
+function appendSecretToEnv(rootDir, secret) {
+  const envPath = join(rootDir, ".env");
+  let content = readEnvFile(rootDir);
+  if (content.length > 0 && !content.endsWith("\n"))
+    content += "\n";
+  content += `BETTER_AUTH_SECRET=${secret}
+`;
+  writeFileSync(envPath, content, "utf-8");
+}
+async function promptForSecret(rootDir) {
+  if (process.env.BETTER_AUTH_SECRET || hasEnvSecret(rootDir))
+    return void 0;
+  if (isCI || isTest) {
+    const secret2 = generateSecret();
+    appendSecretToEnv(rootDir, secret2);
+    consola.info("Generated BETTER_AUTH_SECRET and added to .env (CI mode)");
+    return secret2;
+  }
+  consola.box("BETTER_AUTH_SECRET is required for authentication.\nThis will be appended to your .env file.");
+  const choice = await consola.prompt("How do you want to set it?", {
+    type: "select",
+    options: [
+      { label: "Generate for me", value: "generate", hint: "uses crypto.randomBytes(32)" },
+      { label: "Enter manually", value: "paste" },
+      { label: "Skip", value: "skip", hint: "will fail in production" }
+    ],
+    cancel: "null"
+  });
+  if (typeof choice === "symbol" || choice === "skip") {
+    consola.warn("Skipping BETTER_AUTH_SECRET. Auth will fail without it in production.");
+    return void 0;
+  }
+  let secret;
+  if (choice === "generate") {
+    secret = generateSecret();
+  } else {
+    const input = await consola.prompt("Paste your secret (min 32 chars):", { type: "text", cancel: "null" });
+    if (typeof input === "symbol" || !input || input.length < 32) {
+      consola.warn("Invalid secret. Skipping.");
+      return void 0;
+    }
+    secret = input;
+  }
+  const preview = `${secret.slice(0, 8)}...${secret.slice(-4)}`;
+  const confirm = await consola.prompt(`Add to .env:
+BETTER_AUTH_SECRET=${preview}
+Proceed?`, { type: "confirm", initial: true, cancel: "null" });
+  if (typeof confirm === "symbol" || !confirm) {
+    consola.info("Cancelled. Secret not written.");
+    return void 0;
+  }
+  appendSecretToEnv(rootDir, secret);
+  consola.success("Added BETTER_AUTH_SECRET to .env");
+  return secret;
+}
 const module$1 = defineNuxtModule({
-  meta: { name: "@onmax/nuxt-better-auth", configKey: "auth", compatibility: { nuxt: ">=3.0.0" } },
+  meta: { name: "@onmax/nuxt-better-auth", version, configKey: "auth", compatibility: { nuxt: ">=3.0.0" } },
   defaults: {
     clientOnly: false,
     serverConfig: "server/auth.config",
@@ -110,8 +178,40 @@ const module$1 = defineNuxtModule({
     redirects: { login: "/login", guest: "/" },
     secondaryStorage: false
   },
+  async onInstall(nuxt) {
+    const generatedSecret = await promptForSecret(nuxt.options.rootDir);
+    if (generatedSecret)
+      process.env.BETTER_AUTH_SECRET = generatedSecret;
+    const serverPath = join(nuxt.options.rootDir, "server/auth.config.ts");
+    const clientPath = join(nuxt.options.srcDir, "auth.config.ts");
+    const serverTemplate = `import { defineServerAuth } from '@onmax/nuxt-better-auth/config'
+
+export default defineServerAuth({
+  emailAndPassword: { enabled: true },
+})
+`;
+    const clientTemplate = `import { defineClientAuth } from '@onmax/nuxt-better-auth/config'
+
+export default defineClientAuth({})
+`;
+    if (!existsSync(serverPath)) {
+      await mkdir(dirname(serverPath), { recursive: true });
+      await writeFile(serverPath, serverTemplate);
+      consola.success("Created server/auth.config.ts");
+    }
+    if (!existsSync(clientPath)) {
+      await mkdir(dirname(clientPath), { recursive: true });
+      await writeFile(clientPath, clientTemplate);
+      const relativePath = clientPath.replace(`${nuxt.options.rootDir}/`, "");
+      consola.success(`Created ${relativePath}`);
+    }
+  },
   async setup(options, nuxt) {
     const resolver = createResolver(import.meta.url);
+    if (options.clientConfig === "app/auth.config") {
+      const srcDirRelative = nuxt.options.srcDir.replace(`${nuxt.options.rootDir}/`, "");
+      options.clientConfig = srcDirRelative === nuxt.options.srcDir ? "auth.config" : `${srcDirRelative}/auth.config`;
+    }
     const clientOnly = options.clientOnly;
     const serverConfigFile = options.serverConfig;
     const clientConfigFile = options.clientConfig;
@@ -120,9 +220,9 @@ const module$1 = defineNuxtModule({
     const serverConfigExists = existsSync(`${serverConfigPath}.ts`) || existsSync(`${serverConfigPath}.js`);
     const clientConfigExists = existsSync(`${clientConfigPath}.ts`) || existsSync(`${clientConfigPath}.js`);
     if (!clientOnly && !serverConfigExists)
-      throw new Error(`[nuxt-better-auth] Missing ${serverConfigFile}.ts - create with defineServerAuth()`);
+      throw new Error(`[nuxt-better-auth] Missing ${serverConfigFile}.ts - export default defineServerAuth(...)`);
     if (!clientConfigExists)
-      throw new Error(`[nuxt-better-auth] Missing ${clientConfigFile}.ts - export createAppAuthClient()`);
+      throw new Error(`[nuxt-better-auth] Missing ${clientConfigFile}.ts - export default defineClientAuth(...)`);
     const hasNuxtHub = hasNuxtModule("@nuxthub/core", nuxt);
     const hub = hasNuxtHub ? nuxt.options.hub : void 0;
     const hasHubDb = !clientOnly && hasNuxtHub && !!hub?.db;
@@ -151,7 +251,7 @@ const module$1 = defineNuxtModule({
       const currentSecret = nuxt.options.runtimeConfig.betterAuthSecret;
       nuxt.options.runtimeConfig.betterAuthSecret = currentSecret || process.env.BETTER_AUTH_SECRET || "";
       const betterAuthSecret = nuxt.options.runtimeConfig.betterAuthSecret;
-      if (!nuxt.options.dev && !betterAuthSecret) {
+      if (!nuxt.options.dev && !nuxt.options._prepare && !betterAuthSecret) {
         throw new Error("[nuxt-better-auth] BETTER_AUTH_SECRET is required in production. Set BETTER_AUTH_SECRET or NUXT_BETTER_AUTH_SECRET environment variable.");
       }
       if (betterAuthSecret && betterAuthSecret.length < 32) {
@@ -183,11 +283,13 @@ export function createSecondaryStorage() {
         throw new Error("[nuxt-better-auth] hub:db not found. Ensure @nuxthub/core is loaded before this module and hub.db is configured.");
       }
       const hubDialect = getHubDialect(hub) ?? "sqlite";
+      const usePlural = options.schema?.usePlural ?? false;
+      const camelCase = (options.schema?.casing ?? getHubCasing(hub)) !== "snake_case";
       const databaseCode = hasHubDb ? `import { db, schema } from '../hub/db.mjs'
 import { drizzleAdapter } from 'better-auth/adapters/drizzle'
 const rawDialect = '${hubDialect}'
 const dialect = rawDialect === 'postgresql' ? 'pg' : rawDialect
-export function createDatabase() { return drizzleAdapter(db, { provider: dialect, schema }) }
+export function createDatabase() { return drizzleAdapter(db, { provider: dialect, schema, usePlural: ${usePlural}, camelCase: ${camelCase} }) }
 export { db }` : `export function createDatabase() { return undefined }
 export const db = undefined`;
       const databaseTemplate = addTemplate({ filename: "better-auth/database.mjs", getContents: () => databaseCode, write: true });
@@ -220,9 +322,9 @@ declare module '#auth/database' {
         getContents: () => `
 import type { InferUser, InferSession, InferPluginTypes } from 'better-auth'
 import type { RuntimeConfig } from 'nuxt/schema'
-import type configFn from '${serverConfigPath}'
+import type createServerAuth from '${serverConfigPath}'
 
-type _Config = ReturnType<typeof configFn>
+type _Config = ReturnType<typeof createServerAuth>
 
 declare module '#nuxt-better-auth' {
   interface AuthUser extends InferUser<_Config> {}
@@ -243,7 +345,7 @@ interface _AugmentedServerAuthContext {
 declare module '@onmax/nuxt-better-auth/config' {
   import type { BetterAuthOptions } from 'better-auth'
   type ServerAuthConfig = Omit<BetterAuthOptions, 'database' | 'secret' | 'baseURL'>
-  export function defineServerAuth<T extends ServerAuthConfig>(config: (ctx: _AugmentedServerAuthContext) => T): (ctx: _AugmentedServerAuthContext) => T
+  export function defineServerAuth<T extends ServerAuthConfig>(config: T | ((ctx: _AugmentedServerAuthContext) => T)): (ctx: _AugmentedServerAuthContext) => T
 }
 `
       }, { nuxt: true, nitro: true, node: true });
@@ -280,7 +382,7 @@ export type { AuthMeta, AuthMode, AuthRouteRules, UserMatch, RequireSessionOptio
     addTypeTemplate({
       filename: "types/nuxt-better-auth-client.d.ts",
       getContents: () => `
-import type { createAppAuthClient } from '${clientConfigPath}'
+import type createAppAuthClient from '${clientConfigPath}'
 declare module '#nuxt-better-auth' {
   export type AppAuthClient = ReturnType<typeof createAppAuthClient>
 }
@@ -311,6 +413,8 @@ declare module '#nuxt-better-auth' {
     }
     const isProduction = process.env.NODE_ENV === "production" || !nuxt.options.dev;
     if (!isProduction && !clientOnly) {
+      if (!hasNuxtModule("@nuxt/ui"))
+        await installModule("@nuxt/ui");
       setupDevTools(nuxt);
       addServerHandler({ route: "/api/_better-auth/config", method: "get", handler: resolver.resolve("./runtime/server/api/_better-auth/config.get") });
       if (hasHubDb) {

package/dist/runtime/app/composables/useUserSession.js

@@ -1,4 +1,4 @@
-import { createAppAuthClient } from "#auth/client";
+import createAppAuthClient from "#auth/client";
 import { computed, nextTick, useRequestHeaders, useRequestURL, useRuntimeConfig, useState, watch } from "#imports";
 let _client = null;
 function getClient(baseURL) {

package/dist/runtime/config.d.ts

@@ -2,12 +2,13 @@ import type { BetterAuthOptions } from 'better-auth';
 import type { ClientOptions } from 'better-auth/client';
 import type { CasingOption } from '../schema-generator.js';
 import type { ServerAuthContext } from './types/augment.js';
+import { createAuthClient } from 'better-auth/vue';
 export type { ServerAuthContext };
 export interface ClientAuthContext {
     siteUrl: string;
 }
-type ServerAuthConfig = Omit<BetterAuthOptions, 'database' | 'secret' | 'baseURL'>;
-type ClientAuthConfig = Omit<ClientOptions, 'baseURL'> & {
+export type ServerAuthConfig = Omit<BetterAuthOptions, 'database' | 'secret' | 'baseURL'>;
+export type ClientAuthConfig = Omit<ClientOptions, 'baseURL'> & {
     baseURL?: string;
 };
 export type ServerAuthConfigFn = (ctx: ServerAuthContext) => ServerAuthConfig;
@@ -44,5 +45,5 @@ export interface AuthRuntimeConfig {
 export interface AuthPrivateRuntimeConfig {
     secondaryStorage: boolean;
 }
-export declare function defineServerAuth<T extends ServerAuthConfig>(config: (ctx: ServerAuthContext) => T): (ctx: ServerAuthContext) => T;
-export declare function defineClientAuth(config: ClientAuthConfigFn): ClientAuthConfigFn;
+export declare function defineServerAuth<T extends ServerAuthConfig>(config: T | ((ctx: ServerAuthContext) => T)): (ctx: ServerAuthContext) => T;
+export declare function defineClientAuth<T extends ClientAuthConfig>(config: T | ((ctx: ClientAuthContext) => T)): (baseURL: string) => ReturnType<typeof createAuthClient<T>>;

package/dist/runtime/config.js

@@ -1,6 +1,11 @@
+import { createAuthClient } from "better-auth/vue";
 export function defineServerAuth(config) {
-  return config;
+  return typeof config === "function" ? config : () => config;
 }
 export function defineClientAuth(config) {
-  return config;
+  return (baseURL) => {
+    const ctx = { siteUrl: baseURL };
+    const resolved = typeof config === "function" ? config(ctx) : config;
+    return createAuthClient({ ...resolved, baseURL });
+  };
 }

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@onmax/nuxt-better-auth",
   "type": "module",
-  "version": "0.0.2-alpha.14",
+  "version": "0.0.2-alpha.15",
   "packageManager": "pnpm@10.15.1",
   "description": "Nuxt module for Better Auth integration with NuxtHub, route protection, session management, and role-based access",
   "author": "onmax",
@@ -50,7 +50,7 @@
     "dev:prepare": "nuxt-module-build build --stub && nuxi prepare playground",
     "dev:docs": "nuxi dev docs",
     "build:docs": "nuxi build docs",
-    "release": "bumpp --push",
+    "release": "bumpp --push --no-push-all",
     "lint": "eslint .",
     "lint:fix": "eslint . --fix",
     "typecheck": "vue-tsc --noEmit",
@@ -70,10 +70,12 @@
   "dependencies": {
     "@better-auth/cli": "^1.5.0-beta.3",
     "@nuxt/kit": "^4.2.2",
+    "@nuxt/ui": "^4.2.1",
     "defu": "^6.1.4",
     "jiti": "^2.4.2",
     "pathe": "^2.0.3",
-    "radix3": "^1.1.2"
+    "radix3": "^1.1.2",
+    "std-env": "^3.10.0"
   },
   "devDependencies": {
     "@antfu/eslint-config": "^4.12.0",

package/skills/nuxt-better-auth/references/client-only.md

@@ -18,13 +18,11 @@ export default defineNuxtConfig({
 ### 2. Point client to external server
 
 ```ts [app/auth.config.ts]
-import { createAuthClient } from 'better-auth/vue'
+import { defineClientAuth } from '@onmax/nuxt-better-auth/config'
 
-export function createAppAuthClient(_baseURL: string) {
-  return createAuthClient({
-    baseURL: 'https://auth.example.com', // External auth server
-  })
-}
+export default defineClientAuth({
+  baseURL: 'https://auth.example.com', // External auth server
+})
 ```
 
 ### 3. Set frontend URL

package/skills/nuxt-better-auth/references/database.md

@@ -81,7 +81,7 @@ Database adapter injected via context:
 
 ```ts
 // server/auth.config.ts
-import { defineServerAuth } from '#auth/server'
+import { defineServerAuth } from '@onmax/nuxt-better-auth/config'
 
 export default defineServerAuth(({ db }) => ({
   database: db,  // Already configured when hub.database: true
@@ -96,13 +96,13 @@ Without NuxtHub, configure manually:
 ```ts
 // server/auth.config.ts
 import { drizzle } from 'drizzle-orm/...'
-import { defineServerAuth } from '#auth/server'
+import { defineServerAuth } from '@onmax/nuxt-better-auth/config'
 
 const db = drizzle(...)
 
-export default defineServerAuth(() => ({
+export default defineServerAuth({
   database: drizzleAdapter(db, { provider: 'sqlite' })
-}))
+})
 ```
 
 ## Migrations

package/skills/nuxt-better-auth/references/installation.md

@@ -44,18 +44,29 @@ NUXT_PUBLIC_SITE_URL=https://your-domain.com
 
 ```ts
 // server/auth.config.ts
-import { defineServerAuth } from '#auth/server'
+import { defineServerAuth } from '@onmax/nuxt-better-auth/config'
 
-export default defineServerAuth(({ runtimeConfig, db }) => ({
+// Object syntax (simplest)
+export default defineServerAuth({
   emailAndPassword: { enabled: true },
   // OAuth providers
+  socialProviders: {
+    github: {
+      clientId: process.env.GITHUB_CLIENT_ID as string,
+      clientSecret: process.env.GITHUB_CLIENT_SECRET as string
+    }
+  },
+})
+
+// Or function syntax (access context like runtimeConfig, db)
+export default defineServerAuth(({ runtimeConfig, db }) => ({
+  emailAndPassword: { enabled: true },
   socialProviders: {
     github: {
       clientId: runtimeConfig.github.clientId,
       clientSecret: runtimeConfig.github.clientSecret
     }
   },
-  // Session configuration (optional)
   session: {
     expiresIn: 60 * 60 * 24 * 7,      // 7 days (default)
     updateAge: 60 * 60 * 24,           // Update every 24h (default)
@@ -88,11 +99,17 @@ Context available in `defineServerAuth`:
 
 ```ts
 // app/auth.config.ts
-import { createAppAuthClient } from '#auth/client'
+import { defineClientAuth } from '@onmax/nuxt-better-auth/config'
 
-export default createAppAuthClient({
+// Object syntax (simplest)
+export default defineClientAuth({
   // Client-side plugin options (e.g., passkey, twoFactor)
 })
+
+// Or function syntax (access context like siteUrl)
+export default defineClientAuth(({ siteUrl }) => ({
+  // siteUrl contains the resolved base URL
+}))
 ```
 
 ## NuxtHub Integration

package/skills/nuxt-better-auth/references/plugins.md

@@ -6,9 +6,10 @@ The module supports all Better Auth plugins. Configure in both server and client
 
 ```ts
 // server/auth.config.ts
-import { defineServerAuth } from '#auth/server'
+import { defineServerAuth } from '@onmax/nuxt-better-auth/config'
+import { admin, twoFactor, passkey, multiSession } from 'better-auth/plugins'
 
-export default defineServerAuth(({ runtimeConfig }) => ({
+export default defineServerAuth({
   emailAndPassword: { enabled: true },
   plugins: [
     admin(),
@@ -16,17 +17,17 @@ export default defineServerAuth(({ runtimeConfig }) => ({
     passkey(),
     multiSession()
   ]
-}))
+})
 ```
 
 ## Client Plugin Setup
 
 ```ts
 // app/auth.config.ts
-import { createAppAuthClient } from '#auth/client'
+import { defineClientAuth } from '@onmax/nuxt-better-auth/config'
 import { adminClient, twoFactorClient, passkeyClient, multiSessionClient } from 'better-auth/client/plugins'
 
-export default createAppAuthClient({
+export default defineClientAuth({
   plugins: [
     adminClient(),
     twoFactorClient(),

package/skills/nuxt-better-auth/references/types.md

@@ -111,14 +111,16 @@ Extend user type via Better Auth config:
 
 ```ts
 // server/auth.config.ts
-export default defineServerAuth(() => ({
+import { defineServerAuth } from '@onmax/nuxt-better-auth/config'
+
+export default defineServerAuth({
   user: {
     additionalFields: {
       plan: { type: 'string' },
       credits: { type: 'number' }
     }
   }
-}))
+})
 ```
 
 Types automatically include these fields: