@onmax/nuxt-better-auth 0.0.2-alpha.31 → 0.0.2-alpha.32

package/dist/module.mjs

@@ -1,4 +1,4 @@
-import { existsSync, writeFileSync, readFileSync } from 'node:fs';
+import { existsSync, statSync, writeFileSync, readFileSync } from 'node:fs';
 import { mkdir, writeFile } from 'node:fs/promises';
 import { getLayerDirectories, updateTemplates, addServerImportsDir, addServerImports, addServerScanDir, addServerHandler, addImportsDir, addPlugin, addComponentsDir, hasNuxtModule, installModule, extendPages, addTemplate, addTypeTemplate, defineNuxtModule, createResolver } from '@nuxt/kit';
 import { consola as consola$1 } from 'consola';
@@ -10,17 +10,7 @@ import { randomBytes } from 'node:crypto';
 import { isCI, isTest } from 'std-env';
 export { defineClientAuth, defineServerAuth } from '../dist/runtime/config.js';
 
-const version = "0.0.2-alpha.31";
-
-function resolveDatabaseProvider(input) {
-  const enabledProviders = Object.entries(input.providers).filter(([_id, provider]) => provider.isEnabled?.(input.context) ?? true);
-  if (!enabledProviders.length) {
-    throw new Error("[nuxt-better-auth] No database provider is enabled. Register one with the better-auth:database:providers hook.");
-  }
-  enabledProviders.sort((a, b) => (b[1].priority ?? 0) - (a[1].priority ?? 0));
-  const [id, definition] = enabledProviders[0];
-  return { id, definition };
-}
+const version = "0.0.2-alpha.32";
 
 const CONFIG_EXTENSIONS = [".ts", ".js"];
 const CONFIG_EXTENSION_RE = /\.(?:ts|js)$/;
@@ -35,7 +25,7 @@ const OPTION_KEY_BY_KIND = {
 function stripConfigExtension(path) {
   return path.replace(CONFIG_EXTENSION_RE, "");
 }
-function configExists(path) {
+function defaultConfigExists(path) {
   return CONFIG_EXTENSIONS.some((ext) => existsSync(`${path}${ext}`));
 }
 function getLayerDirectoriesWithConfigs(nuxt) {
@@ -50,11 +40,15 @@ function getDefaultConfigPath(nuxt, kind) {
   const project = getProjectDirectory(nuxt);
   return kind === "server" ? join(project.server, "auth.config") : join(project.app, "auth.config");
 }
-function getLayerDefaultConfigPath(nuxt, kind) {
+function getLayerDefaultConfigPath(nuxt, kind, configExists) {
   for (const { directory } of getLayerDirectoriesWithConfigs(nuxt)) {
     const candidate = kind === "server" ? join(directory.server, "auth.config") : join(directory.app, "auth.config");
-    if (configExists(candidate))
-      return candidate;
+    if (configExists(candidate)) {
+      return {
+        path: candidate,
+        declaringLayerRoot: directory.root
+      };
+    }
   }
 }
 function resolveDeclaringLayerRoot(nuxt, kind, file) {
@@ -74,36 +68,61 @@ function getEffectiveModuleConfigFile(nuxt, kind) {
   const authOptions = nuxt.options.auth;
   return authOptions?.[optionKey] ?? DEFAULT_CONFIG_FILES[kind];
 }
-function shouldCreateDefaultModuleConfig(nuxt, kind, file = getEffectiveModuleConfigFile(nuxt, kind)) {
-  const normalizedFile = stripConfigExtension(file);
-  if (normalizedFile !== DEFAULT_CONFIG_FILES[kind])
-    return false;
-  const resolved = resolveModuleConfigPath(nuxt, kind, normalizedFile);
-  return !configExists(resolved.path);
-}
-function resolveModuleConfigPath(nuxt, kind, file) {
-  const normalizedFile = stripConfigExtension(file);
-  if (isAbsolute(normalizedFile)) {
+function resolveAuthConfigDescriptor(nuxt, kind, file = getEffectiveModuleConfigFile(nuxt, kind), dependencies = {}) {
+  const configExists = dependencies.configExists ?? defaultConfigExists;
+  const configuredFile = stripConfigExtension(file);
+  if (isAbsolute(configuredFile)) {
+    const declaringLayerRoot2 = resolveDeclaringLayerRoot(nuxt, kind, configuredFile);
+    const exists2 = configExists(configuredFile);
     return {
-      file: normalizedFile,
-      path: normalizedFile,
-      isDefault: false
+      kind,
+      configuredFile,
+      file: configuredFile,
+      path: configuredFile,
+      declaringLayerRoot: declaringLayerRoot2,
+      isDefault: false,
+      isExplicit: true,
+      exists: exists2,
+      shouldCreateDefaultFile: false
     };
   }
-  if (normalizedFile === DEFAULT_CONFIG_FILES[kind]) {
-    const discoveredPath = getLayerDefaultConfigPath(nuxt, kind) ?? getDefaultConfigPath(nuxt, kind);
+  if (configuredFile === DEFAULT_CONFIG_FILES[kind]) {
+    const project = getProjectDirectory(nuxt);
+    const discovered = getLayerDefaultConfigPath(nuxt, kind, configExists);
+    const path2 = discovered?.path ?? getDefaultConfigPath(nuxt, kind);
+    const declaringLayerRoot2 = discovered?.declaringLayerRoot ?? project.root;
+    const exists2 = configExists(path2);
     return {
-      file: getRelativeConfigFile(nuxt, discoveredPath),
-      path: discoveredPath,
-      isDefault: true
+      kind,
+      configuredFile,
+      file: getRelativeConfigFile(nuxt, path2),
+      path: path2,
+      declaringLayerRoot: declaringLayerRoot2,
+      isDefault: true,
+      isExplicit: false,
+      exists: exists2,
+      shouldCreateDefaultFile: !exists2
     };
   }
-  const baseRoot = resolveDeclaringLayerRoot(nuxt, kind, normalizedFile);
-  const path = join(baseRoot, normalizedFile);
+  const declaringLayerRoot = resolveDeclaringLayerRoot(nuxt, kind, configuredFile);
+  const path = join(declaringLayerRoot, configuredFile);
+  const exists = configExists(path);
   return {
+    kind,
+    configuredFile,
     file: getRelativeConfigFile(nuxt, path),
     path,
-    isDefault: false
+    declaringLayerRoot,
+    isDefault: false,
+    isExplicit: true,
+    exists,
+    shouldCreateDefaultFile: false
+  };
+}
+function resolveAuthConfigDescriptors(nuxt, files = {}, dependencies = {}) {
+  return {
+    server: resolveAuthConfigDescriptor(nuxt, "server", files.server, dependencies),
+    client: resolveAuthConfigDescriptor(nuxt, "client", files.client, dependencies)
   };
 }
 
@@ -149,6 +168,57 @@ function registerAuthMiddlewareHook(nuxt, resolve) {
     app.middleware.push({ name: "auth", path: resolve("./runtime/app/middleware/auth.global"), global: true });
   });
 }
+function registerPrepareTypesHook(input) {
+  const { nuxt, serverDir, hasHubDb } = input;
+  nuxt.hook("prepare:types", ({ nodeTsConfig, nodeReferences, sharedReferences }) => {
+    nodeTsConfig.compilerOptions ||= {};
+    nodeTsConfig.compilerOptions.paths ||= {};
+    const projectReferenceTypePaths = [
+      join(nuxt.options.buildDir, "types/nitro-imports.d.ts"),
+      join(nuxt.options.buildDir, "types/auth-database.d.ts"),
+      join(nuxt.options.buildDir, "types/auth-schema.d.ts"),
+      join(nuxt.options.buildDir, "types/auth-secondary-storage.d.ts")
+    ];
+    if (hasHubDb)
+      projectReferenceTypePaths.push(join(nuxt.options.buildDir, "hub/db.d.ts"));
+    const exactNodeAliases = {
+      "#server": serverDir,
+      "#auth/server": nuxt.options.alias["#auth/server"],
+      "#auth/client": nuxt.options.alias["#auth/client"],
+      "#auth/database": nuxt.options.alias["#auth/database"],
+      "#auth/schema": nuxt.options.alias["#auth/schema"],
+      "#auth/secondary-storage": nuxt.options.alias["#auth/secondary-storage"],
+      "#auth/route-rules": nuxt.options.alias["#auth/route-rules"],
+      "#nuxt-better-auth": nuxt.options.alias["#nuxt-better-auth"]
+    };
+    for (const [key, value] of Object.entries(exactNodeAliases)) {
+      if (typeof value === "string")
+        nodeTsConfig.compilerOptions.paths[key] = [value];
+    }
+    for (const [key, value] of Object.entries(nuxt.options.alias)) {
+      if (typeof value !== "string" || !isAbsolute(value))
+        continue;
+      nodeTsConfig.compilerOptions.paths[key] ||= [value];
+      if (!key.includes("*") && existsSync(value) && statSync(value).isDirectory())
+        nodeTsConfig.compilerOptions.paths[`${key}/*`] ||= [join(value, "*")];
+    }
+    nodeTsConfig.compilerOptions.paths["#server/*"] = [join(serverDir, "*")];
+    for (const path of projectReferenceTypePaths) {
+      if (!nodeReferences.some((reference) => "path" in reference && reference.path === path))
+        nodeReferences.push({ path });
+      if (!sharedReferences.some((reference) => "path" in reference && reference.path === path))
+        sharedReferences.push({ path });
+    }
+  });
+}
+function registerNuxtHubDatabaseExternalHook(nuxt) {
+  nuxt.hook("nitro:config", (nitroConfig) => {
+    nitroConfig.externals ||= {};
+    nitroConfig.externals.external ||= [];
+    if (!nitroConfig.externals.external.includes("@nuxthub/db"))
+      nitroConfig.externals.external.push("@nuxthub/db");
+  });
+}
 async function registerDevtools(input) {
   const { nuxt, clientOnly, hasHubDb, resolve } = input;
   const isProduction = process.env.NODE_ENV === "production" || !nuxt.options.dev;
@@ -193,79 +263,6 @@ function registerRouteRulesMetaHook(nuxt) {
   });
 }
 
-function getHubDialect(hub) {
-  if (!hub?.db)
-    return void 0;
-  if (typeof hub.db === "string")
-    return hub.db;
-  if (typeof hub.db === "object" && hub.db !== null)
-    return hub.db.dialect;
-  return void 0;
-}
-function getHubCasing(hub) {
-  if (!hub?.db || typeof hub.db !== "object" || hub.db === null)
-    return void 0;
-  return hub.db.casing;
-}
-
-function resolveSecondaryStorage(input) {
-  const { options, clientOnly, hasNuxtHub, hub } = input;
-  const opt = options.hubSecondaryStorage ?? false;
-  const useHubKV = opt === true;
-  const secondaryStorageEnabled = opt === true || opt === "custom";
-  if (secondaryStorageEnabled && clientOnly) {
-    throw new Error("[nuxt-better-auth] hubSecondaryStorage is not available in clientOnly mode. Either disable clientOnly or remove auth.hubSecondaryStorage.");
-  }
-  if (useHubKV && (!hasNuxtHub || !hub?.kv)) {
-    throw new Error("[nuxt-better-auth] hubSecondaryStorage: true requires @nuxthub/core with hub.kv: true. Either add hub.kv: true to your nuxt.config or remove auth.hubSecondaryStorage.");
-  }
-  return { useHubKV, secondaryStorageEnabled };
-}
-function setupRuntimeConfig(input) {
-  const { nuxt, options, clientOnly, databaseProvider, consola } = input;
-  const { useHubKV, secondaryStorageEnabled } = resolveSecondaryStorage(input);
-  nuxt.options.runtimeConfig.public = nuxt.options.runtimeConfig.public || {};
-  const configuredSiteUrl = nuxt.options.runtimeConfig.public.siteUrl;
-  if (!configuredSiteUrl && process.env.NUXT_PUBLIC_SITE_URL)
-    nuxt.options.runtimeConfig.public.siteUrl = process.env.NUXT_PUBLIC_SITE_URL;
-  nuxt.options.runtimeConfig.public.auth = defu(nuxt.options.runtimeConfig.public.auth, {
-    redirects: {
-      login: options.redirects?.login ?? "/login",
-      guest: options.redirects?.guest ?? "/",
-      authenticated: options.redirects?.authenticated,
-      logout: options.redirects?.logout
-    },
-    preserveRedirect: options.preserveRedirect ?? true,
-    redirectQueryKey: options.redirectQueryKey ?? "redirect",
-    useDatabase: databaseProvider !== "none",
-    databaseProvider,
-    clientOnly,
-    session: {
-      skipHydratedSsrGetSession: options.session?.skipHydratedSsrGetSession ?? false
-    }
-  });
-  if (clientOnly) {
-    const siteUrl = nuxt.options.runtimeConfig.public.siteUrl;
-    if (!siteUrl)
-      consola.warn("clientOnly mode: set runtimeConfig.public.siteUrl (or NUXT_PUBLIC_SITE_URL) to your frontend URL");
-    consola.info("clientOnly mode enabled - server utilities (serverAuth, getRequestSession, getUserSession, requireUserSession) are not available");
-    return { useHubKV, secondaryStorageEnabled };
-  }
-  const currentSecret = nuxt.options.runtimeConfig.betterAuthSecret;
-  nuxt.options.runtimeConfig.betterAuthSecret = currentSecret || process.env.NUXT_BETTER_AUTH_SECRET || process.env.BETTER_AUTH_SECRET || "";
-  const betterAuthSecret = nuxt.options.runtimeConfig.betterAuthSecret;
-  if (!nuxt.options.dev && !nuxt.options._prepare && !betterAuthSecret) {
-    throw new Error("[nuxt-better-auth] NUXT_BETTER_AUTH_SECRET is required in production. Set NUXT_BETTER_AUTH_SECRET or BETTER_AUTH_SECRET environment variable.");
-  }
-  if (betterAuthSecret && betterAuthSecret.length < 32) {
-    throw new Error("[nuxt-better-auth] NUXT_BETTER_AUTH_SECRET must be at least 32 characters for security");
-  }
-  nuxt.options.runtimeConfig.auth = defu(nuxt.options.runtimeConfig.auth, {
-    hubSecondaryStorage: options.hubSecondaryStorage ?? false
-  });
-  return { useHubKV, secondaryStorageEnabled };
-}
-
 function dialectToProvider(dialect) {
   return dialect === "postgresql" ? "pg" : dialect;
 }
@@ -298,10 +295,10 @@ async function generateDrizzleSchema(authOptions, dialect, schemaOptions) {
   }
   return result.code;
 }
-async function loadUserAuthConfig(configPath, throwOnError = false) {
+async function loadUserAuthConfig(configPath, throwOnError = false, alias) {
   const { createJiti } = await import('jiti');
   const { defineServerAuth: runtimeDefineServerAuth } = await import('../dist/runtime/config.js');
-  const jiti = createJiti(import.meta.url, { interopDefault: true, moduleCache: false });
+  const jiti = createJiti(import.meta.url, { interopDefault: true, moduleCache: false, alias });
   const schemaGlobals = globalThis;
   if (!schemaGlobals.__nuxtBetterAuthDefineServerAuth) {
     runtimeDefineServerAuth._count = 0;
@@ -342,6 +339,21 @@ async function loadUserAuthConfig(configPath, throwOnError = false) {
   }
 }
 
+function getHubDialect(hub) {
+  if (!hub?.db)
+    return void 0;
+  if (typeof hub.db === "string")
+    return hub.db;
+  if (typeof hub.db === "object" && hub.db !== null)
+    return hub.db.dialect;
+  return void 0;
+}
+function getHubCasing(hub) {
+  if (!hub?.db || typeof hub.db !== "object" || hub.db === null)
+    return void 0;
+  return hub.db.casing;
+}
+
 const NODE_MODULES_SEGMENT_RE = /[\\/]/;
 function resolveSchemaSecondaryStorageInjection(hubSecondaryStorage, userHasSecondaryStorage, isProduction) {
   if (hubSecondaryStorage === true)
@@ -373,7 +385,10 @@ function resolveHubSchemaPath(buildDir, rootDir, dialect, exists = existsSync) {
 async function loadAuthOptions(context) {
   const isProduction = !context.nuxt.options.dev;
   const configFile = `${context.serverConfigPath}.ts`;
-  const userConfig = await loadUserAuthConfig(configFile, isProduction);
+  const alias = Object.fromEntries(
+    Object.entries(context.nuxt.options.alias).filter(([, value]) => typeof value === "string").map(([key, value]) => [key, value])
+  );
+  const userConfig = await loadUserAuthConfig(configFile, isProduction, alias);
   const extendedConfig = {};
   await context.nuxt.callHook("better-auth:config:extend", extendedConfig);
   const plugins = [...userConfig.plugins || [], ...extendedConfig.plugins || []];
@@ -513,6 +528,74 @@ Proceed?`, { type: "confirm", initial: true, cancel: "null" });
   return secret;
 }
 
+function resolveDatabaseProvider(input) {
+  const enabledProviders = Object.entries(input.providers).filter(([_id, provider]) => provider.isEnabled?.(input.context) ?? true);
+  if (!enabledProviders.length) {
+    throw new Error("[nuxt-better-auth] No database provider is enabled. Register one with the better-auth:database:providers hook.");
+  }
+  enabledProviders.sort((a, b) => (b[1].priority ?? 0) - (a[1].priority ?? 0));
+  const [id, definition] = enabledProviders[0];
+  return { id, definition };
+}
+
+function resolveSecondaryStorage(input) {
+  const { options, clientOnly, hasNuxtHub, hub } = input;
+  const opt = options.hubSecondaryStorage ?? false;
+  const useHubKV = opt === true;
+  const secondaryStorageEnabled = opt === true || opt === "custom";
+  if (secondaryStorageEnabled && clientOnly) {
+    throw new Error("[nuxt-better-auth] hubSecondaryStorage is not available in clientOnly mode. Either disable clientOnly or remove auth.hubSecondaryStorage.");
+  }
+  if (useHubKV && (!hasNuxtHub || !hub?.kv)) {
+    throw new Error("[nuxt-better-auth] hubSecondaryStorage: true requires @nuxthub/core with hub.kv: true. Either add hub.kv: true to your nuxt.config or remove auth.hubSecondaryStorage.");
+  }
+  return { useHubKV, secondaryStorageEnabled };
+}
+function setupRuntimeConfig(input) {
+  const { nuxt, options, clientOnly, databaseProvider, consola } = input;
+  const { useHubKV, secondaryStorageEnabled } = resolveSecondaryStorage(input);
+  nuxt.options.runtimeConfig.public = nuxt.options.runtimeConfig.public || {};
+  const configuredSiteUrl = nuxt.options.runtimeConfig.public.siteUrl;
+  if (!configuredSiteUrl && process.env.NUXT_PUBLIC_SITE_URL)
+    nuxt.options.runtimeConfig.public.siteUrl = process.env.NUXT_PUBLIC_SITE_URL;
+  nuxt.options.runtimeConfig.public.auth = defu(nuxt.options.runtimeConfig.public.auth, {
+    redirects: {
+      login: options.redirects?.login ?? "/login",
+      guest: options.redirects?.guest ?? "/",
+      authenticated: options.redirects?.authenticated,
+      logout: options.redirects?.logout
+    },
+    preserveRedirect: options.preserveRedirect ?? true,
+    redirectQueryKey: options.redirectQueryKey ?? "redirect",
+    useDatabase: databaseProvider !== "none",
+    databaseProvider,
+    clientOnly,
+    session: {
+      skipHydratedSsrGetSession: options.session?.skipHydratedSsrGetSession ?? false
+    }
+  });
+  if (clientOnly) {
+    const siteUrl = nuxt.options.runtimeConfig.public.siteUrl;
+    if (!siteUrl)
+      consola.warn("clientOnly mode: set runtimeConfig.public.siteUrl (or NUXT_PUBLIC_SITE_URL) to your frontend URL");
+    consola.info("clientOnly mode enabled - server utilities (serverAuth, getRequestSession, getUserSession, requireUserSession) are not available");
+    return { useHubKV, secondaryStorageEnabled };
+  }
+  const currentSecret = nuxt.options.runtimeConfig.betterAuthSecret;
+  nuxt.options.runtimeConfig.betterAuthSecret = currentSecret || process.env.NUXT_BETTER_AUTH_SECRET || process.env.BETTER_AUTH_SECRET || "";
+  const betterAuthSecret = nuxt.options.runtimeConfig.betterAuthSecret;
+  if (!nuxt.options.dev && !nuxt.options._prepare && !betterAuthSecret) {
+    throw new Error("[nuxt-better-auth] NUXT_BETTER_AUTH_SECRET is required in production. Set NUXT_BETTER_AUTH_SECRET or BETTER_AUTH_SECRET environment variable.");
+  }
+  if (betterAuthSecret && betterAuthSecret.length < 32) {
+    throw new Error("[nuxt-better-auth] NUXT_BETTER_AUTH_SECRET must be at least 32 characters for security");
+  }
+  nuxt.options.runtimeConfig.auth = defu(nuxt.options.runtimeConfig.auth, {
+    hubSecondaryStorage: options.hubSecondaryStorage ?? false
+  });
+  return { useHubKV, secondaryStorageEnabled };
+}
+
 function buildSecondaryStorageCode(useHubKV) {
   if (!useHubKV)
     return "export function createSecondaryStorage() { return undefined }";
@@ -527,6 +610,114 @@ export function createSecondaryStorage() {
 }
 function buildDatabaseCode(input) {
   if (input.provider === "nuxthub") {
+    if (input.hubDialect === "postgresql") {
+      return `import { db } from '@nuxthub/db'
+import * as schema from './schema.${input.hubDialect}.mjs'
+import { drizzleAdapter } from 'better-auth/adapters/drizzle'
+import { drizzle } from 'drizzle-orm/postgres-js'
+import postgres from 'postgres'
+
+const dialect = 'pg'
+const requestDatabaseKey = Symbol.for('nuxt-better-auth.requestDatabase')
+const fallbackRequestDatabaseContext = new WeakMap()
+
+function getRequestDatabaseContext(event) {
+  const eventWithContext = event
+  if (eventWithContext?.context && typeof eventWithContext.context === 'object')
+    return eventWithContext.context
+
+  let context = fallbackRequestDatabaseContext.get(event)
+  if (!context) {
+    context = {}
+    fallbackRequestDatabaseContext.set(event, context)
+  }
+  return context
+}
+
+function createHyperdriveAdapter(client) {
+  return drizzleAdapter(drizzle({ client, schema }), { provider: dialect, schema, usePlural: ${input.usePlural}, camelCase: ${input.camelCase} })
+}
+
+function getCloudflareContext(event) {
+  return event?.context?.cloudflare
+}
+
+function resolveHyperdrive(event) {
+  const cloudflareEnv = getCloudflareContext(event)?.env
+  return cloudflareEnv?.POSTGRES || process.env.POSTGRES || globalThis.__env__?.POSTGRES || globalThis.POSTGRES
+}
+
+function scheduleCleanup(event, cleanup) {
+  const cloudflareContext = getCloudflareContext(event)
+  if (typeof cloudflareContext?.context?.waitUntil === 'function') {
+    cloudflareContext.context.waitUntil(cleanup)
+    return
+  }
+
+  if (typeof event?.context?.waitUntil === 'function') {
+    event.context.waitUntil(cleanup)
+    return
+  }
+
+  const waitUntil = event?.waitUntil || event?.req?.waitUntil || event?.node?.req?.waitUntil
+  if (typeof waitUntil === 'function')
+    waitUntil.call(event?.req || event?.node?.req || event, cleanup)
+  else
+    void cleanup
+}
+
+function registerClientCleanup(event, client) {
+  const response = event?.node?.res
+  if (!response || typeof response.once !== 'function')
+    return
+
+  let closed = false
+
+  const cleanup = () => {
+    if (closed)
+      return
+
+    closed = true
+    const close = client.end({ timeout: 0 }).catch(() => {})
+    scheduleCleanup(event, close)
+  }
+
+  response.once('finish', cleanup)
+  response.once('close', cleanup)
+}
+
+export function createDatabase(event) {
+  const hyperdrive = resolveHyperdrive(event)
+  if (!hyperdrive?.connectionString)
+    return drizzleAdapter(db, { provider: dialect, schema, usePlural: ${input.usePlural}, camelCase: ${input.camelCase} })
+
+  if (event) {
+    const context = getRequestDatabaseContext(event)
+    const cached = context[requestDatabaseKey]
+    if (cached)
+      return cached
+
+    const client = postgres(hyperdrive.connectionString, {
+      prepare: false,
+      onnotice: () => {},
+      max: 1,
+    })
+    const database = createHyperdriveAdapter(client)
+
+    context[requestDatabaseKey] = database
+    registerClientCleanup(event, client)
+    return database
+  }
+  const client = postgres(hyperdrive.connectionString, {
+    prepare: false,
+    onnotice: () => {},
+    max: 1,
+  })
+
+  return createHyperdriveAdapter(client)
+}
+export { db }`;
+    }
     return `import { db } from '@nuxthub/db'
 import * as schema from './schema.${input.hubDialect}.mjs'
 import { drizzleAdapter } from 'better-auth/adapters/drizzle'
@@ -538,9 +729,153 @@ export { db }`;
   return `export function createDatabase() { return undefined }
 export const db = undefined`;
 }
+function buildSchemaExportCode(hasHubDb, hubDialect) {
+  if (!hasHubDb)
+    return "export const schema = undefined\n";
+  return `export * from './schema.${hubDialect}.mjs'
+import * as schema from './schema.${hubDialect}.mjs'
+export { schema }
+`;
+}
+function buildAuthRouteRulesCode(authRouteRules) {
+  return `export const authRouteRules = ${JSON.stringify(authRouteRules, null, 2)}
+`;
+}
+
+function assertConfigPresence(configs, clientOnly) {
+  if (!clientOnly && !configs.server.exists)
+    throw new Error(`[nuxt-better-auth] Missing ${configs.server.file}.ts - export default defineServerAuth(...)`);
+  if (!configs.client.exists)
+    throw new Error(`[nuxt-better-auth] Missing ${configs.client.file}.ts - export default defineClientAuth(...)`);
+}
+function createDefaultDatabaseProviders(buildContext) {
+  return {
+    nuxthub: {
+      priority: 100,
+      isEnabled: ({ hasHubDbAvailable: enabled }) => enabled,
+      buildDatabaseCode: () => buildDatabaseCode({
+        provider: "nuxthub",
+        ...buildContext
+      })
+    },
+    none: {
+      priority: 0,
+      buildDatabaseCode: () => buildDatabaseCode({
+        provider: "none",
+        ...buildContext
+      })
+    }
+  };
+}
+function collectAuthRouteRules(nuxt) {
+  const runtimeRouteRulesSource = nuxt.options.nitro?.routeRules || nuxt.options.routeRules || {};
+  return Object.fromEntries(
+    Object.entries(runtimeRouteRulesSource).flatMap(([path, rule]) => {
+      if (!rule || typeof rule !== "object" || !("auth" in rule))
+        return [];
+      return [[path, { auth: rule.auth }]];
+    })
+  );
+}
+async function resolveAuthModuleSetup(input, dependencies = {}) {
+  const { nuxt, options, runtimeTypesAugmentPath, consola } = input;
+  const hasNuxtModuleFn = dependencies.hasNuxtModule ?? hasNuxtModule;
+  const clientOnly = options.clientOnly ?? false;
+  const configs = resolveAuthConfigDescriptors(nuxt, {
+    server: options.serverConfig,
+    client: options.clientConfig
+  }, {
+    configExists: dependencies.configExists
+  });
+  assertConfigPresence(configs, clientOnly);
+  const aliases = {
+    "#nuxt-better-auth": runtimeTypesAugmentPath,
+    "#auth/server": clientOnly ? void 0 : configs.server.path,
+    "#auth/client": configs.client.path
+  };
+  nuxt.options.alias["#nuxt-better-auth"] = aliases["#nuxt-better-auth"];
+  if (aliases["#auth/server"])
+    nuxt.options.alias["#auth/server"] = aliases["#auth/server"];
+  nuxt.options.alias["#auth/client"] = aliases["#auth/client"];
+  const hasNuxtHub = hasNuxtModuleFn("@nuxthub/core", nuxt);
+  const hub = hasNuxtHub ? nuxt.options.hub : void 0;
+  const hasHubDbAvailable = !clientOnly && hasNuxtHub && !!hub?.db;
+  const hubDialect = getHubDialect(hub) ?? "sqlite";
+  const usePlural = options.schema?.usePlural ?? false;
+  const camelCase = (options.schema?.casing ?? getHubCasing(hub)) !== "snake_case";
+  let providerId = "none";
+  let providerDefinition;
+  if (!clientOnly) {
+    const buildContext = { hubDialect, usePlural, camelCase };
+    const providers = createDefaultDatabaseProviders(buildContext);
+    const enabledContext = {
+      nuxt,
+      options,
+      clientOnly,
+      hasHubDbAvailable
+    };
+    await nuxt.callHook("better-auth:database:providers", providers);
+    const resolvedProvider = resolveDatabaseProvider({
+      providers,
+      context: enabledContext
+    });
+    providerId = resolvedProvider.id;
+    providerDefinition = resolvedProvider.definition;
+  }
+  const runtime = setupRuntimeConfig({
+    nuxt,
+    options,
+    clientOnly,
+    databaseProvider: providerId,
+    hasNuxtHub,
+    hub,
+    consola
+  });
+  if (runtime.useHubKV && !nuxt.options.alias["hub:kv"]) {
+    throw new Error("[nuxt-better-auth] hub:kv not found. Ensure @nuxthub/core is loaded before this module and hub.kv is enabled.");
+  }
+  const hasHubDb = providerId === "nuxthub";
+  if (hasHubDb && !nuxt.options.alias["hub:db"]) {
+    throw new Error("[nuxt-better-auth] hub:db not found. Ensure @nuxthub/core is loaded before this module and hub.db is configured.");
+  }
+  return {
+    clientOnly,
+    configs,
+    aliases,
+    hub: {
+      hasNuxtHub,
+      options: hub,
+      hasHubDbAvailable
+    },
+    database: {
+      providerId,
+      hasHubDb,
+      providerDefinition,
+      buildContext: clientOnly ? void 0 : { hubDialect, usePlural, camelCase }
+    },
+    runtime,
+    prepareTypes: clientOnly ? void 0 : {
+      serverDir: dirname(configs.server.path),
+      hasHubDb
+    },
+    serverTypes: clientOnly ? void 0 : {
+      serverConfigPath: configs.server.path,
+      hasHubDb
+    },
+    sharedTypes: {
+      clientConfigPath: configs.client.path
+    },
+    schemaGeneration: hasHubDb ? {
+      serverConfigPath: configs.server.path,
+      hubSecondaryStorage: options.hubSecondaryStorage ?? false,
+      externalizeNuxtHubDatabase: true
+    } : void 0
+  };
+}
 
 function registerServerTypeTemplates(input) {
-  const { serverConfigPath, hasHubDb, runtimeTypesPath } = input;
+  const { serverConfigPath, hasHubDb, runtimeTypesPath, sharedServerConfigSafe } = input;
+  const serverConfigTypeTemplateOptions = sharedServerConfigSafe ? { nuxt: true, nitro: true, node: true, shared: true } : { nuxt: true, nitro: true, node: true };
   addTypeTemplate({
     filename: "types/auth-secondary-storage.d.ts",
     getContents: () => `
@@ -553,17 +888,17 @@ declare module '#auth/secondary-storage' {
   export function createSecondaryStorage(): SecondaryStorage | undefined
 }
 `
-  }, { nitro: true, node: true });
+  }, { nitro: true });
   addTypeTemplate({
     filename: "types/auth-database.d.ts",
     getContents: () => `
 declare module '#auth/database' {
   import type { BetterAuthOptions } from 'better-auth'
-  export function createDatabase(): BetterAuthOptions['database']
+  export function createDatabase(event?: import('h3').H3Event): BetterAuthOptions['database']
   export const db: ${hasHubDb ? `typeof import('@nuxthub/db')['db']` : "undefined"}
 }
 `
-  }, { nitro: true, node: true });
+  }, { nitro: true });
   addTypeTemplate({
     filename: "types/auth-schema.d.ts",
     getContents: () => `
@@ -581,13 +916,39 @@ declare module '#auth/schema' {
   } | undefined
 }
 `
-  }, { nitro: true, node: true });
+  }, { nitro: true });
+  addTypeTemplate({
+    filename: "types/nuxt-better-auth-server-context.d.ts",
+    getContents: () => `
+/// <reference path="./nitro-imports.d.ts" />
+/// <reference path="./auth-database.d.ts" />
+/// <reference path="./auth-schema.d.ts" />
+/// <reference path="./auth-secondary-storage.d.ts" />
+${hasHubDb ? '/// <reference path="../hub/db.d.ts" />' : ""}
+
+export {}
+`
+  }, { node: true });
+  addTypeTemplate({
+    filename: "types/nuxt-better-auth-config-context.d.ts",
+    getContents: () => `
+import type { RuntimeConfig } from 'nuxt/schema'
+
+declare module '@onmax/nuxt-better-auth/config' {
+  interface ServerAuthContextExtension {
+    runtimeConfig: RuntimeConfig
+    db: ${hasHubDb ? `typeof import('@nuxthub/db')['db']` : "undefined"}
+    requestOrigin?: string
+  }
+}
+
+`
+  }, { nuxt: true, nitro: true, node: true, shared: true });
   addTypeTemplate({
     filename: "types/nuxt-better-auth-infer.d.ts",
     getContents: () => `
 import type { BetterAuthOptions, BetterAuthPlugin, InferPluginTypes, UnionToIntersection } from 'better-auth'
 import type { InferFieldsOutput } from 'better-auth/db'
-import type { RuntimeConfig } from 'nuxt/schema'
 import type createServerAuth from '${serverConfigPath}'
 
 type _RawConfig = ReturnType<typeof createServerAuth>
@@ -617,28 +978,10 @@ type _SessionFallback = _InferModelFieldsFromPlugins<_RawPlugins, 'session'> & _
 declare module '#nuxt-better-auth' {
   interface AuthUser extends _UserFallback {}
   interface AuthSession extends _SessionFallback {}
-  interface ServerAuthContext {
-    runtimeConfig: RuntimeConfig
-    db: ${hasHubDb ? `typeof import('@nuxthub/db')['db']` : "undefined"}
-  }
   type PluginTypes = InferPluginTypes<_Config>
 }
-
-interface _AugmentedServerAuthContext {
-  runtimeConfig: RuntimeConfig
-  db: ${hasHubDb ? `typeof import('@nuxthub/db')['db']` : "undefined"}
-}
-
-declare module '@onmax/nuxt-better-auth/config' {
-  import type { BetterAuthOptions, BetterAuthPlugin } from 'better-auth'
-  type ServerAuthConfig = Omit<BetterAuthOptions, 'secret' | 'baseURL'> & {
-    plugins?: readonly BetterAuthPlugin[]
-  }
-  export function defineServerAuth<const R>(config: (ctx: _AugmentedServerAuthContext) => R & ServerAuthConfig): (ctx: _AugmentedServerAuthContext) => R
-  export function defineServerAuth<const R>(config: R & ServerAuthConfig): (ctx: _AugmentedServerAuthContext) => R
-}
 `
-  }, { nuxt: true, nitro: true, node: true });
+  }, serverConfigTypeTemplateOptions);
   addTypeTemplate({
     filename: "types/nuxt-better-auth-social-providers.d.ts",
     getContents: () => `
@@ -654,7 +997,7 @@ declare module '#nuxt-better-auth' {
   }
 }
 `
-  }, { nuxt: true, nitro: true, node: true });
+  }, serverConfigTypeTemplateOptions);
   addTypeTemplate({
     filename: "types/nuxt-better-auth-nitro.d.ts",
     getContents: () => `
@@ -761,6 +1104,7 @@ declare module 'nuxt/dist/app/composables/fetch' {
     PickKeys extends import('nuxt/dist/app/composables/asyncData').KeysOf<DataT> = import('nuxt/dist/app/composables/asyncData').KeysOf<DataT>,
     DefaultT = DataT,
   >(request: import('vue').Ref<Path> | Path | (() => Path), opts?: import('nuxt/dist/app/composables/fetch').UseFetchOptions<_ResT, DataT, PickKeys, DefaultT, Path, Method>): import('nuxt/dist/app/composables/asyncData').AsyncData<import('nuxt/dist/app/composables/asyncData').PickFrom<DataT, PickKeys> | DefaultT, ErrorT | undefined>
+  export function useFetch(request: string | import('vue').Ref<string> | (() => string), opts?: any): any
 
   export function useLazyFetch<
     ErrorT = FetchError,
@@ -780,6 +1124,7 @@ declare module 'nuxt/dist/app/composables/fetch' {
     PickKeys extends import('nuxt/dist/app/composables/asyncData').KeysOf<DataT> = import('nuxt/dist/app/composables/asyncData').KeysOf<DataT>,
     DefaultT = DataT,
   >(request: import('vue').Ref<Path> | Path | (() => Path), opts?: Omit<import('nuxt/dist/app/composables/fetch').UseFetchOptions<_ResT, DataT, PickKeys, DefaultT, Path, Method>, 'lazy'>): import('nuxt/dist/app/composables/asyncData').AsyncData<import('nuxt/dist/app/composables/asyncData').PickFrom<DataT, PickKeys> | DefaultT, ErrorT | undefined>
+  export function useLazyFetch(request: string | import('vue').Ref<string> | (() => string), opts?: any): any
 }
 
 declare module 'nuxt/app' {
@@ -801,6 +1146,7 @@ declare module 'nuxt/app' {
     PickKeys extends import('nuxt/dist/app/composables/asyncData').KeysOf<DataT> = import('nuxt/dist/app/composables/asyncData').KeysOf<DataT>,
     DefaultT = DataT,
   >(request: import('vue').Ref<Path> | Path | (() => Path), opts?: import('nuxt/dist/app/composables/fetch').UseFetchOptions<_ResT, DataT, PickKeys, DefaultT, Path, Method>): import('nuxt/dist/app/composables/asyncData').AsyncData<import('nuxt/dist/app/composables/asyncData').PickFrom<DataT, PickKeys> | DefaultT, ErrorT | undefined>
+  export function useFetch(request: string | import('vue').Ref<string> | (() => string), opts?: any): any
 
   export function useLazyFetch<
     ErrorT = FetchError,
@@ -820,6 +1166,7 @@ declare module 'nuxt/app' {
     PickKeys extends import('nuxt/dist/app/composables/asyncData').KeysOf<DataT> = import('nuxt/dist/app/composables/asyncData').KeysOf<DataT>,
     DefaultT = DataT,
   >(request: import('vue').Ref<Path> | Path | (() => Path), opts?: Omit<import('nuxt/dist/app/composables/fetch').UseFetchOptions<_ResT, DataT, PickKeys, DefaultT, Path, Method>, 'lazy'>): import('nuxt/dist/app/composables/asyncData').AsyncData<import('nuxt/dist/app/composables/asyncData').PickFrom<DataT, PickKeys> | DefaultT, ErrorT | undefined>
+  export function useLazyFetch(request: string | import('vue').Ref<string> | (() => string), opts?: any): any
 }
 
 declare module 'nitropack' {
@@ -840,9 +1187,18 @@ declare module 'nitropack/types' {
   }
   interface InternalApi extends _GeneratedAuthInternalApi {}
 }
+declare module 'nitro/types' {
+  interface NitroRouteRules {
+    auth?: import('${runtimeTypesPath}').AuthMeta
+  }
+  interface NitroRouteConfig {
+    auth?: import('${runtimeTypesPath}').AuthMeta
+  }
+  interface InternalApi extends _GeneratedAuthInternalApi {}
+}
 export {}
 `
-  }, { nuxt: true, nitro: true, node: true });
+  }, { nitro: true, node: true });
 }
 function registerSharedTypeTemplates(input) {
   addTypeTemplate({
@@ -870,13 +1226,30 @@ declare module '#nuxt-better-auth' {
 }
 
 const consola = consola$1.withTag("nuxt-better-auth");
+const serverAliasImportRE = /from\s+['"]#server/;
+const layersAliasImportRE = /from\s+['"]#layers\//;
+const rootAliasImportRE = /from\s+['"]~~/;
+const workspaceAliasImportRE = /from\s+['"]@@/;
+const dbIdentifierRE = /\bdb\b/;
+const sessionHookAfterIdentifierRE = /\bsessionHookAfter\b/;
+const nuxtHubDbImportRE = /@nuxthub\/db/;
+function isServerConfigSharedTypeSafe(serverConfigPath) {
+  const resolvedPath = [
+    serverConfigPath,
+    `${serverConfigPath}.ts`,
+    `${serverConfigPath}.mts`,
+    `${serverConfigPath}.cts`,
+    `${serverConfigPath}.js`,
+    `${serverConfigPath}.mjs`,
+    `${serverConfigPath}.cjs`
+  ].find((path) => existsSync(path));
+  if (!resolvedPath)
+    return false;
+  const contents = readFileSync(resolvedPath, "utf8");
+  return !(serverAliasImportRE.test(contents) || layersAliasImportRE.test(contents) || rootAliasImportRE.test(contents) || workspaceAliasImportRE.test(contents) || dbIdentifierRE.test(contents) || sessionHookAfterIdentifierRE.test(contents) || nuxtHubDbImportRE.test(contents));
+}
 async function createDefaultAuthConfigFiles(nuxt) {
-  const project = getLayerDirectories(nuxt)[0];
-  const rootDir = project.root;
-  const serverPath = join(project.server, "auth.config.ts");
-  const clientPath = join(project.app, "auth.config.ts");
-  const serverConfigFile = getEffectiveModuleConfigFile(nuxt, "server");
-  const clientConfigFile = getEffectiveModuleConfigFile(nuxt, "client");
+  const configs = resolveAuthConfigDescriptors(nuxt);
   const serverTemplate = `import { defineServerAuth } from '@onmax/nuxt-better-auth/config'
 
 export default defineServerAuth({
@@ -887,15 +1260,17 @@ export default defineServerAuth({
 
 export default defineClientAuth({})
 `;
-  if (shouldCreateDefaultModuleConfig(nuxt, "server", serverConfigFile)) {
+  if (configs.server.shouldCreateDefaultFile) {
+    const serverPath = `${configs.server.path}.ts`;
     await mkdir(dirname(serverPath), { recursive: true });
     await writeFile(serverPath, serverTemplate);
-    consola.success(`Created ${relative(rootDir, serverPath)}`);
+    consola.success(`Created ${relative(configs.server.declaringLayerRoot, serverPath)}`);
   }
-  if (shouldCreateDefaultModuleConfig(nuxt, "client", clientConfigFile)) {
+  if (configs.client.shouldCreateDefaultFile) {
+    const clientPath = `${configs.client.path}.ts`;
     await mkdir(dirname(clientPath), { recursive: true });
     await writeFile(clientPath, clientTemplate);
-    consola.success(`Created ${relative(rootDir, clientPath)}`);
+    consola.success(`Created ${relative(configs.client.declaringLayerRoot, clientPath)}`);
   }
 }
 const module$1 = defineNuxtModule({
@@ -918,141 +1293,85 @@ const module$1 = defineNuxtModule({
   },
   async setup(options, nuxt) {
     const resolver = createResolver(import.meta.url);
-    const clientOnly = options.clientOnly;
-    const serverConfigFile = options.serverConfig;
-    const clientConfigFile = options.clientConfig;
-    const { file: resolvedServerConfigFile, path: serverConfigPath } = resolveModuleConfigPath(nuxt, "server", serverConfigFile);
-    const { file: resolvedClientConfigFile, path: clientConfigPath } = resolveModuleConfigPath(nuxt, "client", clientConfigFile);
-    const serverConfigExists = existsSync(`${serverConfigPath}.ts`) || existsSync(`${serverConfigPath}.js`);
-    const clientConfigExists = existsSync(`${clientConfigPath}.ts`) || existsSync(`${clientConfigPath}.js`);
-    if (!clientOnly && !serverConfigExists)
-      throw new Error(`[nuxt-better-auth] Missing ${resolvedServerConfigFile}.ts - export default defineServerAuth(...)`);
-    if (!clientConfigExists)
-      throw new Error(`[nuxt-better-auth] Missing ${resolvedClientConfigFile}.ts - export default defineClientAuth(...)`);
-    const hasNuxtHub = hasNuxtModule("@nuxthub/core", nuxt);
-    const hub = hasNuxtHub ? nuxt.options.hub : void 0;
-    const hasHubDbAvailable = !clientOnly && hasNuxtHub && !!hub?.db;
-    let databaseProvider = "none";
-    let hasHubDb = false;
-    nuxt.options.alias["#nuxt-better-auth"] = resolver.resolve("./runtime/types/augment");
-    if (!clientOnly)
-      nuxt.options.alias["#auth/server"] = serverConfigPath;
-    nuxt.options.alias["#auth/client"] = clientConfigPath;
-    if (clientOnly) {
-      setupRuntimeConfig({
-        nuxt,
-        options,
-        clientOnly,
-        databaseProvider,
-        hasNuxtHub,
-        hub,
-        consola
-      });
-    } else {
-      const hubDialect = getHubDialect(hub) ?? "sqlite";
-      const usePlural = options.schema?.usePlural ?? false;
-      const camelCase = (options.schema?.casing ?? getHubCasing(hub)) !== "snake_case";
-      const providers = {
-        nuxthub: {
-          priority: 100,
-          isEnabled: ({ hasHubDbAvailable: hasHubDbAvailable2 }) => hasHubDbAvailable2,
-          buildDatabaseCode: () => buildDatabaseCode({
-            provider: "nuxthub",
-            hubDialect,
-            usePlural,
-            camelCase
-          })
-        },
-        none: {
-          priority: 0,
-          buildDatabaseCode: () => buildDatabaseCode({
-            provider: "none",
-            hubDialect,
-            usePlural,
-            camelCase
-          })
-        }
-      };
-      const enabledCtx = { nuxt, options, clientOnly, hasHubDbAvailable };
-      await nuxt.callHook("better-auth:database:providers", providers);
-      const resolvedProvider = resolveDatabaseProvider({ providers, context: enabledCtx });
-      databaseProvider = resolvedProvider.id;
-      hasHubDb = databaseProvider === "nuxthub";
-      const { useHubKV } = setupRuntimeConfig({
-        nuxt,
-        options,
-        clientOnly,
-        databaseProvider,
-        hasNuxtHub,
-        hub,
-        consola
-      });
-      if (useHubKV && !nuxt.options.alias["hub:kv"]) {
-        throw new Error("[nuxt-better-auth] hub:kv not found. Ensure @nuxthub/core is loaded before this module and hub.kv is enabled.");
-      }
+    const setup = await resolveAuthModuleSetup({
+      nuxt,
+      options,
+      runtimeTypesAugmentPath: resolver.resolve("./runtime/types/augment"),
+      consola
+    });
+    nuxt.options.alias["#nuxt-better-auth"] = setup.aliases["#nuxt-better-auth"];
+    if (setup.aliases["#auth/server"])
+      nuxt.options.alias["#auth/server"] = setup.aliases["#auth/server"];
+    nuxt.options.alias["#auth/client"] = setup.aliases["#auth/client"];
+    if (!setup.clientOnly) {
       const secondaryStorageTemplate = addTemplate({
         filename: "better-auth/secondary-storage.mjs",
-        getContents: () => buildSecondaryStorageCode(useHubKV),
+        getContents: () => buildSecondaryStorageCode(setup.runtime.useHubKV),
         write: true
       });
       nuxt.options.alias["#auth/secondary-storage"] = secondaryStorageTemplate.dst;
-      if (hasHubDb && !nuxt.options.alias["hub:db"]) {
-        throw new Error("[nuxt-better-auth] hub:db not found. Ensure @nuxthub/core is loaded before this module and hub.db is configured.");
-      }
-      const setupCtx = { nuxt, options, clientOnly };
-      await resolvedProvider.definition.setup?.(setupCtx);
-      const buildCtx = { hubDialect, usePlural, camelCase };
       const databaseTemplate = addTemplate({
         filename: "better-auth/database.mjs",
-        getContents: () => resolvedProvider.definition.buildDatabaseCode(buildCtx),
+        getContents: () => setup.database.providerDefinition.buildDatabaseCode(setup.database.buildContext),
         write: true
       });
       nuxt.options.alias["#auth/database"] = databaseTemplate.dst;
       const schemaTemplate = addTemplate({
         filename: "better-auth/schema.mjs",
-        getContents: () => {
-          if (!hasHubDb)
-            return "export const schema = undefined\n";
-          return `export * from './schema.${hubDialect}.mjs'
-import * as schema from './schema.${hubDialect}.mjs'
-export { schema }
-`;
-        },
+        getContents: () => buildSchemaExportCode(setup.database.hasHubDb, setup.database.buildContext?.hubDialect ?? "sqlite"),
         write: true
       });
       nuxt.options.alias["#auth/schema"] = schemaTemplate.dst;
-      registerServerTypeTemplates({
-        serverConfigPath,
-        hasHubDb,
-        runtimeTypesPath: resolver.resolve("./runtime/types")
+    }
+    if (setup.prepareTypes) {
+      registerPrepareTypesHook({
+        nuxt,
+        serverDir: setup.prepareTypes.serverDir,
+        hasHubDb: setup.prepareTypes.hasHubDb
       });
-      if (hasHubDb)
-        await setupBetterAuthSchema(nuxt, serverConfigPath, options, consola, options.hubSecondaryStorage ?? false);
     }
-    registerSharedTypeTemplates({
-      runtimeTypesAugmentPath: resolver.resolve("./runtime/types/augment"),
-      runtimeTypesPath: resolver.resolve("./runtime/types"),
-      clientConfigPath
-    });
-    const runtimeRouteRulesSource = nuxt.options.nitro?.routeRules || nuxt.options.routeRules || {};
-    const authRouteRules = Object.fromEntries(
-      Object.entries(runtimeRouteRulesSource).flatMap(([path, rule]) => {
-        if (!rule || typeof rule !== "object" || !("auth" in rule))
-          return [];
-        return [[path, { auth: rule.auth }]];
-      })
-    );
+    if (setup.database.providerDefinition) {
+      const setupCtx = {
+        nuxt,
+        options,
+        clientOnly: setup.clientOnly
+      };
+      await setup.database.providerDefinition.setup?.(setupCtx);
+    }
     const authRouteRulesTemplate = addTemplate({
       filename: "better-auth/route-rules.mjs",
-      getContents: () => `export const authRouteRules = ${JSON.stringify(authRouteRules, null, 2)}
-`,
+      getContents: () => buildAuthRouteRulesCode(collectAuthRouteRules(nuxt)),
       write: true
     });
     nuxt.options.alias["#auth/route-rules"] = authRouteRulesTemplate.dst;
+    if (setup.serverTypes) {
+      registerServerTypeTemplates({
+        serverConfigPath: setup.serverTypes.serverConfigPath,
+        hasHubDb: setup.serverTypes.hasHubDb,
+        runtimeTypesPath: resolver.resolve("./runtime/types"),
+        sharedServerConfigSafe: isServerConfigSharedTypeSafe(setup.serverTypes.serverConfigPath)
+      });
+    }
+    if (setup.schemaGeneration) {
+      if (setup.schemaGeneration.externalizeNuxtHubDatabase)
+        registerNuxtHubDatabaseExternalHook(nuxt);
+      await setupBetterAuthSchema(
+        nuxt,
+        setup.schemaGeneration.serverConfigPath,
+        options,
+        consola,
+        setup.schemaGeneration.hubSecondaryStorage
+      );
+    }
+    registerSharedTypeTemplates({
+      runtimeTypesAugmentPath: setup.aliases["#nuxt-better-auth"],
+      runtimeTypesPath: resolver.resolve("./runtime/types"),
+      clientConfigPath: setup.sharedTypes.clientConfigPath
+    });
     registerTemplateHmrHook(nuxt);
-    registerServerRuntime({ clientOnly, resolve: resolver.resolve });
+    registerServerRuntime({ clientOnly: setup.clientOnly, resolve: resolver.resolve });
     registerAuthMiddlewareHook(nuxt, resolver.resolve);
-    await registerDevtools({ nuxt, clientOnly, hasHubDb, resolve: resolver.resolve });
+    await registerDevtools({ nuxt, clientOnly: setup.clientOnly, hasHubDb: setup.database.hasHubDb, resolve: resolver.resolve });
     registerRouteRulesMetaHook(nuxt);
   }
 });