@onmax/nuxt-better-auth 0.0.2-alpha.2 → 0.0.2-alpha.4

package/dist/module.json

@@ -4,7 +4,7 @@
   "compatibility": {
     "nuxt": ">=3.0.0"
   },
-  "version": "0.0.2-alpha.2",
+  "version": "0.0.2-alpha.4",
   "builder": {
     "@nuxt/module-builder": "1.0.2",
     "unbuild": "3.6.1"

package/dist/module.mjs

@@ -5,6 +5,7 @@ import { consola as consola$1 } from 'consola';
 import { defu } from 'defu';
 import { join } from 'pathe';
 import { toRouteMatcher, createRouter } from 'radix3';
+import pluralize from 'pluralize';
 export { defineClientAuth, defineServerAuth } from '../dist/runtime/config.js';
 
 function setupDevTools(nuxt) {
@@ -22,46 +23,65 @@ function setupDevTools(nuxt) {
   });
 }
 
-function generateDrizzleSchema(tables, dialect) {
-  const imports = getImports(dialect);
-  const tableDefinitions = Object.entries(tables).map(([tableName, table]) => generateTable(tableName, table, dialect, tables)).join("\n\n");
+function toSnakeCase(str) {
+  return str.replace(/([A-Z]+)([A-Z][a-z])/g, "$1_$2").replace(/([a-z\d])([A-Z])/g, "$1_$2").toLowerCase();
+}
+function generateDrizzleSchema(tables, dialect, options) {
+  const typedTables = tables;
+  const imports = getImports(dialect, options);
+  const tableDefinitions = Object.entries(typedTables).map(([tableName, table]) => generateTable(tableName, table, dialect, typedTables, options)).join("\n\n");
   return `${imports}
 
 ${tableDefinitions}
 `;
 }
-function getImports(dialect) {
+function getImports(dialect, options) {
   switch (dialect) {
     case "sqlite":
       return `import { integer, sqliteTable, text } from 'drizzle-orm/sqlite-core'`;
     case "postgresql":
-      return `import { boolean, pgTable, text, timestamp, integer } from 'drizzle-orm/pg-core'`;
+      return options?.useUuid ? `import { boolean, integer, pgTable, text, timestamp, uuid } from 'drizzle-orm/pg-core'` : `import { boolean, integer, pgTable, text, timestamp } from 'drizzle-orm/pg-core'`;
     case "mysql":
       return `import { boolean, int, mysqlTable, text, timestamp, varchar } from 'drizzle-orm/mysql-core'`;
   }
 }
-function generateTable(tableName, table, dialect, allTables) {
+function generateTable(tableName, table, dialect, allTables, options) {
   const tableFunc = dialect === "sqlite" ? "sqliteTable" : dialect === "postgresql" ? "pgTable" : "mysqlTable";
-  const dbTableName = table.modelName || tableName;
-  const fields = Object.entries(table.fields).map(([fieldName, field]) => generateField(fieldName, field, dialect, allTables)).join(",\n    ");
-  const idField = generateIdField(dialect);
+  const hasCustomModelName = table.modelName && table.modelName !== tableName;
+  let dbTableName = hasCustomModelName ? table.modelName : tableName;
+  if (options?.casing === "snake_case" && !hasCustomModelName)
+    dbTableName = toSnakeCase(dbTableName);
+  if (options?.usePlural && !hasCustomModelName)
+    dbTableName = pluralize(dbTableName);
+  const fields = Object.entries(table.fields).map(([fieldName, field]) => generateField(fieldName, field, dialect, allTables, options)).join(",\n    ");
+  const idField = generateIdField(dialect, options);
   return `export const ${tableName} = ${tableFunc}('${dbTableName}', {
     ${idField},
     ${fields}
   })`;
 }
-function generateIdField(dialect) {
+function generateIdField(dialect, options) {
   switch (dialect) {
     case "sqlite":
-    case "postgresql":
+      if (options?.useUuid)
+        consola$1.warn("[@onmax/nuxt-better-auth] useUuid ignored for SQLite (no native uuid type). Using text.");
       return `id: text('id').primaryKey()`;
+    case "postgresql":
+      return options?.useUuid ? `id: uuid('id').defaultRandom().primaryKey()` : `id: text('id').primaryKey()`;
     case "mysql":
       return `id: varchar('id', { length: 36 }).primaryKey()`;
   }
 }
-function generateField(fieldName, field, dialect, allTables) {
-  const dbFieldName = fieldName;
-  let fieldDef = getFieldType(field.type, dialect, dbFieldName);
+function generateField(fieldName, field, dialect, allTables, options) {
+  const dbFieldName = options?.casing === "snake_case" ? toSnakeCase(fieldName) : fieldName;
+  const isFkToId = options?.useUuid && field.references?.field === "id";
+  let fieldDef;
+  if (isFkToId && dialect === "postgresql")
+    fieldDef = `uuid('${dbFieldName}')`;
+  else if (isFkToId && dialect === "mysql")
+    fieldDef = `varchar('${dbFieldName}', { length: 36 })`;
+  else
+    fieldDef = getFieldType(field.type, dialect, dbFieldName);
   if (field.required && field.defaultValue === void 0)
     fieldDef += ".notNull()";
   if (field.unique)
@@ -71,11 +91,15 @@ function generateField(fieldName, field, dialect, allTables) {
       fieldDef += `.default(${field.defaultValue})`;
     else if (typeof field.defaultValue === "string")
       fieldDef += `.default('${field.defaultValue}')`;
+    else if (typeof field.defaultValue === "function")
+      fieldDef += `.$defaultFn(${field.defaultValue})`;
     else
       fieldDef += `.default(${field.defaultValue})`;
     if (field.required)
       fieldDef += ".notNull()";
   }
+  if (typeof field.onUpdate === "function" && field.type === "date")
+    fieldDef += `.$onUpdate(${field.onUpdate})`;
   if (field.references) {
     const refTable = field.references.model;
     if (allTables[refTable])
@@ -136,22 +160,42 @@ function getMysqlType(type, fieldName) {
       return `text('${fieldName}')`;
   }
 }
-async function loadUserAuthConfig(configPath) {
+async function loadUserAuthConfig(configPath, throwOnError = false) {
   const { createJiti } = await import('jiti');
   const jiti = createJiti(import.meta.url, { interopDefault: true });
   try {
     const mod = await jiti.import(configPath);
-    const configFn = mod.default || mod;
+    const configFn = typeof mod === "object" && mod !== null && "default" in mod ? mod.default : mod;
     if (typeof configFn === "function") {
       return configFn({ runtimeConfig: {}, db: null });
     }
+    if (throwOnError) {
+      throw new Error("auth.config.ts must export default defineServerAuth(...)");
+    }
     return {};
   } catch (error) {
+    if (throwOnError) {
+      throw new Error(`Failed to load auth config: ${error instanceof Error ? error.message : error}`);
+    }
     consola$1.error("[@onmax/nuxt-better-auth] Failed to load auth config for schema generation. Schema may be incomplete:", error);
     return {};
   }
 }
 
+function getHubDialect(hub) {
+  if (!hub?.db)
+    return void 0;
+  if (typeof hub.db === "string")
+    return hub.db;
+  if (typeof hub.db === "object" && hub.db !== null)
+    return hub.db.dialect;
+  return void 0;
+}
+function getHubCasing(hub) {
+  if (!hub?.db || typeof hub.db !== "object" || hub.db === null)
+    return void 0;
+  return hub.db.casing;
+}
 const consola = consola$1.withTag("nuxt-better-auth");
 const module$1 = defineNuxtModule({
   meta: { name: "@onmax/nuxt-better-auth", configKey: "auth", compatibility: { nuxt: ">=3.0.0" } },
@@ -186,14 +230,25 @@ const module$1 = defineNuxtModule({
       redirects: { login: options.redirects?.login ?? "/login", guest: options.redirects?.guest ?? "/" },
       useDatabase: hasHubDb
     });
-    nuxt.options.runtimeConfig.betterAuthSecret ||= process.env.BETTER_AUTH_SECRET || process.env.NUXT_BETTER_AUTH_SECRET || "";
+    const betterAuthSecret = process.env.BETTER_AUTH_SECRET || process.env.NUXT_BETTER_AUTH_SECRET || nuxt.options.runtimeConfig.betterAuthSecret || "";
+    if (!nuxt.options.dev && !betterAuthSecret) {
+      throw new Error("[nuxt-better-auth] BETTER_AUTH_SECRET is required in production. Set BETTER_AUTH_SECRET or NUXT_BETTER_AUTH_SECRET environment variable.");
+    }
+    if (betterAuthSecret && betterAuthSecret.length < 32) {
+      throw new Error("[nuxt-better-auth] BETTER_AUTH_SECRET must be at least 32 characters for security");
+    }
+    nuxt.options.runtimeConfig.betterAuthSecret = betterAuthSecret;
     nuxt.options.runtimeConfig.auth = defu(nuxt.options.runtimeConfig.auth, {
       secondaryStorage: secondaryStorageEnabled
     });
     nuxt.options.alias["#nuxt-better-auth"] = resolver.resolve("./runtime/types/augment");
     nuxt.options.alias["#auth/server"] = serverConfigPath;
     nuxt.options.alias["#auth/client"] = clientConfigPath;
-    const secondaryStorageCode = secondaryStorageEnabled ? `import { kv } from 'hub:kv'
+    const hubKVPath = nuxt.options.alias["hub:kv"];
+    if (secondaryStorageEnabled && !hubKVPath) {
+      throw new Error("[nuxt-better-auth] hub:kv alias not found. Ensure @nuxthub/core is loaded before this module.");
+    }
+    const secondaryStorageCode = secondaryStorageEnabled ? `import { kv } from '${hubKVPath}'
 export function createSecondaryStorage() {
   return {
     get: async (key) => kv.get(\`_auth:\${key}\`),
@@ -204,9 +259,13 @@ export function createSecondaryStorage() {
     const secondaryStorageTemplate = addTemplate({ filename: "better-auth/secondary-storage.mjs", getContents: () => secondaryStorageCode, write: true });
     nuxt.options.alias["#auth/secondary-storage"] = secondaryStorageTemplate.dst;
     const hubDbPath = nuxt.options.alias["hub:db"];
+    if (hasHubDb && !hubDbPath) {
+      throw new Error("[nuxt-better-auth] hub:db alias not found. Ensure @nuxthub/core is loaded before this module.");
+    }
+    const hubDialect = getHubDialect(hub) ?? "sqlite";
     const databaseCode = hasHubDb && hubDbPath ? `import { db, schema } from '${hubDbPath}'
 import { drizzleAdapter } from 'better-auth/adapters/drizzle'
-const rawDialect = '${hub?.db?.dialect ?? "sqlite"}'
+const rawDialect = '${hubDialect}'
 const dialect = rawDialect === 'postgresql' ? 'pg' : rawDialect
 export function createDatabase() { return drizzleAdapter(db, { provider: dialect, schema }) }
 export { db }` : `export function createDatabase() { return undefined }
@@ -298,9 +357,10 @@ declare module 'nitropack/types' {
       app.middleware.push({ name: "auth", path: resolver.resolve("./runtime/app/middleware/auth.global"), global: true });
     });
     if (hasHubDb) {
-      await setupBetterAuthSchema(nuxt, serverConfigPath);
+      await setupBetterAuthSchema(nuxt, serverConfigPath, options);
     }
-    if (nuxt.options.dev && process.env.NODE_ENV !== "production") {
+    const isProduction = process.env.NODE_ENV === "production" || !nuxt.options.dev;
+    if (!isProduction) {
       setupDevTools(nuxt);
       addServerHandler({ route: "/api/_better-auth/config", method: "get", handler: resolver.resolve("./runtime/server/api/_better-auth/config.get") });
       if (hasHubDb) {
@@ -333,22 +393,35 @@ declare module 'nitropack/types' {
     });
   }
 });
-async function setupBetterAuthSchema(nuxt, serverConfigPath) {
+async function setupBetterAuthSchema(nuxt, serverConfigPath, options) {
   const hub = nuxt.options.hub;
-  const dialect = typeof hub.db === "string" ? hub.db : hub.db?.dialect;
+  const dialect = getHubDialect(hub);
   if (!dialect || !["sqlite", "postgresql", "mysql"].includes(dialect)) {
     consola.warn(`Unsupported database dialect: ${dialect}`);
     return;
   }
+  const isProduction = !nuxt.options.dev;
   try {
     const configFile = `${serverConfigPath}.ts`;
-    const userConfig = await loadUserAuthConfig(configFile);
+    const userConfig = await loadUserAuthConfig(configFile, isProduction);
     const extendedConfig = {};
     await nuxt.callHook("better-auth:config:extend", extendedConfig);
     const plugins = [...userConfig.plugins || [], ...extendedConfig.plugins || []];
     const { getAuthTables } = await import('better-auth/db');
-    const tables = getAuthTables({ plugins });
-    const schemaCode = generateDrizzleSchema(tables, dialect);
+    const tables = getAuthTables({
+      plugins,
+      secondaryStorage: options.secondaryStorage ? {
+        get: async (_key) => null,
+        set: async (_key, _value, _ttl) => {
+        },
+        delete: async (_key) => {
+        }
+      } : void 0
+    });
+    const useUuid = userConfig.advanced?.database?.generateId === "uuid";
+    const hubCasing = getHubCasing(hub);
+    const schemaOptions = { ...options.schema, useUuid, casing: options.schema?.casing ?? hubCasing };
+    const schemaCode = generateDrizzleSchema(tables, dialect, schemaOptions);
     const schemaDir = join(nuxt.options.buildDir, "better-auth");
     const schemaPath = join(schemaDir, `schema.${dialect}.ts`);
     await mkdir(schemaDir, { recursive: true });
@@ -356,12 +429,16 @@ async function setupBetterAuthSchema(nuxt, serverConfigPath) {
     addTemplate({ filename: `better-auth/schema.${dialect}.ts`, getContents: () => schemaCode, write: true });
     consola.info(`Generated ${dialect} schema with ${Object.keys(tables).length} tables`);
   } catch (error) {
+    if (isProduction) {
+      throw error;
+    }
     consola.error("Failed to generate schema:", error);
   }
-  nuxt.hook("hub:db:schema:extend", ({ paths, dialect: hookDialect }) => {
+  const nuxtWithHubHooks = nuxt;
+  nuxtWithHubHooks.hook("hub:db:schema:extend", ({ paths, dialect: hookDialect }) => {
     const schemaPath = join(nuxt.options.buildDir, "better-auth", `schema.${hookDialect}.ts`);
     if (existsSync(schemaPath)) {
-      paths.push(schemaPath);
+      paths.unshift(schemaPath);
     }
   });
 }

package/dist/runtime/app/composables/useUserSession.js

@@ -1,6 +1,5 @@
 import { createAppAuthClient } from "#auth/client";
 import { computed, nextTick, useRequestHeaders, useRequestURL, useRuntimeConfig, useState, watch } from "#imports";
-import { consola } from "consola";
 let _client = null;
 function getClient(baseURL) {
   if (!_client)
@@ -30,7 +29,8 @@ export function useUserSession() {
       () => clientSession.value,
       (newSession) => {
         if (newSession?.data?.session && newSession?.data?.user) {
-          session.value = newSession.data.session;
+          const { token: _, ...safeSession } = newSession.data.session;
+          session.value = safeSession;
           user.value = newSession.data.user;
         } else if (!newSession?.isPending) {
           clearSession();
@@ -82,10 +82,11 @@ export function useUserSession() {
   }
   const signIn = client?.signIn ? new Proxy(client.signIn, {
     get(target, prop) {
-      const method = target[prop];
+      const targetRecord = target;
+      const method = targetRecord[prop];
       if (typeof method !== "function")
         return method;
-      return wrapAuthMethod((...args) => target[prop](...args));
+      return wrapAuthMethod((...args) => targetRecord[prop](...args));
     }
   }) : new Proxy({}, {
     get: (_, prop) => {
@@ -94,10 +95,11 @@ export function useUserSession() {
   });
   const signUp = client?.signUp ? new Proxy(client.signUp, {
     get(target, prop) {
-      const method = target[prop];
+      const targetRecord = target;
+      const method = targetRecord[prop];
       if (typeof method !== "function")
         return method;
-      return wrapAuthMethod((...args) => target[prop](...args));
+      return wrapAuthMethod((...args) => targetRecord[prop](...args));
     }
   }) : new Proxy({}, {
     get: (_, prop) => {
@@ -118,15 +120,15 @@ export function useUserSession() {
         const result = await client.getSession({ query }, fetchOptions);
         const data = result.data;
         if (data?.session && data?.user) {
-          session.value = data.session;
+          const { token: _, ...safeSession } = data.session;
+          session.value = safeSession;
           user.value = data.user;
         } else {
           clearSession();
         }
       } catch (error) {
         clearSession();
-        if (import.meta.dev)
-          consola.error("Failed to fetch auth session:", error);
+        console.error("[nuxt-better-auth] Failed to fetch session:", error);
       } finally {
         if (!authReady.value)
           authReady.value = true;

package/dist/runtime/app/middleware/auth.global.js

@@ -1,6 +1,12 @@
-import { createError, defineNuxtRouteMiddleware, getRouteRules, navigateTo, useRequestHeaders, useRuntimeConfig } from "#imports";
+import { createError, defineNuxtRouteMiddleware, getRouteRules, navigateTo, useNuxtApp, useRequestHeaders, useRuntimeConfig } from "#imports";
 import { matchesUser } from "../../utils/match-user.js";
 export default defineNuxtRouteMiddleware(async (to) => {
+  const nuxtApp = useNuxtApp();
+  if (import.meta.client) {
+    const isPrerendered = nuxtApp.payload.prerenderedAt || nuxtApp.payload.isCached;
+    if (isPrerendered && nuxtApp.isHydrating)
+      return;
+  }
   if (to.meta.auth === void 0) {
     const rules = await getRouteRules({ path: to.path });
     if (rules.auth !== void 0)

package/dist/runtime/app/plugins/session.server.js

@@ -12,7 +12,8 @@ export default defineNuxtPlugin({
         const headers = useRequestHeaders(["cookie"]);
         const data = await $fetch("/api/auth/get-session", { headers });
         if (data?.session && data?.user) {
-          session.value = data.session;
+          const { token: _, ...safeSession } = data.session;
+          session.value = safeSession;
           user.value = data.user;
         }
       } catch {

package/dist/runtime/config.d.ts

@@ -1,5 +1,6 @@
 import type { BetterAuthOptions } from 'better-auth';
 import type { ClientOptions } from 'better-auth/client';
+import type { CasingOption } from '../schema-generator.js';
 import type { ServerAuthContext } from './types/augment.js';
 export type { ServerAuthContext };
 export interface ClientAuthContext {
@@ -22,6 +23,13 @@ export interface BetterAuthModuleOptions {
     };
     /** Enable KV secondary storage for sessions. Requires hub.kv: true */
     secondaryStorage?: boolean;
+    /** Schema generation options. Must match drizzleAdapter config. */
+    schema?: {
+        /** Plural table names: user → users. Default: false */
+        usePlural?: boolean;
+        /** Column/table name casing. Explicit value takes precedence over hub.db.casing. */
+        casing?: CasingOption;
+    };
 }
 export interface AuthRuntimeConfig {
     redirects: {

package/dist/runtime/server/api/_better-auth/config.get.d.ts

@@ -9,27 +9,27 @@ declare const _default: import("h3").EventHandler<import("h3").EventHandlerReque
             useDatabase: boolean;
         };
         server: {
-            baseURL: string | undefined;
-            basePath: string;
+            baseURL: any;
+            basePath: any;
             socialProviders: string[];
-            plugins: any[];
-            trustedOrigins: string[] | ((request: Request) => string[] | Promise<string[]>);
+            plugins: any;
+            trustedOrigins: any;
             session: {
                 expiresIn: string;
                 updateAge: string;
-                cookieCache: boolean;
+                cookieCache: any;
             };
             emailAndPassword: boolean;
-            rateLimit: boolean;
+            rateLimit: any;
             advanced: {
-                useSecureCookies: string | boolean;
-                disableCSRFCheck: boolean;
+                useSecureCookies: any;
+                disableCSRFCheck: any;
             };
         };
     };
     error?: undefined;
 } | {
     config: null;
-    error: any;
+    error: string;
 }>>;
 export default _default;

package/dist/runtime/server/api/_better-auth/config.get.js

@@ -41,6 +41,7 @@ export default defineEventHandler(async (event) => {
       }
     };
   } catch (error) {
-    return { config: null, error: error.message || "Failed to fetch config" };
+    console.error("[DevTools] Config fetch failed:", error);
+    return { config: null, error: "Failed to fetch configuration" };
   }
 });

package/dist/runtime/server/api/_better-auth/sessions.get.js

@@ -26,7 +26,16 @@ export default defineEventHandler(async (event) => {
       dbQuery.orderBy(desc(schema.session.createdAt)).limit(limit).offset(offset),
       countQuery
     ]);
-    return { sessions, total: totalResult[0]?.count ?? 0, page, limit };
+    const safeSessions = sessions.map((s) => ({
+      id: s.id,
+      userId: s.userId,
+      createdAt: s.createdAt,
+      updatedAt: s.updatedAt,
+      expiresAt: s.expiresAt,
+      ipAddress: s.ipAddress,
+      userAgent: s.userAgent
+    }));
+    return { sessions: safeSessions, total: totalResult[0]?.count ?? 0, page, limit };
   } catch (error) {
     console.error("[DevTools] Fetch sessions failed:", error);
     return { sessions: [], total: 0, error: "Failed to fetch sessions" };

package/dist/runtime/server/utils/auth.d.ts

@@ -1,6 +1,7 @@
+import type { Auth } from 'better-auth';
 import type { H3Event } from 'h3';
-import { betterAuth } from 'better-auth';
-type AuthInstance = ReturnType<typeof betterAuth>;
+import createServerAuth from '#auth/server';
+type AuthInstance = Auth<ReturnType<typeof createServerAuth>>;
 declare module 'h3' {
     interface H3EventContext {
         _betterAuth?: AuthInstance;

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@onmax/nuxt-better-auth",
   "type": "module",
-  "version": "0.0.2-alpha.2",
+  "version": "0.0.2-alpha.4",
   "packageManager": "pnpm@10.15.1",
   "description": "Nuxt module for Better Auth integration with NuxtHub, route protection, session management, and role-based access",
   "author": "onmax",
@@ -63,6 +63,7 @@
     "defu": "^6.1.4",
     "jiti": "^2.4.2",
     "pathe": "^2.0.3",
+    "pluralize": "^8.0.0",
     "radix3": "^1.1.2"
   },
   "devDependencies": {
@@ -77,6 +78,7 @@
     "@nuxthub/core": "^0.10.3",
     "@types/better-sqlite3": "^7.6.13",
     "@types/node": "latest",
+    "@types/pluralize": "^0.0.33",
     "better-auth": "^1.4.7",
     "better-sqlite3": "^11.9.1",
     "bumpp": "^10.3.2",
@@ -95,9 +97,11 @@
   },
   "pnpm": {
     "onlyBuiltDependencies": [
+      "@parcel/watcher",
       "better-sqlite3",
       "esbuild",
-      "@parcel/watcher"
+      "sharp",
+      "workerd"
     ],
     "patchedDependencies": {
       "@peculiar/x509@1.14.2": "patches/@peculiar__x509@1.14.2.patch",