@onmax/nuxt-better-auth 0.0.2-alpha.3 → 0.0.2-alpha.31

package/dist/runtime/app/internal/session-fetch.d.ts

@@ -0,0 +1,12 @@
+import type { AppAuthClient, AuthSession, AuthUser } from '#nuxt-better-auth';
+import type { Ref } from 'vue';
+export declare function stripToken(session: AuthSession & {
+    token?: string;
+}): AuthSession;
+export declare function fetchSessionServer(session: Ref<AuthSession | null>, user: Ref<AuthUser | null>, authReady: Ref<boolean>, options?: {
+    headers?: HeadersInit;
+}): Promise<void>;
+export declare function fetchSessionClient(client: AppAuthClient, session: Ref<AuthSession | null>, user: Ref<AuthUser | null>, authReady: Ref<boolean>, options?: {
+    headers?: HeadersInit;
+    force?: boolean;
+}): Promise<void>;

package/dist/runtime/app/internal/session-fetch.js

@@ -0,0 +1,56 @@
+import { useRequestFetch, useRequestHeaders } from "#imports";
+import { normalizeAuthActionError } from "./auth-action-error.js";
+export function stripToken(session) {
+  const { token: _, ...safe } = session;
+  return safe;
+}
+function isExpectedSignedOutSessionError(error) {
+  const normalizedError = normalizeAuthActionError(error);
+  if (normalizedError.status === 401)
+    return true;
+  return normalizedError.code === "UNAUTHORIZED";
+}
+export async function fetchSessionServer(session, user, authReady, options = {}) {
+  try {
+    const headers = options.headers || useRequestHeaders(["cookie"]);
+    const requestFetch = useRequestFetch();
+    const data = await requestFetch("/api/auth/get-session", { headers });
+    if (data?.session && data?.user) {
+      session.value = stripToken(data.session);
+      user.value = data.user;
+    } else {
+      session.value = null;
+      user.value = null;
+    }
+  } catch {
+    session.value = null;
+    user.value = null;
+  } finally {
+    if (!authReady.value)
+      authReady.value = true;
+  }
+}
+export async function fetchSessionClient(client, session, user, authReady, options = {}) {
+  try {
+    const headers = options.headers || useRequestHeaders(["cookie"]);
+    const fetchOptions = headers ? { headers } : void 0;
+    const query = options.force ? { disableCookieCache: true } : void 0;
+    const result = await client.getSession({ query }, fetchOptions);
+    const data = result.data;
+    if (data?.session && data?.user) {
+      session.value = stripToken(data.session);
+      user.value = data.user;
+    } else {
+      session.value = null;
+      user.value = null;
+    }
+  } catch (error) {
+    session.value = null;
+    user.value = null;
+    if (!isExpectedSignedOutSessionError(error))
+      console.error("[nuxt-better-auth] Failed to fetch session:", error);
+  } finally {
+    if (!authReady.value)
+      authReady.value = true;
+  }
+}

package/dist/runtime/app/internal/utils.d.ts

@@ -0,0 +1 @@
+export declare function isRecord(value: unknown): value is Record<string, unknown>;

package/dist/runtime/app/internal/utils.js

@@ -0,0 +1,3 @@
+export function isRecord(value) {
+  return Boolean(value && typeof value === "object");
+}

package/dist/runtime/app/internal/wrap-auth-method.d.ts

@@ -0,0 +1,15 @@
+import type { ComputedRef } from 'vue';
+export declare function wrapOnSuccess(fetchSession: (options?: {
+    force?: boolean;
+}) => Promise<void>, loggedIn: ComputedRef<boolean>, waitForSession: () => Promise<void>, cb: (ctx: unknown) => void | Promise<void>): (ctx: unknown) => Promise<void>;
+export declare function wrapAuthMethod<T extends (...args: unknown[]) => Promise<unknown>>(method: T, deps: {
+    fetchSession: (options?: {
+        force?: boolean;
+    }) => Promise<void>;
+    loggedIn: ComputedRef<boolean>;
+    waitForSession: () => Promise<void>;
+    resolvePostAuthSuccessRedirect: () => (() => Promise<void>) | undefined;
+}, wrapOptions?: {
+    shouldSkipSessionSync?: (data: unknown, options: unknown) => boolean;
+    transformData?: (data: unknown, options: unknown) => unknown;
+}): T;

package/dist/runtime/app/internal/wrap-auth-method.js

@@ -0,0 +1,66 @@
+import { nextTick } from "#imports";
+import { isRecord } from "./utils.js";
+export function wrapOnSuccess(fetchSession, loggedIn, waitForSession, cb) {
+  return async (ctx) => {
+    await fetchSession({ force: true });
+    if (!loggedIn.value)
+      await waitForSession();
+    await nextTick();
+    await cb(ctx);
+  };
+}
+export function wrapAuthMethod(method, deps, wrapOptions = {}) {
+  return (async (...args) => {
+    const originalData = args[0];
+    const options = args[1];
+    const data = wrapOptions.transformData?.(originalData, options) ?? originalData;
+    const dataRecord = isRecord(data) ? data : void 0;
+    const optionsRecord = isRecord(options) ? options : void 0;
+    if (wrapOptions.shouldSkipSessionSync?.(data, options))
+      return method(data, options);
+    const fetchOptions = isRecord(dataRecord?.fetchOptions) ? dataRecord.fetchOptions : void 0;
+    const nestedOnSuccess = fetchOptions?.onSuccess;
+    const topLevelOnSuccess = optionsRecord?.onSuccess;
+    const fallbackOnSuccess = deps.resolvePostAuthSuccessRedirect();
+    const wrappedFallbackOnSuccess = fallbackOnSuccess && wrapOnSuccess(deps.fetchSession, deps.loggedIn, deps.waitForSession, async () => {
+      if (!deps.loggedIn.value)
+        return;
+      await fallbackOnSuccess();
+    });
+    if (typeof nestedOnSuccess === "function") {
+      const nextData = {
+        ...dataRecord,
+        fetchOptions: {
+          ...fetchOptions,
+          onSuccess: wrapOnSuccess(deps.fetchSession, deps.loggedIn, deps.waitForSession, nestedOnSuccess)
+        }
+      };
+      return method(nextData, options);
+    }
+    if (typeof topLevelOnSuccess === "function") {
+      const nextOptions = {
+        ...optionsRecord,
+        onSuccess: wrapOnSuccess(deps.fetchSession, deps.loggedIn, deps.waitForSession, topLevelOnSuccess)
+      };
+      return method(data, nextOptions);
+    }
+    if (wrappedFallbackOnSuccess) {
+      if (fetchOptions) {
+        const nextData = {
+          ...dataRecord,
+          fetchOptions: {
+            ...fetchOptions,
+            onSuccess: wrappedFallbackOnSuccess
+          }
+        };
+        return method(nextData, options);
+      }
+      const nextOptions = {
+        ...optionsRecord,
+        onSuccess: wrappedFallbackOnSuccess
+      };
+      return method(data, nextOptions);
+    }
+    return method(data, options);
+  });
+}

package/dist/runtime/app/middleware/auth.global.js

@@ -1,16 +1,24 @@
-import { createError, defineNuxtRouteMiddleware, getRouteRules, navigateTo, useNuxtApp, useRequestHeaders, useRuntimeConfig } from "#imports";
+import { createError, defineNuxtRouteMiddleware, getRouteRules, navigateTo, useNuxtApp, useRequestHeaders, useRuntimeConfig, useUserSession } from "#imports";
+import { defu } from "defu";
+import { createRouter, toRouteMatcher } from "radix3";
 import { matchesUser } from "../../utils/match-user.js";
+let authRouteRulesPromise = null;
+let routeRulesMatcherPromise = null;
 export default defineNuxtRouteMiddleware(async (to) => {
   const nuxtApp = useNuxtApp();
-  if (import.meta.client) {
-    const isPrerendered = nuxtApp.payload.prerenderedAt || nuxtApp.payload.isCached;
-    if (isPrerendered && nuxtApp.isHydrating)
-      return;
-  }
   if (to.meta.auth === void 0) {
-    const rules = await getRouteRules({ path: to.path });
-    if (rules.auth !== void 0)
-      to.meta.auth = rules.auth;
+    const routeRulesMatcher = await getRouteRulesMatcher();
+    const matches = routeRulesMatcher?.matchAll(to.path);
+    if (matches?.length) {
+      const merged = defu({}, ...matches.reverse());
+      if (merged.auth !== void 0)
+        to.meta.auth = merged.auth;
+    }
+    if (to.meta.auth === void 0) {
+      const rules = await getRouteRules({ path: to.path });
+      if (rules.auth !== void 0)
+        to.meta.auth = rules.auth;
+    }
   }
   const auth = to.meta.auth;
   if (auth === void 0 || auth === false)
@@ -19,7 +27,8 @@ export default defineNuxtRouteMiddleware(async (to) => {
   const { fetchSession, user, loggedIn } = useUserSession();
   if (!loggedIn.value) {
     const headers = import.meta.server ? useRequestHeaders(["cookie"]) : void 0;
-    await fetchSession({ headers });
+    const isHydratedPrerenderPayload = (import.meta.client || !import.meta.server) && nuxtApp.isHydrating && Boolean(nuxtApp.payload.prerenderedAt || nuxtApp.payload.isCached);
+    await fetchSession({ headers, ...isHydratedPrerenderPayload ? { force: true } : {} });
   }
   const mode = typeof auth === "string" ? auth : auth?.only ?? "user";
   const redirectTo = typeof auth === "object" ? auth.redirectTo : void 0;
@@ -28,10 +37,62 @@ export default defineNuxtRouteMiddleware(async (to) => {
       return navigateTo(redirectTo ?? config?.redirects?.guest ?? "/");
     return;
   }
-  if (!loggedIn.value)
-    return navigateTo(redirectTo ?? config?.redirects?.login ?? "/login");
+  if (!loggedIn.value) {
+    const resolved = resolveLoginRedirect({
+      route: to,
+      loginTarget: redirectTo ?? config?.redirects?.login ?? "/login",
+      config
+    });
+    return resolved.external ? navigateTo(resolved.to, { external: true }) : navigateTo(resolved.to);
+  }
   if (typeof auth === "object" && auth.user) {
     if (!user.value || !matchesUser(user.value, auth.user))
       throw createError({ statusCode: 403, statusMessage: "Access denied" });
   }
 });
+function resolveLoginRedirect(input) {
+  const { route, loginTarget, config } = input;
+  const preserveRedirect = config?.preserveRedirect ?? true;
+  const redirectQueryKey = config?.redirectQueryKey ?? "redirect";
+  if (!preserveRedirect)
+    return { to: loginTarget, external: false };
+  if (!loginTarget.startsWith("/") || loginTarget.startsWith("//"))
+    return { to: loginTarget, external: false };
+  const [beforeHash, hash = ""] = loginTarget.split("#", 2);
+  const [path, query = ""] = beforeHash.split("?", 2);
+  try {
+    const params2 = new URLSearchParams(query);
+    if (params2.has(redirectQueryKey))
+      return { to: loginTarget, external: false };
+  } catch {
+    return { to: loginTarget, external: false };
+  }
+  if (import.meta.server) {
+    const separator = query ? "&" : "";
+    const encodedRedirect = encodeURIComponent(route.fullPath);
+    const url = `${path}?${query}${separator}${redirectQueryKey}=${encodedRedirect}${hash ? `#${hash}` : ""}`;
+    return { to: url, external: true };
+  }
+  const params = new URLSearchParams(query);
+  const queryObj = {};
+  for (const [k, v] of params.entries())
+    queryObj[k] = v;
+  queryObj[redirectQueryKey] = route.fullPath;
+  return { to: { path, query: queryObj, ...hash ? { hash: `#${hash}` } : {} }, external: false };
+}
+async function getAuthRouteRules() {
+  if (!authRouteRulesPromise) {
+    authRouteRulesPromise = import("#auth/route-rules").then((mod) => mod.authRouteRules || {}).catch(() => ({}));
+  }
+  return await authRouteRulesPromise;
+}
+async function getRouteRulesMatcher() {
+  if (!routeRulesMatcherPromise) {
+    routeRulesMatcherPromise = getAuthRouteRules().then((authRouteRules) => {
+      if (!Object.keys(authRouteRules).length)
+        return null;
+      return toRouteMatcher(createRouter({ routes: authRouteRules }));
+    });
+  }
+  return await routeRulesMatcherPromise;
+}

package/dist/runtime/app/pages/__better-auth-devtools.vue

@@ -374,19 +374,13 @@ function getAccountActions(row) {
                   <UIcon name="i-lucide-settings-2" class="size-4" /><span>Module</span>
                 </div>
                 <div class="config-row">
-                  <span class="config-label">Login</span><span class="font-mono">{{ configData.config.module?.redirects?.login }}</span>
-                </div>
-                <div class="config-row">
-                  <span class="config-label">Guest</span><span class="font-mono">{{ configData.config.module?.redirects?.guest }}</span>
-                </div>
-                <div class="config-row">
-                  <span class="config-label">DB</span><UBadge :color="configData.config.module?.useDatabase ? 'success' : 'neutral'" variant="subtle" size="sm">
-                    {{ configData.config.module?.useDatabase ? "Hub" : "Off" }}
+                  <span class="config-label">DB</span><UBadge :color="configData.config.module?.databaseProvider === 'none' ? 'neutral' : 'success'" variant="subtle" size="sm">
+                    {{ configData.config.module?.databaseProvider === "nuxthub" ? "Hub" : "Off" }}
                   </UBadge>
                 </div>
                 <div class="config-row">
-                  <span class="config-label">KV</span><UBadge :color="configData.config.module?.secondaryStorage ? 'success' : 'neutral'" variant="subtle" size="sm">
-                    {{ configData.config.module?.secondaryStorage ? "On" : "Off" }}
+                  <span class="config-label">KV</span><UBadge :color="configData.config.module?.hubSecondaryStorage ? 'success' : 'neutral'" variant="subtle" size="sm">
+                    {{ configData.config.module?.hubSecondaryStorage ? configData.config.module.hubSecondaryStorage === "custom" ? "Custom" : "On" : "Off" }}
                   </UBadge>
                 </div>
               </div>

package/dist/runtime/app/plugins/session.client.js

@@ -1,5 +1,4 @@
-import { defineNuxtPlugin } from "#imports";
-import { useUserSession } from "../composables/useUserSession.js";
+import { defineNuxtPlugin, useUserSession } from "#imports";
 export default defineNuxtPlugin(async (nuxtApp) => {
   const { fetchSession } = useUserSession();
   const safeFetch = async () => {

package/dist/runtime/config.d.ts

@@ -1,41 +1,96 @@
-import type { BetterAuthOptions } from 'better-auth';
-import type { ClientOptions } from 'better-auth/client';
+import type { BetterAuthOptions, BetterAuthPlugin } from 'better-auth';
+import type { BetterAuthClientOptions } from 'better-auth/client';
+import type { Casing } from 'drizzle-orm/utils';
 import type { ServerAuthContext } from './types/augment.js';
+import { createAuthClient } from 'better-auth/vue';
 export type { ServerAuthContext };
 export interface ClientAuthContext {
     siteUrl: string;
 }
-type ServerAuthConfig = Omit<BetterAuthOptions, 'database' | 'secret' | 'baseURL'>;
-type ClientAuthConfig = Omit<ClientOptions, 'baseURL'> & {
+export type ServerAuthConfig = Omit<BetterAuthOptions, 'secret' | 'baseURL'> & {
+    plugins?: readonly BetterAuthPlugin[];
+};
+export type ClientAuthConfig = Omit<BetterAuthClientOptions, 'baseURL'> & {
     baseURL?: string;
 };
 export type ServerAuthConfigFn = (ctx: ServerAuthContext) => ServerAuthConfig;
 export type ClientAuthConfigFn = (ctx: ClientAuthContext) => ClientAuthConfig;
+export type ModuleDatabaseProviderId = 'none' | 'nuxthub' | (string & {});
+export type EffectiveDatabaseProviderId = 'user' | ModuleDatabaseProviderId;
 export interface BetterAuthModuleOptions {
-    /** Server config path relative to rootDir. Default: 'server/auth.config' */
+    /** Client-only mode - skip server setup for external auth backends */
+    clientOnly?: boolean;
+    /** Server config path. Relative paths resolve from the layer that declares them. Default: 'server/auth.config' */
     serverConfig?: string;
-    /** Client config path relative to rootDir. Default: 'app/auth.config' */
+    /** Client config path. Relative paths resolve from the layer that declares them. Default: 'app/auth.config' */
     clientConfig?: string;
     redirects?: {
+        /** Where to redirect unauthenticated users. Default: '/login' */
         login?: string;
+        /** Where to redirect authenticated users on guest-only routes. Default: '/' */
         guest?: string;
+        /** Where to navigate after successful signIn/signUp when no onSuccess is provided. Default: no automatic navigation */
+        authenticated?: string;
+        /** Where to navigate after logout. Default: no automatic navigation */
+        logout?: string;
+    };
+    /**
+     * When redirecting unauthenticated users to the login route, append a query param
+     * containing the originally requested path (for safe "return-to" redirects).
+     *
+     * Default: true
+     */
+    preserveRedirect?: boolean;
+    /**
+     * Query param key used by preserveRedirect.
+     *
+     * Default: 'redirect'
+     */
+    redirectQueryKey?: string;
+    session?: {
+        /**
+         * When enabled, and session/user are already hydrated from SSR, skip the initial
+         * client `/api/auth/get-session` bootstrap request. This also skips Better Auth's
+         * session refresh manager on those pages.
+         *
+         * Default: false
+         */
+        skipHydratedSsrGetSession?: boolean;
     };
-    /** Enable KV secondary storage for sessions. Requires hub.kv: true */
-    secondaryStorage?: boolean;
+    /**
+     * Enable secondary storage for sessions.
+     * - `true`: Use NuxtHub KV (requires hub.kv: true)
+     * - `'custom'`: User provides own secondaryStorage in defineServerAuth()
+     * - `false` (default): No secondary storage from module
+     */
+    hubSecondaryStorage?: boolean | 'custom';
     /** Schema generation options. Must match drizzleAdapter config. */
     schema?: {
         /** Plural table names: user → users. Default: false */
         usePlural?: boolean;
+        /** Column/table name casing. Explicit value takes precedence over hub.db.casing. */
+        casing?: Casing;
     };
 }
 export interface AuthRuntimeConfig {
     redirects: {
         login: string;
         guest: string;
+        authenticated?: string;
+        logout?: string;
+    };
+    preserveRedirect: boolean;
+    redirectQueryKey: string;
+    useDatabase: boolean;
+    databaseProvider: EffectiveDatabaseProviderId;
+    clientOnly: boolean;
+    session: {
+        skipHydratedSsrGetSession: boolean;
     };
 }
 export interface AuthPrivateRuntimeConfig {
-    secondaryStorage: boolean;
+    hubSecondaryStorage: boolean | 'custom';
 }
-export declare function defineServerAuth<T extends ServerAuthConfig>(config: (ctx: ServerAuthContext) => T): (ctx: ServerAuthContext) => T;
-export declare function defineClientAuth(config: ClientAuthConfigFn): ClientAuthConfigFn;
+export declare function defineServerAuth<const R>(config: (ctx: ServerAuthContext) => R & ServerAuthConfig): (ctx: ServerAuthContext) => R;
+export declare function defineServerAuth<const R>(config: R & ServerAuthConfig): (ctx: ServerAuthContext) => R;
+export declare function defineClientAuth<T extends ClientAuthConfig>(config: T | ((ctx: ClientAuthContext) => T)): (baseURL: string) => ReturnType<typeof createAuthClient<T>>;

package/dist/runtime/config.js

@@ -1,6 +1,13 @@
+import { createAuthClient } from "better-auth/vue";
 export function defineServerAuth(config) {
-  return config;
+  return typeof config === "function" ? config : () => config;
 }
 export function defineClientAuth(config) {
-  return config;
+  return (baseURL) => {
+    const ctx = { siteUrl: baseURL };
+    const resolved = typeof config === "function" ? config(ctx) : config;
+    const { baseURL: configuredBaseURL, ...resolvedOptions } = resolved;
+    const clientOptions = { ...resolvedOptions, baseURL: configuredBaseURL ?? baseURL };
+    return createAuthClient(clientOptions);
+  };
 }

package/dist/runtime/server/api/_better-auth/_schema.js

@@ -1,4 +1,5 @@
 import { z } from "zod";
+const SQL_LIKE_ESCAPE_RE = /[%_\\]/g;
 export const paginationQuerySchema = z.object({
   page: z.coerce.number().int().min(1).default(1),
   limit: z.coerce.number().int().min(1).max(100).default(20),
@@ -7,5 +8,5 @@ export const paginationQuerySchema = z.object({
 export function sanitizeSearchPattern(search) {
   if (!search)
     return "";
-  return `%${search.replace(/[%_\\]/g, "\\$&")}%`;
+  return `%${search.replace(SQL_LIKE_ESCAPE_RE, "\\$&")}%`;
 }

package/dist/runtime/server/api/_better-auth/accounts.get.js

@@ -2,8 +2,9 @@ import { defineEventHandler, getQuery } from "h3";
 import { paginationQuerySchema, sanitizeSearchPattern } from "./_schema.js";
 export default defineEventHandler(async (event) => {
   try {
-    const { db, schema } = await import("hub:db");
-    if (!schema.account)
+    const { db } = await import("@nuxthub/db");
+    const { schema } = await import("#auth/schema");
+    if (!schema?.account)
       return { accounts: [], total: 0, error: "Account table not found" };
     const query = paginationQuerySchema.parse(getQuery(event));
     const { page, limit, search } = query;

package/dist/runtime/server/api/_better-auth/config.get.d.ts

@@ -2,28 +2,34 @@ declare const _default: import("h3").EventHandler<import("h3").EventHandlerReque
     config: {
         module: {
             redirects: {
-                login?: string;
-                guest?: string;
+                login: string;
+                guest: string;
+                authenticated: string | undefined;
+                logout: string | undefined;
             };
-            secondaryStorage: boolean;
+            preserveRedirect: boolean;
+            redirectQueryKey: string;
+            hubSecondaryStorage: boolean | "custom";
             useDatabase: boolean;
+            databaseProvider: "none" | "nuxthub";
         };
         server: {
-            baseURL: string | undefined;
-            basePath: string;
+            baseURL: any;
+            basePath: any;
             socialProviders: string[];
-            plugins: string[];
-            trustedOrigins: string[] | ((request: Request) => string[] | Promise<string[]>);
+            plugins: any;
+            trustedOrigins: any;
+            configuredTrustedOrigins: any;
             session: {
                 expiresIn: string;
                 updateAge: string;
-                cookieCache: boolean;
+                cookieCache: any;
             };
             emailAndPassword: boolean;
-            rateLimit: boolean;
+            rateLimit: any;
             advanced: {
-                useSecureCookies: string | boolean;
-                disableCSRFCheck: boolean;
+                useSecureCookies: any;
+                disableCSRFCheck: any;
             };
         };
     };

package/dist/runtime/server/api/_better-auth/config.get.js

@@ -3,11 +3,14 @@ import { useRuntimeConfig } from "nitropack/runtime";
 import { serverAuth } from "../../utils/auth.js";
 export default defineEventHandler(async (event) => {
   try {
-    const auth = await serverAuth(event);
+    const auth = serverAuth(event);
     const options = auth.options;
+    const authContext = await auth.$context;
     const runtimeConfig = useRuntimeConfig();
     const publicAuth = runtimeConfig.public?.auth;
     const privateAuth = runtimeConfig.auth;
+    const configuredTrustedOrigins = Array.isArray(options.trustedOrigins) ? options.trustedOrigins : [];
+    const effectiveTrustedOrigins = authContext?.trustedOrigins || configuredTrustedOrigins;
     const sessionConfig = options.session || {};
     const expiresInDays = sessionConfig.expiresIn ? Math.round(sessionConfig.expiresIn / 86400) : 7;
     const updateAgeDays = sessionConfig.updateAge ? Math.round(sessionConfig.updateAge / 86400) : 1;
@@ -15,9 +18,17 @@ export default defineEventHandler(async (event) => {
       config: {
         // Module config (nuxt.config.ts)
         module: {
-          redirects: publicAuth?.redirects || { login: "/login", guest: "/" },
-          secondaryStorage: privateAuth?.secondaryStorage ?? false,
-          useDatabase: publicAuth?.useDatabase ?? false
+          redirects: {
+            login: publicAuth?.redirects?.login ?? "/login",
+            guest: publicAuth?.redirects?.guest ?? "/",
+            authenticated: publicAuth?.redirects?.authenticated,
+            logout: publicAuth?.redirects?.logout
+          },
+          preserveRedirect: publicAuth?.preserveRedirect ?? true,
+          redirectQueryKey: publicAuth?.redirectQueryKey ?? "redirect",
+          hubSecondaryStorage: privateAuth?.hubSecondaryStorage ?? false,
+          useDatabase: publicAuth?.useDatabase ?? false,
+          databaseProvider: publicAuth?.databaseProvider ?? "none"
         },
         // Server config (server/auth.config.ts)
         server: {
@@ -25,7 +36,8 @@ export default defineEventHandler(async (event) => {
           basePath: options.basePath || "/api/auth",
           socialProviders: Object.keys(options.socialProviders || {}),
           plugins: (options.plugins || []).map((p) => p.id || "unknown"),
-          trustedOrigins: options.trustedOrigins || [],
+          trustedOrigins: effectiveTrustedOrigins,
+          configuredTrustedOrigins,
           session: {
             expiresIn: `${expiresInDays} days`,
             updateAge: `${updateAgeDays} days`,

package/dist/runtime/server/api/_better-auth/sessions.delete.js

@@ -6,8 +6,9 @@ const deleteSessionSchema = z.object({
 export default defineEventHandler(async (event) => {
   try {
     const body = deleteSessionSchema.parse(await readBody(event));
-    const { db, schema } = await import("hub:db");
-    if (!schema.session)
+    const { db } = await import("@nuxthub/db");
+    const { schema } = await import("#auth/schema");
+    if (!schema?.session)
       throw createError({ statusCode: 500, message: "Session table not found" });
     const { eq } = await import("drizzle-orm");
     await db.delete(schema.session).where(eq(schema.session.id, body.id));

package/dist/runtime/server/api/_better-auth/sessions.get.d.ts

@@ -1,3 +1,5 @@
+import type { Session } from 'better-auth/types';
+type SafeSession = Pick<Session, 'id' | 'userId' | 'createdAt' | 'updatedAt' | 'expiresAt' | 'ipAddress' | 'userAgent'>;
 declare const _default: import("h3").EventHandler<import("h3").EventHandlerRequest, Promise<{
     sessions: never[];
     total: number;
@@ -5,7 +7,7 @@ declare const _default: import("h3").EventHandler<import("h3").EventHandlerReque
     page?: undefined;
     limit?: undefined;
 } | {
-    sessions: any;
+    sessions: SafeSession[];
     total: any;
     page: number;
     limit: number;

package/dist/runtime/server/api/_better-auth/sessions.get.js

@@ -2,8 +2,9 @@ import { defineEventHandler, getQuery } from "h3";
 import { paginationQuerySchema, sanitizeSearchPattern } from "./_schema.js";
 export default defineEventHandler(async (event) => {
   try {
-    const { db, schema } = await import("hub:db");
-    if (!schema.session)
+    const { db } = await import("@nuxthub/db");
+    const { schema } = await import("#auth/schema");
+    if (!schema?.session)
       return { sessions: [], total: 0, error: "Session table not found" };
     const query = paginationQuerySchema.parse(getQuery(event));
     const { page, limit, search } = query;

package/dist/runtime/server/api/_better-auth/users.get.js

@@ -2,8 +2,9 @@ import { defineEventHandler, getQuery } from "h3";
 import { paginationQuerySchema, sanitizeSearchPattern } from "./_schema.js";
 export default defineEventHandler(async (event) => {
   try {
-    const { db, schema } = await import("hub:db");
-    if (!schema.user)
+    const { db } = await import("@nuxthub/db");
+    const { schema } = await import("#auth/schema");
+    if (!schema?.user)
       return { users: [], total: 0, error: "User table not found" };
     const query = paginationQuerySchema.parse(getQuery(event));
     const { page, limit, search } = query;

package/dist/runtime/server/api/auth/[...all].js

@@ -1,6 +1,6 @@
 import { defineEventHandler, toWebRequest } from "h3";
 import { serverAuth } from "../../utils/auth.js";
 export default defineEventHandler(async (event) => {
-  const auth = await serverAuth(event);
+  const auth = serverAuth(event);
   return auth.handler(toWebRequest(event));
 });

package/dist/runtime/server/middleware/route-access.js

@@ -1,6 +1,7 @@
 import { createError, defineEventHandler, getRequestURL } from "h3";
 import { getRouteRules } from "nitropack/runtime";
 import { matchesUser } from "../../utils/match-user.js";
+import { getUserSession, requireUserSession } from "../utils/session.js";
 export default defineEventHandler(async (event) => {
   const path = getRequestURL(event).pathname;
   if (!path.startsWith("/api/"))

package/dist/runtime/server/tsconfig.json

@@ -1,3 +1,11 @@
 {
-  "extends": "../../../.nuxt/tsconfig.server.json"
+  "extends": "../../../tsconfig.json",
+  "compilerOptions": {
+    "baseUrl": ".",
+    "paths": {
+      "#nuxt-better-auth": ["../types/augment"]
+    }
+  },
+  "include": ["./**/*.ts", "./**/*.d.ts"],
+  "exclude": ["node_modules"]
 }