npm - @onmax/nuxt-better-auth - Versions diffs - 0.0.2-alpha.30 → 0.0.2-alpha.32 - Mend

@onmax/nuxt-better-auth 0.0.2-alpha.30 → 0.0.2-alpha.32

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (51) hide show

package/dist/module.mjs CHANGED Viewed

@@ -1,8 +1,8 @@
-import { existsSync, writeFileSync, readFileSync } from 'node:fs';
+import { existsSync, statSync, writeFileSync, readFileSync } from 'node:fs';
 import { mkdir, writeFile } from 'node:fs/promises';
-import { updateTemplates, addServerImportsDir, addServerImports, addServerScanDir, addServerHandler, addImportsDir, addPlugin, addComponentsDir, hasNuxtModule, installModule, extendPages, addTemplate, addTypeTemplate, defineNuxtModule, createResolver } from '@nuxt/kit';
+import { getLayerDirectories, updateTemplates, addServerImportsDir, addServerImports, addServerScanDir, addServerHandler, addImportsDir, addPlugin, addComponentsDir, hasNuxtModule, installModule, extendPages, addTemplate, addTypeTemplate, defineNuxtModule, createResolver } from '@nuxt/kit';
 import { consola as consola$1 } from 'consola';
-import { join, dirname } from 'pathe';
+import { isAbsolute, join, relative, dirname } from 'pathe';
 import { defu } from 'defu';
 import { toRouteMatcher, createRouter } from 'radix3';
 import { generateDrizzleSchema as generateDrizzleSchema$1 } from '@better-auth/cli/api';
@@ -10,16 +10,120 @@ import { randomBytes } from 'node:crypto';
 import { isCI, isTest } from 'std-env';
 export { defineClientAuth, defineServerAuth } from '../dist/runtime/config.js';
-const version = "0.0.2-alpha.30";
+const version = "0.0.2-alpha.32";
-function resolveDatabaseProvider(input) {
-  const enabledProviders = Object.entries(input.providers).filter(([_id, provider]) => provider.isEnabled?.(input.context) ?? true);
-  if (!enabledProviders.length) {
-    throw new Error("[nuxt-better-auth] No database provider is enabled. Register one with the better-auth:database:providers hook.");
+const CONFIG_EXTENSIONS = [".ts", ".js"];
+const CONFIG_EXTENSION_RE = /\.(?:ts|js)$/;
+const DEFAULT_CONFIG_FILES = {
+  server: "server/auth.config",
+  client: "app/auth.config"
+};
+const OPTION_KEY_BY_KIND = {
+  server: "serverConfig",
+  client: "clientConfig"
+};
+function stripConfigExtension(path) {
+  return path.replace(CONFIG_EXTENSION_RE, "");
+}
+function defaultConfigExists(path) {
+  return CONFIG_EXTENSIONS.some((ext) => existsSync(`${path}${ext}`));
+}
+function getLayerDirectoriesWithConfigs(nuxt) {
+  const directories = getLayerDirectories(nuxt);
+  const layers = nuxt.options._layers;
+  return directories.map((directory, index) => ({ directory, layer: layers[index] }));
+}
+function getProjectDirectory(nuxt) {
+  return getLayerDirectories(nuxt)[0];
+}
+function getDefaultConfigPath(nuxt, kind) {
+  const project = getProjectDirectory(nuxt);
+  return kind === "server" ? join(project.server, "auth.config") : join(project.app, "auth.config");
+}
+function getLayerDefaultConfigPath(nuxt, kind, configExists) {
+  for (const { directory } of getLayerDirectoriesWithConfigs(nuxt)) {
+    const candidate = kind === "server" ? join(directory.server, "auth.config") : join(directory.app, "auth.config");
+    if (configExists(candidate)) {
+      return {
+        path: candidate,
+        declaringLayerRoot: directory.root
+      };
+    }
   }
-  enabledProviders.sort((a, b) => (b[1].priority ?? 0) - (a[1].priority ?? 0));
-  const [id, definition] = enabledProviders[0];
-  return { id, definition };
+}
+function resolveDeclaringLayerRoot(nuxt, kind, file) {
+  const optionKey = OPTION_KEY_BY_KIND[kind];
+  for (const { directory, layer } of getLayerDirectoriesWithConfigs(nuxt)) {
+    const declared = layer?.config?.auth?.[optionKey];
+    if (typeof declared === "string" && stripConfigExtension(declared) === file)
+      return directory.root;
+  }
+  return getProjectDirectory(nuxt).root;
+}
+function getRelativeConfigFile(nuxt, path) {
+  return relative(getProjectDirectory(nuxt).root, path);
+}
+function getEffectiveModuleConfigFile(nuxt, kind) {
+  const optionKey = OPTION_KEY_BY_KIND[kind];
+  const authOptions = nuxt.options.auth;
+  return authOptions?.[optionKey] ?? DEFAULT_CONFIG_FILES[kind];
+}
+function resolveAuthConfigDescriptor(nuxt, kind, file = getEffectiveModuleConfigFile(nuxt, kind), dependencies = {}) {
+  const configExists = dependencies.configExists ?? defaultConfigExists;
+  const configuredFile = stripConfigExtension(file);
+  if (isAbsolute(configuredFile)) {
+    const declaringLayerRoot2 = resolveDeclaringLayerRoot(nuxt, kind, configuredFile);
+    const exists2 = configExists(configuredFile);
+    return {
+      kind,
+      configuredFile,
+      file: configuredFile,
+      path: configuredFile,
+      declaringLayerRoot: declaringLayerRoot2,
+      isDefault: false,
+      isExplicit: true,
+      exists: exists2,
+      shouldCreateDefaultFile: false
+    };
+  }
+  if (configuredFile === DEFAULT_CONFIG_FILES[kind]) {
+    const project = getProjectDirectory(nuxt);
+    const discovered = getLayerDefaultConfigPath(nuxt, kind, configExists);
+    const path2 = discovered?.path ?? getDefaultConfigPath(nuxt, kind);
+    const declaringLayerRoot2 = discovered?.declaringLayerRoot ?? project.root;
+    const exists2 = configExists(path2);
+    return {
+      kind,
+      configuredFile,
+      file: getRelativeConfigFile(nuxt, path2),
+      path: path2,
+      declaringLayerRoot: declaringLayerRoot2,
+      isDefault: true,
+      isExplicit: false,
+      exists: exists2,
+      shouldCreateDefaultFile: !exists2
+    };
+  }
+  const declaringLayerRoot = resolveDeclaringLayerRoot(nuxt, kind, configuredFile);
+  const path = join(declaringLayerRoot, configuredFile);
+  const exists = configExists(path);
+  return {
+    kind,
+    configuredFile,
+    file: getRelativeConfigFile(nuxt, path),
+    path,
+    declaringLayerRoot,
+    isDefault: false,
+    isExplicit: true,
+    exists,
+    shouldCreateDefaultFile: false
+  };
+}
+function resolveAuthConfigDescriptors(nuxt, files = {}, dependencies = {}) {
+  return {
+    server: resolveAuthConfigDescriptor(nuxt, "server", files.server, dependencies),
+    client: resolveAuthConfigDescriptor(nuxt, "client", files.client, dependencies)
+  };
 }
 function setupDevTools(nuxt) {
@@ -64,6 +168,57 @@ function registerAuthMiddlewareHook(nuxt, resolve) {
     app.middleware.push({ name: "auth", path: resolve("./runtime/app/middleware/auth.global"), global: true });
   });
 }
+function registerPrepareTypesHook(input) {
+  const { nuxt, serverDir, hasHubDb } = input;
+  nuxt.hook("prepare:types", ({ nodeTsConfig, nodeReferences, sharedReferences }) => {
+    nodeTsConfig.compilerOptions ||= {};
+    nodeTsConfig.compilerOptions.paths ||= {};
+    const projectReferenceTypePaths = [
+      join(nuxt.options.buildDir, "types/nitro-imports.d.ts"),
+      join(nuxt.options.buildDir, "types/auth-database.d.ts"),
+      join(nuxt.options.buildDir, "types/auth-schema.d.ts"),
+      join(nuxt.options.buildDir, "types/auth-secondary-storage.d.ts")
+    ];
+    if (hasHubDb)
+      projectReferenceTypePaths.push(join(nuxt.options.buildDir, "hub/db.d.ts"));
+    const exactNodeAliases = {
+      "#server": serverDir,
+      "#auth/server": nuxt.options.alias["#auth/server"],
+      "#auth/client": nuxt.options.alias["#auth/client"],
+      "#auth/database": nuxt.options.alias["#auth/database"],
+      "#auth/schema": nuxt.options.alias["#auth/schema"],
+      "#auth/secondary-storage": nuxt.options.alias["#auth/secondary-storage"],
+      "#auth/route-rules": nuxt.options.alias["#auth/route-rules"],
+      "#nuxt-better-auth": nuxt.options.alias["#nuxt-better-auth"]
+    };
+    for (const [key, value] of Object.entries(exactNodeAliases)) {
+      if (typeof value === "string")
+        nodeTsConfig.compilerOptions.paths[key] = [value];
+    }
+    for (const [key, value] of Object.entries(nuxt.options.alias)) {
+      if (typeof value !== "string" || !isAbsolute(value))
+        continue;
+      nodeTsConfig.compilerOptions.paths[key] ||= [value];
+      if (!key.includes("*") && existsSync(value) && statSync(value).isDirectory())
+        nodeTsConfig.compilerOptions.paths[`${key}/*`] ||= [join(value, "*")];
+    }
+    nodeTsConfig.compilerOptions.paths["#server/*"] = [join(serverDir, "*")];
+    for (const path of projectReferenceTypePaths) {
+      if (!nodeReferences.some((reference) => "path" in reference && reference.path === path))
+        nodeReferences.push({ path });
+      if (!sharedReferences.some((reference) => "path" in reference && reference.path === path))
+        sharedReferences.push({ path });
+    }
+  });
+}
+function registerNuxtHubDatabaseExternalHook(nuxt) {
+  nuxt.hook("nitro:config", (nitroConfig) => {
+    nitroConfig.externals ||= {};
+    nitroConfig.externals.external ||= [];
+    if (!nitroConfig.externals.external.includes("@nuxthub/db"))
+      nitroConfig.externals.external.push("@nuxthub/db");
+  });
+}
 async function registerDevtools(input) {
   const { nuxt, clientOnly, hasHubDb, resolve } = input;
   const isProduction = process.env.NODE_ENV === "production" || !nuxt.options.dev;
@@ -108,79 +263,6 @@ function registerRouteRulesMetaHook(nuxt) {
   });
 }
-function getHubDialect(hub) {
-  if (!hub?.db)
-    return void 0;
-  if (typeof hub.db === "string")
-    return hub.db;
-  if (typeof hub.db === "object" && hub.db !== null)
-    return hub.db.dialect;
-  return void 0;
-}
-function getHubCasing(hub) {
-  if (!hub?.db || typeof hub.db !== "object" || hub.db === null)
-    return void 0;
-  return hub.db.casing;
-}
-function resolveSecondaryStorage(input) {
-  const { options, clientOnly, hasNuxtHub, hub } = input;
-  const opt = options.hubSecondaryStorage ?? false;
-  const useHubKV = opt === true;
-  const secondaryStorageEnabled = opt === true || opt === "custom";
-  if (secondaryStorageEnabled && clientOnly) {
-    throw new Error("[nuxt-better-auth] hubSecondaryStorage is not available in clientOnly mode. Either disable clientOnly or remove auth.hubSecondaryStorage.");
-  }
-  if (useHubKV && (!hasNuxtHub || !hub?.kv)) {
-    throw new Error("[nuxt-better-auth] hubSecondaryStorage: true requires @nuxthub/core with hub.kv: true. Either add hub.kv: true to your nuxt.config or remove auth.hubSecondaryStorage.");
-  }
-  return { useHubKV, secondaryStorageEnabled };
-}
-function setupRuntimeConfig(input) {
-  const { nuxt, options, clientOnly, databaseProvider, consola } = input;
-  const { useHubKV, secondaryStorageEnabled } = resolveSecondaryStorage(input);
-  nuxt.options.runtimeConfig.public = nuxt.options.runtimeConfig.public || {};
-  const configuredSiteUrl = nuxt.options.runtimeConfig.public.siteUrl;
-  if (!configuredSiteUrl && process.env.NUXT_PUBLIC_SITE_URL)
-    nuxt.options.runtimeConfig.public.siteUrl = process.env.NUXT_PUBLIC_SITE_URL;
-  nuxt.options.runtimeConfig.public.auth = defu(nuxt.options.runtimeConfig.public.auth, {
-    redirects: {
-      login: options.redirects?.login ?? "/login",
-      guest: options.redirects?.guest ?? "/",
-      authenticated: options.redirects?.authenticated,
-      logout: options.redirects?.logout
-    },
-    preserveRedirect: options.preserveRedirect ?? true,
-    redirectQueryKey: options.redirectQueryKey ?? "redirect",
-    useDatabase: databaseProvider !== "none",
-    databaseProvider,
-    clientOnly,
-    session: {
-      skipHydratedSsrGetSession: options.session?.skipHydratedSsrGetSession ?? false
-    }
-  });
-  if (clientOnly) {
-    const siteUrl = nuxt.options.runtimeConfig.public.siteUrl;
-    if (!siteUrl)
-      consola.warn("clientOnly mode: set runtimeConfig.public.siteUrl (or NUXT_PUBLIC_SITE_URL) to your frontend URL");
-    consola.info("clientOnly mode enabled - server utilities (serverAuth, getRequestSession, getUserSession, requireUserSession) are not available");
-    return { useHubKV, secondaryStorageEnabled };
-  }
-  const currentSecret = nuxt.options.runtimeConfig.betterAuthSecret;
-  nuxt.options.runtimeConfig.betterAuthSecret = currentSecret || process.env.BETTER_AUTH_SECRET || "";
-  const betterAuthSecret = nuxt.options.runtimeConfig.betterAuthSecret;
-  if (!nuxt.options.dev && !nuxt.options._prepare && !betterAuthSecret) {
-    throw new Error("[nuxt-better-auth] BETTER_AUTH_SECRET is required in production. Set BETTER_AUTH_SECRET or NUXT_BETTER_AUTH_SECRET environment variable.");
-  }
-  if (betterAuthSecret && betterAuthSecret.length < 32) {
-    throw new Error("[nuxt-better-auth] BETTER_AUTH_SECRET must be at least 32 characters for security");
-  }
-  nuxt.options.runtimeConfig.auth = defu(nuxt.options.runtimeConfig.auth, {
-    hubSecondaryStorage: options.hubSecondaryStorage ?? false
-  });
-  return { useHubKV, secondaryStorageEnabled };
-}
 function dialectToProvider(dialect) {
   return dialect === "postgresql" ? "pg" : dialect;
 }
@@ -213,18 +295,19 @@ async function generateDrizzleSchema(authOptions, dialect, schemaOptions) {
   }
   return result.code;
 }
-async function loadUserAuthConfig(configPath, throwOnError = false) {
+async function loadUserAuthConfig(configPath, throwOnError = false, alias) {
   const { createJiti } = await import('jiti');
   const { defineServerAuth: runtimeDefineServerAuth } = await import('../dist/runtime/config.js');
-  const jiti = createJiti(import.meta.url, { interopDefault: true, moduleCache: false });
-  if (!globalThis.__nuxtBetterAuthDefineServerAuth) {
+  const jiti = createJiti(import.meta.url, { interopDefault: true, moduleCache: false, alias });
+  const schemaGlobals = globalThis;
+  if (!schemaGlobals.__nuxtBetterAuthDefineServerAuth) {
     runtimeDefineServerAuth._count = 0;
-    globalThis.__nuxtBetterAuthDefineServerAuth = runtimeDefineServerAuth;
+    schemaGlobals.__nuxtBetterAuthDefineServerAuth = runtimeDefineServerAuth;
   }
-  if (!globalThis.defineServerAuth) {
-    globalThis.defineServerAuth = globalThis.__nuxtBetterAuthDefineServerAuth;
+  if (!schemaGlobals.defineServerAuth) {
+    schemaGlobals.defineServerAuth = schemaGlobals.__nuxtBetterAuthDefineServerAuth;
   }
-  globalThis.__nuxtBetterAuthDefineServerAuth._count++;
+  schemaGlobals.__nuxtBetterAuthDefineServerAuth._count++;
   try {
     const mod = await jiti.import(configPath);
     const configFn = mod.default;
@@ -243,19 +326,35 @@ async function loadUserAuthConfig(configPath, throwOnError = false) {
     consola$1.error("[@onmax/nuxt-better-auth] Failed to load auth config for schema generation. Schema may be incomplete:", error);
     return {};
   } finally {
-    const sharedDefineServerAuth = globalThis.__nuxtBetterAuthDefineServerAuth;
+    const sharedDefineServerAuth = schemaGlobals.__nuxtBetterAuthDefineServerAuth;
     if (sharedDefineServerAuth) {
       sharedDefineServerAuth._count--;
       if (!sharedDefineServerAuth._count) {
-        globalThis.__nuxtBetterAuthDefineServerAuth = void 0;
-        if (globalThis.defineServerAuth === sharedDefineServerAuth) {
-          globalThis.defineServerAuth = void 0;
+        schemaGlobals.__nuxtBetterAuthDefineServerAuth = void 0;
+        if (schemaGlobals.defineServerAuth === sharedDefineServerAuth) {
+          schemaGlobals.defineServerAuth = void 0;
         }
       }
     }
   }
 }
+function getHubDialect(hub) {
+  if (!hub?.db)
+    return void 0;
+  if (typeof hub.db === "string")
+    return hub.db;
+  if (typeof hub.db === "object" && hub.db !== null)
+    return hub.db.dialect;
+  return void 0;
+}
+function getHubCasing(hub) {
+  if (!hub?.db || typeof hub.db !== "object" || hub.db === null)
+    return void 0;
+  return hub.db.casing;
+}
+const NODE_MODULES_SEGMENT_RE = /[\\/]/;
 function resolveSchemaSecondaryStorageInjection(hubSecondaryStorage, userHasSecondaryStorage, isProduction) {
   if (hubSecondaryStorage === true)
     return { inject: false };
@@ -269,7 +368,7 @@ function resolveSchemaSecondaryStorageInjection(hubSecondaryStorage, userHasSeco
   return { inject: false, warn: message };
 }
 function isInsideNodeModules(path) {
-  return path.split(/[\\/]/).includes("node_modules");
+  return path.split(NODE_MODULES_SEGMENT_RE).includes("node_modules");
 }
 function resolveHubSchemaPath(buildDir, rootDir, dialect, exists = existsSync) {
   const rootTsPath = join(rootDir, ".nuxt", "better-auth", `schema.${dialect}.ts`);
@@ -286,7 +385,10 @@ function resolveHubSchemaPath(buildDir, rootDir, dialect, exists = existsSync) {
 async function loadAuthOptions(context) {
   const isProduction = !context.nuxt.options.dev;
   const configFile = `${context.serverConfigPath}.ts`;
-  const userConfig = await loadUserAuthConfig(configFile, isProduction);
+  const alias = Object.fromEntries(
+    Object.entries(context.nuxt.options.alias).filter(([, value]) => typeof value === "string").map(([key, value]) => [key, value])
+  );
+  const userConfig = await loadUserAuthConfig(configFile, isProduction, alias);
   const extendedConfig = {};
   await context.nuxt.callHook("better-auth:config:extend", extendedConfig);
   const plugins = [...userConfig.plugins || [], ...extendedConfig.plugins || []];
@@ -348,21 +450,26 @@ async function setupBetterAuthSchema(nuxt, serverConfigPath, options, consola, h
   }
 }
+const DEFAULT_SECRET_ENV = "NUXT_BETTER_AUTH_SECRET";
+const FALLBACK_SECRET_ENV = "BETTER_AUTH_SECRET";
 const generateSecret = () => randomBytes(32).toString("hex");
 function readEnvFile(rootDir) {
   const envPath = join(rootDir, ".env");
   return existsSync(envPath) ? readFileSync(envPath, "utf-8") : "";
 }
 function hasEnvSecret(rootDir) {
-  const match = readEnvFile(rootDir).match(/^BETTER_AUTH_SECRET=(.+)$/m);
-  return !!match && !!match[1] && match[1].trim().length > 0;
+  const envFile = readEnvFile(rootDir);
+  return [DEFAULT_SECRET_ENV, FALLBACK_SECRET_ENV].some((name) => {
+    const match = envFile.match(new RegExp(`^${name}=(.+)$`, "m"));
+    return !!match && !!match[1] && match[1].trim().length > 0;
+  });
 }
 function appendSecretToEnv(rootDir, secret) {
   const envPath = join(rootDir, ".env");
   let content = readEnvFile(rootDir);
   if (content.length > 0 && !content.endsWith("\n"))
     content += "\n";
-  content += `BETTER_AUTH_SECRET=${secret}
+  content += `${DEFAULT_SECRET_ENV}=${secret}
 `;
   writeFileSync(envPath, content, "utf-8");
 }
@@ -370,20 +477,20 @@ async function promptForSecret(rootDir, consola, options = {}) {
   const configuredSecret = options.configuredSecret?.trim();
   if (configuredSecret)
     return void 0;
-  if (process.env.BETTER_AUTH_SECRET || hasEnvSecret(rootDir))
+  if (process.env.NUXT_BETTER_AUTH_SECRET || process.env.BETTER_AUTH_SECRET || hasEnvSecret(rootDir))
     return void 0;
   const hasTty = Boolean(process.stdin.isTTY && process.stdout.isTTY);
   if (options.prepare || !hasTty) {
-    consola.warn("[nuxt-better-auth] Skipping BETTER_AUTH_SECRET prompt (non-interactive). Set BETTER_AUTH_SECRET or NUXT_BETTER_AUTH_SECRET.");
+    consola.warn("[nuxt-better-auth] Skipping NUXT_BETTER_AUTH_SECRET prompt (non-interactive). Set NUXT_BETTER_AUTH_SECRET or BETTER_AUTH_SECRET.");
     return void 0;
   }
   if (isCI || isTest) {
     const secret2 = generateSecret();
     appendSecretToEnv(rootDir, secret2);
-    consola.info("Generated BETTER_AUTH_SECRET and added to .env (CI/test mode)");
+    consola.info("Generated NUXT_BETTER_AUTH_SECRET and added to .env (CI/test mode)");
     return secret2;
   }
-  consola.box("BETTER_AUTH_SECRET is required for authentication.\nThis will be appended to your .env file.");
+  consola.box("NUXT_BETTER_AUTH_SECRET is required for authentication.\nThis will be appended to your .env file.\nBETTER_AUTH_SECRET is still supported as a fallback.");
   const choice = await consola.prompt("How do you want to set it?", {
     type: "select",
     options: [
@@ -394,7 +501,7 @@ async function promptForSecret(rootDir, consola, options = {}) {
     cancel: "null"
   });
   if (typeof choice === "symbol" || choice === "skip") {
-    consola.warn("Skipping BETTER_AUTH_SECRET. Auth will fail without it in production.");
+    consola.warn("Skipping NUXT_BETTER_AUTH_SECRET. Auth will fail without it in production.");
     return void 0;
   }
   let secret;
@@ -410,17 +517,85 @@ async function promptForSecret(rootDir, consola, options = {}) {
   }
   const preview = `${secret.slice(0, 8)}...${secret.slice(-4)}`;
   const confirm = await consola.prompt(`Add to .env:
-BETTER_AUTH_SECRET=${preview}
+${DEFAULT_SECRET_ENV}=${preview}
 Proceed?`, { type: "confirm", initial: true, cancel: "null" });
   if (typeof confirm === "symbol" || !confirm) {
     consola.info("Cancelled. Secret not written.");
     return void 0;
   }
   appendSecretToEnv(rootDir, secret);
-  consola.success("Added BETTER_AUTH_SECRET to .env");
+  consola.success("Added NUXT_BETTER_AUTH_SECRET to .env");
   return secret;
 }
+function resolveDatabaseProvider(input) {
+  const enabledProviders = Object.entries(input.providers).filter(([_id, provider]) => provider.isEnabled?.(input.context) ?? true);
+  if (!enabledProviders.length) {
+    throw new Error("[nuxt-better-auth] No database provider is enabled. Register one with the better-auth:database:providers hook.");
+  }
+  enabledProviders.sort((a, b) => (b[1].priority ?? 0) - (a[1].priority ?? 0));
+  const [id, definition] = enabledProviders[0];
+  return { id, definition };
+}
+function resolveSecondaryStorage(input) {
+  const { options, clientOnly, hasNuxtHub, hub } = input;
+  const opt = options.hubSecondaryStorage ?? false;
+  const useHubKV = opt === true;
+  const secondaryStorageEnabled = opt === true || opt === "custom";
+  if (secondaryStorageEnabled && clientOnly) {
+    throw new Error("[nuxt-better-auth] hubSecondaryStorage is not available in clientOnly mode. Either disable clientOnly or remove auth.hubSecondaryStorage.");
+  }
+  if (useHubKV && (!hasNuxtHub || !hub?.kv)) {
+    throw new Error("[nuxt-better-auth] hubSecondaryStorage: true requires @nuxthub/core with hub.kv: true. Either add hub.kv: true to your nuxt.config or remove auth.hubSecondaryStorage.");
+  }
+  return { useHubKV, secondaryStorageEnabled };
+}
+function setupRuntimeConfig(input) {
+  const { nuxt, options, clientOnly, databaseProvider, consola } = input;
+  const { useHubKV, secondaryStorageEnabled } = resolveSecondaryStorage(input);
+  nuxt.options.runtimeConfig.public = nuxt.options.runtimeConfig.public || {};
+  const configuredSiteUrl = nuxt.options.runtimeConfig.public.siteUrl;
+  if (!configuredSiteUrl && process.env.NUXT_PUBLIC_SITE_URL)
+    nuxt.options.runtimeConfig.public.siteUrl = process.env.NUXT_PUBLIC_SITE_URL;
+  nuxt.options.runtimeConfig.public.auth = defu(nuxt.options.runtimeConfig.public.auth, {
+    redirects: {
+      login: options.redirects?.login ?? "/login",
+      guest: options.redirects?.guest ?? "/",
+      authenticated: options.redirects?.authenticated,
+      logout: options.redirects?.logout
+    },
+    preserveRedirect: options.preserveRedirect ?? true,
+    redirectQueryKey: options.redirectQueryKey ?? "redirect",
+    useDatabase: databaseProvider !== "none",
+    databaseProvider,
+    clientOnly,
+    session: {
+      skipHydratedSsrGetSession: options.session?.skipHydratedSsrGetSession ?? false
+    }
+  });
+  if (clientOnly) {
+    const siteUrl = nuxt.options.runtimeConfig.public.siteUrl;
+    if (!siteUrl)
+      consola.warn("clientOnly mode: set runtimeConfig.public.siteUrl (or NUXT_PUBLIC_SITE_URL) to your frontend URL");
+    consola.info("clientOnly mode enabled - server utilities (serverAuth, getRequestSession, getUserSession, requireUserSession) are not available");
+    return { useHubKV, secondaryStorageEnabled };
+  }
+  const currentSecret = nuxt.options.runtimeConfig.betterAuthSecret;
+  nuxt.options.runtimeConfig.betterAuthSecret = currentSecret || process.env.NUXT_BETTER_AUTH_SECRET || process.env.BETTER_AUTH_SECRET || "";
+  const betterAuthSecret = nuxt.options.runtimeConfig.betterAuthSecret;
+  if (!nuxt.options.dev && !nuxt.options._prepare && !betterAuthSecret) {
+    throw new Error("[nuxt-better-auth] NUXT_BETTER_AUTH_SECRET is required in production. Set NUXT_BETTER_AUTH_SECRET or BETTER_AUTH_SECRET environment variable.");
+  }
+  if (betterAuthSecret && betterAuthSecret.length < 32) {
+    throw new Error("[nuxt-better-auth] NUXT_BETTER_AUTH_SECRET must be at least 32 characters for security");
+  }
+  nuxt.options.runtimeConfig.auth = defu(nuxt.options.runtimeConfig.auth, {
+    hubSecondaryStorage: options.hubSecondaryStorage ?? false
+  });
+  return { useHubKV, secondaryStorageEnabled };
+}
 function buildSecondaryStorageCode(useHubKV) {
   if (!useHubKV)
     return "export function createSecondaryStorage() { return undefined }";
@@ -435,6 +610,114 @@ export function createSecondaryStorage() {
 }
 function buildDatabaseCode(input) {
   if (input.provider === "nuxthub") {
+    if (input.hubDialect === "postgresql") {
+      return `import { db } from '@nuxthub/db'
+import * as schema from './schema.${input.hubDialect}.mjs'
+import { drizzleAdapter } from 'better-auth/adapters/drizzle'
+import { drizzle } from 'drizzle-orm/postgres-js'
+import postgres from 'postgres'
+const dialect = 'pg'
+const requestDatabaseKey = Symbol.for('nuxt-better-auth.requestDatabase')
+const fallbackRequestDatabaseContext = new WeakMap()
+function getRequestDatabaseContext(event) {
+  const eventWithContext = event
+  if (eventWithContext?.context && typeof eventWithContext.context === 'object')
+    return eventWithContext.context
+  let context = fallbackRequestDatabaseContext.get(event)
+  if (!context) {
+    context = {}
+    fallbackRequestDatabaseContext.set(event, context)
+  }
+  return context
+}
+function createHyperdriveAdapter(client) {
+  return drizzleAdapter(drizzle({ client, schema }), { provider: dialect, schema, usePlural: ${input.usePlural}, camelCase: ${input.camelCase} })
+}
+function getCloudflareContext(event) {
+  return event?.context?.cloudflare
+}
+function resolveHyperdrive(event) {
+  const cloudflareEnv = getCloudflareContext(event)?.env
+  return cloudflareEnv?.POSTGRES || process.env.POSTGRES || globalThis.__env__?.POSTGRES || globalThis.POSTGRES
+}
+function scheduleCleanup(event, cleanup) {
+  const cloudflareContext = getCloudflareContext(event)
+  if (typeof cloudflareContext?.context?.waitUntil === 'function') {
+    cloudflareContext.context.waitUntil(cleanup)
+    return
+  }
+  if (typeof event?.context?.waitUntil === 'function') {
+    event.context.waitUntil(cleanup)
+    return
+  }
+  const waitUntil = event?.waitUntil || event?.req?.waitUntil || event?.node?.req?.waitUntil
+  if (typeof waitUntil === 'function')
+    waitUntil.call(event?.req || event?.node?.req || event, cleanup)
+  else
+    void cleanup
+}
+function registerClientCleanup(event, client) {
+  const response = event?.node?.res
+  if (!response || typeof response.once !== 'function')
+    return
+  let closed = false
+  const cleanup = () => {
+    if (closed)
+      return
+    closed = true
+    const close = client.end({ timeout: 0 }).catch(() => {})
+    scheduleCleanup(event, close)
+  }
+  response.once('finish', cleanup)
+  response.once('close', cleanup)
+}
+export function createDatabase(event) {
+  const hyperdrive = resolveHyperdrive(event)
+  if (!hyperdrive?.connectionString)
+    return drizzleAdapter(db, { provider: dialect, schema, usePlural: ${input.usePlural}, camelCase: ${input.camelCase} })
+  if (event) {
+    const context = getRequestDatabaseContext(event)
+    const cached = context[requestDatabaseKey]
+    if (cached)
+      return cached
+    const client = postgres(hyperdrive.connectionString, {
+      prepare: false,
+      onnotice: () => {},
+      max: 1,
+    })
+    const database = createHyperdriveAdapter(client)
+    context[requestDatabaseKey] = database
+    registerClientCleanup(event, client)
+    return database
+  }
+  const client = postgres(hyperdrive.connectionString, {
+    prepare: false,
+    onnotice: () => {},
+    max: 1,
+  })
+  return createHyperdriveAdapter(client)
+}
+export { db }`;
+    }
     return `import { db } from '@nuxthub/db'
 import * as schema from './schema.${input.hubDialect}.mjs'
 import { drizzleAdapter } from 'better-auth/adapters/drizzle'
@@ -446,9 +729,153 @@ export { db }`;
   return `export function createDatabase() { return undefined }
 export const db = undefined`;
 }
+function buildSchemaExportCode(hasHubDb, hubDialect) {
+  if (!hasHubDb)
+    return "export const schema = undefined\n";
+  return `export * from './schema.${hubDialect}.mjs'
+import * as schema from './schema.${hubDialect}.mjs'
+export { schema }
+`;
+}
+function buildAuthRouteRulesCode(authRouteRules) {
+  return `export const authRouteRules = ${JSON.stringify(authRouteRules, null, 2)}
+`;
+}
+function assertConfigPresence(configs, clientOnly) {
+  if (!clientOnly && !configs.server.exists)
+    throw new Error(`[nuxt-better-auth] Missing ${configs.server.file}.ts - export default defineServerAuth(...)`);
+  if (!configs.client.exists)
+    throw new Error(`[nuxt-better-auth] Missing ${configs.client.file}.ts - export default defineClientAuth(...)`);
+}
+function createDefaultDatabaseProviders(buildContext) {
+  return {
+    nuxthub: {
+      priority: 100,
+      isEnabled: ({ hasHubDbAvailable: enabled }) => enabled,
+      buildDatabaseCode: () => buildDatabaseCode({
+        provider: "nuxthub",
+        ...buildContext
+      })
+    },
+    none: {
+      priority: 0,
+      buildDatabaseCode: () => buildDatabaseCode({
+        provider: "none",
+        ...buildContext
+      })
+    }
+  };
+}
+function collectAuthRouteRules(nuxt) {
+  const runtimeRouteRulesSource = nuxt.options.nitro?.routeRules || nuxt.options.routeRules || {};
+  return Object.fromEntries(
+    Object.entries(runtimeRouteRulesSource).flatMap(([path, rule]) => {
+      if (!rule || typeof rule !== "object" || !("auth" in rule))
+        return [];
+      return [[path, { auth: rule.auth }]];
+    })
+  );
+}
+async function resolveAuthModuleSetup(input, dependencies = {}) {
+  const { nuxt, options, runtimeTypesAugmentPath, consola } = input;
+  const hasNuxtModuleFn = dependencies.hasNuxtModule ?? hasNuxtModule;
+  const clientOnly = options.clientOnly ?? false;
+  const configs = resolveAuthConfigDescriptors(nuxt, {
+    server: options.serverConfig,
+    client: options.clientConfig
+  }, {
+    configExists: dependencies.configExists
+  });
+  assertConfigPresence(configs, clientOnly);
+  const aliases = {
+    "#nuxt-better-auth": runtimeTypesAugmentPath,
+    "#auth/server": clientOnly ? void 0 : configs.server.path,
+    "#auth/client": configs.client.path
+  };
+  nuxt.options.alias["#nuxt-better-auth"] = aliases["#nuxt-better-auth"];
+  if (aliases["#auth/server"])
+    nuxt.options.alias["#auth/server"] = aliases["#auth/server"];
+  nuxt.options.alias["#auth/client"] = aliases["#auth/client"];
+  const hasNuxtHub = hasNuxtModuleFn("@nuxthub/core", nuxt);
+  const hub = hasNuxtHub ? nuxt.options.hub : void 0;
+  const hasHubDbAvailable = !clientOnly && hasNuxtHub && !!hub?.db;
+  const hubDialect = getHubDialect(hub) ?? "sqlite";
+  const usePlural = options.schema?.usePlural ?? false;
+  const camelCase = (options.schema?.casing ?? getHubCasing(hub)) !== "snake_case";
+  let providerId = "none";
+  let providerDefinition;
+  if (!clientOnly) {
+    const buildContext = { hubDialect, usePlural, camelCase };
+    const providers = createDefaultDatabaseProviders(buildContext);
+    const enabledContext = {
+      nuxt,
+      options,
+      clientOnly,
+      hasHubDbAvailable
+    };
+    await nuxt.callHook("better-auth:database:providers", providers);
+    const resolvedProvider = resolveDatabaseProvider({
+      providers,
+      context: enabledContext
+    });
+    providerId = resolvedProvider.id;
+    providerDefinition = resolvedProvider.definition;
+  }
+  const runtime = setupRuntimeConfig({
+    nuxt,
+    options,
+    clientOnly,
+    databaseProvider: providerId,
+    hasNuxtHub,
+    hub,
+    consola
+  });
+  if (runtime.useHubKV && !nuxt.options.alias["hub:kv"]) {
+    throw new Error("[nuxt-better-auth] hub:kv not found. Ensure @nuxthub/core is loaded before this module and hub.kv is enabled.");
+  }
+  const hasHubDb = providerId === "nuxthub";
+  if (hasHubDb && !nuxt.options.alias["hub:db"]) {
+    throw new Error("[nuxt-better-auth] hub:db not found. Ensure @nuxthub/core is loaded before this module and hub.db is configured.");
+  }
+  return {
+    clientOnly,
+    configs,
+    aliases,
+    hub: {
+      hasNuxtHub,
+      options: hub,
+      hasHubDbAvailable
+    },
+    database: {
+      providerId,
+      hasHubDb,
+      providerDefinition,
+      buildContext: clientOnly ? void 0 : { hubDialect, usePlural, camelCase }
+    },
+    runtime,
+    prepareTypes: clientOnly ? void 0 : {
+      serverDir: dirname(configs.server.path),
+      hasHubDb
+    },
+    serverTypes: clientOnly ? void 0 : {
+      serverConfigPath: configs.server.path,
+      hasHubDb
+    },
+    sharedTypes: {
+      clientConfigPath: configs.client.path
+    },
+    schemaGeneration: hasHubDb ? {
+      serverConfigPath: configs.server.path,
+      hubSecondaryStorage: options.hubSecondaryStorage ?? false,
+      externalizeNuxtHubDatabase: true
+    } : void 0
+  };
+}
 function registerServerTypeTemplates(input) {
-  const { serverConfigPath, hasHubDb, runtimeTypesPath } = input;
+  const { serverConfigPath, hasHubDb, runtimeTypesPath, sharedServerConfigSafe } = input;
+  const serverConfigTypeTemplateOptions = sharedServerConfigSafe ? { nuxt: true, nitro: true, node: true, shared: true } : { nuxt: true, nitro: true, node: true };
   addTypeTemplate({
     filename: "types/auth-secondary-storage.d.ts",
     getContents: () => `
@@ -461,17 +888,17 @@ declare module '#auth/secondary-storage' {
   export function createSecondaryStorage(): SecondaryStorage | undefined
 }
 `
-  }, { nitro: true, node: true });
+  }, { nitro: true });
   addTypeTemplate({
     filename: "types/auth-database.d.ts",
     getContents: () => `
 declare module '#auth/database' {
   import type { BetterAuthOptions } from 'better-auth'
-  export function createDatabase(): BetterAuthOptions['database']
+  export function createDatabase(event?: import('h3').H3Event): BetterAuthOptions['database']
   export const db: ${hasHubDb ? `typeof import('@nuxthub/db')['db']` : "undefined"}
 }
 `
-  }, { nitro: true, node: true });
+  }, { nitro: true });
   addTypeTemplate({
     filename: "types/auth-schema.d.ts",
     getContents: () => `
@@ -489,13 +916,39 @@ declare module '#auth/schema' {
   } | undefined
 }
 `
-  }, { nitro: true, node: true });
+  }, { nitro: true });
+  addTypeTemplate({
+    filename: "types/nuxt-better-auth-server-context.d.ts",
+    getContents: () => `
+/// <reference path="./nitro-imports.d.ts" />
+/// <reference path="./auth-database.d.ts" />
+/// <reference path="./auth-schema.d.ts" />
+/// <reference path="./auth-secondary-storage.d.ts" />
+${hasHubDb ? '/// <reference path="../hub/db.d.ts" />' : ""}
+export {}
+`
+  }, { node: true });
+  addTypeTemplate({
+    filename: "types/nuxt-better-auth-config-context.d.ts",
+    getContents: () => `
+import type { RuntimeConfig } from 'nuxt/schema'
+declare module '@onmax/nuxt-better-auth/config' {
+  interface ServerAuthContextExtension {
+    runtimeConfig: RuntimeConfig
+    db: ${hasHubDb ? `typeof import('@nuxthub/db')['db']` : "undefined"}
+    requestOrigin?: string
+  }
+}
+`
+  }, { nuxt: true, nitro: true, node: true, shared: true });
   addTypeTemplate({
     filename: "types/nuxt-better-auth-infer.d.ts",
     getContents: () => `
 import type { BetterAuthOptions, BetterAuthPlugin, InferPluginTypes, UnionToIntersection } from 'better-auth'
 import type { InferFieldsOutput } from 'better-auth/db'
-import type { RuntimeConfig } from 'nuxt/schema'
 import type createServerAuth from '${serverConfigPath}'
 type _RawConfig = ReturnType<typeof createServerAuth>
@@ -525,28 +978,10 @@ type _SessionFallback = _InferModelFieldsFromPlugins<_RawPlugins, 'session'> & _
 declare module '#nuxt-better-auth' {
   interface AuthUser extends _UserFallback {}
   interface AuthSession extends _SessionFallback {}
-  interface ServerAuthContext {
-    runtimeConfig: RuntimeConfig
-    db: ${hasHubDb ? `typeof import('@nuxthub/db')['db']` : "undefined"}
-  }
   type PluginTypes = InferPluginTypes<_Config>
 }
-interface _AugmentedServerAuthContext {
-  runtimeConfig: RuntimeConfig
-  db: ${hasHubDb ? `typeof import('@nuxthub/db')['db']` : "undefined"}
-}
-declare module '@onmax/nuxt-better-auth/config' {
-  import type { BetterAuthOptions, BetterAuthPlugin } from 'better-auth'
-  type ServerAuthConfig = Omit<BetterAuthOptions, 'secret' | 'baseURL'> & {
-    plugins?: readonly BetterAuthPlugin[]
-  }
-  export function defineServerAuth<const R>(config: (ctx: _AugmentedServerAuthContext) => R & ServerAuthConfig): (ctx: _AugmentedServerAuthContext) => R
-  export function defineServerAuth<const R>(config: R & ServerAuthConfig): (ctx: _AugmentedServerAuthContext) => R
-}
 `
-  }, { nuxt: true, nitro: true, node: true });
+  }, serverConfigTypeTemplateOptions);
   addTypeTemplate({
     filename: "types/nuxt-better-auth-social-providers.d.ts",
     getContents: () => `
@@ -562,7 +997,7 @@ declare module '#nuxt-better-auth' {
   }
 }
 `
-  }, { nuxt: true, nitro: true, node: true });
+  }, serverConfigTypeTemplateOptions);
   addTypeTemplate({
     filename: "types/nuxt-better-auth-nitro.d.ts",
     getContents: () => `
@@ -669,6 +1104,7 @@ declare module 'nuxt/dist/app/composables/fetch' {
     PickKeys extends import('nuxt/dist/app/composables/asyncData').KeysOf<DataT> = import('nuxt/dist/app/composables/asyncData').KeysOf<DataT>,
     DefaultT = DataT,
   >(request: import('vue').Ref<Path> | Path | (() => Path), opts?: import('nuxt/dist/app/composables/fetch').UseFetchOptions<_ResT, DataT, PickKeys, DefaultT, Path, Method>): import('nuxt/dist/app/composables/asyncData').AsyncData<import('nuxt/dist/app/composables/asyncData').PickFrom<DataT, PickKeys> | DefaultT, ErrorT | undefined>
+  export function useFetch(request: string | import('vue').Ref<string> | (() => string), opts?: any): any
   export function useLazyFetch<
     ErrorT = FetchError,
@@ -688,6 +1124,7 @@ declare module 'nuxt/dist/app/composables/fetch' {
     PickKeys extends import('nuxt/dist/app/composables/asyncData').KeysOf<DataT> = import('nuxt/dist/app/composables/asyncData').KeysOf<DataT>,
     DefaultT = DataT,
   >(request: import('vue').Ref<Path> | Path | (() => Path), opts?: Omit<import('nuxt/dist/app/composables/fetch').UseFetchOptions<_ResT, DataT, PickKeys, DefaultT, Path, Method>, 'lazy'>): import('nuxt/dist/app/composables/asyncData').AsyncData<import('nuxt/dist/app/composables/asyncData').PickFrom<DataT, PickKeys> | DefaultT, ErrorT | undefined>
+  export function useLazyFetch(request: string | import('vue').Ref<string> | (() => string), opts?: any): any
 }
 declare module 'nuxt/app' {
@@ -709,6 +1146,7 @@ declare module 'nuxt/app' {
     PickKeys extends import('nuxt/dist/app/composables/asyncData').KeysOf<DataT> = import('nuxt/dist/app/composables/asyncData').KeysOf<DataT>,
     DefaultT = DataT,
   >(request: import('vue').Ref<Path> | Path | (() => Path), opts?: import('nuxt/dist/app/composables/fetch').UseFetchOptions<_ResT, DataT, PickKeys, DefaultT, Path, Method>): import('nuxt/dist/app/composables/asyncData').AsyncData<import('nuxt/dist/app/composables/asyncData').PickFrom<DataT, PickKeys> | DefaultT, ErrorT | undefined>
+  export function useFetch(request: string | import('vue').Ref<string> | (() => string), opts?: any): any
   export function useLazyFetch<
     ErrorT = FetchError,
@@ -728,6 +1166,7 @@ declare module 'nuxt/app' {
     PickKeys extends import('nuxt/dist/app/composables/asyncData').KeysOf<DataT> = import('nuxt/dist/app/composables/asyncData').KeysOf<DataT>,
     DefaultT = DataT,
   >(request: import('vue').Ref<Path> | Path | (() => Path), opts?: Omit<import('nuxt/dist/app/composables/fetch').UseFetchOptions<_ResT, DataT, PickKeys, DefaultT, Path, Method>, 'lazy'>): import('nuxt/dist/app/composables/asyncData').AsyncData<import('nuxt/dist/app/composables/asyncData').PickFrom<DataT, PickKeys> | DefaultT, ErrorT | undefined>
+  export function useLazyFetch(request: string | import('vue').Ref<string> | (() => string), opts?: any): any
 }
 declare module 'nitropack' {
@@ -748,9 +1187,18 @@ declare module 'nitropack/types' {
   }
   interface InternalApi extends _GeneratedAuthInternalApi {}
 }
+declare module 'nitro/types' {
+  interface NitroRouteRules {
+    auth?: import('${runtimeTypesPath}').AuthMeta
+  }
+  interface NitroRouteConfig {
+    auth?: import('${runtimeTypesPath}').AuthMeta
+  }
+  interface InternalApi extends _GeneratedAuthInternalApi {}
+}
 export {}
 `
-  }, { nuxt: true, nitro: true, node: true });
+  }, { nitro: true, node: true });
 }
 function registerSharedTypeTemplates(input) {
   addTypeTemplate({
@@ -778,15 +1226,30 @@ declare module '#nuxt-better-auth' {
 }
 const consola = consola$1.withTag("nuxt-better-auth");
-function resolveDefaultClientConfig(options, rootDir, srcDir) {
-  if (options.clientConfig !== "app/auth.config")
-    return;
-  const srcDirRelative = srcDir.replace(`${rootDir}/`, "");
-  options.clientConfig = srcDirRelative === srcDir ? "auth.config" : `${srcDirRelative}/auth.config`;
+const serverAliasImportRE = /from\s+['"]#server/;
+const layersAliasImportRE = /from\s+['"]#layers\//;
+const rootAliasImportRE = /from\s+['"]~~/;
+const workspaceAliasImportRE = /from\s+['"]@@/;
+const dbIdentifierRE = /\bdb\b/;
+const sessionHookAfterIdentifierRE = /\bsessionHookAfter\b/;
+const nuxtHubDbImportRE = /@nuxthub\/db/;
+function isServerConfigSharedTypeSafe(serverConfigPath) {
+  const resolvedPath = [
+    serverConfigPath,
+    `${serverConfigPath}.ts`,
+    `${serverConfigPath}.mts`,
+    `${serverConfigPath}.cts`,
+    `${serverConfigPath}.js`,
+    `${serverConfigPath}.mjs`,
+    `${serverConfigPath}.cjs`
+  ].find((path) => existsSync(path));
+  if (!resolvedPath)
+    return false;
+  const contents = readFileSync(resolvedPath, "utf8");
+  return !(serverAliasImportRE.test(contents) || layersAliasImportRE.test(contents) || rootAliasImportRE.test(contents) || workspaceAliasImportRE.test(contents) || dbIdentifierRE.test(contents) || sessionHookAfterIdentifierRE.test(contents) || nuxtHubDbImportRE.test(contents));
 }
-async function createDefaultAuthConfigFiles(rootDir, srcDir) {
-  const serverPath = join(rootDir, "server/auth.config.ts");
-  const clientPath = join(srcDir, "auth.config.ts");
+async function createDefaultAuthConfigFiles(nuxt) {
+  const configs = resolveAuthConfigDescriptors(nuxt);
   const serverTemplate = `import { defineServerAuth } from '@onmax/nuxt-better-auth/config'
 export default defineServerAuth({
@@ -797,16 +1260,17 @@ export default defineServerAuth({
 export default defineClientAuth({})
 `;
-  if (!existsSync(serverPath)) {
+  if (configs.server.shouldCreateDefaultFile) {
+    const serverPath = `${configs.server.path}.ts`;
     await mkdir(dirname(serverPath), { recursive: true });
     await writeFile(serverPath, serverTemplate);
-    consola.success("Created server/auth.config.ts");
+    consola.success(`Created ${relative(configs.server.declaringLayerRoot, serverPath)}`);
   }
-  if (!existsSync(clientPath)) {
+  if (configs.client.shouldCreateDefaultFile) {
+    const clientPath = `${configs.client.path}.ts`;
     await mkdir(dirname(clientPath), { recursive: true });
     await writeFile(clientPath, clientTemplate);
-    const relativePath = clientPath.replace(`${rootDir}/`, "");
-    consola.success(`Created ${relativePath}`);
+    consola.success(`Created ${relative(configs.client.declaringLayerRoot, clientPath)}`);
   }
 }
 const module$1 = defineNuxtModule({
@@ -824,153 +1288,90 @@ const module$1 = defineNuxtModule({
     const configuredSecret = nuxt.options.runtimeConfig?.betterAuthSecret;
     const generatedSecret = await promptForSecret(nuxt.options.rootDir, consola, { configuredSecret, prepare: Boolean(nuxt.options._prepare) });
     if (generatedSecret)
-      process.env.BETTER_AUTH_SECRET = generatedSecret;
-    await createDefaultAuthConfigFiles(nuxt.options.rootDir, nuxt.options.srcDir);
+      process.env.NUXT_BETTER_AUTH_SECRET = generatedSecret;
+    await createDefaultAuthConfigFiles(nuxt);
   },
   async setup(options, nuxt) {
     const resolver = createResolver(import.meta.url);
-    resolveDefaultClientConfig(options, nuxt.options.rootDir, nuxt.options.srcDir);
-    const clientOnly = options.clientOnly;
-    const serverConfigFile = options.serverConfig;
-    const clientConfigFile = options.clientConfig;
-    const serverConfigPath = resolver.resolve(nuxt.options.rootDir, serverConfigFile);
-    const clientConfigPath = resolver.resolve(nuxt.options.rootDir, clientConfigFile);
-    const serverConfigExists = existsSync(`${serverConfigPath}.ts`) || existsSync(`${serverConfigPath}.js`);
-    const clientConfigExists = existsSync(`${clientConfigPath}.ts`) || existsSync(`${clientConfigPath}.js`);
-    if (!clientOnly && !serverConfigExists)
-      throw new Error(`[nuxt-better-auth] Missing ${serverConfigFile}.ts - export default defineServerAuth(...)`);
-    if (!clientConfigExists)
-      throw new Error(`[nuxt-better-auth] Missing ${clientConfigFile}.ts - export default defineClientAuth(...)`);
-    const hasNuxtHub = hasNuxtModule("@nuxthub/core", nuxt);
-    const hub = hasNuxtHub ? nuxt.options.hub : void 0;
-    const hasHubDbAvailable = !clientOnly && hasNuxtHub && !!hub?.db;
-    const deprecatedProvider = options.database?.provider;
-    if (deprecatedProvider) {
-      throw new Error(
-        `[nuxt-better-auth] auth.database.provider has been removed. Remove auth.database.provider="${deprecatedProvider}". To configure a database, either set "database" directly in server/auth.config.ts (defineServerAuth) or install a provider module that registers better-auth:database:providers.`
-      );
-    }
-    let databaseProvider = "none";
-    let hasHubDb = false;
-    nuxt.options.alias["#nuxt-better-auth"] = resolver.resolve("./runtime/types/augment");
-    if (!clientOnly)
-      nuxt.options.alias["#auth/server"] = serverConfigPath;
-    nuxt.options.alias["#auth/client"] = clientConfigPath;
-    if (clientOnly) {
-      setupRuntimeConfig({
-        nuxt,
-        options,
-        clientOnly,
-        databaseProvider,
-        hasNuxtHub,
-        hub,
-        consola
-      });
-    } else {
-      const hubDialect = getHubDialect(hub) ?? "sqlite";
-      const usePlural = options.schema?.usePlural ?? false;
-      const camelCase = (options.schema?.casing ?? getHubCasing(hub)) !== "snake_case";
-      const providers = {
-        nuxthub: {
-          priority: 100,
-          isEnabled: ({ hasHubDbAvailable: hasHubDbAvailable2 }) => hasHubDbAvailable2,
-          buildDatabaseCode: () => buildDatabaseCode({
-            provider: "nuxthub",
-            hubDialect,
-            usePlural,
-            camelCase
-          })
-        },
-        none: {
-          priority: 0,
-          buildDatabaseCode: () => buildDatabaseCode({
-            provider: "none",
-            hubDialect,
-            usePlural,
-            camelCase
-          })
-        }
-      };
-      const enabledCtx = { nuxt, options, clientOnly, hasHubDbAvailable };
-      await nuxt.callHook("better-auth:database:providers", providers);
-      const resolvedProvider = resolveDatabaseProvider({ providers, context: enabledCtx });
-      databaseProvider = resolvedProvider.id;
-      hasHubDb = databaseProvider === "nuxthub";
-      const { useHubKV } = setupRuntimeConfig({
-        nuxt,
-        options,
-        clientOnly,
-        databaseProvider,
-        hasNuxtHub,
-        hub,
-        consola
-      });
-      if (useHubKV && !nuxt.options.alias["hub:kv"]) {
-        throw new Error("[nuxt-better-auth] hub:kv not found. Ensure @nuxthub/core is loaded before this module and hub.kv is enabled.");
-      }
+    const setup = await resolveAuthModuleSetup({
+      nuxt,
+      options,
+      runtimeTypesAugmentPath: resolver.resolve("./runtime/types/augment"),
+      consola
+    });
+    nuxt.options.alias["#nuxt-better-auth"] = setup.aliases["#nuxt-better-auth"];
+    if (setup.aliases["#auth/server"])
+      nuxt.options.alias["#auth/server"] = setup.aliases["#auth/server"];
+    nuxt.options.alias["#auth/client"] = setup.aliases["#auth/client"];
+    if (!setup.clientOnly) {
       const secondaryStorageTemplate = addTemplate({
         filename: "better-auth/secondary-storage.mjs",
-        getContents: () => buildSecondaryStorageCode(useHubKV),
+        getContents: () => buildSecondaryStorageCode(setup.runtime.useHubKV),
         write: true
       });
       nuxt.options.alias["#auth/secondary-storage"] = secondaryStorageTemplate.dst;
-      if (hasHubDb && !nuxt.options.alias["hub:db"]) {
-        throw new Error("[nuxt-better-auth] hub:db not found. Ensure @nuxthub/core is loaded before this module and hub.db is configured.");
-      }
-      const setupCtx = { nuxt, options, clientOnly };
-      await resolvedProvider.definition.setup?.(setupCtx);
-      const buildCtx = { hubDialect, usePlural, camelCase };
       const databaseTemplate = addTemplate({
         filename: "better-auth/database.mjs",
-        getContents: () => resolvedProvider.definition.buildDatabaseCode(buildCtx),
+        getContents: () => setup.database.providerDefinition.buildDatabaseCode(setup.database.buildContext),
         write: true
       });
       nuxt.options.alias["#auth/database"] = databaseTemplate.dst;
       const schemaTemplate = addTemplate({
         filename: "better-auth/schema.mjs",
-        getContents: () => {
-          if (!hasHubDb)
-            return "export const schema = undefined\n";
-          return `export * from './schema.${hubDialect}.mjs'
-import * as schema from './schema.${hubDialect}.mjs'
-export { schema }
-`;
-        },
+        getContents: () => buildSchemaExportCode(setup.database.hasHubDb, setup.database.buildContext?.hubDialect ?? "sqlite"),
         write: true
       });
       nuxt.options.alias["#auth/schema"] = schemaTemplate.dst;
-      registerServerTypeTemplates({
-        serverConfigPath,
-        hasHubDb,
-        runtimeTypesPath: resolver.resolve("./runtime/types")
+    }
+    if (setup.prepareTypes) {
+      registerPrepareTypesHook({
+        nuxt,
+        serverDir: setup.prepareTypes.serverDir,
+        hasHubDb: setup.prepareTypes.hasHubDb
       });
-      if (hasHubDb)
-        await setupBetterAuthSchema(nuxt, serverConfigPath, options, consola, options.hubSecondaryStorage ?? false);
     }
-    registerSharedTypeTemplates({
-      runtimeTypesAugmentPath: resolver.resolve("./runtime/types/augment"),
-      runtimeTypesPath: resolver.resolve("./runtime/types"),
-      clientConfigPath
-    });
-    const runtimeRouteRulesSource = nuxt.options.nitro?.routeRules || nuxt.options.routeRules || {};
-    const authRouteRules = Object.fromEntries(
-      Object.entries(runtimeRouteRulesSource).flatMap(([path, rule]) => {
-        if (!rule || typeof rule !== "object" || !("auth" in rule))
-          return [];
-        return [[path, { auth: rule.auth }]];
-      })
-    );
+    if (setup.database.providerDefinition) {
+      const setupCtx = {
+        nuxt,
+        options,
+        clientOnly: setup.clientOnly
+      };
+      await setup.database.providerDefinition.setup?.(setupCtx);
+    }
     const authRouteRulesTemplate = addTemplate({
       filename: "better-auth/route-rules.mjs",
-      getContents: () => `export const authRouteRules = ${JSON.stringify(authRouteRules, null, 2)}
-`,
+      getContents: () => buildAuthRouteRulesCode(collectAuthRouteRules(nuxt)),
       write: true
     });
     nuxt.options.alias["#auth/route-rules"] = authRouteRulesTemplate.dst;
+    if (setup.serverTypes) {
+      registerServerTypeTemplates({
+        serverConfigPath: setup.serverTypes.serverConfigPath,
+        hasHubDb: setup.serverTypes.hasHubDb,
+        runtimeTypesPath: resolver.resolve("./runtime/types"),
+        sharedServerConfigSafe: isServerConfigSharedTypeSafe(setup.serverTypes.serverConfigPath)
+      });
+    }
+    if (setup.schemaGeneration) {
+      if (setup.schemaGeneration.externalizeNuxtHubDatabase)
+        registerNuxtHubDatabaseExternalHook(nuxt);
+      await setupBetterAuthSchema(
+        nuxt,
+        setup.schemaGeneration.serverConfigPath,
+        options,
+        consola,
+        setup.schemaGeneration.hubSecondaryStorage
+      );
+    }
+    registerSharedTypeTemplates({
+      runtimeTypesAugmentPath: setup.aliases["#nuxt-better-auth"],
+      runtimeTypesPath: resolver.resolve("./runtime/types"),
+      clientConfigPath: setup.sharedTypes.clientConfigPath
+    });
     registerTemplateHmrHook(nuxt);
-    registerServerRuntime({ clientOnly, resolve: resolver.resolve });
+    registerServerRuntime({ clientOnly: setup.clientOnly, resolve: resolver.resolve });
     registerAuthMiddlewareHook(nuxt, resolver.resolve);
-    await registerDevtools({ nuxt, clientOnly, hasHubDb, resolve: resolver.resolve });
+    await registerDevtools({ nuxt, clientOnly: setup.clientOnly, hasHubDb: setup.database.hasHubDb, resolve: resolver.resolve });
     registerRouteRulesMetaHook(nuxt);
   }
 });