@onmax/nuxt-better-auth 0.0.2-alpha.23 → 0.0.2-alpha.25

package/dist/module.d.mts

@@ -3,7 +3,7 @@ import { Nuxt } from '@nuxt/schema';
 import { BetterAuthModuleOptions } from '../dist/runtime/config.js';
 export { BetterAuthModuleOptions, defineClientAuth, defineServerAuth } from '../dist/runtime/config.js';
 import { BetterAuthOptions } from 'better-auth';
-export { Auth, AuthMeta, AuthMode, AuthRouteRules, AuthSession, AuthUser, InferSession, InferUser, RequireSessionOptions, ServerAuthContext, UserMatch } from '../dist/runtime/types.js';
+export { AppSession, Auth, AuthMeta, AuthMode, AuthRouteRules, AuthSession, AuthUser, InferSession, InferUser, RequireSessionOptions, ServerAuthContext, UserMatch } from '../dist/runtime/types.js';
 
 interface DefineServerAuthFn {
     (...args: unknown[]): unknown;

package/dist/module.json

@@ -1,6 +1,6 @@
 {
   "name": "@onmax/nuxt-better-auth",
-  "version": "0.0.2-alpha.23",
+  "version": "0.0.2-alpha.25",
   "configKey": "auth",
   "compatibility": {
     "nuxt": ">=4.0.0"

package/dist/module.mjs

@@ -10,7 +10,7 @@ import { randomBytes } from 'node:crypto';
 import { isCI, isTest } from 'std-env';
 export { defineClientAuth, defineServerAuth } from '../dist/runtime/config.js';
 
-const version = "0.0.2-alpha.23";
+const version = "0.0.2-alpha.25";
 
 function resolveDatabaseProvider(input) {
   const enabledProviders = Object.entries(input.providers).filter(([_id, provider]) => provider.isEnabled?.(input.context) ?? true);
@@ -23,7 +23,8 @@ function resolveDatabaseProvider(input) {
 }
 
 function setupDevTools(nuxt) {
-  nuxt.hook("devtools:customTabs", (tabs) => {
+  const hookable = nuxt;
+  hookable.hook("devtools:customTabs", (tabs) => {
     tabs.push({
       category: "server",
       name: "better-auth",
@@ -141,10 +142,10 @@ function setupRuntimeConfig(input) {
   if (!configuredSiteUrl && process.env.NUXT_PUBLIC_SITE_URL)
     nuxt.options.runtimeConfig.public.siteUrl = process.env.NUXT_PUBLIC_SITE_URL;
   nuxt.options.runtimeConfig.public.auth = defu(nuxt.options.runtimeConfig.public.auth, {
-    redirects: { login: options.redirects?.login ?? "/login", guest: options.redirects?.guest ?? "/" },
+    preserveRedirect: options.preserveRedirect ?? true,
+    redirectQueryKey: options.redirectQueryKey ?? "redirect",
     useDatabase: databaseProvider !== "none",
     databaseProvider,
-    databaseSource: "module",
     clientOnly,
     session: {
       skipHydratedSsrGetSession: options.session?.skipHydratedSsrGetSession ?? false
@@ -154,7 +155,7 @@ function setupRuntimeConfig(input) {
     const siteUrl = nuxt.options.runtimeConfig.public.siteUrl;
     if (!siteUrl)
       consola.warn("clientOnly mode: set runtimeConfig.public.siteUrl (or NUXT_PUBLIC_SITE_URL) to your frontend URL");
-    consola.info("clientOnly mode enabled - server utilities (serverAuth, getUserSession, requireUserSession) are not available");
+    consola.info("clientOnly mode enabled - server utilities (serverAuth, getAppSession, getUserSession, requireUserSession) are not available");
     return { secondaryStorageEnabled };
   }
   const currentSecret = nuxt.options.runtimeConfig.betterAuthSecret;
@@ -305,6 +306,7 @@ async function setupBetterAuthSchema(nuxt, serverConfigPath, options, consola) {
     if (isProduction)
       throw error;
     consola.error("Failed to generate schema:", error);
+    throw error;
   }
 }
 
@@ -387,7 +389,8 @@ export function createSecondaryStorage() {
 }
 function buildDatabaseCode(input) {
   if (input.provider === "nuxthub") {
-    return `import { db, schema } from '@nuxthub/db'
+    return `import { db } from '@nuxthub/db'
+import * as schema from './schema.${input.hubDialect}.mjs'
 import { drizzleAdapter } from 'better-auth/adapters/drizzle'
 const rawDialect = '${input.hubDialect}'
 const dialect = rawDialect === 'postgresql' ? 'pg' : rawDialect
@@ -421,6 +424,24 @@ declare module '#auth/database' {
   export function createDatabase(): BetterAuthOptions['database']
   export const db: ${hasHubDb ? `typeof import('@nuxthub/db')['db']` : "undefined"}
 }
+`
+  }, { nitro: true, node: true });
+  addTypeTemplate({
+    filename: "types/auth-schema.d.ts",
+    getContents: () => `
+declare module '#auth/schema' {
+  export const user: any
+  export const session: any
+  export const account: any
+  export const verification: any
+  export const schema: {
+    user: any
+    session: any
+    account: any
+    verification: any
+    [key: string]: any
+  } | undefined
+}
 `
   }, { nitro: true, node: true });
   addTypeTemplate({
@@ -475,8 +496,8 @@ declare module '@onmax/nuxt-better-auth/config' {
   type ServerAuthConfig = Omit<BetterAuthOptions, 'secret' | 'baseURL'> & {
     plugins?: readonly BetterAuthPlugin[]
   }
-  export function defineServerAuth<const R extends ServerAuthConfig>(config: R): (ctx: _AugmentedServerAuthContext) => R
-  export function defineServerAuth<const R extends ServerAuthConfig>(config: (ctx: _AugmentedServerAuthContext) => R): (ctx: _AugmentedServerAuthContext) => R
+  export function defineServerAuth<const R>(config: (ctx: _AugmentedServerAuthContext) => R & ServerAuthConfig): (ctx: _AugmentedServerAuthContext) => R
+  export function defineServerAuth<const R>(config: R & ServerAuthConfig): (ctx: _AugmentedServerAuthContext) => R
 }
 `
   }, { nuxt: true, nitro: true, node: true });
@@ -507,13 +528,13 @@ function registerSharedTypeTemplates(input) {
   addTypeTemplate({
     filename: "types/nuxt-better-auth.d.ts",
     getContents: () => `
-import type { AuthSession, AuthUser } from '${input.runtimeTypesAugmentPath}'
-import type { UserMatch } from '${input.runtimeTypesPath}'
+import type { AppSession } from '${input.runtimeTypesAugmentPath}'
 export * from '${input.runtimeTypesAugmentPath}'
-export type { AuthMeta, AuthMode, AuthRouteRules, UserMatch, Auth, InferUser, InferSession } from '${input.runtimeTypesPath}'
-export interface RequireSessionOptions {
-  user?: UserMatch<AuthUser>
-  rule?: (ctx: { user: AuthUser, session: AuthSession }) => boolean | Promise<boolean>
+export type { AuthMeta, AuthMode, AuthRouteRules, Auth, InferUser, InferSession } from '${input.runtimeTypesPath}'
+declare module 'h3' {
+  interface H3EventContext {
+    appSession?: AppSession | null
+  }
 }
 `
   });
@@ -566,7 +587,8 @@ const module$1 = defineNuxtModule({
     clientOnly: false,
     serverConfig: "server/auth.config",
     clientConfig: "app/auth.config",
-    redirects: { login: "/login", guest: "/" },
+    preserveRedirect: true,
+    redirectQueryKey: "redirect",
     secondaryStorage: false
   },
   async onInstall(nuxt) {
@@ -674,6 +696,19 @@ const module$1 = defineNuxtModule({
         write: true
       });
       nuxt.options.alias["#auth/database"] = databaseTemplate.dst;
+      const schemaTemplate = addTemplate({
+        filename: "better-auth/schema.mjs",
+        getContents: () => {
+          if (!hasHubDb)
+            return "export const schema = undefined\n";
+          return `export * from './schema.${hubDialect}.mjs'
+import * as schema from './schema.${hubDialect}.mjs'
+export { schema }
+`;
+        },
+        write: true
+      });
+      nuxt.options.alias["#auth/schema"] = schemaTemplate.dst;
       registerServerTypeTemplates({
         serverConfigPath,
         hasHubDb,

package/dist/runtime/app/composables/useUserSession.js

@@ -2,6 +2,9 @@ import createAppAuthClient from "#auth/client";
 import { computed, nextTick, useNuxtApp, useRequestHeaders, useRequestURL, useRuntimeConfig, useState, watch } from "#imports";
 let _sessionSignalListenerBound = false;
 let _client = null;
+function isRecord(value) {
+  return Boolean(value && typeof value === "object");
+}
 function getClient(baseURL) {
   if (!_client)
     _client = createAppAuthClient(baseURL);
@@ -17,10 +20,14 @@ function ensureSessionSignalListener(client, onSignal) {
   if (_sessionSignalListenerBound)
     return;
   const store = client.$store;
-  if (!store?.listen)
+  if (!isRecord(store))
+    return;
+  const listen = store.listen;
+  if (typeof listen !== "function")
     return;
   _sessionSignalListenerBound = true;
-  store.listen("$sessionSignal", async () => {
+  const listenFn = listen;
+  listenFn("$sessionSignal", async () => {
     try {
       await onSignal();
     } catch {
@@ -130,12 +137,29 @@ export function useUserSession() {
   }
   function wrapAuthMethod(method) {
     return (async (...args) => {
-      const [data, options] = args;
-      if (data?.fetchOptions?.onSuccess) {
-        return method({ ...data, fetchOptions: { ...data.fetchOptions, onSuccess: wrapOnSuccess(data.fetchOptions.onSuccess) } }, options);
+      const data = args[0];
+      const options = args[1];
+      const dataRecord = isRecord(data) ? data : void 0;
+      const optionsRecord = isRecord(options) ? options : void 0;
+      const fetchOptions = isRecord(dataRecord?.fetchOptions) ? dataRecord.fetchOptions : void 0;
+      const nestedOnSuccess = fetchOptions?.onSuccess;
+      const topLevelOnSuccess = optionsRecord?.onSuccess;
+      if (typeof nestedOnSuccess === "function") {
+        const nextData = {
+          ...dataRecord,
+          fetchOptions: {
+            ...fetchOptions,
+            onSuccess: wrapOnSuccess(nestedOnSuccess)
+          }
+        };
+        return method(nextData, options);
       }
-      if (options?.onSuccess) {
-        return method(data, { ...options, onSuccess: wrapOnSuccess(options.onSuccess) });
+      if (typeof topLevelOnSuccess === "function") {
+        const nextOptions = {
+          ...optionsRecord,
+          onSuccess: wrapOnSuccess(topLevelOnSuccess)
+        };
+        return method(data, nextOptions);
       }
       return method(data, options);
     });

package/dist/runtime/app/composables/useUserSignIn.d.ts

@@ -0,0 +1,3 @@
+import type { AppAuthClient } from '#nuxt-better-auth';
+import type { ActionHandleMap } from '../internal/auth-action-handles.js';
+export declare function useUserSignIn(): ActionHandleMap<NonNullable<AppAuthClient>['signIn']>;

package/dist/runtime/app/composables/useUserSignIn.js

@@ -0,0 +1,5 @@
+import { useUserSession } from "#imports";
+import { createActionHandles } from "../internal/auth-action-handles.js";
+export function useUserSignIn() {
+  return createActionHandles(() => useUserSession().signIn, "signIn");
+}

package/dist/runtime/app/composables/useUserSignUp.d.ts

@@ -0,0 +1,3 @@
+import type { AppAuthClient } from '#nuxt-better-auth';
+import type { ActionHandleMap } from '../internal/auth-action-handles.js';
+export declare function useUserSignUp(): ActionHandleMap<NonNullable<AppAuthClient>['signUp']>;

package/dist/runtime/app/composables/useUserSignUp.js

@@ -0,0 +1,5 @@
+import { useUserSession } from "#imports";
+import { createActionHandles } from "../internal/auth-action-handles.js";
+export function useUserSignUp() {
+  return createActionHandles(() => useUserSession().signUp, "signUp");
+}

package/dist/runtime/app/internal/auth-action-handles.d.ts

@@ -0,0 +1,13 @@
+import type { ComputedRef, Ref } from 'vue';
+export type UserAuthActionStatus = 'idle' | 'pending' | 'success' | 'error';
+export interface UserAuthActionHandle<TArgs extends unknown[], TResult> {
+    execute: (...args: TArgs) => Promise<TResult>;
+    status: Ref<UserAuthActionStatus>;
+    pending: ComputedRef<boolean>;
+    error: Ref<unknown | null>;
+}
+export type ActionHandleFor<T> = T extends (...args: infer A) => Promise<infer R> ? UserAuthActionHandle<A, R> : never;
+export type ActionHandleMap<T> = {
+    [K in keyof T]: ActionHandleFor<T[K]>;
+};
+export declare function createActionHandles<T extends object>(getTarget: () => T, targetName: string): ActionHandleMap<T>;

package/dist/runtime/app/internal/auth-action-handles.js

@@ -0,0 +1,62 @@
+import { computed, ref } from "#imports";
+function isRecord(value) {
+  return Boolean(value && typeof value === "object");
+}
+function isErrorResult(value) {
+  if (!isRecord(value))
+    return false;
+  if (!("error" in value))
+    return false;
+  return Boolean(value.error);
+}
+function createActionHandle(getMethod) {
+  const status = ref("idle");
+  const error = ref(null);
+  const pending = computed(() => status.value === "pending");
+  let latestCallId = 0;
+  const execute = (async (...args) => {
+    const callId = ++latestCallId;
+    status.value = "pending";
+    error.value = null;
+    try {
+      const result = await getMethod()(...args);
+      if (callId !== latestCallId)
+        return result;
+      if (isErrorResult(result)) {
+        status.value = "error";
+        error.value = result.error;
+        return result;
+      }
+      status.value = "success";
+      error.value = null;
+      return result;
+    } catch (err) {
+      if (callId === latestCallId) {
+        status.value = "error";
+        error.value = err;
+      }
+      throw err;
+    }
+  });
+  return { execute, status, pending, error };
+}
+export function createActionHandles(getTarget, targetName) {
+  const handles = /* @__PURE__ */ new Map();
+  return new Proxy({}, {
+    get(_target, prop) {
+      if (prop === "then")
+        return void 0;
+      if (handles.has(prop))
+        return handles.get(prop);
+      const handle = createActionHandle(() => {
+        const target = getTarget();
+        const method = target[prop];
+        if (typeof method !== "function")
+          throw new TypeError(`${targetName}.${String(prop)}() is not a function`);
+        return method;
+      });
+      handles.set(prop, handle);
+      return handle;
+    }
+  });
+}

package/dist/runtime/app/middleware/auth.global.js

@@ -25,13 +25,49 @@ export default defineNuxtRouteMiddleware(async (to) => {
   const redirectTo = typeof auth === "object" ? auth.redirectTo : void 0;
   if (mode === "guest") {
     if (loggedIn.value)
-      return navigateTo(redirectTo ?? config?.redirects?.guest ?? "/");
+      return navigateTo(redirectTo ?? "/");
     return;
   }
-  if (!loggedIn.value)
-    return navigateTo(redirectTo ?? config?.redirects?.login ?? "/login");
+  if (!loggedIn.value) {
+    const resolved = resolveLoginRedirect({
+      route: to,
+      loginTarget: redirectTo ?? "/login",
+      config
+    });
+    return resolved.external ? navigateTo(resolved.to, { external: true }) : navigateTo(resolved.to);
+  }
   if (typeof auth === "object" && auth.user) {
     if (!user.value || !matchesUser(user.value, auth.user))
       throw createError({ statusCode: 403, statusMessage: "Access denied" });
   }
 });
+function resolveLoginRedirect(input) {
+  const { route, loginTarget, config } = input;
+  const preserveRedirect = config?.preserveRedirect ?? true;
+  const redirectQueryKey = config?.redirectQueryKey ?? "redirect";
+  if (!preserveRedirect)
+    return { to: loginTarget, external: false };
+  if (!loginTarget.startsWith("/") || loginTarget.startsWith("//"))
+    return { to: loginTarget, external: false };
+  const [beforeHash, hash = ""] = loginTarget.split("#", 2);
+  const [path, query = ""] = beforeHash.split("?", 2);
+  try {
+    const params2 = new URLSearchParams(query);
+    if (params2.has(redirectQueryKey))
+      return { to: loginTarget, external: false };
+  } catch {
+    return { to: loginTarget, external: false };
+  }
+  if (import.meta.server) {
+    const separator = query ? "&" : "";
+    const encodedRedirect = encodeURIComponent(route.fullPath);
+    const url = `${path}?${query}${separator}${redirectQueryKey}=${encodedRedirect}${hash ? `#${hash}` : ""}`;
+    return { to: url, external: true };
+  }
+  const params = new URLSearchParams(query);
+  const queryObj = {};
+  for (const [k, v] of params.entries())
+    queryObj[k] = v;
+  queryObj[redirectQueryKey] = route.fullPath;
+  return { to: { path, query: queryObj, ...hash ? { hash: `#${hash}` } : {} }, external: false };
+}

package/dist/runtime/app/pages/__better-auth-devtools.vue

@@ -373,15 +373,9 @@ function getAccountActions(row) {
                 <div class="config-header">
                   <UIcon name="i-lucide-settings-2" class="size-4" /><span>Module</span>
                 </div>
-                <div class="config-row">
-                  <span class="config-label">Login</span><span class="font-mono">{{ configData.config.module?.redirects?.login }}</span>
-                </div>
-                <div class="config-row">
-                  <span class="config-label">Guest</span><span class="font-mono">{{ configData.config.module?.redirects?.guest }}</span>
-                </div>
                 <div class="config-row">
                   <span class="config-label">DB</span><UBadge :color="configData.config.module?.databaseProvider === 'none' ? 'neutral' : 'success'" variant="subtle" size="sm">
-                    {{ configData.config.module?.databaseProvider === "nuxthub" ? "Hub" : configData.config.module?.databaseProvider === "convex" ? "Convex" : "Off" }}
+                    {{ configData.config.module?.databaseProvider === "nuxthub" ? "Hub" : "Off" }}
                   </UBadge>
                 </div>
                 <div class="config-row">

package/dist/runtime/config.d.ts

@@ -17,7 +17,6 @@ export type ServerAuthConfigFn = (ctx: ServerAuthContext) => ServerAuthConfig;
 export type ClientAuthConfigFn = (ctx: ClientAuthContext) => ClientAuthConfig;
 export type ModuleDatabaseProviderId = 'none' | 'nuxthub' | (string & {});
 export type EffectiveDatabaseProviderId = 'user' | ModuleDatabaseProviderId;
-export type DatabaseSource = 'module' | 'user';
 export interface BetterAuthModuleOptions {
     /** Client-only mode - skip server setup for external auth backends */
     clientOnly?: boolean;
@@ -25,10 +24,19 @@ export interface BetterAuthModuleOptions {
     serverConfig?: string;
     /** Client config path relative to rootDir. Default: 'app/auth.config' */
     clientConfig?: string;
-    redirects?: {
-        login?: string;
-        guest?: string;
-    };
+    /**
+     * When redirecting unauthenticated users to the login route, append a query param
+     * containing the originally requested path (for safe "return-to" redirects).
+     *
+     * Default: true
+     */
+    preserveRedirect?: boolean;
+    /**
+     * Query param key used by preserveRedirect.
+     *
+     * Default: 'redirect'
+     */
+    redirectQueryKey?: string;
     session?: {
         /**
          * When enabled, and session/user are already hydrated from SSR, skip the initial
@@ -50,13 +58,10 @@ export interface BetterAuthModuleOptions {
     };
 }
 export interface AuthRuntimeConfig {
-    redirects: {
-        login: string;
-        guest: string;
-    };
+    preserveRedirect: boolean;
+    redirectQueryKey: string;
     useDatabase: boolean;
     databaseProvider: EffectiveDatabaseProviderId;
-    databaseSource: DatabaseSource;
     clientOnly: boolean;
     session: {
         skipHydratedSsrGetSession: boolean;
@@ -65,6 +70,6 @@ export interface AuthRuntimeConfig {
 export interface AuthPrivateRuntimeConfig {
     secondaryStorage: boolean;
 }
-export declare function defineServerAuth<const R extends ServerAuthConfig>(config: R): (ctx: ServerAuthContext) => R;
-export declare function defineServerAuth<const R extends ServerAuthConfig>(config: (ctx: ServerAuthContext) => R): (ctx: ServerAuthContext) => R;
+export declare function defineServerAuth<const R>(config: (ctx: ServerAuthContext) => R & ServerAuthConfig): (ctx: ServerAuthContext) => R;
+export declare function defineServerAuth<const R>(config: R & ServerAuthConfig): (ctx: ServerAuthContext) => R;
 export declare function defineClientAuth<T extends ClientAuthConfig>(config: T | ((ctx: ClientAuthContext) => T)): (baseURL: string) => ReturnType<typeof createAuthClient<T>>;

package/dist/runtime/server/api/_better-auth/accounts.get.js

@@ -2,8 +2,9 @@ import { defineEventHandler, getQuery } from "h3";
 import { paginationQuerySchema, sanitizeSearchPattern } from "./_schema.js";
 export default defineEventHandler(async (event) => {
   try {
-    const { db, schema } = await import("@nuxthub/db");
-    if (!schema.account)
+    const { db } = await import("@nuxthub/db");
+    const { schema } = await import("#auth/schema");
+    if (!schema?.account)
       return { accounts: [], total: 0, error: "Account table not found" };
     const query = paginationQuerySchema.parse(getQuery(event));
     const { page, limit, search } = query;

package/dist/runtime/server/api/_better-auth/config.get.d.ts

@@ -1,13 +1,11 @@
 declare const _default: import("h3").EventHandler<import("h3").EventHandlerRequest, Promise<{
     config: {
         module: {
-            redirects: {
-                login?: string;
-                guest?: string;
-            };
+            preserveRedirect: boolean;
+            redirectQueryKey: string;
             secondaryStorage: boolean;
             useDatabase: boolean;
-            databaseProvider: "none" | "nuxthub" | "convex";
+            databaseProvider: "none" | "nuxthub";
         };
         server: {
             baseURL: any;

package/dist/runtime/server/api/_better-auth/config.get.js

@@ -18,7 +18,8 @@ export default defineEventHandler(async (event) => {
       config: {
         // Module config (nuxt.config.ts)
         module: {
-          redirects: publicAuth?.redirects || { login: "/login", guest: "/" },
+          preserveRedirect: publicAuth?.preserveRedirect ?? true,
+          redirectQueryKey: publicAuth?.redirectQueryKey ?? "redirect",
           secondaryStorage: privateAuth?.secondaryStorage ?? false,
           useDatabase: publicAuth?.useDatabase ?? false,
           databaseProvider: publicAuth?.databaseProvider ?? "none"

package/dist/runtime/server/api/_better-auth/sessions.delete.js

@@ -6,8 +6,9 @@ const deleteSessionSchema = z.object({
 export default defineEventHandler(async (event) => {
   try {
     const body = deleteSessionSchema.parse(await readBody(event));
-    const { db, schema } = await import("@nuxthub/db");
-    if (!schema.session)
+    const { db } = await import("@nuxthub/db");
+    const { schema } = await import("#auth/schema");
+    if (!schema?.session)
       throw createError({ statusCode: 500, message: "Session table not found" });
     const { eq } = await import("drizzle-orm");
     await db.delete(schema.session).where(eq(schema.session.id, body.id));

package/dist/runtime/server/api/_better-auth/sessions.get.d.ts

@@ -1,3 +1,5 @@
+import type { Session } from 'better-auth/types';
+type SafeSession = Pick<Session, 'id' | 'userId' | 'createdAt' | 'updatedAt' | 'expiresAt' | 'ipAddress' | 'userAgent'>;
 declare const _default: import("h3").EventHandler<import("h3").EventHandlerRequest, Promise<{
     sessions: never[];
     total: number;
@@ -5,7 +7,7 @@ declare const _default: import("h3").EventHandler<import("h3").EventHandlerReque
     page?: undefined;
     limit?: undefined;
 } | {
-    sessions: any;
+    sessions: SafeSession[];
     total: any;
     page: number;
     limit: number;

package/dist/runtime/server/api/_better-auth/sessions.get.js

@@ -2,8 +2,9 @@ import { defineEventHandler, getQuery } from "h3";
 import { paginationQuerySchema, sanitizeSearchPattern } from "./_schema.js";
 export default defineEventHandler(async (event) => {
   try {
-    const { db, schema } = await import("@nuxthub/db");
-    if (!schema.session)
+    const { db } = await import("@nuxthub/db");
+    const { schema } = await import("#auth/schema");
+    if (!schema?.session)
       return { sessions: [], total: 0, error: "Session table not found" };
     const query = paginationQuerySchema.parse(getQuery(event));
     const { page, limit, search } = query;

package/dist/runtime/server/api/_better-auth/users.get.js

@@ -2,8 +2,9 @@ import { defineEventHandler, getQuery } from "h3";
 import { paginationQuerySchema, sanitizeSearchPattern } from "./_schema.js";
 export default defineEventHandler(async (event) => {
   try {
-    const { db, schema } = await import("@nuxthub/db");
-    if (!schema.user)
+    const { db } = await import("@nuxthub/db");
+    const { schema } = await import("#auth/schema");
+    if (!schema?.user)
       return { users: [], total: 0, error: "User table not found" };
     const query = paginationQuerySchema.parse(getQuery(event));
     const { page, limit, search } = query;

package/dist/runtime/server/middleware/route-access.js

@@ -1,6 +1,7 @@
 import { createError, defineEventHandler, getRequestURL } from "h3";
 import { getRouteRules } from "nitropack/runtime";
 import { matchesUser } from "../../utils/match-user.js";
+import { getUserSession, requireUserSession } from "../utils/session.js";
 export default defineEventHandler(async (event) => {
   const path = getRequestURL(event).pathname;
   if (!path.startsWith("/api/"))

package/dist/runtime/server/tsconfig.json

@@ -1,3 +1,11 @@
 {
-  "extends": "../../../.nuxt/tsconfig.server.json"
+  "extends": "../../../tsconfig.json",
+  "compilerOptions": {
+    "baseUrl": ".",
+    "paths": {
+      "#nuxt-better-auth": ["../types/augment"]
+    }
+  },
+  "include": ["./**/*.ts", "./**/*.d.ts"],
+  "exclude": ["node_modules"]
 }

package/dist/runtime/server/utils/session.d.ts

@@ -1,17 +1,5 @@
-import type { AuthSession, AuthUser } from '#nuxt-better-auth';
+import type { AppSession, RequireSessionOptions } from '#nuxt-better-auth';
 import type { H3Event } from 'h3';
-import type { UserMatch } from '../../types.js';
-interface FullSession {
-    user: AuthUser;
-    session: AuthSession;
-}
-interface RequireUserSessionOptions {
-    user?: UserMatch<AuthUser>;
-    rule?: (ctx: {
-        user: AuthUser;
-        session: AuthSession;
-    }) => boolean | Promise<boolean>;
-}
-export declare function getUserSession(event: H3Event): Promise<FullSession | null>;
-export declare function requireUserSession(event: H3Event, options?: RequireUserSessionOptions): Promise<FullSession>;
-export {};
+export declare function getAppSession(event: H3Event): Promise<AppSession | null>;
+export declare function getUserSession(event: H3Event): Promise<AppSession | null>;
+export declare function requireUserSession(event: H3Event, options?: RequireSessionOptions): Promise<AppSession>;

package/dist/runtime/server/utils/session.js

@@ -1,13 +1,51 @@
 import { createError } from "h3";
 import { matchesUser } from "../../utils/match-user.js";
 import { serverAuth } from "./auth.js";
-export async function getUserSession(event) {
+const appSessionLoadKey = Symbol.for("nuxt-better-auth.appSessionLoad");
+const fallbackAppSessionContext = /* @__PURE__ */ new WeakMap();
+function getAppSessionContext(event) {
+  const eventWithContext = event;
+  if (eventWithContext.context && typeof eventWithContext.context === "object")
+    return eventWithContext.context;
+  let context = fallbackAppSessionContext.get(event);
+  if (!context) {
+    context = {};
+    fallbackAppSessionContext.set(event, context);
+  }
+  return context;
+}
+function loadSession(event) {
   const auth = serverAuth(event);
-  const session = await auth.api.getSession({ headers: event.headers });
-  return session;
+  return auth.api.getSession({ headers: event.headers });
+}
+export async function getAppSession(event) {
+  const context = getAppSessionContext(event);
+  if (context.appSession !== void 0)
+    return context.appSession;
+  const inFlight = context[appSessionLoadKey];
+  if (inFlight)
+    return inFlight;
+  const load = loadSession(event);
+  context[appSessionLoadKey] = load;
+  try {
+    const session = await load;
+    context.appSession = session;
+    return session;
+  } finally {
+    delete context[appSessionLoadKey];
+  }
+}
+export async function getUserSession(event) {
+  const context = getAppSessionContext(event);
+  if (context.appSession !== void 0)
+    return context.appSession;
+  const inFlight = context[appSessionLoadKey];
+  if (inFlight)
+    return inFlight;
+  return loadSession(event);
 }
 export async function requireUserSession(event, options) {
-  const session = await getUserSession(event);
+  const session = await getAppSession(event);
   if (!session)
     throw createError({ statusCode: 401, statusMessage: "Authentication required" });
   if (options?.user) {

package/dist/runtime/server/virtual-modules.d.ts

@@ -0,0 +1,22 @@
+declare module '#auth/database' {
+  export const db: any
+  export function createDatabase(...args: any[]): any
+}
+
+declare module '#auth/secondary-storage' {
+  export function createSecondaryStorage(...args: any[]): any
+}
+
+declare module '#auth/schema' {
+  export const schema: any
+}
+
+declare module '#auth/server' {
+  const createServerAuth: any
+  export default createServerAuth
+}
+
+declare module '@nuxthub/db' {
+  export const db: any
+  export const schema: any
+}

package/dist/runtime/types/augment.d.ts

@@ -40,3 +40,17 @@ export interface UserSessionComposable {
     }) => Promise<void>;
     updateUser: (updates: Partial<AuthUser>) => Promise<void>;
 }
+export type UserMatch<T> = {
+    [K in keyof T]?: T[K] | T[K][];
+};
+export interface AppSession {
+    user: AuthUser;
+    session: AuthSession;
+}
+export interface RequireSessionOptions {
+    user?: UserMatch<AuthUser>;
+    rule?: (ctx: {
+        user: AuthUser;
+        session: AuthSession;
+    }) => boolean | Promise<boolean>;
+}

package/dist/runtime/types.d.ts

@@ -1,11 +1,8 @@
 import type { NitroRouteRules } from 'nitropack/types';
-import type { AuthSession, AuthUser } from './types/augment.js';
-export type { AuthSession, AuthUser, ServerAuthContext, UserSessionComposable } from './types/augment.js';
+import type { AuthUser, UserMatch } from './types/augment.js';
+export type { AppSession, AuthSession, AuthUser, RequireSessionOptions, ServerAuthContext, UserMatch, UserSessionComposable } from './types/augment.js';
 export type { Auth, InferPluginTypes, InferSessionFromClient as InferSession, InferUserFromClient as InferUser } from 'better-auth';
 export type AuthMode = 'guest' | 'user';
-export type UserMatch<T> = {
-    [K in keyof T]?: T[K] | T[K][];
-};
 export type AuthMeta = false | AuthMode | {
     only?: AuthMode;
     redirectTo?: string;
@@ -14,10 +11,3 @@ export type AuthMeta = false | AuthMode | {
 export type AuthRouteRules = NitroRouteRules & {
     auth?: AuthMeta;
 };
-export interface RequireSessionOptions {
-    user?: UserMatch<AuthUser>;
-    rule?: (ctx: {
-        user: AuthUser;
-        session: AuthSession;
-    }) => boolean | Promise<boolean>;
-}

package/dist/types.d.mts

@@ -6,6 +6,6 @@ export type ModuleOptions = typeof Module extends NuxtModule<infer O> ? Partial<
 
 export { type BetterAuthModuleOptions, type defineClientAuth, type defineServerAuth } from '../dist/runtime/config.js'
 
-export { type Auth, type AuthMeta, type AuthMode, type AuthRouteRules, type AuthSession, type AuthUser, type InferSession, type InferUser, type RequireSessionOptions, type ServerAuthContext, type UserMatch } from '../dist/runtime/types.js'
+export { type AppSession, type Auth, type AuthMeta, type AuthMode, type AuthRouteRules, type AuthSession, type AuthUser, type InferSession, type InferUser, type RequireSessionOptions, type ServerAuthContext, type UserMatch } from '../dist/runtime/types.js'
 
 export { default } from './module.mjs'

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@onmax/nuxt-better-auth",
   "type": "module",
-  "version": "0.0.2-alpha.23",
+  "version": "0.0.2-alpha.25",
   "packageManager": "pnpm@10.15.1",
   "description": "Nuxt module for Better Auth integration with NuxtHub, route protection, session management, and role-based access",
   "author": "onmax",
@@ -55,6 +55,7 @@
     "lint": "eslint .",
     "lint:fix": "eslint . --fix",
     "typecheck": "vue-tsc --noEmit",
+    "typecheck:runtime-server": "tsc --noEmit --pretty false -p src/runtime/server/tsconfig.json",
     "typecheck:playground": "cd playground && vue-tsc --noEmit",
     "test": "vitest run",
     "test:watch": "vitest watch"