@supabase/server 0.2.0-rc.44 → 0.2.0-rc.46

package/README.md

@@ -252,6 +252,56 @@ export default { fetch: app.fetch }
 
 The adapter does not handle CORS — use `hono/cors` for that. Per-route auth works naturally by applying the middleware to specific routes.
 
+### H3 / Nuxt
+
+```ts
+import { H3 } from 'h3'
+import { withSupabase } from '@supabase/server/adapters/h3'
+
+const app = new H3()
+
+// Protected — withSupabase validates the JWT before the handler runs
+app.use(withSupabase({ allow: 'user' }))
+
+app.get('/games', async (event) => {
+  const { supabase } = event.context.supabaseContext
+  const { data: myGames } = await supabase.from('favorite_games').select()
+  return myGames
+})
+
+// Public — no middleware means no auth
+app.get('/health', () => ({ status: 'ok' }))
+
+export default { fetch: app.fetch }
+```
+
+For **Nuxt**, use `defineHandler` for file routes:
+
+```ts
+// server/api/games.get.ts
+import { defineHandler } from 'h3'
+import { withSupabase } from '@supabase/server/adapters/h3'
+
+export default defineHandler({
+  middleware: [withSupabase({ allow: 'user' })],
+  handler: async (event) => {
+    const { supabase } = event.context.supabaseContext
+    return supabase.from('favorite_games').select()
+  },
+})
+```
+
+For app-wide auth, register it as a server middleware:
+
+```ts
+// server/middleware/supabase.ts
+import { withSupabase } from '@supabase/server/adapters/h3'
+
+export default withSupabase({ allow: 'user' })
+```
+
+The adapter does not handle CORS — use H3's CORS utilities for that.
+
 ## Primitives
 
 For when you need more control than `withSupabase` provides — multiple routes with different auth, custom response headers, or building your own wrapper.
@@ -377,9 +427,10 @@ For other environments, pass overrides via the `env` config option or `resolveEn
 
 - **Supabase Edge Functions** — environment variables are auto-injected. Zero config.
 - **Deno / Bun** — works out of the box with the `export default { fetch }` pattern.
-- **Node.js** — use the [Hono adapter](#hono) or [core primitives](#primitives) with your framework of choice.
+- **Node.js** — use the [Hono adapter](#hono), [H3 adapter](#h3--nuxt), or [core primitives](#primitives) with your framework of choice.
 - **Cloudflare Workers** — enable `nodejs_compat` in `wrangler.toml` or pass env overrides via the `env` config option.
-- **Next.js / Nuxt / SvelteKit / Remix** — use core primitives to build a cookie-based auth adapter. See [`docs/ssr-frameworks.md`](docs/ssr-frameworks.md).
+- **Nuxt** — use the [H3 adapter](#h3--nuxt) directly as a server middleware.
+- **Next.js / SvelteKit / Remix** — use core primitives to build a cookie-based auth adapter. See [`docs/ssr-frameworks.md`](docs/ssr-frameworks.md).
 
 ## Exports
 
@@ -388,6 +439,7 @@ For other environments, pass overrides via the `env` config option or `resolveEn
 | `@supabase/server`               | `withSupabase`, `createSupabaseContext`                                                                           |
 | `@supabase/server/core`          | `verifyAuth`, `verifyCredentials`, `extractCredentials`, `createContextClient`, `createAdminClient`, `resolveEnv` |
 | `@supabase/server/adapters/hono` | `withSupabase` (Hono middleware)                                                                                  |
+| `@supabase/server/adapters/h3`   | `withSupabase` (H3 / Nuxt middleware)                                                                             |
 
 ## Documentation
 

package/dist/adapters/h3/index.cjs

@@ -0,0 +1,59 @@
+Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
+const require_create_supabase_context = require('../../create-supabase-context-C_8SbO5w.cjs');
+let h3 = require("h3");
+
+//#region src/adapters/h3/middleware.ts
+/**
+* H3 middleware that creates a {@link SupabaseContext} and stores it in `event.context.supabaseContext`.
+*
+* Skips if a previous middleware already set the context, enabling chained middleware via `app.use()`.
+* Throws an `HTTPError` on auth failure.
+*
+* @param config - Auth modes and optional environment overrides. CORS is excluded — use H3's CORS utilities.
+* @returns An H3 middleware.
+*
+* @example App-wide auth via `app.use()`
+* ```ts
+* import { H3 } from 'h3'
+* import { withSupabase } from '@supabase/server/adapters/h3'
+*
+* const app = new H3()
+* app.use(withSupabase({ allow: 'user' }))
+*
+* app.get('/games', async (event) => {
+*   const { supabase } = event.context.supabaseContext
+*   return supabase.from('favorite_games').select()
+* })
+*
+* export default { fetch: app.fetch }
+* ```
+*
+* @example Per-route auth via `defineHandler`
+* ```ts
+* import { defineHandler } from 'h3'
+* import { withSupabase } from '@supabase/server/adapters/h3'
+*
+* export default defineHandler({
+*   middleware: [withSupabase({ allow: 'user' })],
+*   handler: async (event) => {
+*     const { supabase } = event.context.supabaseContext
+*     return supabase.from('favorite_games').select()
+*   },
+* })
+* ```
+*/
+function withSupabase(config) {
+	return (0, h3.defineMiddleware)(async (event, next) => {
+		if (event.context.supabaseContext) return next();
+		const { data: ctx, error } = await require_create_supabase_context.createSupabaseContext(event.req, config);
+		if (error) throw new h3.HTTPError(error.message, {
+			status: error.status,
+			cause: error
+		});
+		event.context.supabaseContext = ctx;
+		return next();
+	});
+}
+
+//#endregion
+exports.withSupabase = withSupabase;

package/dist/adapters/h3/index.d.cts

@@ -0,0 +1,51 @@
+import { f as WithSupabaseConfig, l as SupabaseContext } from "../../types-DqhOaSlC.cjs";
+import { Middleware } from "h3";
+
+//#region src/adapters/h3/middleware.d.ts
+/**
+ * H3 middleware that creates a {@link SupabaseContext} and stores it in `event.context.supabaseContext`.
+ *
+ * Skips if a previous middleware already set the context, enabling chained middleware via `app.use()`.
+ * Throws an `HTTPError` on auth failure.
+ *
+ * @param config - Auth modes and optional environment overrides. CORS is excluded — use H3's CORS utilities.
+ * @returns An H3 middleware.
+ *
+ * @example App-wide auth via `app.use()`
+ * ```ts
+ * import { H3 } from 'h3'
+ * import { withSupabase } from '@supabase/server/adapters/h3'
+ *
+ * const app = new H3()
+ * app.use(withSupabase({ allow: 'user' }))
+ *
+ * app.get('/games', async (event) => {
+ *   const { supabase } = event.context.supabaseContext
+ *   return supabase.from('favorite_games').select()
+ * })
+ *
+ * export default { fetch: app.fetch }
+ * ```
+ *
+ * @example Per-route auth via `defineHandler`
+ * ```ts
+ * import { defineHandler } from 'h3'
+ * import { withSupabase } from '@supabase/server/adapters/h3'
+ *
+ * export default defineHandler({
+ *   middleware: [withSupabase({ allow: 'user' })],
+ *   handler: async (event) => {
+ *     const { supabase } = event.context.supabaseContext
+ *     return supabase.from('favorite_games').select()
+ *   },
+ * })
+ * ```
+ */
+declare function withSupabase(config?: Omit<WithSupabaseConfig, 'cors'>): Middleware;
+declare module 'h3' {
+  interface H3EventContext {
+    supabaseContext: SupabaseContext;
+  }
+}
+//#endregion
+export { withSupabase };

package/dist/adapters/h3/index.d.mts

@@ -0,0 +1,51 @@
+import { f as WithSupabaseConfig, l as SupabaseContext } from "../../types-DKe8uOwI.mjs";
+import { Middleware } from "h3";
+
+//#region src/adapters/h3/middleware.d.ts
+/**
+ * H3 middleware that creates a {@link SupabaseContext} and stores it in `event.context.supabaseContext`.
+ *
+ * Skips if a previous middleware already set the context, enabling chained middleware via `app.use()`.
+ * Throws an `HTTPError` on auth failure.
+ *
+ * @param config - Auth modes and optional environment overrides. CORS is excluded — use H3's CORS utilities.
+ * @returns An H3 middleware.
+ *
+ * @example App-wide auth via `app.use()`
+ * ```ts
+ * import { H3 } from 'h3'
+ * import { withSupabase } from '@supabase/server/adapters/h3'
+ *
+ * const app = new H3()
+ * app.use(withSupabase({ allow: 'user' }))
+ *
+ * app.get('/games', async (event) => {
+ *   const { supabase } = event.context.supabaseContext
+ *   return supabase.from('favorite_games').select()
+ * })
+ *
+ * export default { fetch: app.fetch }
+ * ```
+ *
+ * @example Per-route auth via `defineHandler`
+ * ```ts
+ * import { defineHandler } from 'h3'
+ * import { withSupabase } from '@supabase/server/adapters/h3'
+ *
+ * export default defineHandler({
+ *   middleware: [withSupabase({ allow: 'user' })],
+ *   handler: async (event) => {
+ *     const { supabase } = event.context.supabaseContext
+ *     return supabase.from('favorite_games').select()
+ *   },
+ * })
+ * ```
+ */
+declare function withSupabase(config?: Omit<WithSupabaseConfig, 'cors'>): Middleware;
+declare module 'h3' {
+  interface H3EventContext {
+    supabaseContext: SupabaseContext;
+  }
+}
+//#endregion
+export { withSupabase };

package/dist/adapters/h3/index.mjs

@@ -0,0 +1,58 @@
+import { t as createSupabaseContext } from "../../create-supabase-context-DXD5rxi1.mjs";
+import { HTTPError, defineMiddleware } from "h3";
+
+//#region src/adapters/h3/middleware.ts
+/**
+* H3 middleware that creates a {@link SupabaseContext} and stores it in `event.context.supabaseContext`.
+*
+* Skips if a previous middleware already set the context, enabling chained middleware via `app.use()`.
+* Throws an `HTTPError` on auth failure.
+*
+* @param config - Auth modes and optional environment overrides. CORS is excluded — use H3's CORS utilities.
+* @returns An H3 middleware.
+*
+* @example App-wide auth via `app.use()`
+* ```ts
+* import { H3 } from 'h3'
+* import { withSupabase } from '@supabase/server/adapters/h3'
+*
+* const app = new H3()
+* app.use(withSupabase({ allow: 'user' }))
+*
+* app.get('/games', async (event) => {
+*   const { supabase } = event.context.supabaseContext
+*   return supabase.from('favorite_games').select()
+* })
+*
+* export default { fetch: app.fetch }
+* ```
+*
+* @example Per-route auth via `defineHandler`
+* ```ts
+* import { defineHandler } from 'h3'
+* import { withSupabase } from '@supabase/server/adapters/h3'
+*
+* export default defineHandler({
+*   middleware: [withSupabase({ allow: 'user' })],
+*   handler: async (event) => {
+*     const { supabase } = event.context.supabaseContext
+*     return supabase.from('favorite_games').select()
+*   },
+* })
+* ```
+*/
+function withSupabase(config) {
+	return defineMiddleware(async (event, next) => {
+		if (event.context.supabaseContext) return next();
+		const { data: ctx, error } = await createSupabaseContext(event.req, config);
+		if (error) throw new HTTPError(error.message, {
+			status: error.status,
+			cause: error
+		});
+		event.context.supabaseContext = ctx;
+		return next();
+	});
+}
+
+//#endregion
+export { withSupabase };

package/dist/core/index.d.cts

@@ -1,5 +1,5 @@
 import { a as CreateAdminClientOptions, i as ClientAuth, n as AllowWithKey, o as CreateContextClientOptions, r as AuthResult, s as Credentials, u as SupabaseEnv } from "../types-DqhOaSlC.cjs";
-import { i as EnvError, t as AuthError } from "../errors-O2ugIMec.cjs";
+import { i as EnvError, t as AuthError } from "../errors-Dyj5Cjt6.cjs";
 import { SupabaseClient } from "@supabase/supabase-js";
 
 //#region src/core/resolve-env.d.ts

package/dist/core/index.d.mts

@@ -1,5 +1,5 @@
 import { a as CreateAdminClientOptions, i as ClientAuth, n as AllowWithKey, o as CreateContextClientOptions, r as AuthResult, s as Credentials, u as SupabaseEnv } from "../types-DKe8uOwI.mjs";
-import { i as EnvError, t as AuthError } from "../errors-CAH-RRA3.mjs";
+import { i as EnvError, t as AuthError } from "../errors-m42mkqhD.mjs";
 import { SupabaseClient } from "@supabase/supabase-js";
 
 //#region src/core/resolve-env.d.ts

package/dist/index.d.cts

@@ -1,5 +1,5 @@
 import { a as CreateAdminClientOptions, c as JWTClaims, d as UserClaims, f as WithSupabaseConfig, i as ClientAuth, l as SupabaseContext, n as AllowWithKey, o as CreateContextClientOptions, r as AuthResult, s as Credentials, t as Allow, u as SupabaseEnv } from "./types-DqhOaSlC.cjs";
-import { a as EnvGenericError, c as MissingDefaultPublishableKeyError, d as MissingSecretKeyError, f as MissingSupabaseURLError, i as EnvError, l as MissingDefaultSecretKeyError, n as AuthGenericError, o as Errors, r as CreateSupabaseClientError, s as InvalidCredentialsError, t as AuthError, u as MissingPublishableKeyError } from "./errors-O2ugIMec.cjs";
+import { a as EnvGenericError, c as MissingDefaultPublishableKeyError, d as MissingSecretKeyError, f as MissingSupabaseURLError, i as EnvError, l as MissingDefaultSecretKeyError, n as AuthGenericError, o as Errors, r as CreateSupabaseClientError, s as InvalidCredentialsError, t as AuthError, u as MissingPublishableKeyError } from "./errors-Dyj5Cjt6.cjs";
 
 //#region src/with-supabase.d.ts
 /**

package/dist/index.d.mts

@@ -1,5 +1,5 @@
 import { a as CreateAdminClientOptions, c as JWTClaims, d as UserClaims, f as WithSupabaseConfig, i as ClientAuth, l as SupabaseContext, n as AllowWithKey, o as CreateContextClientOptions, r as AuthResult, s as Credentials, t as Allow, u as SupabaseEnv } from "./types-DKe8uOwI.mjs";
-import { a as EnvGenericError, c as MissingDefaultPublishableKeyError, d as MissingSecretKeyError, f as MissingSupabaseURLError, i as EnvError, l as MissingDefaultSecretKeyError, n as AuthGenericError, o as Errors, r as CreateSupabaseClientError, s as InvalidCredentialsError, t as AuthError, u as MissingPublishableKeyError } from "./errors-CAH-RRA3.mjs";
+import { a as EnvGenericError, c as MissingDefaultPublishableKeyError, d as MissingSecretKeyError, f as MissingSupabaseURLError, i as EnvError, l as MissingDefaultSecretKeyError, n as AuthGenericError, o as Errors, r as CreateSupabaseClientError, s as InvalidCredentialsError, t as AuthError, u as MissingPublishableKeyError } from "./errors-m42mkqhD.mjs";
 
 //#region src/with-supabase.d.ts
 /**

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@supabase/server",
-  "version": "0.2.0-rc.44",
+  "version": "0.2.0-rc.46",
   "description": "Server-side utilities for Supabase. Handles auth, client creation, and context injection so you write business logic, not boilerplate.",
   "keywords": [
     "edge",
@@ -34,6 +34,11 @@
       "import": "./dist/adapters/hono/index.mjs",
       "require": "./dist/adapters/hono/index.cjs"
     },
+    "./adapters/h3": {
+      "types": "./dist/adapters/h3/index.d.mts",
+      "import": "./dist/adapters/h3/index.mjs",
+      "require": "./dist/adapters/h3/index.cjs"
+    },
     "./package.json": "./package.json"
   },
   "main": "./dist/index.cjs",
@@ -69,9 +74,13 @@
   },
   "peerDependencies": {
     "@supabase/supabase-js": "^2.0.0",
-    "hono": "^4.0.0"
+    "hono": "^4.0.0",
+    "h3": "^2.0.0"
   },
   "peerDependenciesMeta": {
+    "h3": {
+      "optional": true
+    },
     "hono": {
       "optional": true
     }
@@ -81,6 +90,7 @@
     "@commitlint/config-conventional": "^20.4.2",
     "@supabase/supabase-js": "^2.98.0",
     "eslint": "^10.0.2",
+    "h3": "2.0.1-rc.20",
     "hono": "^4.12.5",
     "prettier": "3.8.1",
     "pretty-quick": "^4.2.2",