npm - @onmax/nuxt-better-auth - Versions diffs - 0.0.2-alpha.3 → 0.0.2-alpha.30 - Mend

@onmax/nuxt-better-auth 0.0.2-alpha.3 → 0.0.2-alpha.30

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (49) hide show

package/README.md +1 -1
package/dist/module.d.mts +37 -1
package/dist/module.json +2 -2
package/dist/module.mjs +883 -313
package/dist/runtime/app/components/BetterAuthState.vue +1 -0
package/dist/runtime/app/composables/useAction.d.ts +2 -0
package/dist/runtime/app/composables/useAction.js +6 -0
package/dist/runtime/app/composables/useAuthAsyncData.d.ts +6 -0
package/dist/runtime/app/composables/useAuthAsyncData.js +16 -0
package/dist/runtime/app/composables/useAuthClientAction.d.ts +5 -0
package/dist/runtime/app/composables/useAuthClientAction.js +15 -0
package/dist/runtime/app/composables/useAuthRequestFetch.d.ts +11 -0
package/dist/runtime/app/composables/useAuthRequestFetch.js +4 -0
package/dist/runtime/app/composables/useSignIn.d.ts +16 -0
package/dist/runtime/app/composables/useSignIn.js +8 -0
package/dist/runtime/app/composables/useSignUp.d.ts +5 -0
package/dist/runtime/app/composables/useSignUp.js +8 -0
package/dist/runtime/app/composables/useUserSession.d.ts +14 -12
package/dist/runtime/app/composables/useUserSession.js +237 -22
package/dist/runtime/app/internal/auth-action-error.d.ts +3 -0
package/dist/runtime/app/internal/auth-action-error.js +35 -0
package/dist/runtime/app/internal/auth-action-handles.d.ts +18 -0
package/dist/runtime/app/internal/auth-action-handles.js +107 -0
package/dist/runtime/app/middleware/auth.global.js +73 -12
package/dist/runtime/app/pages/__better-auth-devtools.vue +4 -10
package/dist/runtime/app/plugins/session.client.js +1 -2
package/dist/runtime/config.d.ts +64 -9
package/dist/runtime/config.js +7 -2
package/dist/runtime/server/api/_better-auth/accounts.get.js +3 -2
package/dist/runtime/server/api/_better-auth/config.get.d.ts +17 -11
package/dist/runtime/server/api/_better-auth/config.get.js +17 -5
package/dist/runtime/server/api/_better-auth/sessions.delete.js +3 -2
package/dist/runtime/server/api/_better-auth/sessions.get.d.ts +3 -1
package/dist/runtime/server/api/_better-auth/sessions.get.js +3 -2
package/dist/runtime/server/api/_better-auth/users.get.js +3 -2
package/dist/runtime/server/api/auth/[...all].js +1 -1
package/dist/runtime/server/middleware/route-access.js +1 -0
package/dist/runtime/server/tsconfig.json +9 -1
package/dist/runtime/server/utils/auth.d.ts +5 -7
package/dist/runtime/server/utils/auth.js +197 -17
package/dist/runtime/server/utils/custom-secondary-storage.d.ts +6 -0
package/dist/runtime/server/utils/custom-secondary-storage.js +8 -0
package/dist/runtime/server/utils/session.d.ts +4 -8
package/dist/runtime/server/utils/session.js +43 -4
package/dist/runtime/server/virtual-modules.d.ts +22 -0
package/dist/runtime/types/augment.d.ts +18 -2
package/dist/runtime/types.d.ts +12 -13
package/dist/types.d.mts +1 -1
package/package.json +42 -43

package/dist/module.mjs CHANGED Viewed

@@ -1,14 +1,30 @@
-import { existsSync } from 'node:fs';
+import { existsSync, writeFileSync, readFileSync } from 'node:fs';
 import { mkdir, writeFile } from 'node:fs/promises';
-import { defineNuxtModule, createResolver, hasNuxtModule, addTemplate, addTypeTemplate, updateTemplates, addServerImportsDir, addServerScanDir, addServerHandler, addImportsDir, addPlugin, addComponentsDir, extendPages } from '@nuxt/kit';
+import { updateTemplates, addServerImportsDir, addServerImports, addServerScanDir, addServerHandler, addImportsDir, addPlugin, addComponentsDir, hasNuxtModule, installModule, extendPages, addTemplate, addTypeTemplate, defineNuxtModule, createResolver } from '@nuxt/kit';
 import { consola as consola$1 } from 'consola';
+import { join, dirname } from 'pathe';
 import { defu } from 'defu';
-import { join } from 'pathe';
 import { toRouteMatcher, createRouter } from 'radix3';
+import { generateDrizzleSchema as generateDrizzleSchema$1 } from '@better-auth/cli/api';
+import { randomBytes } from 'node:crypto';
+import { isCI, isTest } from 'std-env';
 export { defineClientAuth, defineServerAuth } from '../dist/runtime/config.js';
+const version = "0.0.2-alpha.30";
+function resolveDatabaseProvider(input) {
+  const enabledProviders = Object.entries(input.providers).filter(([_id, provider]) => provider.isEnabled?.(input.context) ?? true);
+  if (!enabledProviders.length) {
+    throw new Error("[nuxt-better-auth] No database provider is enabled. Register one with the better-auth:database:providers hook.");
+  }
+  enabledProviders.sort((a, b) => (b[1].priority ?? 0) - (a[1].priority ?? 0));
+  const [id, definition] = enabledProviders[0];
+  return { id, definition };
+}
 function setupDevTools(nuxt) {
-  nuxt.hook("devtools:customTabs", (tabs) => {
+  const hookable = nuxt;
+  hookable.hook("devtools:customTabs", (tabs) => {
     tabs.push({
       category: "server",
       name: "better-auth",
@@ -22,143 +38,200 @@ function setupDevTools(nuxt) {
   });
 }
-function generateDrizzleSchema(tables, dialect, options) {
-  const typedTables = tables;
-  const imports = getImports(dialect, options);
-  const tableDefinitions = Object.entries(typedTables).map(([tableName, table]) => generateTable(tableName, table, dialect, typedTables, options)).join("\n\n");
-  return `${imports}
+function registerTemplateHmrHook(nuxt) {
+  nuxt.hook("builder:watch", async (_event, relativePath) => {
+    if (relativePath.includes("auth.config"))
+      await updateTemplates({ filter: (t) => t.filename.includes("nuxt-better-auth") });
+  });
+}
+function registerServerRuntime(input) {
+  const { clientOnly, resolve } = input;
+  if (!clientOnly) {
+    addServerImportsDir(resolve("./runtime/server/utils"));
+    addServerImports([{ name: "defineServerAuth", from: resolve("./runtime/config") }]);
+    addServerScanDir(resolve("./runtime/server/middleware"));
+    addServerHandler({ route: "/api/auth/**", handler: resolve("./runtime/server/api/auth/[...all]") });
+  }
+  addImportsDir(resolve("./runtime/app/composables"));
+  addImportsDir(resolve("./runtime/utils"));
+  if (!clientOnly)
+    addPlugin({ src: resolve("./runtime/app/plugins/session.server"), mode: "server" });
+  addPlugin({ src: resolve("./runtime/app/plugins/session.client"), mode: "client" });
+  addComponentsDir({ path: resolve("./runtime/app/components") });
+}
+function registerAuthMiddlewareHook(nuxt, resolve) {
+  nuxt.hook("app:resolve", (app) => {
+    app.middleware.push({ name: "auth", path: resolve("./runtime/app/middleware/auth.global"), global: true });
+  });
+}
+async function registerDevtools(input) {
+  const { nuxt, clientOnly, hasHubDb, resolve } = input;
+  const isProduction = process.env.NODE_ENV === "production" || !nuxt.options.dev;
+  if (isProduction || clientOnly)
+    return;
+  if (!hasNuxtModule("@nuxt/ui"))
+    await installModule("@nuxt/ui");
+  setupDevTools(nuxt);
+  addServerHandler({ route: "/api/_better-auth/config", method: "get", handler: resolve("./runtime/server/api/_better-auth/config.get") });
+  if (hasHubDb) {
+    const handlers = [
+      { route: "/api/_better-auth/sessions", method: "get", handler: resolve("./runtime/server/api/_better-auth/sessions.get") },
+      { route: "/api/_better-auth/sessions", method: "delete", handler: resolve("./runtime/server/api/_better-auth/sessions.delete") },
+      { route: "/api/_better-auth/users", method: "get", handler: resolve("./runtime/server/api/_better-auth/users.get") },
+      { route: "/api/_better-auth/accounts", method: "get", handler: resolve("./runtime/server/api/_better-auth/accounts.get") }
+    ];
+    handlers.forEach((handler) => addServerHandler(handler));
+  }
+  extendPages((pages) => {
+    pages.push({ name: "better-auth-devtools", path: "/__better-auth-devtools", file: resolve("./runtime/app/pages/__better-auth-devtools.vue") });
+  });
+}
+function registerRouteRulesMetaHook(nuxt) {
+  nuxt.hook("pages:extend", (pages) => {
+    const options = nuxt.options;
+    const routeRules = options.nitro?.routeRules || options.routeRules || {};
+    if (!Object.keys(routeRules).length)
+      return;
+    const matcher = toRouteMatcher(createRouter({ routes: routeRules }));
+    const applyMetaFromRules = (page) => {
+      const matches = matcher.matchAll(page.path);
+      if (!matches.length)
+        return;
+      const matchedRules = defu({}, ...matches.reverse());
+      if (matchedRules.auth !== void 0) {
+        page.meta = page.meta || {};
+        page.meta.auth = matchedRules.auth;
+      }
+      page.children?.forEach((child) => applyMetaFromRules(child));
+    };
+    pages.forEach((page) => applyMetaFromRules(page));
+  });
+}
-${tableDefinitions}
-`;
+function getHubDialect(hub) {
+  if (!hub?.db)
+    return void 0;
+  if (typeof hub.db === "string")
+    return hub.db;
+  if (typeof hub.db === "object" && hub.db !== null)
+    return hub.db.dialect;
+  return void 0;
+}
+function getHubCasing(hub) {
+  if (!hub?.db || typeof hub.db !== "object" || hub.db === null)
+    return void 0;
+  return hub.db.casing;
 }
-function getImports(dialect, options) {
-  switch (dialect) {
-    case "sqlite":
-      return `import { integer, sqliteTable, text } from 'drizzle-orm/sqlite-core'`;
-    case "postgresql":
-      return options?.useUuid ? `import { boolean, integer, pgTable, text, timestamp, uuid } from 'drizzle-orm/pg-core'` : `import { boolean, integer, pgTable, text, timestamp } from 'drizzle-orm/pg-core'`;
-    case "mysql":
-      return `import { boolean, int, mysqlTable, text, timestamp, varchar } from 'drizzle-orm/mysql-core'`;
-  }
-}
-function generateTable(tableName, table, dialect, allTables, options) {
-  const tableFunc = dialect === "sqlite" ? "sqliteTable" : dialect === "postgresql" ? "pgTable" : "mysqlTable";
-  let dbTableName = table.modelName || tableName;
-  if (options?.usePlural && !table.modelName) {
-    dbTableName = `${tableName}s`;
-  }
-  const fields = Object.entries(table.fields).map(([fieldName, field]) => generateField(fieldName, field, dialect, allTables, options)).join(",\n    ");
-  const idField = generateIdField(dialect, options);
-  return `export const ${tableName} = ${tableFunc}('${dbTableName}', {
-    ${idField},
-    ${fields}
-  })`;
-}
-function generateIdField(dialect, options) {
-  switch (dialect) {
-    case "sqlite":
-      if (options?.useUuid)
-        consola$1.warn("[@onmax/nuxt-better-auth] useUuid ignored for SQLite (no native uuid type). Using text.");
-      return `id: text('id').primaryKey()`;
-    case "postgresql":
-      return options?.useUuid ? `id: uuid('id').defaultRandom().primaryKey()` : `id: text('id').primaryKey()`;
-    case "mysql":
-      return `id: varchar('id', { length: 36 }).primaryKey()`;
-  }
-}
-function generateField(fieldName, field, dialect, allTables, options) {
-  const dbFieldName = fieldName;
-  const isFkToId = options?.useUuid && field.references?.field === "id";
-  let fieldDef;
-  if (isFkToId && dialect === "postgresql")
-    fieldDef = `uuid('${dbFieldName}')`;
-  else if (isFkToId && dialect === "mysql")
-    fieldDef = `varchar('${dbFieldName}', { length: 36 })`;
-  else
-    fieldDef = getFieldType(field.type, dialect, dbFieldName);
-  if (field.required && field.defaultValue === void 0)
-    fieldDef += ".notNull()";
-  if (field.unique)
-    fieldDef += ".unique()";
-  if (field.defaultValue !== void 0) {
-    if (typeof field.defaultValue === "boolean")
-      fieldDef += `.default(${field.defaultValue})`;
-    else if (typeof field.defaultValue === "string")
-      fieldDef += `.default('${field.defaultValue}')`;
-    else
-      fieldDef += `.default(${field.defaultValue})`;
-    if (field.required)
-      fieldDef += ".notNull()";
-  }
-  if (field.references) {
-    const refTable = field.references.model;
-    if (allTables[refTable])
-      fieldDef += `.references(() => ${refTable}.${field.references.field})`;
-  }
-  return `${fieldName}: ${fieldDef}`;
-}
-function getFieldType(type, dialect, fieldName) {
-  const normalizedType = Array.isArray(type) ? "string" : type;
-  switch (dialect) {
-    case "sqlite":
-      return getSqliteType(normalizedType, fieldName);
-    case "postgresql":
-      return getPostgresType(normalizedType, fieldName);
-    case "mysql":
-      return getMysqlType(normalizedType, fieldName);
-  }
-}
-function getSqliteType(type, fieldName) {
-  switch (type) {
-    case "string":
-      return `text('${fieldName}')`;
-    case "boolean":
-      return `integer('${fieldName}', { mode: 'boolean' })`;
-    case "date":
-      return `integer('${fieldName}', { mode: 'timestamp' })`;
-    case "number":
-      return `integer('${fieldName}')`;
-    default:
-      return `text('${fieldName}')`;
-  }
-}
-function getPostgresType(type, fieldName) {
-  switch (type) {
-    case "string":
-      return `text('${fieldName}')`;
-    case "boolean":
-      return `boolean('${fieldName}')`;
-    case "date":
-      return `timestamp('${fieldName}')`;
-    case "number":
-      return `integer('${fieldName}')`;
-    default:
-      return `text('${fieldName}')`;
-  }
-}
-function getMysqlType(type, fieldName) {
-  switch (type) {
-    case "string":
-      return `text('${fieldName}')`;
-    case "boolean":
-      return `boolean('${fieldName}')`;
-    case "date":
-      return `timestamp('${fieldName}')`;
-    case "number":
-      return `int('${fieldName}')`;
-    default:
-      return `text('${fieldName}')`;
+function resolveSecondaryStorage(input) {
+  const { options, clientOnly, hasNuxtHub, hub } = input;
+  const opt = options.hubSecondaryStorage ?? false;
+  const useHubKV = opt === true;
+  const secondaryStorageEnabled = opt === true || opt === "custom";
+  if (secondaryStorageEnabled && clientOnly) {
+    throw new Error("[nuxt-better-auth] hubSecondaryStorage is not available in clientOnly mode. Either disable clientOnly or remove auth.hubSecondaryStorage.");
   }
+  if (useHubKV && (!hasNuxtHub || !hub?.kv)) {
+    throw new Error("[nuxt-better-auth] hubSecondaryStorage: true requires @nuxthub/core with hub.kv: true. Either add hub.kv: true to your nuxt.config or remove auth.hubSecondaryStorage.");
+  }
+  return { useHubKV, secondaryStorageEnabled };
+}
+function setupRuntimeConfig(input) {
+  const { nuxt, options, clientOnly, databaseProvider, consola } = input;
+  const { useHubKV, secondaryStorageEnabled } = resolveSecondaryStorage(input);
+  nuxt.options.runtimeConfig.public = nuxt.options.runtimeConfig.public || {};
+  const configuredSiteUrl = nuxt.options.runtimeConfig.public.siteUrl;
+  if (!configuredSiteUrl && process.env.NUXT_PUBLIC_SITE_URL)
+    nuxt.options.runtimeConfig.public.siteUrl = process.env.NUXT_PUBLIC_SITE_URL;
+  nuxt.options.runtimeConfig.public.auth = defu(nuxt.options.runtimeConfig.public.auth, {
+    redirects: {
+      login: options.redirects?.login ?? "/login",
+      guest: options.redirects?.guest ?? "/",
+      authenticated: options.redirects?.authenticated,
+      logout: options.redirects?.logout
+    },
+    preserveRedirect: options.preserveRedirect ?? true,
+    redirectQueryKey: options.redirectQueryKey ?? "redirect",
+    useDatabase: databaseProvider !== "none",
+    databaseProvider,
+    clientOnly,
+    session: {
+      skipHydratedSsrGetSession: options.session?.skipHydratedSsrGetSession ?? false
+    }
+  });
+  if (clientOnly) {
+    const siteUrl = nuxt.options.runtimeConfig.public.siteUrl;
+    if (!siteUrl)
+      consola.warn("clientOnly mode: set runtimeConfig.public.siteUrl (or NUXT_PUBLIC_SITE_URL) to your frontend URL");
+    consola.info("clientOnly mode enabled - server utilities (serverAuth, getRequestSession, getUserSession, requireUserSession) are not available");
+    return { useHubKV, secondaryStorageEnabled };
+  }
+  const currentSecret = nuxt.options.runtimeConfig.betterAuthSecret;
+  nuxt.options.runtimeConfig.betterAuthSecret = currentSecret || process.env.BETTER_AUTH_SECRET || "";
+  const betterAuthSecret = nuxt.options.runtimeConfig.betterAuthSecret;
+  if (!nuxt.options.dev && !nuxt.options._prepare && !betterAuthSecret) {
+    throw new Error("[nuxt-better-auth] BETTER_AUTH_SECRET is required in production. Set BETTER_AUTH_SECRET or NUXT_BETTER_AUTH_SECRET environment variable.");
+  }
+  if (betterAuthSecret && betterAuthSecret.length < 32) {
+    throw new Error("[nuxt-better-auth] BETTER_AUTH_SECRET must be at least 32 characters for security");
+  }
+  nuxt.options.runtimeConfig.auth = defu(nuxt.options.runtimeConfig.auth, {
+    hubSecondaryStorage: options.hubSecondaryStorage ?? false
+  });
+  return { useHubKV, secondaryStorageEnabled };
+}
+function dialectToProvider(dialect) {
+  return dialect === "postgresql" ? "pg" : dialect;
+}
+async function generateDrizzleSchema(authOptions, dialect, schemaOptions) {
+  const provider = dialectToProvider(dialect);
+  const options = {
+    ...authOptions,
+    advanced: {
+      ...authOptions.advanced,
+      database: {
+        ...authOptions.advanced?.database,
+        ...schemaOptions?.useUuid && { generateId: "uuid" }
+      }
+    }
+  };
+  const adapter = {
+    id: "drizzle",
+    options: {
+      provider,
+      camelCase: schemaOptions?.casing !== "snake_case",
+      adapterConfig: { usePlural: schemaOptions?.usePlural ?? false }
+    }
+  };
+  const result = await generateDrizzleSchema$1({
+    adapter,
+    options
+  });
+  if (!result.code) {
+    throw new Error(`Schema generation returned empty result for ${dialect}`);
+  }
+  return result.code;
 }
 async function loadUserAuthConfig(configPath, throwOnError = false) {
   const { createJiti } = await import('jiti');
-  const jiti = createJiti(import.meta.url, { interopDefault: true });
+  const { defineServerAuth: runtimeDefineServerAuth } = await import('../dist/runtime/config.js');
+  const jiti = createJiti(import.meta.url, { interopDefault: true, moduleCache: false });
+  if (!globalThis.__nuxtBetterAuthDefineServerAuth) {
+    runtimeDefineServerAuth._count = 0;
+    globalThis.__nuxtBetterAuthDefineServerAuth = runtimeDefineServerAuth;
+  }
+  if (!globalThis.defineServerAuth) {
+    globalThis.defineServerAuth = globalThis.__nuxtBetterAuthDefineServerAuth;
+  }
+  globalThis.__nuxtBetterAuthDefineServerAuth._count++;
   try {
     const mod = await jiti.import(configPath);
-    const configFn = typeof mod === "object" && mod !== null && "default" in mod ? mod.default : mod;
+    const configFn = mod.default;
     if (typeof configFn === "function") {
       return configFn({ runtimeConfig: {}, db: null });
     }
+    consola$1.warn("[@onmax/nuxt-better-auth] auth.config.ts does not export default. Expected: export default defineServerAuth(...)");
     if (throwOnError) {
       throw new Error("auth.config.ts must export default defineServerAuth(...)");
     }
@@ -169,84 +242,216 @@ async function loadUserAuthConfig(configPath, throwOnError = false) {
     }
     consola$1.error("[@onmax/nuxt-better-auth] Failed to load auth config for schema generation. Schema may be incomplete:", error);
     return {};
+  } finally {
+    const sharedDefineServerAuth = globalThis.__nuxtBetterAuthDefineServerAuth;
+    if (sharedDefineServerAuth) {
+      sharedDefineServerAuth._count--;
+      if (!sharedDefineServerAuth._count) {
+        globalThis.__nuxtBetterAuthDefineServerAuth = void 0;
+        if (globalThis.defineServerAuth === sharedDefineServerAuth) {
+          globalThis.defineServerAuth = void 0;
+        }
+      }
+    }
   }
 }
-const consola = consola$1.withTag("nuxt-better-auth");
-const module$1 = defineNuxtModule({
-  meta: { name: "@onmax/nuxt-better-auth", configKey: "auth", compatibility: { nuxt: ">=3.0.0" } },
-  defaults: {
-    serverConfig: "server/auth.config",
-    clientConfig: "app/auth.config",
-    redirects: { login: "/login", guest: "/" },
-    secondaryStorage: false
-  },
-  async setup(options, nuxt) {
-    const resolver = createResolver(import.meta.url);
-    const serverConfigFile = options.serverConfig;
-    const clientConfigFile = options.clientConfig;
-    const serverConfigPath = resolver.resolve(nuxt.options.rootDir, serverConfigFile);
-    const clientConfigPath = resolver.resolve(nuxt.options.rootDir, clientConfigFile);
-    const serverConfigExists = existsSync(`${serverConfigPath}.ts`) || existsSync(`${serverConfigPath}.js`);
-    const clientConfigExists = existsSync(`${clientConfigPath}.ts`) || existsSync(`${clientConfigPath}.js`);
-    if (!serverConfigExists)
-      throw new Error(`[nuxt-better-auth] Missing ${serverConfigFile}.ts - create with defineServerAuth()`);
-    if (!clientConfigExists)
-      throw new Error(`[nuxt-better-auth] Missing ${clientConfigFile}.ts - export createAppAuthClient()`);
-    const hasNuxtHub = hasNuxtModule("@nuxthub/core", nuxt);
-    const hub = hasNuxtHub ? nuxt.options.hub : void 0;
-    const hasHubDb = hasNuxtHub && !!hub?.db;
-    let secondaryStorageEnabled = options.secondaryStorage ?? false;
-    if (secondaryStorageEnabled && (!hasNuxtHub || !hub?.kv)) {
-      consola.warn("secondaryStorage requires @nuxthub/core with hub.kv: true. Disabling.");
-      secondaryStorageEnabled = false;
+function resolveSchemaSecondaryStorageInjection(hubSecondaryStorage, userHasSecondaryStorage, isProduction) {
+  if (hubSecondaryStorage === true)
+    return { inject: false };
+  if (hubSecondaryStorage !== "custom")
+    return { inject: false };
+  if (userHasSecondaryStorage)
+    return { inject: true };
+  const message = '[nuxt-better-auth] hubSecondaryStorage: "custom" requires secondaryStorage in defineServerAuth() to omit the session table from the generated schema.';
+  if (isProduction)
+    return { inject: false, error: message };
+  return { inject: false, warn: message };
+}
+function isInsideNodeModules(path) {
+  return path.split(/[\\/]/).includes("node_modules");
+}
+function resolveHubSchemaPath(buildDir, rootDir, dialect, exists = existsSync) {
+  const rootTsPath = join(rootDir, ".nuxt", "better-auth", `schema.${dialect}.ts`);
+  if (isInsideNodeModules(buildDir) && exists(rootTsPath))
+    return rootTsPath;
+  const tsPath = join(buildDir, "better-auth", `schema.${dialect}.ts`);
+  if (exists(tsPath))
+    return tsPath;
+  const mjsPath = join(buildDir, "better-auth", `schema.${dialect}.mjs`);
+  if (exists(mjsPath))
+    return mjsPath;
+  return null;
+}
+async function loadAuthOptions(context) {
+  const isProduction = !context.nuxt.options.dev;
+  const configFile = `${context.serverConfigPath}.ts`;
+  const userConfig = await loadUserAuthConfig(configFile, isProduction);
+  const extendedConfig = {};
+  await context.nuxt.callHook("better-auth:config:extend", extendedConfig);
+  const plugins = [...userConfig.plugins || [], ...extendedConfig.plugins || []];
+  return { userConfig, plugins };
+}
+async function setupBetterAuthSchema(nuxt, serverConfigPath, options, consola, hubSecondaryStorage) {
+  const hub = nuxt.options.hub;
+  const dialect = getHubDialect(hub);
+  if (!dialect || !["sqlite", "postgresql", "mysql"].includes(dialect)) {
+    consola.warn(`Unsupported database dialect: ${dialect}`);
+    return;
+  }
+  const context = { nuxt, serverConfigPath };
+  try {
+    const { userConfig, plugins } = await loadAuthOptions(context);
+    const userHasSecondaryStorage = userConfig.secondaryStorage != null;
+    const secondaryStorageResolution = resolveSchemaSecondaryStorageInjection(hubSecondaryStorage, userHasSecondaryStorage, !nuxt.options.dev);
+    if (secondaryStorageResolution.error)
+      throw new Error(secondaryStorageResolution.error);
+    if (secondaryStorageResolution.warn)
+      consola.warn(secondaryStorageResolution.warn);
+    const authOptions = {
+      ...userConfig,
+      plugins,
+      secondaryStorage: secondaryStorageResolution.inject ? { get: async (_key) => null, set: async (_key, _value, _ttl) => {
+      }, delete: async (_key) => {
+      } } : void 0
+    };
+    const hubCasing = getHubCasing(hub);
+    const schemaOptions = { ...options.schema, useUuid: userConfig.advanced?.database?.generateId === "uuid", casing: options.schema?.casing ?? hubCasing };
+    const schemaCode = await generateDrizzleSchema(authOptions, dialect, schemaOptions);
+    const schemaDir = join(nuxt.options.buildDir, "better-auth");
+    const schemaPathTs = join(schemaDir, `schema.${dialect}.ts`);
+    const schemaPathMjs = join(schemaDir, `schema.${dialect}.mjs`);
+    await mkdir(schemaDir, { recursive: true });
+    await writeFile(schemaPathTs, schemaCode);
+    await writeFile(schemaPathMjs, schemaCode);
+    if (isInsideNodeModules(nuxt.options.buildDir)) {
+      const rootSchemaDir = join(nuxt.options.rootDir, ".nuxt", "better-auth");
+      const rootSchemaPathTs = join(rootSchemaDir, `schema.${dialect}.ts`);
+      await mkdir(rootSchemaDir, { recursive: true });
+      await writeFile(rootSchemaPathTs, schemaCode);
     }
-    nuxt.options.runtimeConfig.public = nuxt.options.runtimeConfig.public || {};
-    nuxt.options.runtimeConfig.public.auth = defu(nuxt.options.runtimeConfig.public.auth, {
-      redirects: { login: options.redirects?.login ?? "/login", guest: options.redirects?.guest ?? "/" },
-      useDatabase: hasHubDb
+    addTemplate({ filename: `better-auth/schema.${dialect}.ts`, getContents: () => schemaCode, write: true });
+    addTemplate({ filename: `better-auth/schema.${dialect}.mjs`, getContents: () => schemaCode, write: true });
+    consola.info(`Generated ${dialect} schema (.ts + .mjs)`);
+    const nuxtWithHubHooks = nuxt;
+    nuxtWithHubHooks.hook("hub:db:schema:extend", ({ paths, dialect: hookDialect }) => {
+      const schemaPath = resolveHubSchemaPath(nuxt.options.buildDir, nuxt.options.rootDir, hookDialect);
+      if (schemaPath)
+        paths.unshift(schemaPath);
     });
-    const betterAuthSecret = process.env.BETTER_AUTH_SECRET || process.env.NUXT_BETTER_AUTH_SECRET || nuxt.options.runtimeConfig.betterAuthSecret || "";
-    if (!nuxt.options.dev && !betterAuthSecret) {
-      throw new Error("[nuxt-better-auth] BETTER_AUTH_SECRET is required in production. Set BETTER_AUTH_SECRET or NUXT_BETTER_AUTH_SECRET environment variable.");
-    }
-    if (betterAuthSecret && betterAuthSecret.length < 32) {
-      throw new Error("[nuxt-better-auth] BETTER_AUTH_SECRET must be at least 32 characters for security");
+  } catch (error) {
+    const isProduction = !nuxt.options.dev;
+    if (isProduction)
+      throw error;
+    consola.error("Failed to generate schema:", error);
+    throw error;
+  }
+}
+const generateSecret = () => randomBytes(32).toString("hex");
+function readEnvFile(rootDir) {
+  const envPath = join(rootDir, ".env");
+  return existsSync(envPath) ? readFileSync(envPath, "utf-8") : "";
+}
+function hasEnvSecret(rootDir) {
+  const match = readEnvFile(rootDir).match(/^BETTER_AUTH_SECRET=(.+)$/m);
+  return !!match && !!match[1] && match[1].trim().length > 0;
+}
+function appendSecretToEnv(rootDir, secret) {
+  const envPath = join(rootDir, ".env");
+  let content = readEnvFile(rootDir);
+  if (content.length > 0 && !content.endsWith("\n"))
+    content += "\n";
+  content += `BETTER_AUTH_SECRET=${secret}
+`;
+  writeFileSync(envPath, content, "utf-8");
+}
+async function promptForSecret(rootDir, consola, options = {}) {
+  const configuredSecret = options.configuredSecret?.trim();
+  if (configuredSecret)
+    return void 0;
+  if (process.env.BETTER_AUTH_SECRET || hasEnvSecret(rootDir))
+    return void 0;
+  const hasTty = Boolean(process.stdin.isTTY && process.stdout.isTTY);
+  if (options.prepare || !hasTty) {
+    consola.warn("[nuxt-better-auth] Skipping BETTER_AUTH_SECRET prompt (non-interactive). Set BETTER_AUTH_SECRET or NUXT_BETTER_AUTH_SECRET.");
+    return void 0;
+  }
+  if (isCI || isTest) {
+    const secret2 = generateSecret();
+    appendSecretToEnv(rootDir, secret2);
+    consola.info("Generated BETTER_AUTH_SECRET and added to .env (CI/test mode)");
+    return secret2;
+  }
+  consola.box("BETTER_AUTH_SECRET is required for authentication.\nThis will be appended to your .env file.");
+  const choice = await consola.prompt("How do you want to set it?", {
+    type: "select",
+    options: [
+      { label: "Generate for me", value: "generate", hint: "uses crypto.randomBytes(32)" },
+      { label: "Enter manually", value: "paste" },
+      { label: "Skip", value: "skip", hint: "will fail in production" }
+    ],
+    cancel: "null"
+  });
+  if (typeof choice === "symbol" || choice === "skip") {
+    consola.warn("Skipping BETTER_AUTH_SECRET. Auth will fail without it in production.");
+    return void 0;
+  }
+  let secret;
+  if (choice === "generate") {
+    secret = generateSecret();
+  } else {
+    const input = await consola.prompt("Paste your secret (min 32 chars):", { type: "text", cancel: "null" });
+    if (typeof input === "symbol" || !input || input.length < 32) {
+      consola.warn("Invalid secret. Skipping.");
+      return void 0;
     }
-    nuxt.options.runtimeConfig.betterAuthSecret = betterAuthSecret;
-    nuxt.options.runtimeConfig.auth = defu(nuxt.options.runtimeConfig.auth, {
-      secondaryStorage: secondaryStorageEnabled
-    });
-    nuxt.options.alias["#nuxt-better-auth"] = resolver.resolve("./runtime/types/augment");
-    nuxt.options.alias["#auth/server"] = serverConfigPath;
-    nuxt.options.alias["#auth/client"] = clientConfigPath;
-    const secondaryStorageCode = secondaryStorageEnabled ? `import { kv } from 'hub:kv'
+    secret = input;
+  }
+  const preview = `${secret.slice(0, 8)}...${secret.slice(-4)}`;
+  const confirm = await consola.prompt(`Add to .env:
+BETTER_AUTH_SECRET=${preview}
+Proceed?`, { type: "confirm", initial: true, cancel: "null" });
+  if (typeof confirm === "symbol" || !confirm) {
+    consola.info("Cancelled. Secret not written.");
+    return void 0;
+  }
+  appendSecretToEnv(rootDir, secret);
+  consola.success("Added BETTER_AUTH_SECRET to .env");
+  return secret;
+}
+function buildSecondaryStorageCode(useHubKV) {
+  if (!useHubKV)
+    return "export function createSecondaryStorage() { return undefined }";
+  return `import { kv } from '@nuxthub/kv'
 export function createSecondaryStorage() {
   return {
     get: async (key) => kv.get(\`_auth:\${key}\`),
     set: async (key, value, ttl) => kv.set(\`_auth:\${key}\`, value, { ttl }),
     delete: async (key) => kv.del(\`_auth:\${key}\`),
   }
-}` : `export function createSecondaryStorage() { return undefined }`;
-    const secondaryStorageTemplate = addTemplate({ filename: "better-auth/secondary-storage.mjs", getContents: () => secondaryStorageCode, write: true });
-    nuxt.options.alias["#auth/secondary-storage"] = secondaryStorageTemplate.dst;
-    const hubDbPath = nuxt.options.alias["hub:db"];
-    if (hasHubDb && !hubDbPath) {
-      throw new Error("[nuxt-better-auth] hub:db alias not found. Ensure @nuxthub/core is loaded before this module.");
-    }
-    const hubDialect = typeof hub?.db === "string" ? hub.db : (typeof hub?.db === "object" ? hub.db.dialect : void 0) ?? "sqlite";
-    const databaseCode = hasHubDb && hubDbPath ? `import { db, schema } from '${hubDbPath}'
+}`;
+}
+function buildDatabaseCode(input) {
+  if (input.provider === "nuxthub") {
+    return `import { db } from '@nuxthub/db'
+import * as schema from './schema.${input.hubDialect}.mjs'
 import { drizzleAdapter } from 'better-auth/adapters/drizzle'
-const rawDialect = '${hubDialect}'
+const rawDialect = '${input.hubDialect}'
 const dialect = rawDialect === 'postgresql' ? 'pg' : rawDialect
-export function createDatabase() { return drizzleAdapter(db, { provider: dialect, schema }) }
-export { db }` : `export function createDatabase() { return undefined }
+export function createDatabase() { return drizzleAdapter(db, { provider: dialect, schema, usePlural: ${input.usePlural}, camelCase: ${input.camelCase} }) }
+export { db }`;
+  }
+  return `export function createDatabase() { return undefined }
 export const db = undefined`;
-    const databaseTemplate = addTemplate({ filename: "better-auth/database.mjs", getContents: () => databaseCode, write: true });
-    nuxt.options.alias["#auth/database"] = databaseTemplate.dst;
-    addTypeTemplate({
-      filename: "types/auth-secondary-storage.d.ts",
-      getContents: () => `
+}
+function registerServerTypeTemplates(input) {
+  const { serverConfigPath, hasHubDb, runtimeTypesPath } = input;
+  addTypeTemplate({
+    filename: "types/auth-secondary-storage.d.ts",
+    getContents: () => `
 declare module '#auth/secondary-storage' {
   interface SecondaryStorage {
     get: (key: string) => Promise<string | null>
@@ -256,153 +461,518 @@ declare module '#auth/secondary-storage' {
   export function createSecondaryStorage(): SecondaryStorage | undefined
 }
 `
-    });
-    addTypeTemplate({
-      filename: "types/auth-database.d.ts",
-      getContents: () => `
+  }, { nitro: true, node: true });
+  addTypeTemplate({
+    filename: "types/auth-database.d.ts",
+    getContents: () => `
 declare module '#auth/database' {
-  import type { drizzleAdapter } from 'better-auth/adapters/drizzle'
-  export function createDatabase(): ReturnType<typeof drizzleAdapter> | undefined
-  export const db: unknown
+  import type { BetterAuthOptions } from 'better-auth'
+  export function createDatabase(): BetterAuthOptions['database']
+  export const db: ${hasHubDb ? `typeof import('@nuxthub/db')['db']` : "undefined"}
 }
 `
-    });
-    addTypeTemplate({
-      filename: "types/nuxt-better-auth.d.ts",
-      getContents: () => `
-export * from '${resolver.resolve("./runtime/types/augment")}'
-export type { AuthMeta, AuthMode, AuthRouteRules, UserMatch, RequireSessionOptions, Auth, InferUser, InferSession } from '${resolver.resolve("./runtime/types")}'
+  }, { nitro: true, node: true });
+  addTypeTemplate({
+    filename: "types/auth-schema.d.ts",
+    getContents: () => `
+declare module '#auth/schema' {
+  export const user: any
+  export const session: any
+  export const account: any
+  export const verification: any
+  export const schema: {
+    user: any
+    session: any
+    account: any
+    verification: any
+    [key: string]: any
+  } | undefined
+}
 `
-    });
-    addTypeTemplate({
-      filename: "types/nuxt-better-auth-infer.d.ts",
-      getContents: () => `
-import type { InferUser, InferSession } from 'better-auth'
+  }, { nitro: true, node: true });
+  addTypeTemplate({
+    filename: "types/nuxt-better-auth-infer.d.ts",
+    getContents: () => `
+import type { BetterAuthOptions, BetterAuthPlugin, InferPluginTypes, UnionToIntersection } from 'better-auth'
+import type { InferFieldsOutput } from 'better-auth/db'
 import type { RuntimeConfig } from 'nuxt/schema'
-import type configFn from '${serverConfigPath}'
+import type createServerAuth from '${serverConfigPath}'
-type _Config = ReturnType<typeof configFn>
+type _RawConfig = ReturnType<typeof createServerAuth>
+type _RawPlugins = _RawConfig extends { plugins: infer P } ? P : _RawConfig extends { plugins?: infer P } ? P : []
+type _NormalizedPlugins = _RawPlugins extends readonly (infer T)[]
+  ? Array<T & BetterAuthPlugin>
+  : _RawPlugins extends (infer T)[]
+      ? Array<T & BetterAuthPlugin>
+      : BetterAuthPlugin[]
+type _Config = Omit<BetterAuthOptions, 'plugins'> & Omit<_RawConfig, 'plugins'> & {
+  plugins?: _NormalizedPlugins
+}
+type _InferModelFieldsFromPlugins<P, M extends string> = P extends readonly (infer Plugin)[]
+  ? UnionToIntersection<Plugin extends { schema: { [K in M]: { fields: infer F } } } ? InferFieldsOutput<F> : {}>
+  : P extends (infer Plugin)[]
+      ? UnionToIntersection<Plugin extends { schema: { [K in M]: { fields: infer F } } } ? InferFieldsOutput<F> : {}>
+      : {}
+type _InferModelFieldsFromOptions<C, M extends 'user' | 'session'> = C extends { [K in M]: { additionalFields: infer F } }
+  ? InferFieldsOutput<F>
+  : {}
+type _UserFallback = _InferModelFieldsFromPlugins<_RawPlugins, 'user'> & _InferModelFieldsFromOptions<_RawConfig, 'user'>
+type _SessionFallback = _InferModelFieldsFromPlugins<_RawPlugins, 'session'> & _InferModelFieldsFromOptions<_RawConfig, 'session'>
 declare module '#nuxt-better-auth' {
-  interface AuthUser extends InferUser<_Config> {}
-  interface AuthSession { session: InferSession<_Config>['session'], user: InferUser<_Config> }
+  interface AuthUser extends _UserFallback {}
+  interface AuthSession extends _SessionFallback {}
   interface ServerAuthContext {
     runtimeConfig: RuntimeConfig
-    ${hasHubDb ? `db: typeof import('hub:db')['db']` : ""}
+    db: ${hasHubDb ? `typeof import('@nuxthub/db')['db']` : "undefined"}
   }
+  type PluginTypes = InferPluginTypes<_Config>
+}
+interface _AugmentedServerAuthContext {
+  runtimeConfig: RuntimeConfig
+  db: ${hasHubDb ? `typeof import('@nuxthub/db')['db']` : "undefined"}
+}
+declare module '@onmax/nuxt-better-auth/config' {
+  import type { BetterAuthOptions, BetterAuthPlugin } from 'better-auth'
+  type ServerAuthConfig = Omit<BetterAuthOptions, 'secret' | 'baseURL'> & {
+    plugins?: readonly BetterAuthPlugin[]
+  }
+  export function defineServerAuth<const R>(config: (ctx: _AugmentedServerAuthContext) => R & ServerAuthConfig): (ctx: _AugmentedServerAuthContext) => R
+  export function defineServerAuth<const R>(config: R & ServerAuthConfig): (ctx: _AugmentedServerAuthContext) => R
 }
 `
-    });
-    addTypeTemplate({
-      filename: "types/nuxt-better-auth-client.d.ts",
-      getContents: () => `
-import type { createAppAuthClient } from '${clientConfigPath}'
+  }, { nuxt: true, nitro: true, node: true });
+  addTypeTemplate({
+    filename: "types/nuxt-better-auth-social-providers.d.ts",
+    getContents: () => `
+import type createServerAuth from '${serverConfigPath}'
+type _RawConfig = ReturnType<typeof createServerAuth>
+type _RawSocialProviders = _RawConfig extends { socialProviders: infer S } ? S : _RawConfig extends { socialProviders?: infer S } ? S : {}
+type _SocialProviderIds = Extract<keyof NonNullable<_RawSocialProviders>, string>
 declare module '#nuxt-better-auth' {
-  export type AppAuthClient = ReturnType<typeof createAppAuthClient>
+  interface AuthSocialProviderRegistry {
+    ids: _SocialProviderIds
+  }
 }
 `
-    });
-    addTypeTemplate({
-      filename: "types/nuxt-better-auth-nitro.d.ts",
-      getContents: () => `
+  }, { nuxt: true, nitro: true, node: true });
+  addTypeTemplate({
+    filename: "types/nuxt-better-auth-nitro.d.ts",
+    getContents: () => `
+import type createServerAuth from '${serverConfigPath}'
+import type { BetterAuthOptions } from 'better-auth'
+import type { getEndpoints } from 'better-auth/api'
+import type { Serialize, Simplify } from 'nitropack/types'
+import type { FetchError } from 'ofetch'
+type _RawConfig = ReturnType<typeof createServerAuth>
+type _RawPlugins = _RawConfig extends { plugins: infer P } ? P : _RawConfig extends { plugins?: infer P } ? P : []
+type _Config = Omit<BetterAuthOptions, 'plugins'> & Omit<_RawConfig, 'plugins'> & {
+  plugins?: _RawPlugins
+}
+type _AuthApi = ReturnType<typeof getEndpoints<_Config>>['api']
+type _NormalizeMethod<M extends string> = M extends '*' ? 'default' : Lowercase<M>
+type _RouteMethodFromOption<M> = M extends readonly (infer T)[]
+  ? _NormalizeMethod<Extract<T, string>>
+  : M extends string
+      ? _NormalizeMethod<M>
+      : 'default'
+type _RouteMethodFromEndpoint<E> = E extends { options: { method: infer M } } ? _RouteMethodFromOption<M> : 'default'
+type _RoutePathFromEndpoint<E> = E extends { path: infer P extends string }
+  ? string extends P
+      ? never
+      : \`/api/auth\${P}\`
+  : never
+type _RouteResponseFromEndpoint<E> = E extends (...args: any[]) => Promise<infer R> ? Simplify<Serialize<Awaited<R>>> : never
+type _RouteDefaultResponse<E> = never
+type _UnionToIntersection<U> = (U extends unknown ? (value: U) => void : never) extends (value: infer I) => void ? I : never
+type _CoreAuthInternalApi = {
+  [K in keyof _AuthApi as _RoutePathFromEndpoint<_AuthApi[K]>]: {
+    [M in _RouteMethodFromEndpoint<_AuthApi[K]> | 'default']: M extends 'default' ? _RouteDefaultResponse<_AuthApi[K]> : _RouteResponseFromEndpoint<_AuthApi[K]>
+  }
+}
+type _PluginEndpointMaps<Plugins> = Plugins extends readonly (infer Plugin)[]
+  ? Plugin extends { endpoints: infer Endpoints extends Record<string, unknown> }
+      ? {
+          [K in keyof Endpoints as _RoutePathFromEndpoint<Endpoints[K]>]: {
+            [M in _RouteMethodFromEndpoint<Endpoints[K]> | 'default']: M extends 'default' ? _RouteDefaultResponse<Endpoints[K]> : _RouteResponseFromEndpoint<Endpoints[K]>
+          }
+        }
+      : {}
+  : Plugins extends (infer Plugin)[]
+      ? Plugin extends { endpoints: infer Endpoints extends Record<string, unknown> }
+          ? {
+              [K in keyof Endpoints as _RoutePathFromEndpoint<Endpoints[K]>]: {
+                [M in _RouteMethodFromEndpoint<Endpoints[K]> | 'default']: M extends 'default' ? _RouteDefaultResponse<Endpoints[K]> : _RouteResponseFromEndpoint<Endpoints[K]>
+              }
+            }
+          : {}
+      : {}
+type _PluginAuthInternalApi = _UnionToIntersection<_PluginEndpointMaps<_RawPlugins>>
+type _GeneratedAuthInternalApi = _CoreAuthInternalApi & _PluginAuthInternalApi
+type _RoutePathToRequestPath<Path extends string> = Path extends \`\${infer Prefix}:\${string}/\${infer Rest}\`
+  ? \`\${Prefix}\${string}/\${_RoutePathToRequestPath<Rest>}\`
+  : Path extends \`\${infer Prefix}:\${string}\`
+      ? \`\${Prefix}\${string}\`
+      : Path
+type _AuthApiPatternPath = Extract<keyof _GeneratedAuthInternalApi, string>
+type _AuthApiRequestPath = _RoutePathToRequestPath<_AuthApiPatternPath>
+type _AuthPatternFromRequestPath<Path extends string> = {
+  [Pattern in _AuthApiPatternPath]: Path extends _RoutePathToRequestPath<Pattern> ? Pattern : never
+}[_AuthApiPatternPath]
+type _AuthEndpointMethod<Path extends _AuthApiRequestPath> = Extract<keyof _GeneratedAuthInternalApi[_AuthPatternFromRequestPath<Path>], string>
+type _AuthFetchMethod<Path extends _AuthApiRequestPath> = Extract<Exclude<import('nitropack/types').NitroFetchOptions<Path>['method'], undefined>, string>
+type _AuthFetchDefaultMethod<Path extends _AuthApiRequestPath> = 'get'
+type _AuthFetchResolvedMethod<Path extends _AuthApiRequestPath, Method extends string> = Lowercase<Method> extends _AuthEndpointMethod<Path>
+  ? Lowercase<Method>
+  : never
+type _AuthFetchResult<Path extends _AuthApiRequestPath, Method extends string> = _GeneratedAuthInternalApi[_AuthPatternFromRequestPath<Path>][_AuthFetchResolvedMethod<Path, Method>]
+declare module '#nuxt-better-auth' {
+  export type AuthApiInternalRoutes = _GeneratedAuthInternalApi
+  export type AuthApiEndpointPatternPath = _AuthApiPatternPath
+  export type AuthApiEndpointPath = _AuthApiRequestPath
+  export type AuthApiEndpointMethod<Path extends AuthApiEndpointPath> = _AuthEndpointMethod<Path>
+  export type AuthApiEndpointResponse<
+    Path extends AuthApiEndpointPath,
+    Method extends AuthApiEndpointMethod<Path> = AuthApiEndpointMethod<Path>,
+  > = AuthApiInternalRoutes[_AuthPatternFromRequestPath<Path>][Method]
+}
+declare module 'nuxt/dist/app/composables/fetch' {
+  export function useFetch<
+    ErrorT = FetchError,
+    Path extends import('#nuxt-better-auth').AuthApiEndpointPath = import('#nuxt-better-auth').AuthApiEndpointPath,
+    Method extends _AuthFetchMethod<Path> = _AuthFetchDefaultMethod<Path>,
+    _ResT = _AuthFetchResult<Path, Method>,
+    DataT = _ResT,
+    PickKeys extends import('nuxt/dist/app/composables/asyncData').KeysOf<DataT> = import('nuxt/dist/app/composables/asyncData').KeysOf<DataT>,
+    DefaultT = undefined,
+  >(request: import('vue').Ref<Path> | Path | (() => Path), opts?: import('nuxt/dist/app/composables/fetch').UseFetchOptions<_ResT, DataT, PickKeys, DefaultT, Path, Method>): import('nuxt/dist/app/composables/asyncData').AsyncData<import('nuxt/dist/app/composables/asyncData').PickFrom<DataT, PickKeys> | DefaultT, ErrorT | undefined>
+  export function useFetch<
+    ErrorT = FetchError,
+    Path extends import('#nuxt-better-auth').AuthApiEndpointPath = import('#nuxt-better-auth').AuthApiEndpointPath,
+    Method extends _AuthFetchMethod<Path> = _AuthFetchDefaultMethod<Path>,
+    _ResT = _AuthFetchResult<Path, Method>,
+    DataT = _ResT,
+    PickKeys extends import('nuxt/dist/app/composables/asyncData').KeysOf<DataT> = import('nuxt/dist/app/composables/asyncData').KeysOf<DataT>,
+    DefaultT = DataT,
+  >(request: import('vue').Ref<Path> | Path | (() => Path), opts?: import('nuxt/dist/app/composables/fetch').UseFetchOptions<_ResT, DataT, PickKeys, DefaultT, Path, Method>): import('nuxt/dist/app/composables/asyncData').AsyncData<import('nuxt/dist/app/composables/asyncData').PickFrom<DataT, PickKeys> | DefaultT, ErrorT | undefined>
+  export function useLazyFetch<
+    ErrorT = FetchError,
+    Path extends import('#nuxt-better-auth').AuthApiEndpointPath = import('#nuxt-better-auth').AuthApiEndpointPath,
+    Method extends _AuthFetchMethod<Path> = _AuthFetchDefaultMethod<Path>,
+    _ResT = _AuthFetchResult<Path, Method>,
+    DataT = _ResT,
+    PickKeys extends import('nuxt/dist/app/composables/asyncData').KeysOf<DataT> = import('nuxt/dist/app/composables/asyncData').KeysOf<DataT>,
+    DefaultT = undefined,
+  >(request: import('vue').Ref<Path> | Path | (() => Path), opts?: Omit<import('nuxt/dist/app/composables/fetch').UseFetchOptions<_ResT, DataT, PickKeys, DefaultT, Path, Method>, 'lazy'>): import('nuxt/dist/app/composables/asyncData').AsyncData<import('nuxt/dist/app/composables/asyncData').PickFrom<DataT, PickKeys> | DefaultT, ErrorT | undefined>
+  export function useLazyFetch<
+    ErrorT = FetchError,
+    Path extends import('#nuxt-better-auth').AuthApiEndpointPath = import('#nuxt-better-auth').AuthApiEndpointPath,
+    Method extends _AuthFetchMethod<Path> = _AuthFetchDefaultMethod<Path>,
+    _ResT = _AuthFetchResult<Path, Method>,
+    DataT = _ResT,
+    PickKeys extends import('nuxt/dist/app/composables/asyncData').KeysOf<DataT> = import('nuxt/dist/app/composables/asyncData').KeysOf<DataT>,
+    DefaultT = DataT,
+  >(request: import('vue').Ref<Path> | Path | (() => Path), opts?: Omit<import('nuxt/dist/app/composables/fetch').UseFetchOptions<_ResT, DataT, PickKeys, DefaultT, Path, Method>, 'lazy'>): import('nuxt/dist/app/composables/asyncData').AsyncData<import('nuxt/dist/app/composables/asyncData').PickFrom<DataT, PickKeys> | DefaultT, ErrorT | undefined>
+}
+declare module 'nuxt/app' {
+  export function useFetch<
+    ErrorT = FetchError,
+    Path extends import('#nuxt-better-auth').AuthApiEndpointPath = import('#nuxt-better-auth').AuthApiEndpointPath,
+    Method extends _AuthFetchMethod<Path> = _AuthFetchDefaultMethod<Path>,
+    _ResT = _AuthFetchResult<Path, Method>,
+    DataT = _ResT,
+    PickKeys extends import('nuxt/dist/app/composables/asyncData').KeysOf<DataT> = import('nuxt/dist/app/composables/asyncData').KeysOf<DataT>,
+    DefaultT = undefined,
+  >(request: import('vue').Ref<Path> | Path | (() => Path), opts?: import('nuxt/dist/app/composables/fetch').UseFetchOptions<_ResT, DataT, PickKeys, DefaultT, Path, Method>): import('nuxt/dist/app/composables/asyncData').AsyncData<import('nuxt/dist/app/composables/asyncData').PickFrom<DataT, PickKeys> | DefaultT, ErrorT | undefined>
+  export function useFetch<
+    ErrorT = FetchError,
+    Path extends import('#nuxt-better-auth').AuthApiEndpointPath = import('#nuxt-better-auth').AuthApiEndpointPath,
+    Method extends _AuthFetchMethod<Path> = _AuthFetchDefaultMethod<Path>,
+    _ResT = _AuthFetchResult<Path, Method>,
+    DataT = _ResT,
+    PickKeys extends import('nuxt/dist/app/composables/asyncData').KeysOf<DataT> = import('nuxt/dist/app/composables/asyncData').KeysOf<DataT>,
+    DefaultT = DataT,
+  >(request: import('vue').Ref<Path> | Path | (() => Path), opts?: import('nuxt/dist/app/composables/fetch').UseFetchOptions<_ResT, DataT, PickKeys, DefaultT, Path, Method>): import('nuxt/dist/app/composables/asyncData').AsyncData<import('nuxt/dist/app/composables/asyncData').PickFrom<DataT, PickKeys> | DefaultT, ErrorT | undefined>
+  export function useLazyFetch<
+    ErrorT = FetchError,
+    Path extends import('#nuxt-better-auth').AuthApiEndpointPath = import('#nuxt-better-auth').AuthApiEndpointPath,
+    Method extends _AuthFetchMethod<Path> = _AuthFetchDefaultMethod<Path>,
+    _ResT = _AuthFetchResult<Path, Method>,
+    DataT = _ResT,
+    PickKeys extends import('nuxt/dist/app/composables/asyncData').KeysOf<DataT> = import('nuxt/dist/app/composables/asyncData').KeysOf<DataT>,
+    DefaultT = undefined,
+  >(request: import('vue').Ref<Path> | Path | (() => Path), opts?: Omit<import('nuxt/dist/app/composables/fetch').UseFetchOptions<_ResT, DataT, PickKeys, DefaultT, Path, Method>, 'lazy'>): import('nuxt/dist/app/composables/asyncData').AsyncData<import('nuxt/dist/app/composables/asyncData').PickFrom<DataT, PickKeys> | DefaultT, ErrorT | undefined>
+  export function useLazyFetch<
+    ErrorT = FetchError,
+    Path extends import('#nuxt-better-auth').AuthApiEndpointPath = import('#nuxt-better-auth').AuthApiEndpointPath,
+    Method extends _AuthFetchMethod<Path> = _AuthFetchDefaultMethod<Path>,
+    _ResT = _AuthFetchResult<Path, Method>,
+    DataT = _ResT,
+    PickKeys extends import('nuxt/dist/app/composables/asyncData').KeysOf<DataT> = import('nuxt/dist/app/composables/asyncData').KeysOf<DataT>,
+    DefaultT = DataT,
+  >(request: import('vue').Ref<Path> | Path | (() => Path), opts?: Omit<import('nuxt/dist/app/composables/fetch').UseFetchOptions<_ResT, DataT, PickKeys, DefaultT, Path, Method>, 'lazy'>): import('nuxt/dist/app/composables/asyncData').AsyncData<import('nuxt/dist/app/composables/asyncData').PickFrom<DataT, PickKeys> | DefaultT, ErrorT | undefined>
+}
+declare module 'nitropack' {
+  interface NitroRouteRules {
+    auth?: import('${runtimeTypesPath}').AuthMeta
+  }
+  interface NitroRouteConfig {
+    auth?: import('${runtimeTypesPath}').AuthMeta
+  }
+  interface InternalApi extends _GeneratedAuthInternalApi {}
+}
 declare module 'nitropack/types' {
   interface NitroRouteRules {
-    auth?: import('${resolver.resolve("./runtime/types")}').AuthMeta
+    auth?: import('${runtimeTypesPath}').AuthMeta
   }
+  interface NitroRouteConfig {
+    auth?: import('${runtimeTypesPath}').AuthMeta
+  }
+  interface InternalApi extends _GeneratedAuthInternalApi {}
 }
+export {}
 `
-    });
-    nuxt.hook("builder:watch", async (_event, relativePath) => {
-      if (relativePath.includes("auth.config")) {
-        await updateTemplates({ filter: (t) => t.filename.includes("nuxt-better-auth") });
-      }
-    });
-    addServerImportsDir(resolver.resolve("./runtime/server/utils"));
-    addServerScanDir(resolver.resolve("./runtime/server/middleware"));
-    addServerHandler({ route: "/api/auth/**", handler: resolver.resolve("./runtime/server/api/auth/[...all]") });
-    addImportsDir(resolver.resolve("./runtime/app/composables"));
-    addImportsDir(resolver.resolve("./runtime/utils"));
-    addPlugin({ src: resolver.resolve("./runtime/app/plugins/session.server"), mode: "server" });
-    addPlugin({ src: resolver.resolve("./runtime/app/plugins/session.client"), mode: "client" });
-    addComponentsDir({ path: resolver.resolve("./runtime/app/components") });
-    nuxt.hook("app:resolve", (app) => {
-      app.middleware.push({ name: "auth", path: resolver.resolve("./runtime/app/middleware/auth.global"), global: true });
-    });
-    if (hasHubDb) {
-      await setupBetterAuthSchema(nuxt, serverConfigPath, options);
+  }, { nuxt: true, nitro: true, node: true });
+}
+function registerSharedTypeTemplates(input) {
+  addTypeTemplate({
+    filename: "types/nuxt-better-auth.d.ts",
+    getContents: () => `
+import type { AppSession } from '${input.runtimeTypesAugmentPath}'
+export * from '${input.runtimeTypesAugmentPath}'
+export type { AuthMeta, AuthMode, AuthRouteRules, AuthSocialProviderId, Auth, InferUser, InferSession } from '${input.runtimeTypesPath}'
+declare module 'h3' {
+  interface H3EventContext {
+    requestSession?: AppSession | null
+  }
+}
+`
+  });
+  addTypeTemplate({
+    filename: "types/nuxt-better-auth-client.d.ts",
+    getContents: () => `
+import type createAppAuthClient from '${input.clientConfigPath}'
+declare module '#nuxt-better-auth' {
+  export type AppAuthClient = ReturnType<typeof createAppAuthClient>
+}
+`
+  });
+}
+const consola = consola$1.withTag("nuxt-better-auth");
+function resolveDefaultClientConfig(options, rootDir, srcDir) {
+  if (options.clientConfig !== "app/auth.config")
+    return;
+  const srcDirRelative = srcDir.replace(`${rootDir}/`, "");
+  options.clientConfig = srcDirRelative === srcDir ? "auth.config" : `${srcDirRelative}/auth.config`;
+}
+async function createDefaultAuthConfigFiles(rootDir, srcDir) {
+  const serverPath = join(rootDir, "server/auth.config.ts");
+  const clientPath = join(srcDir, "auth.config.ts");
+  const serverTemplate = `import { defineServerAuth } from '@onmax/nuxt-better-auth/config'
+export default defineServerAuth({
+  emailAndPassword: { enabled: true },
+})
+`;
+  const clientTemplate = `import { defineClientAuth } from '@onmax/nuxt-better-auth/config'
+export default defineClientAuth({})
+`;
+  if (!existsSync(serverPath)) {
+    await mkdir(dirname(serverPath), { recursive: true });
+    await writeFile(serverPath, serverTemplate);
+    consola.success("Created server/auth.config.ts");
+  }
+  if (!existsSync(clientPath)) {
+    await mkdir(dirname(clientPath), { recursive: true });
+    await writeFile(clientPath, clientTemplate);
+    const relativePath = clientPath.replace(`${rootDir}/`, "");
+    consola.success(`Created ${relativePath}`);
+  }
+}
+const module$1 = defineNuxtModule({
+  meta: { name: "@onmax/nuxt-better-auth", version, configKey: "auth", compatibility: { nuxt: ">=4.0.0" } },
+  defaults: {
+    clientOnly: false,
+    serverConfig: "server/auth.config",
+    clientConfig: "app/auth.config",
+    redirects: { login: "/login", guest: "/" },
+    preserveRedirect: true,
+    redirectQueryKey: "redirect",
+    hubSecondaryStorage: false
+  },
+  async onInstall(nuxt) {
+    const configuredSecret = nuxt.options.runtimeConfig?.betterAuthSecret;
+    const generatedSecret = await promptForSecret(nuxt.options.rootDir, consola, { configuredSecret, prepare: Boolean(nuxt.options._prepare) });
+    if (generatedSecret)
+      process.env.BETTER_AUTH_SECRET = generatedSecret;
+    await createDefaultAuthConfigFiles(nuxt.options.rootDir, nuxt.options.srcDir);
+  },
+  async setup(options, nuxt) {
+    const resolver = createResolver(import.meta.url);
+    resolveDefaultClientConfig(options, nuxt.options.rootDir, nuxt.options.srcDir);
+    const clientOnly = options.clientOnly;
+    const serverConfigFile = options.serverConfig;
+    const clientConfigFile = options.clientConfig;
+    const serverConfigPath = resolver.resolve(nuxt.options.rootDir, serverConfigFile);
+    const clientConfigPath = resolver.resolve(nuxt.options.rootDir, clientConfigFile);
+    const serverConfigExists = existsSync(`${serverConfigPath}.ts`) || existsSync(`${serverConfigPath}.js`);
+    const clientConfigExists = existsSync(`${clientConfigPath}.ts`) || existsSync(`${clientConfigPath}.js`);
+    if (!clientOnly && !serverConfigExists)
+      throw new Error(`[nuxt-better-auth] Missing ${serverConfigFile}.ts - export default defineServerAuth(...)`);
+    if (!clientConfigExists)
+      throw new Error(`[nuxt-better-auth] Missing ${clientConfigFile}.ts - export default defineClientAuth(...)`);
+    const hasNuxtHub = hasNuxtModule("@nuxthub/core", nuxt);
+    const hub = hasNuxtHub ? nuxt.options.hub : void 0;
+    const hasHubDbAvailable = !clientOnly && hasNuxtHub && !!hub?.db;
+    const deprecatedProvider = options.database?.provider;
+    if (deprecatedProvider) {
+      throw new Error(
+        `[nuxt-better-auth] auth.database.provider has been removed. Remove auth.database.provider="${deprecatedProvider}". To configure a database, either set "database" directly in server/auth.config.ts (defineServerAuth) or install a provider module that registers better-auth:database:providers.`
+      );
     }
-    const isProduction = process.env.NODE_ENV === "production" || !nuxt.options.dev;
-    if (!isProduction) {
-      setupDevTools(nuxt);
-      addServerHandler({ route: "/api/_better-auth/config", method: "get", handler: resolver.resolve("./runtime/server/api/_better-auth/config.get") });
-      if (hasHubDb) {
-        addServerHandler({ route: "/api/_better-auth/sessions", method: "get", handler: resolver.resolve("./runtime/server/api/_better-auth/sessions.get") });
-        addServerHandler({ route: "/api/_better-auth/sessions", method: "delete", handler: resolver.resolve("./runtime/server/api/_better-auth/sessions.delete") });
-        addServerHandler({ route: "/api/_better-auth/users", method: "get", handler: resolver.resolve("./runtime/server/api/_better-auth/users.get") });
-        addServerHandler({ route: "/api/_better-auth/accounts", method: "get", handler: resolver.resolve("./runtime/server/api/_better-auth/accounts.get") });
-      }
-      extendPages((pages) => {
-        pages.push({ name: "better-auth-devtools", path: "/__better-auth-devtools", file: resolver.resolve("./runtime/app/pages/__better-auth-devtools.vue") });
+    let databaseProvider = "none";
+    let hasHubDb = false;
+    nuxt.options.alias["#nuxt-better-auth"] = resolver.resolve("./runtime/types/augment");
+    if (!clientOnly)
+      nuxt.options.alias["#auth/server"] = serverConfigPath;
+    nuxt.options.alias["#auth/client"] = clientConfigPath;
+    if (clientOnly) {
+      setupRuntimeConfig({
+        nuxt,
+        options,
+        clientOnly,
+        databaseProvider,
+        hasNuxtHub,
+        hub,
+        consola
       });
-    }
-    nuxt.hook("pages:extend", (pages) => {
-      const routeRules = nuxt.options.routeRules || {};
-      if (!Object.keys(routeRules).length)
-        return;
-      const matcher = toRouteMatcher(createRouter({ routes: routeRules }));
-      const applyMetaFromRules = (page) => {
-        const matches = matcher.matchAll(page.path);
-        if (!matches.length)
-          return;
-        const matchedRules = defu({}, ...matches.reverse());
-        if (matchedRules.auth !== void 0) {
-          page.meta = page.meta || {};
-          page.meta.auth = matchedRules.auth;
+    } else {
+      const hubDialect = getHubDialect(hub) ?? "sqlite";
+      const usePlural = options.schema?.usePlural ?? false;
+      const camelCase = (options.schema?.casing ?? getHubCasing(hub)) !== "snake_case";
+      const providers = {
+        nuxthub: {
+          priority: 100,
+          isEnabled: ({ hasHubDbAvailable: hasHubDbAvailable2 }) => hasHubDbAvailable2,
+          buildDatabaseCode: () => buildDatabaseCode({
+            provider: "nuxthub",
+            hubDialect,
+            usePlural,
+            camelCase
+          })
+        },
+        none: {
+          priority: 0,
+          buildDatabaseCode: () => buildDatabaseCode({
+            provider: "none",
+            hubDialect,
+            usePlural,
+            camelCase
+          })
         }
-        page.children?.forEach((child) => applyMetaFromRules(child));
       };
-      pages.forEach((page) => applyMetaFromRules(page));
+      const enabledCtx = { nuxt, options, clientOnly, hasHubDbAvailable };
+      await nuxt.callHook("better-auth:database:providers", providers);
+      const resolvedProvider = resolveDatabaseProvider({ providers, context: enabledCtx });
+      databaseProvider = resolvedProvider.id;
+      hasHubDb = databaseProvider === "nuxthub";
+      const { useHubKV } = setupRuntimeConfig({
+        nuxt,
+        options,
+        clientOnly,
+        databaseProvider,
+        hasNuxtHub,
+        hub,
+        consola
+      });
+      if (useHubKV && !nuxt.options.alias["hub:kv"]) {
+        throw new Error("[nuxt-better-auth] hub:kv not found. Ensure @nuxthub/core is loaded before this module and hub.kv is enabled.");
+      }
+      const secondaryStorageTemplate = addTemplate({
+        filename: "better-auth/secondary-storage.mjs",
+        getContents: () => buildSecondaryStorageCode(useHubKV),
+        write: true
+      });
+      nuxt.options.alias["#auth/secondary-storage"] = secondaryStorageTemplate.dst;
+      if (hasHubDb && !nuxt.options.alias["hub:db"]) {
+        throw new Error("[nuxt-better-auth] hub:db not found. Ensure @nuxthub/core is loaded before this module and hub.db is configured.");
+      }
+      const setupCtx = { nuxt, options, clientOnly };
+      await resolvedProvider.definition.setup?.(setupCtx);
+      const buildCtx = { hubDialect, usePlural, camelCase };
+      const databaseTemplate = addTemplate({
+        filename: "better-auth/database.mjs",
+        getContents: () => resolvedProvider.definition.buildDatabaseCode(buildCtx),
+        write: true
+      });
+      nuxt.options.alias["#auth/database"] = databaseTemplate.dst;
+      const schemaTemplate = addTemplate({
+        filename: "better-auth/schema.mjs",
+        getContents: () => {
+          if (!hasHubDb)
+            return "export const schema = undefined\n";
+          return `export * from './schema.${hubDialect}.mjs'
+import * as schema from './schema.${hubDialect}.mjs'
+export { schema }
+`;
+        },
+        write: true
+      });
+      nuxt.options.alias["#auth/schema"] = schemaTemplate.dst;
+      registerServerTypeTemplates({
+        serverConfigPath,
+        hasHubDb,
+        runtimeTypesPath: resolver.resolve("./runtime/types")
+      });
+      if (hasHubDb)
+        await setupBetterAuthSchema(nuxt, serverConfigPath, options, consola, options.hubSecondaryStorage ?? false);
+    }
+    registerSharedTypeTemplates({
+      runtimeTypesAugmentPath: resolver.resolve("./runtime/types/augment"),
+      runtimeTypesPath: resolver.resolve("./runtime/types"),
+      clientConfigPath
     });
+    const runtimeRouteRulesSource = nuxt.options.nitro?.routeRules || nuxt.options.routeRules || {};
+    const authRouteRules = Object.fromEntries(
+      Object.entries(runtimeRouteRulesSource).flatMap(([path, rule]) => {
+        if (!rule || typeof rule !== "object" || !("auth" in rule))
+          return [];
+        return [[path, { auth: rule.auth }]];
+      })
+    );
+    const authRouteRulesTemplate = addTemplate({
+      filename: "better-auth/route-rules.mjs",
+      getContents: () => `export const authRouteRules = ${JSON.stringify(authRouteRules, null, 2)}
+`,
+      write: true
+    });
+    nuxt.options.alias["#auth/route-rules"] = authRouteRulesTemplate.dst;
+    registerTemplateHmrHook(nuxt);
+    registerServerRuntime({ clientOnly, resolve: resolver.resolve });
+    registerAuthMiddlewareHook(nuxt, resolver.resolve);
+    await registerDevtools({ nuxt, clientOnly, hasHubDb, resolve: resolver.resolve });
+    registerRouteRulesMetaHook(nuxt);
   }
 });
-async function setupBetterAuthSchema(nuxt, serverConfigPath, options) {
-  const hub = nuxt.options.hub;
-  const dialect = typeof hub?.db === "string" ? hub.db : typeof hub?.db === "object" ? hub.db.dialect : void 0;
-  if (!dialect || !["sqlite", "postgresql", "mysql"].includes(dialect)) {
-    consola.warn(`Unsupported database dialect: ${dialect}`);
-    return;
-  }
-  const isProduction = !nuxt.options.dev;
-  try {
-    const configFile = `${serverConfigPath}.ts`;
-    const userConfig = await loadUserAuthConfig(configFile, isProduction);
-    const extendedConfig = {};
-    await nuxt.callHook("better-auth:config:extend", extendedConfig);
-    const plugins = [...userConfig.plugins || [], ...extendedConfig.plugins || []];
-    const { getAuthTables } = await import('better-auth/db');
-    const tables = getAuthTables({ plugins });
-    const useUuid = userConfig.advanced?.database?.generateId === "uuid";
-    const schemaOptions = { ...options.schema, useUuid };
-    const schemaCode = generateDrizzleSchema(tables, dialect, schemaOptions);
-    const schemaDir = join(nuxt.options.buildDir, "better-auth");
-    const schemaPath = join(schemaDir, `schema.${dialect}.ts`);
-    await mkdir(schemaDir, { recursive: true });
-    await writeFile(schemaPath, schemaCode);
-    addTemplate({ filename: `better-auth/schema.${dialect}.ts`, getContents: () => schemaCode, write: true });
-    consola.info(`Generated ${dialect} schema with ${Object.keys(tables).length} tables`);
-  } catch (error) {
-    if (isProduction) {
-      throw error;
-    }
-    consola.error("Failed to generate schema:", error);
-  }
-  const nuxtWithHubHooks = nuxt;
-  nuxtWithHubHooks.hook("hub:db:schema:extend", ({ paths, dialect: hookDialect }) => {
-    const schemaPath = join(nuxt.options.buildDir, "better-auth", `schema.${hookDialect}.ts`);
-    if (existsSync(schemaPath)) {
-      paths.unshift(schemaPath);
-    }
-  });
-}
 export { module$1 as default };