@onmax/nuxt-better-auth 0.0.2-alpha.2 → 0.0.2-alpha.21

package/dist/module.mjs

@@ -1,12 +1,18 @@
-import { existsSync } from 'node:fs';
+import { randomBytes } from 'node:crypto';
+import { existsSync, writeFileSync, readFileSync } from 'node:fs';
 import { mkdir, writeFile } from 'node:fs/promises';
-import { defineNuxtModule, createResolver, hasNuxtModule, addTemplate, addTypeTemplate, updateTemplates, addServerImportsDir, addServerScanDir, addServerHandler, addImportsDir, addPlugin, addComponentsDir, extendPages } from '@nuxt/kit';
+import { defineNuxtModule, createResolver, hasNuxtModule, addTemplate, addTypeTemplate, updateTemplates, addServerImportsDir, addServerImports, addServerScanDir, addServerHandler, addImportsDir, addPlugin, addComponentsDir, installModule, extendPages } from '@nuxt/kit';
 import { consola as consola$1 } from 'consola';
 import { defu } from 'defu';
-import { join } from 'pathe';
+import { join, dirname } from 'pathe';
 import { toRouteMatcher, createRouter } from 'radix3';
+import { isCI, isTest } from 'std-env';
+import { generateDrizzleSchema as generateDrizzleSchema$1 } from '@better-auth/cli/api';
+import { getAuthTables } from 'better-auth/db';
 export { defineClientAuth, defineServerAuth } from '../dist/runtime/config.js';
 
+const version = "0.0.2-alpha.21";
+
 function setupDevTools(nuxt) {
   nuxt.hook("devtools:customTabs", (tabs) => {
     tabs.push({
@@ -22,178 +28,363 @@ function setupDevTools(nuxt) {
   });
 }
 
-function generateDrizzleSchema(tables, dialect) {
-  const imports = getImports(dialect);
-  const tableDefinitions = Object.entries(tables).map(([tableName, table]) => generateTable(tableName, table, dialect, tables)).join("\n\n");
-  return `${imports}
-
-${tableDefinitions}
-`;
-}
-function getImports(dialect) {
-  switch (dialect) {
-    case "sqlite":
-      return `import { integer, sqliteTable, text } from 'drizzle-orm/sqlite-core'`;
-    case "postgresql":
-      return `import { boolean, pgTable, text, timestamp, integer } from 'drizzle-orm/pg-core'`;
-    case "mysql":
-      return `import { boolean, int, mysqlTable, text, timestamp, varchar } from 'drizzle-orm/mysql-core'`;
-  }
-}
-function generateTable(tableName, table, dialect, allTables) {
-  const tableFunc = dialect === "sqlite" ? "sqliteTable" : dialect === "postgresql" ? "pgTable" : "mysqlTable";
-  const dbTableName = table.modelName || tableName;
-  const fields = Object.entries(table.fields).map(([fieldName, field]) => generateField(fieldName, field, dialect, allTables)).join(",\n    ");
-  const idField = generateIdField(dialect);
-  return `export const ${tableName} = ${tableFunc}('${dbTableName}', {
-    ${idField},
-    ${fields}
-  })`;
-}
-function generateIdField(dialect) {
-  switch (dialect) {
-    case "sqlite":
-    case "postgresql":
-      return `id: text('id').primaryKey()`;
-    case "mysql":
-      return `id: varchar('id', { length: 36 }).primaryKey()`;
-  }
+function dialectToProvider(dialect) {
+  return dialect === "postgresql" ? "pg" : dialect;
 }
-function generateField(fieldName, field, dialect, allTables) {
-  const dbFieldName = fieldName;
-  let fieldDef = getFieldType(field.type, dialect, dbFieldName);
-  if (field.required && field.defaultValue === void 0)
-    fieldDef += ".notNull()";
-  if (field.unique)
-    fieldDef += ".unique()";
-  if (field.defaultValue !== void 0) {
-    if (typeof field.defaultValue === "boolean")
-      fieldDef += `.default(${field.defaultValue})`;
-    else if (typeof field.defaultValue === "string")
-      fieldDef += `.default('${field.defaultValue}')`;
-    else
-      fieldDef += `.default(${field.defaultValue})`;
-    if (field.required)
-      fieldDef += ".notNull()";
-  }
-  if (field.references) {
-    const refTable = field.references.model;
-    if (allTables[refTable])
-      fieldDef += `.references(() => ${refTable}.${field.references.field})`;
-  }
-  return `${fieldName}: ${fieldDef}`;
-}
-function getFieldType(type, dialect, fieldName) {
-  const normalizedType = Array.isArray(type) ? "string" : type;
-  switch (dialect) {
-    case "sqlite":
-      return getSqliteType(normalizedType, fieldName);
-    case "postgresql":
-      return getPostgresType(normalizedType, fieldName);
-    case "mysql":
-      return getMysqlType(normalizedType, fieldName);
+async function generateDrizzleSchema(authOptions, dialect, schemaOptions) {
+  const provider = dialectToProvider(dialect);
+  const options = {
+    ...authOptions,
+    advanced: {
+      ...authOptions.advanced,
+      database: {
+        ...authOptions.advanced?.database,
+        ...schemaOptions?.useUuid && { generateId: "uuid" }
+      }
+    }
+  };
+  const adapter = {
+    id: "drizzle",
+    options: {
+      provider,
+      camelCase: schemaOptions?.casing !== "snake_case",
+      adapterConfig: { usePlural: schemaOptions?.usePlural ?? false }
+    }
+  };
+  const result = await generateDrizzleSchema$1({ adapter, options });
+  if (!result.code) {
+    throw new Error(`Schema generation returned empty result for ${dialect}`);
   }
+  return result.code;
 }
-function getSqliteType(type, fieldName) {
-  switch (type) {
-    case "string":
-      return `text('${fieldName}')`;
-    case "boolean":
-      return `integer('${fieldName}', { mode: 'boolean' })`;
-    case "date":
-      return `integer('${fieldName}', { mode: 'timestamp' })`;
-    case "number":
-      return `integer('${fieldName}')`;
-    default:
-      return `text('${fieldName}')`;
-  }
+const convexIndexFields = {
+  account: ["accountId", ["accountId", "providerId"], ["providerId", "userId"]],
+  rateLimit: ["key"],
+  session: ["expiresAt", ["expiresAt", "userId"]],
+  verification: ["expiresAt", "identifier"],
+  user: [["email", "name"], "name", "userId"],
+  passkey: ["credentialID"],
+  oauthConsent: [["clientId", "userId"]]
+};
+function getConvexSpecialFields(tables) {
+  return Object.fromEntries(
+    Object.entries(tables).map(([key, table]) => {
+      const fields = Object.fromEntries(
+        Object.entries(table.fields).map(([fieldKey, field]) => [
+          field.fieldName ?? fieldKey,
+          {
+            ...field.sortable ? { sortable: true } : {},
+            ...field.unique ? { unique: true } : {},
+            ...field.references ? { references: field.references } : {}
+          }
+        ]).filter(([_key, value]) => typeof value === "object" ? Object.keys(value).length > 0 : true)
+      );
+      return [key, fields];
+    }).filter(([_key, value]) => typeof value === "object" ? Object.keys(value).length > 0 : true)
+  );
 }
-function getPostgresType(type, fieldName) {
-  switch (type) {
-    case "string":
-      return `text('${fieldName}')`;
-    case "boolean":
-      return `boolean('${fieldName}')`;
-    case "date":
-      return `timestamp('${fieldName}')`;
-    case "number":
-      return `integer('${fieldName}')`;
-    default:
-      return `text('${fieldName}')`;
-  }
+function getMergedConvexIndexFields(tables) {
+  return Object.fromEntries(
+    Object.entries(tables).map(([key, table]) => {
+      const manualIndexes = convexIndexFields[key]?.map((index) => {
+        return typeof index === "string" ? table.fields[index]?.fieldName ?? index : index.map((i) => table.fields[i]?.fieldName ?? i);
+      }) || [];
+      const specialFieldsObj = getConvexSpecialFields(tables);
+      const specialFieldIndexes = Object.keys(specialFieldsObj[key] || {}).filter(
+        (index) => !manualIndexes.some((m) => Array.isArray(m) ? m[0] === index : m === index)
+      );
+      return [key, manualIndexes.concat(specialFieldIndexes)];
+    })
+  );
 }
-function getMysqlType(type, fieldName) {
-  switch (type) {
-    case "string":
-      return `text('${fieldName}')`;
-    case "boolean":
-      return `boolean('${fieldName}')`;
-    case "date":
-      return `timestamp('${fieldName}')`;
-    case "number":
-      return `int('${fieldName}')`;
-    default:
-      return `text('${fieldName}')`;
+async function generateConvexSchema(authOptions) {
+  const tables = getAuthTables(authOptions);
+  let code = `/**
+ * Auto-generated Better Auth tables for Convex.
+ * Import these tables in your convex/schema.ts:
+ *
+ * import { defineSchema } from 'convex/server'
+ * import { authTables } from './_generated/auth-tables'
+ *
+ * export default defineSchema({ ...authTables, ...yourTables })
+ */
+
+import { defineTable } from 'convex/server'
+import { v } from 'convex/values'
+
+export const authTables = {
+`;
+  const getType = (_name, field) => {
+    const type = field.type;
+    const typeMap = {
+      "string": "v.string()",
+      "boolean": "v.boolean()",
+      "number": "v.number()",
+      "date": "v.number()",
+      "json": "v.string()",
+      "number[]": "v.array(v.number())",
+      "string[]": "v.array(v.string())"
+    };
+    return typeMap[type];
+  };
+  for (const tableKey in tables) {
+    const table = tables[tableKey];
+    const modelName = table.modelName;
+    const fields = Object.fromEntries(Object.entries(table.fields).filter(([key]) => key !== "id"));
+    const indexes = getMergedConvexIndexFields(tables)[tableKey]?.map((index) => {
+      const indexArray = Array.isArray(index) ? index.sort() : [index];
+      const indexName = indexArray.join("_");
+      return `.index('${indexName}', ${JSON.stringify(indexArray)})`;
+    }) || [];
+    const schema = `${modelName}: defineTable({
+${Object.keys(fields).map((field) => {
+      const attr = fields[field];
+      const type = getType(field, attr);
+      const optional = (fieldSchema) => attr.required ? fieldSchema : `v.optional(v.union(v.null(), ${fieldSchema}))`;
+      return `    ${attr.fieldName ?? field}: ${optional(type)},`;
+    }).join("\n")}
+  })${indexes.length > 0 ? `
+    ${indexes.join("\n    ")}` : ""},
+`;
+    code += `  ${schema}`;
   }
+  code += `}
+`;
+  return code;
 }
-async function loadUserAuthConfig(configPath) {
+async function loadUserAuthConfig(configPath, throwOnError = false) {
   const { createJiti } = await import('jiti');
-  const jiti = createJiti(import.meta.url, { interopDefault: true });
+  const { defineServerAuth } = await import('../dist/runtime/config.js');
+  const jiti = createJiti(import.meta.url, { interopDefault: true, moduleCache: false });
+  if (!globalThis.defineServerAuth) {
+    defineServerAuth._count = 0;
+    globalThis.defineServerAuth = defineServerAuth;
+  }
+  globalThis.defineServerAuth._count++;
   try {
     const mod = await jiti.import(configPath);
-    const configFn = mod.default || mod;
+    const configFn = mod.default;
     if (typeof configFn === "function") {
       return configFn({ runtimeConfig: {}, db: null });
     }
+    consola$1.warn("[@onmax/nuxt-better-auth] auth.config.ts does not export default. Expected: export default defineServerAuth(...)");
+    if (throwOnError) {
+      throw new Error("auth.config.ts must export default defineServerAuth(...)");
+    }
     return {};
   } catch (error) {
+    if (throwOnError) {
+      throw new Error(`Failed to load auth config: ${error instanceof Error ? error.message : error}`);
+    }
     consola$1.error("[@onmax/nuxt-better-auth] Failed to load auth config for schema generation. Schema may be incomplete:", error);
     return {};
+  } finally {
+    globalThis.defineServerAuth._count--;
+    if (!globalThis.defineServerAuth._count) {
+      globalThis.defineServerAuth = void 0;
+    }
   }
 }
 
+function getHubDialect(hub) {
+  if (!hub?.db)
+    return void 0;
+  if (typeof hub.db === "string")
+    return hub.db;
+  if (typeof hub.db === "object" && hub.db !== null)
+    return hub.db.dialect;
+  return void 0;
+}
+function getHubCasing(hub) {
+  if (!hub?.db || typeof hub.db !== "object" || hub.db === null)
+    return void 0;
+  return hub.db.casing;
+}
 const consola = consola$1.withTag("nuxt-better-auth");
+function resolveConvexUrl(nuxt) {
+  const convexConfig = nuxt.options.convex;
+  if (convexConfig?.url)
+    return convexConfig.url;
+  const runtimeUrl = nuxt.options.runtimeConfig.public?.convex?.url;
+  if (runtimeUrl)
+    return runtimeUrl;
+  if (process.env.CONVEX_URL)
+    return process.env.CONVEX_URL;
+  if (process.env.NUXT_PUBLIC_CONVEX_URL)
+    return process.env.NUXT_PUBLIC_CONVEX_URL;
+  return "";
+}
+const generateSecret = () => randomBytes(32).toString("hex");
+function readEnvFile(rootDir) {
+  const envPath = join(rootDir, ".env");
+  return existsSync(envPath) ? readFileSync(envPath, "utf-8") : "";
+}
+function hasEnvSecret(rootDir) {
+  const match = readEnvFile(rootDir).match(/^BETTER_AUTH_SECRET=(.+)$/m);
+  return !!match && !!match[1] && match[1].trim().length > 0;
+}
+function appendSecretToEnv(rootDir, secret) {
+  const envPath = join(rootDir, ".env");
+  let content = readEnvFile(rootDir);
+  if (content.length > 0 && !content.endsWith("\n"))
+    content += "\n";
+  content += `BETTER_AUTH_SECRET=${secret}
+`;
+  writeFileSync(envPath, content, "utf-8");
+}
+async function promptForSecret(rootDir) {
+  if (process.env.BETTER_AUTH_SECRET || hasEnvSecret(rootDir))
+    return void 0;
+  if (isCI || isTest) {
+    const secret2 = generateSecret();
+    appendSecretToEnv(rootDir, secret2);
+    consola.info("Generated BETTER_AUTH_SECRET and added to .env (CI mode)");
+    return secret2;
+  }
+  consola.box("BETTER_AUTH_SECRET is required for authentication.\nThis will be appended to your .env file.");
+  const choice = await consola.prompt("How do you want to set it?", {
+    type: "select",
+    options: [
+      { label: "Generate for me", value: "generate", hint: "uses crypto.randomBytes(32)" },
+      { label: "Enter manually", value: "paste" },
+      { label: "Skip", value: "skip", hint: "will fail in production" }
+    ],
+    cancel: "null"
+  });
+  if (typeof choice === "symbol" || choice === "skip") {
+    consola.warn("Skipping BETTER_AUTH_SECRET. Auth will fail without it in production.");
+    return void 0;
+  }
+  let secret;
+  if (choice === "generate") {
+    secret = generateSecret();
+  } else {
+    const input = await consola.prompt("Paste your secret (min 32 chars):", { type: "text", cancel: "null" });
+    if (typeof input === "symbol" || !input || input.length < 32) {
+      consola.warn("Invalid secret. Skipping.");
+      return void 0;
+    }
+    secret = input;
+  }
+  const preview = `${secret.slice(0, 8)}...${secret.slice(-4)}`;
+  const confirm = await consola.prompt(`Add to .env:
+BETTER_AUTH_SECRET=${preview}
+Proceed?`, { type: "confirm", initial: true, cancel: "null" });
+  if (typeof confirm === "symbol" || !confirm) {
+    consola.info("Cancelled. Secret not written.");
+    return void 0;
+  }
+  appendSecretToEnv(rootDir, secret);
+  consola.success("Added BETTER_AUTH_SECRET to .env");
+  return secret;
+}
 const module$1 = defineNuxtModule({
-  meta: { name: "@onmax/nuxt-better-auth", configKey: "auth", compatibility: { nuxt: ">=3.0.0" } },
+  meta: { name: "@onmax/nuxt-better-auth", version, configKey: "auth", compatibility: { nuxt: ">=3.0.0" } },
   defaults: {
+    clientOnly: false,
     serverConfig: "server/auth.config",
     clientConfig: "app/auth.config",
     redirects: { login: "/login", guest: "/" },
     secondaryStorage: false
   },
+  async onInstall(nuxt) {
+    const generatedSecret = await promptForSecret(nuxt.options.rootDir);
+    if (generatedSecret)
+      process.env.BETTER_AUTH_SECRET = generatedSecret;
+    const serverPath = join(nuxt.options.rootDir, "server/auth.config.ts");
+    const clientPath = join(nuxt.options.srcDir, "auth.config.ts");
+    const serverTemplate = `import { defineServerAuth } from '@onmax/nuxt-better-auth/config'
+
+export default defineServerAuth({
+  emailAndPassword: { enabled: true },
+})
+`;
+    const clientTemplate = `import { defineClientAuth } from '@onmax/nuxt-better-auth/config'
+
+export default defineClientAuth({})
+`;
+    if (!existsSync(serverPath)) {
+      await mkdir(dirname(serverPath), { recursive: true });
+      await writeFile(serverPath, serverTemplate);
+      consola.success("Created server/auth.config.ts");
+    }
+    if (!existsSync(clientPath)) {
+      await mkdir(dirname(clientPath), { recursive: true });
+      await writeFile(clientPath, clientTemplate);
+      const relativePath = clientPath.replace(`${nuxt.options.rootDir}/`, "");
+      consola.success(`Created ${relativePath}`);
+    }
+  },
   async setup(options, nuxt) {
     const resolver = createResolver(import.meta.url);
+    if (options.clientConfig === "app/auth.config") {
+      const srcDirRelative = nuxt.options.srcDir.replace(`${nuxt.options.rootDir}/`, "");
+      options.clientConfig = srcDirRelative === nuxt.options.srcDir ? "auth.config" : `${srcDirRelative}/auth.config`;
+    }
+    const clientOnly = options.clientOnly;
     const serverConfigFile = options.serverConfig;
     const clientConfigFile = options.clientConfig;
     const serverConfigPath = resolver.resolve(nuxt.options.rootDir, serverConfigFile);
     const clientConfigPath = resolver.resolve(nuxt.options.rootDir, clientConfigFile);
     const serverConfigExists = existsSync(`${serverConfigPath}.ts`) || existsSync(`${serverConfigPath}.js`);
     const clientConfigExists = existsSync(`${clientConfigPath}.ts`) || existsSync(`${clientConfigPath}.js`);
-    if (!serverConfigExists)
-      throw new Error(`[nuxt-better-auth] Missing ${serverConfigFile}.ts - create with defineServerAuth()`);
+    if (!clientOnly && !serverConfigExists)
+      throw new Error(`[nuxt-better-auth] Missing ${serverConfigFile}.ts - export default defineServerAuth(...)`);
     if (!clientConfigExists)
-      throw new Error(`[nuxt-better-auth] Missing ${clientConfigFile}.ts - export createAppAuthClient()`);
+      throw new Error(`[nuxt-better-auth] Missing ${clientConfigFile}.ts - export default defineClientAuth(...)`);
     const hasNuxtHub = hasNuxtModule("@nuxthub/core", nuxt);
     const hub = hasNuxtHub ? nuxt.options.hub : void 0;
-    const hasHubDb = hasNuxtHub && !!hub?.db;
+    const hasHubDb = !clientOnly && hasNuxtHub && !!hub?.db;
+    const hasConvex = hasNuxtModule("nuxt-convex", nuxt);
+    const convexUrl = resolveConvexUrl(nuxt);
+    const hasConvexDb = !clientOnly && hasConvex && !!convexUrl && !hasHubDb;
+    if (hasConvexDb) {
+      consola.info("Detected Convex - using Convex HTTP adapter for Better Auth database");
+    }
     let secondaryStorageEnabled = options.secondaryStorage ?? false;
-    if (secondaryStorageEnabled && (!hasNuxtHub || !hub?.kv)) {
+    if (secondaryStorageEnabled && clientOnly) {
+      consola.warn("secondaryStorage is not available in clientOnly mode. Disabling.");
+      secondaryStorageEnabled = false;
+    } else if (secondaryStorageEnabled && (!hasNuxtHub || !hub?.kv)) {
       consola.warn("secondaryStorage requires @nuxthub/core with hub.kv: true. Disabling.");
       secondaryStorageEnabled = false;
     }
     nuxt.options.runtimeConfig.public = nuxt.options.runtimeConfig.public || {};
     nuxt.options.runtimeConfig.public.auth = defu(nuxt.options.runtimeConfig.public.auth, {
       redirects: { login: options.redirects?.login ?? "/login", guest: options.redirects?.guest ?? "/" },
-      useDatabase: hasHubDb
-    });
-    nuxt.options.runtimeConfig.betterAuthSecret ||= process.env.BETTER_AUTH_SECRET || process.env.NUXT_BETTER_AUTH_SECRET || "";
-    nuxt.options.runtimeConfig.auth = defu(nuxt.options.runtimeConfig.auth, {
-      secondaryStorage: secondaryStorageEnabled
+      useDatabase: hasHubDb || hasConvexDb,
+      clientOnly
     });
+    if (clientOnly) {
+      const siteUrl = process.env.NUXT_PUBLIC_SITE_URL || nuxt.options.runtimeConfig.public.siteUrl;
+      if (!siteUrl) {
+        consola.warn("clientOnly mode: NUXT_PUBLIC_SITE_URL should be set to your frontend URL");
+      }
+      consola.info("clientOnly mode enabled - server utilities (serverAuth, getUserSession, requireUserSession) are not available");
+    }
+    if (!clientOnly) {
+      const currentSecret = nuxt.options.runtimeConfig.betterAuthSecret;
+      nuxt.options.runtimeConfig.betterAuthSecret = currentSecret || process.env.BETTER_AUTH_SECRET || "";
+      const betterAuthSecret = nuxt.options.runtimeConfig.betterAuthSecret;
+      if (!nuxt.options.dev && !nuxt.options._prepare && !betterAuthSecret) {
+        throw new Error("[nuxt-better-auth] BETTER_AUTH_SECRET is required in production. Set BETTER_AUTH_SECRET or NUXT_BETTER_AUTH_SECRET environment variable.");
+      }
+      if (betterAuthSecret && betterAuthSecret.length < 32) {
+        throw new Error("[nuxt-better-auth] BETTER_AUTH_SECRET must be at least 32 characters for security");
+      }
+      nuxt.options.runtimeConfig.auth = defu(nuxt.options.runtimeConfig.auth, {
+        secondaryStorage: secondaryStorageEnabled
+      });
+    }
     nuxt.options.alias["#nuxt-better-auth"] = resolver.resolve("./runtime/types/augment");
-    nuxt.options.alias["#auth/server"] = serverConfigPath;
+    if (!clientOnly)
+      nuxt.options.alias["#auth/server"] = serverConfigPath;
     nuxt.options.alias["#auth/client"] = clientConfigPath;
-    const secondaryStorageCode = secondaryStorageEnabled ? `import { kv } from 'hub:kv'
+    if (!clientOnly) {
+      if (secondaryStorageEnabled && !nuxt.options.alias["hub:kv"]) {
+        throw new Error("[nuxt-better-auth] hub:kv not found. Ensure @nuxthub/core is loaded before this module and hub.kv is enabled.");
+      }
+      const secondaryStorageCode = secondaryStorageEnabled ? `import { kv } from '@nuxthub/kv'
 export function createSecondaryStorage() {
   return {
     get: async (key) => kv.get(\`_auth:\${key}\`),
@@ -201,21 +392,47 @@ export function createSecondaryStorage() {
     delete: async (key) => kv.del(\`_auth:\${key}\`),
   }
 }` : `export function createSecondaryStorage() { return undefined }`;
-    const secondaryStorageTemplate = addTemplate({ filename: "better-auth/secondary-storage.mjs", getContents: () => secondaryStorageCode, write: true });
-    nuxt.options.alias["#auth/secondary-storage"] = secondaryStorageTemplate.dst;
-    const hubDbPath = nuxt.options.alias["hub:db"];
-    const databaseCode = hasHubDb && hubDbPath ? `import { db, schema } from '${hubDbPath}'
+      const secondaryStorageTemplate = addTemplate({ filename: "better-auth/secondary-storage.mjs", getContents: () => secondaryStorageCode, write: true });
+      nuxt.options.alias["#auth/secondary-storage"] = secondaryStorageTemplate.dst;
+      if (hasHubDb && !nuxt.options.alias["hub:db"]) {
+        throw new Error("[nuxt-better-auth] hub:db not found. Ensure @nuxthub/core is loaded before this module and hub.db is configured.");
+      }
+      const hubDialect = getHubDialect(hub) ?? "sqlite";
+      const usePlural = options.schema?.usePlural ?? false;
+      const camelCase = (options.schema?.casing ?? getHubCasing(hub)) !== "snake_case";
+      let databaseCode;
+      if (hasHubDb) {
+        databaseCode = `import { db, schema } from '@nuxthub/db'
 import { drizzleAdapter } from 'better-auth/adapters/drizzle'
-const rawDialect = '${hub?.db?.dialect ?? "sqlite"}'
+const rawDialect = '${hubDialect}'
 const dialect = rawDialect === 'postgresql' ? 'pg' : rawDialect
-export function createDatabase() { return drizzleAdapter(db, { provider: dialect, schema }) }
-export { db }` : `export function createDatabase() { return undefined }
+export function createDatabase() { return drizzleAdapter(db, { provider: dialect, schema, usePlural: ${usePlural}, camelCase: ${camelCase} }) }
+export { db }`;
+      } else if (hasConvexDb) {
+        nuxt.options.runtimeConfig.betterAuth = defu(
+          nuxt.options.runtimeConfig.betterAuth || {},
+          { convexUrl }
+        );
+        databaseCode = `import { useRuntimeConfig } from '#imports'
+import { createConvexHttpAdapter } from '@onmax/nuxt-better-auth/adapters/convex'
+import { api } from '#convex/api'
+
+export function createDatabase() {
+  const config = useRuntimeConfig()
+  const convexUrl = config.betterAuth?.convexUrl || config.public?.convex?.url
+  if (!convexUrl) throw new Error('[nuxt-better-auth] CONVEX_URL not configured')
+  return createConvexHttpAdapter({ url: convexUrl, api: api.auth })
+}
 export const db = undefined`;
-    const databaseTemplate = addTemplate({ filename: "better-auth/database.mjs", getContents: () => databaseCode, write: true });
-    nuxt.options.alias["#auth/database"] = databaseTemplate.dst;
-    addTypeTemplate({
-      filename: "types/auth-secondary-storage.d.ts",
-      getContents: () => `
+      } else {
+        databaseCode = `export function createDatabase() { return undefined }
+export const db = undefined`;
+      }
+      const databaseTemplate = addTemplate({ filename: "better-auth/database.mjs", getContents: () => databaseCode, write: true });
+      nuxt.options.alias["#auth/database"] = databaseTemplate.dst;
+      addTypeTemplate({
+        filename: "types/auth-secondary-storage.d.ts",
+        getContents: () => `
 declare module '#auth/secondary-storage' {
   interface SecondaryStorage {
     get: (key: string) => Promise<string | null>
@@ -225,59 +442,85 @@ declare module '#auth/secondary-storage' {
   export function createSecondaryStorage(): SecondaryStorage | undefined
 }
 `
-    });
-    addTypeTemplate({
-      filename: "types/auth-database.d.ts",
-      getContents: () => `
+      }, { nitro: true, node: true });
+      addTypeTemplate({
+        filename: "types/auth-database.d.ts",
+        getContents: () => `
 declare module '#auth/database' {
   import type { drizzleAdapter } from 'better-auth/adapters/drizzle'
   export function createDatabase(): ReturnType<typeof drizzleAdapter> | undefined
   export const db: unknown
 }
 `
-    });
-    addTypeTemplate({
-      filename: "types/nuxt-better-auth.d.ts",
-      getContents: () => `
-export * from '${resolver.resolve("./runtime/types/augment")}'
-export type { AuthMeta, AuthMode, AuthRouteRules, UserMatch, RequireSessionOptions, Auth, InferUser, InferSession } from '${resolver.resolve("./runtime/types")}'
-`
-    });
-    addTypeTemplate({
-      filename: "types/nuxt-better-auth-infer.d.ts",
-      getContents: () => `
-import type { InferUser, InferSession } from 'better-auth'
+      }, { nitro: true, node: true });
+      addTypeTemplate({
+        filename: "types/nuxt-better-auth-infer.d.ts",
+        getContents: () => `
+import type { InferUser, InferSession, InferPluginTypes } from 'better-auth'
 import type { RuntimeConfig } from 'nuxt/schema'
-import type configFn from '${serverConfigPath}'
+import type createServerAuth from '${serverConfigPath}'
 
-type _Config = ReturnType<typeof configFn>
+type _Config = ReturnType<typeof createServerAuth>
 
 declare module '#nuxt-better-auth' {
   interface AuthUser extends InferUser<_Config> {}
-  interface AuthSession { session: InferSession<_Config>['session'], user: InferUser<_Config> }
+  interface AuthSession extends InferSession<_Config> {}
   interface ServerAuthContext {
     runtimeConfig: RuntimeConfig
-    ${hasHubDb ? `db: typeof import('hub:db')['db']` : ""}
+    ${hasHubDb ? `db: typeof import('@nuxthub/db')['db']` : ""}
   }
+  type PluginTypes = InferPluginTypes<_Config>
+}
+
+// Augment the config module to use the extended ServerAuthContext
+interface _AugmentedServerAuthContext {
+  runtimeConfig: RuntimeConfig
+  ${hasHubDb ? `db: typeof import('@nuxthub/db')['db']` : "db: unknown"}
+}
+
+declare module '@onmax/nuxt-better-auth/config' {
+  import type { BetterAuthOptions } from 'better-auth'
+  type ServerAuthConfig = Omit<BetterAuthOptions, 'database' | 'secret' | 'baseURL'>
+  export function defineServerAuth<T extends ServerAuthConfig>(config: T | ((ctx: _AugmentedServerAuthContext) => T)): (ctx: _AugmentedServerAuthContext) => T
 }
 `
-    });
+      }, { nuxt: true, nitro: true, node: true });
+      addTypeTemplate({
+        filename: "types/nuxt-better-auth-nitro.d.ts",
+        getContents: () => `
+declare module 'nitropack' {
+  interface NitroRouteRules {
+    auth?: import('${resolver.resolve("./runtime/types")}').AuthMeta
+  }
+  interface NitroRouteConfig {
+    auth?: import('${resolver.resolve("./runtime/types")}').AuthMeta
+  }
+}
+declare module 'nitropack/types' {
+  interface NitroRouteRules {
+    auth?: import('${resolver.resolve("./runtime/types")}').AuthMeta
+  }
+  interface NitroRouteConfig {
+    auth?: import('${resolver.resolve("./runtime/types")}').AuthMeta
+  }
+}
+export {}
+`
+      }, { nuxt: true, nitro: true, node: true });
+    }
     addTypeTemplate({
-      filename: "types/nuxt-better-auth-client.d.ts",
+      filename: "types/nuxt-better-auth.d.ts",
       getContents: () => `
-import type { createAppAuthClient } from '${clientConfigPath}'
-declare module '#nuxt-better-auth' {
-  export type AppAuthClient = ReturnType<typeof createAppAuthClient>
-}
+export * from '${resolver.resolve("./runtime/types/augment")}'
+export type { AuthMeta, AuthMode, AuthRouteRules, UserMatch, RequireSessionOptions, Auth, InferUser, InferSession } from '${resolver.resolve("./runtime/types")}'
 `
     });
     addTypeTemplate({
-      filename: "types/nuxt-better-auth-nitro.d.ts",
+      filename: "types/nuxt-better-auth-client.d.ts",
       getContents: () => `
-declare module 'nitropack/types' {
-  interface NitroRouteRules {
-    auth?: import('${resolver.resolve("./runtime/types")}').AuthMeta
-  }
+import type createAppAuthClient from '${clientConfigPath}'
+declare module '#nuxt-better-auth' {
+  export type AppAuthClient = ReturnType<typeof createAppAuthClient>
 }
 `
     });
@@ -286,21 +529,31 @@ declare module 'nitropack/types' {
         await updateTemplates({ filter: (t) => t.filename.includes("nuxt-better-auth") });
       }
     });
-    addServerImportsDir(resolver.resolve("./runtime/server/utils"));
-    addServerScanDir(resolver.resolve("./runtime/server/middleware"));
-    addServerHandler({ route: "/api/auth/**", handler: resolver.resolve("./runtime/server/api/auth/[...all]") });
+    if (!clientOnly) {
+      addServerImportsDir(resolver.resolve("./runtime/server/utils"));
+      addServerImports([{ name: "defineServerAuth", from: resolver.resolve("./runtime/config") }]);
+      addServerScanDir(resolver.resolve("./runtime/server/middleware"));
+      addServerHandler({ route: "/api/auth/**", handler: resolver.resolve("./runtime/server/api/auth/[...all]") });
+    }
     addImportsDir(resolver.resolve("./runtime/app/composables"));
     addImportsDir(resolver.resolve("./runtime/utils"));
-    addPlugin({ src: resolver.resolve("./runtime/app/plugins/session.server"), mode: "server" });
+    if (!clientOnly)
+      addPlugin({ src: resolver.resolve("./runtime/app/plugins/session.server"), mode: "server" });
     addPlugin({ src: resolver.resolve("./runtime/app/plugins/session.client"), mode: "client" });
     addComponentsDir({ path: resolver.resolve("./runtime/app/components") });
     nuxt.hook("app:resolve", (app) => {
       app.middleware.push({ name: "auth", path: resolver.resolve("./runtime/app/middleware/auth.global"), global: true });
     });
     if (hasHubDb) {
-      await setupBetterAuthSchema(nuxt, serverConfigPath);
+      await setupBetterAuthSchema(nuxt, serverConfigPath, options);
     }
-    if (nuxt.options.dev && process.env.NODE_ENV !== "production") {
+    if (hasConvexDb) {
+      await setupConvexAuthSchema(nuxt, serverConfigPath);
+    }
+    const isProduction = process.env.NODE_ENV === "production" || !nuxt.options.dev;
+    if (!isProduction && !clientOnly) {
+      if (!hasNuxtModule("@nuxt/ui"))
+        await installModule("@nuxt/ui");
       setupDevTools(nuxt);
       addServerHandler({ route: "/api/_better-auth/config", method: "get", handler: resolver.resolve("./runtime/server/api/_better-auth/config.get") });
       if (hasHubDb) {
@@ -333,37 +586,70 @@ declare module 'nitropack/types' {
     });
   }
 });
-async function setupBetterAuthSchema(nuxt, serverConfigPath) {
+async function setupBetterAuthSchema(nuxt, serverConfigPath, options) {
   const hub = nuxt.options.hub;
-  const dialect = typeof hub.db === "string" ? hub.db : hub.db?.dialect;
+  const dialect = getHubDialect(hub);
   if (!dialect || !["sqlite", "postgresql", "mysql"].includes(dialect)) {
     consola.warn(`Unsupported database dialect: ${dialect}`);
     return;
   }
+  const isProduction = !nuxt.options.dev;
   try {
     const configFile = `${serverConfigPath}.ts`;
-    const userConfig = await loadUserAuthConfig(configFile);
+    const userConfig = await loadUserAuthConfig(configFile, isProduction);
     const extendedConfig = {};
     await nuxt.callHook("better-auth:config:extend", extendedConfig);
     const plugins = [...userConfig.plugins || [], ...extendedConfig.plugins || []];
-    const { getAuthTables } = await import('better-auth/db');
-    const tables = getAuthTables({ plugins });
-    const schemaCode = generateDrizzleSchema(tables, dialect);
+    const authOptions = {
+      ...userConfig,
+      plugins,
+      secondaryStorage: options.secondaryStorage ? { get: async (_key) => null, set: async (_key, _value, _ttl) => {
+      }, delete: async (_key) => {
+      } } : void 0
+    };
+    const hubCasing = getHubCasing(hub);
+    const schemaOptions = { ...options.schema, useUuid: userConfig.advanced?.database?.generateId === "uuid", casing: options.schema?.casing ?? hubCasing };
+    const schemaCode = await generateDrizzleSchema(authOptions, dialect, schemaOptions);
     const schemaDir = join(nuxt.options.buildDir, "better-auth");
     const schemaPath = join(schemaDir, `schema.${dialect}.ts`);
     await mkdir(schemaDir, { recursive: true });
     await writeFile(schemaPath, schemaCode);
     addTemplate({ filename: `better-auth/schema.${dialect}.ts`, getContents: () => schemaCode, write: true });
-    consola.info(`Generated ${dialect} schema with ${Object.keys(tables).length} tables`);
+    consola.info(`Generated ${dialect} schema`);
   } catch (error) {
+    if (isProduction) {
+      throw error;
+    }
     consola.error("Failed to generate schema:", error);
   }
-  nuxt.hook("hub:db:schema:extend", ({ paths, dialect: hookDialect }) => {
+  const nuxtWithHubHooks = nuxt;
+  nuxtWithHubHooks.hook("hub:db:schema:extend", ({ paths, dialect: hookDialect }) => {
     const schemaPath = join(nuxt.options.buildDir, "better-auth", `schema.${hookDialect}.ts`);
     if (existsSync(schemaPath)) {
-      paths.push(schemaPath);
+      paths.unshift(schemaPath);
     }
   });
 }
+async function setupConvexAuthSchema(nuxt, serverConfigPath) {
+  const isProduction = !nuxt.options.dev;
+  try {
+    const configFile = `${serverConfigPath}.ts`;
+    const userConfig = await loadUserAuthConfig(configFile, isProduction);
+    const authOptions = { ...userConfig };
+    const schemaCode = await generateConvexSchema(authOptions);
+    const schemaDir = join(nuxt.options.buildDir, "better-auth");
+    const schemaPath = join(schemaDir, "auth-tables.convex.ts");
+    await mkdir(schemaDir, { recursive: true });
+    await writeFile(schemaPath, schemaCode);
+    addTemplate({ filename: "better-auth/auth-tables.convex.ts", getContents: () => schemaCode, write: true });
+    nuxt.options.alias["#auth/convex-schema"] = schemaPath;
+    consola.info("Generated Convex auth schema at .nuxt/better-auth/auth-tables.convex.ts");
+  } catch (error) {
+    if (isProduction) {
+      throw error;
+    }
+    consola.error("Failed to generate Convex schema:", error);
+  }
+}
 
 export { module$1 as default };