@opensaas/stack-auth 0.1.5 → 0.1.6

package/src/config/index.ts

@@ -1,4 +1,3 @@
-import type { OpenSaasConfig } from '@opensaas/stack-core'
 import type {
   AuthConfig,
   NormalizedAuthConfig,
@@ -6,8 +5,6 @@ import type {
   EmailVerificationConfig,
   PasswordResetConfig,
 } from './types.js'
-import { getAuthLists } from '../lists/index.js'
-import { convertBetterAuthSchema } from '../server/schema-converter.js'
 
 /**
  * Normalize auth configuration with defaults
@@ -70,97 +67,5 @@ export function normalizeAuthConfig(config: AuthConfig): NormalizedAuthConfig {
   }
 }
 
-/**
- * Auth configuration builder
- * Use this to create an auth configuration object
- *
- * @example
- * ```typescript
- * import { authConfig } from '@opensaas/stack-auth'
- *
- * const auth = authConfig({
- *   emailAndPassword: { enabled: true },
- *   emailVerification: { enabled: true },
- *   socialProviders: {
- *     github: { clientId: '...', clientSecret: '...' }
- *   }
- * })
- * ```
- */
-export function authConfig(config: AuthConfig): AuthConfig {
-  return config
-}
-
-/**
- * Wrap an OpenSaas config with better-auth integration
- * This merges the auth lists into the user's config and sets up session handling
- *
- * @example
- * ```typescript
- * import { config } from '@opensaas/stack-core'
- * import { withAuth, authConfig } from '@opensaas/stack-auth'
- *
- * export default withAuth(
- *   config({
- *     db: { provider: 'sqlite', url: 'file:./dev.db' },
- *     lists: {
- *       Post: list({ ... })
- *     }
- *   }),
- *   authConfig({
- *     emailAndPassword: { enabled: true }
- *   })
- * )
- * ```
- */
-export function withAuth(opensaasConfig: OpenSaasConfig, authConfig: AuthConfig): OpenSaasConfig {
-  const normalized = normalizeAuthConfig(authConfig)
-
-  // Get auth lists from plugins
-  const authLists = getAuthListsFromPlugins(normalized)
-
-  // Merge auth lists with user lists (auth lists take priority)
-  const mergedLists = {
-    ...opensaasConfig.lists,
-    ...authLists,
-  }
-
-  // Return merged config with auth config attached
-  // Note: Session integration happens in the generator/context
-  const result: OpenSaasConfig & { __authConfig?: NormalizedAuthConfig } = {
-    ...opensaasConfig,
-    lists: mergedLists,
-  }
-
-  // Store auth config for internal use
-  result.__authConfig = normalized
-
-  return result
-}
-
-/**
- * Get auth lists by extracting schemas from Better Auth plugins
- * This inspects the plugin objects directly without requiring a database connection
- */
-function getAuthListsFromPlugins(authConfig: NormalizedAuthConfig) {
-  // Start with base Better Auth tables (always required)
-  const authLists = getAuthLists(authConfig.extendUserList)
-
-  // Extract additional tables from plugins
-  for (const plugin of authConfig.betterAuthPlugins) {
-    if (plugin && typeof plugin === 'object' && 'schema' in plugin) {
-      // Plugin has schema property - convert to OpenSaaS lists
-      // eslint-disable-next-line @typescript-eslint/no-explicit-any -- Plugin schema types are dynamic
-      const pluginSchema = plugin.schema as any
-
-      // Convert plugin schema to OpenSaaS lists and merge
-      const pluginLists = convertBetterAuthSchema(pluginSchema)
-      Object.assign(authLists, pluginLists)
-    }
-  }
-
-  return authLists
-}
-
 export type { AuthConfig, NormalizedAuthConfig }
 export * from './types.js'

package/src/config/plugin.ts

@@ -0,0 +1,86 @@
+import type { Plugin } from '@opensaas/stack-core'
+import type { AuthConfig, NormalizedAuthConfig } from './types.js'
+import { normalizeAuthConfig } from './index.js'
+import { getAuthLists } from '../lists/index.js'
+import { convertBetterAuthSchema } from '../server/schema-converter.js'
+
+/**
+ * Auth plugin for OpenSaas Stack
+ * Provides Better-auth integration with automatic list generation and session management
+ *
+ * @example
+ * ```typescript
+ * import { config } from '@opensaas/stack-core'
+ * import { authPlugin } from '@opensaas/stack-auth'
+ *
+ * export default config({
+ *   plugins: [
+ *     authPlugin({
+ *       emailAndPassword: { enabled: true },
+ *       sessionFields: ['userId', 'email', 'name', 'role']
+ *     })
+ *   ],
+ *   db: { provider: 'sqlite', url: 'file:./dev.db' },
+ *   lists: { Post: list({...}) }
+ * })
+ * ```
+ */
+export function authPlugin(config: AuthConfig): Plugin {
+  const normalized = normalizeAuthConfig(config)
+
+  return {
+    name: 'auth',
+    version: '0.1.0',
+
+    init: async (context) => {
+      // Get auth lists from base Better Auth schema
+      const authLists = getAuthLists(normalized.extendUserList)
+
+      // Extract additional lists from Better Auth plugins
+      for (const plugin of normalized.betterAuthPlugins) {
+        if (plugin && typeof plugin === 'object' && 'schema' in plugin) {
+          // Plugin has schema property - convert to OpenSaaS lists
+          // eslint-disable-next-line @typescript-eslint/no-explicit-any -- Plugin schema types are dynamic
+          const pluginSchema = plugin.schema as any
+          const pluginLists = convertBetterAuthSchema(pluginSchema)
+
+          // Add or extend lists from plugin
+          for (const [listName, listConfig] of Object.entries(pluginLists)) {
+            if (context.config.lists[listName]) {
+              // List exists, extend it
+              context.extendList(listName, {
+                fields: listConfig.fields,
+                hooks: listConfig.hooks,
+                access: listConfig.access,
+                mcp: listConfig.mcp,
+              })
+            } else {
+              // List doesn't exist, add it
+              context.addList(listName, listConfig)
+            }
+          }
+        }
+      }
+
+      // Add all auth lists
+      for (const [listName, listConfig] of Object.entries(authLists)) {
+        if (context.config.lists[listName]) {
+          // If user defined a User list, extend it with auth fields
+          context.extendList(listName, {
+            fields: listConfig.fields,
+            hooks: listConfig.hooks,
+            access: listConfig.access,
+            mcp: listConfig.mcp,
+          })
+        } else {
+          // Otherwise, add the auth list
+          context.addList(listName, listConfig)
+        }
+      }
+
+      // Store auth config for runtime access
+      // Access at runtime via: config._pluginData.auth
+      context.setPluginData<NormalizedAuthConfig>('auth', normalized)
+    },
+  }
+}

package/src/index.ts

@@ -7,29 +7,30 @@
  * - Auto-generated User, Session, Account, Verification lists
  * - Session integration with OpenSaas access control
  * - Pre-built auth UI components (SignIn, SignUp, ForgotPassword)
- * - Easy configuration with withAuth() wrapper
+ * - Easy configuration with authPlugin()
  *
  * @example
  * ```typescript
  * // opensaas.config.ts
  * import { config } from '@opensaas/stack-core'
- * import { withAuth, authConfig } from '@opensaas/stack-auth'
+ * import { authPlugin } from '@opensaas/stack-auth'
  *
- * export default withAuth(
- *   config({
- *     db: { provider: 'sqlite', url: 'file:./dev.db' },
- *     lists: { ... }
- *   }),
- *   authConfig({
- *     emailAndPassword: { enabled: true },
- *     emailVerification: { enabled: true },
- *   })
- * )
+ * export default config({
+ *   plugins: [
+ *     authPlugin({
+ *       emailAndPassword: { enabled: true },
+ *       emailVerification: { enabled: true },
+ *     })
+ *   ],
+ *   db: { provider: 'sqlite', url: 'file:./dev.db' },
+ *   lists: { ... }
+ * })
  * ```
  */
 
 // Config exports
-export { withAuth, authConfig, normalizeAuthConfig } from './config/index.js'
+export { normalizeAuthConfig } from './config/index.js'
+export { authPlugin } from './config/plugin.js'
 export type { AuthConfig, NormalizedAuthConfig } from './config/index.js'
 export type * from './config/types.js'
 

package/src/mcp/better-auth.ts

@@ -93,7 +93,7 @@ export function withMcpAuth(
  * @example
  * ```typescript
  * const mcpSession = await auth.api.getMcpSession({ headers: req.headers })
- * const context = getContext(mcpSessionToContextSession(mcpSession))
+ * const context = await getContext(mcpSessionToContextSession(mcpSession))
  * const posts = await context.db.post.findMany()
  * ```
  */

package/src/server/index.ts

@@ -25,65 +25,106 @@ function getDatabaseConfig(
  * // lib/auth.ts
  * import { createAuth } from '@opensaas/stack-auth/server'
  * import config from '../opensaas.config'
+ * import { rawOpensaasContext } from '@/.opensaas/context'
  *
- * export const auth = createAuth(config)
+ * export const auth = createAuth(config, rawOpensaasContext)
  * ```
  */
 export function createAuth(
-  opensaasConfig: OpenSaasConfig & { __authConfig?: NormalizedAuthConfig },
-  context: AccessContext,
+  opensaasConfig: OpenSaasConfig | Promise<OpenSaasConfig>,
+  context: AccessContext | Promise<AccessContext>,
 ) {
-  // Extract auth config (added by withAuth)
-  const authConfig = opensaasConfig.__authConfig
+  // Resolve config and context asynchronously
+  const configPromise = Promise.resolve(opensaasConfig)
+  const contextPromise = Promise.resolve(context)
 
-  if (!authConfig) {
-    throw new Error(
-      'Auth config not found. Make sure to wrap your config with withAuth() in opensaas.config.ts',
-    )
-  }
+  // Create auth instance lazily when needed
+  let authInstance: ReturnType<typeof betterAuth> | null = null
+  let authPromise: Promise<ReturnType<typeof betterAuth>> | null = null
+
+  async function getAuthInstance() {
+    if (authInstance) return authInstance
 
-  // Build better-auth configuration
-  const betterAuthConfig: BetterAuthOptions = {
-    database: getDatabaseConfig(opensaasConfig.db, context),
+    if (!authPromise) {
+      authPromise = (async () => {
+        const resolvedConfig = await configPromise
+        const resolvedContext = await contextPromise
 
-    // Enable email and password if configured
-    emailAndPassword: authConfig.emailAndPassword.enabled
-      ? {
-          enabled: true,
-          requireEmailVerification: authConfig.emailVerification.enabled,
+        // Extract auth config from plugin data
+        const authConfig = resolvedConfig._pluginData?.auth as NormalizedAuthConfig | undefined
+
+        if (!authConfig) {
+          throw new Error(
+            'Auth config not found. Make sure to use authPlugin() in your opensaas.config.ts',
+          )
         }
-      : undefined,
 
-    // Configure session
-    session: {
-      expiresIn: authConfig.session.expiresIn || 604800,
-      updateAge: authConfig.session.updateAge ? (authConfig.session.expiresIn || 604800) / 10 : 0,
-    },
+        // Build better-auth configuration
+        const betterAuthConfig: BetterAuthOptions = {
+          database: getDatabaseConfig(resolvedConfig.db, resolvedContext),
+
+          // Enable email and password if configured
+          emailAndPassword: authConfig.emailAndPassword.enabled
+            ? {
+                enabled: true,
+                requireEmailVerification: authConfig.emailVerification.enabled,
+              }
+            : undefined,
+
+          // Configure session
+          session: {
+            expiresIn: authConfig.session.expiresIn || 604800,
+            updateAge: authConfig.session.updateAge
+              ? (authConfig.session.expiresIn || 604800) / 10
+              : 0,
+          },
+
+          // Trust host (required for production)
+          trustedOrigins: process.env.BETTER_AUTH_TRUSTED_ORIGINS?.split(',') || [],
+
+          // Social providers
+          socialProviders: Object.entries(authConfig.socialProviders)
+            .filter(([_, config]) => config?.enabled !== false)
+            .reduce(
+              (acc, [provider, config]) => {
+                if (config) {
+                  acc[provider] = {
+                    clientId: config.clientId,
+                    clientSecret: config.clientSecret,
+                  }
+                }
+                return acc
+              },
+              {} as Record<string, { clientId: string; clientSecret: string }>,
+            ),
+
+          // Pass through any additional Better Auth plugins
+          plugins: authConfig.betterAuthPlugins || [],
+        }
 
-    // Trust host (required for production)
-    trustedOrigins: process.env.BETTER_AUTH_TRUSTED_ORIGINS?.split(',') || [],
-
-    // Social providers
-    socialProviders: Object.entries(authConfig.socialProviders)
-      .filter(([_, config]) => config?.enabled !== false)
-      .reduce(
-        (acc, [provider, config]) => {
-          if (config) {
-            acc[provider] = {
-              clientId: config.clientId,
-              clientSecret: config.clientSecret,
-            }
-          }
-          return acc
-        },
-        {} as Record<string, { clientId: string; clientSecret: string }>,
-      ),
+        authInstance = betterAuth(betterAuthConfig)
+        return authInstance
+      })()
+    }
 
-    // Pass through any additional Better Auth plugins
-    plugins: authConfig.betterAuthPlugins || [],
+    return authPromise
   }
 
-  return betterAuth(betterAuthConfig)
+  // Return a proxy that lazily initializes the auth instance
+  return new Proxy({} as ReturnType<typeof betterAuth>, {
+    get(_, prop) {
+      return (...args: unknown[]) => {
+        return (async () => {
+          const instance = await getAuthInstance()
+          const value = instance[prop as keyof typeof instance]
+          if (typeof value === 'function') {
+            return (value as (...args: unknown[]) => unknown).apply(instance, args)
+          }
+          return value
+        })()
+      }
+    },
+  })
 }
 
 /**