npm - create-nuxt-base - Versions diffs - 1.1.2 → 2.0.0 - Mend

create-nuxt-base 1.1.2 → 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (39) hide show

package/.github/workflows/publish.yml CHANGED Viewed

@@ -9,7 +9,7 @@ env:
   SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
 permissions:
-  id-token: write  # Required for OIDC
+  id-token: write # Required for OIDC
   contents: read
 jobs:

package/AUTH.md CHANGED Viewed

@@ -7,12 +7,12 @@ This document describes the Better Auth integration in the nuxt-base-starter tem
 The template uses [Better Auth](https://www.better-auth.com/) for authentication with the following features:
 | Feature               | Status | Description                            |
-|-----------------------|--------|----------------------------------------|
-| Email & Password      | ✅      | Standard email/password authentication |
-| Two-Factor Auth (2FA) | ✅      | TOTP-based 2FA with backup codes       |
-| Passkey (WebAuthn)    | ✅      | Passwordless authentication            |
-| Session Management    | ✅      | Cookie-based sessions with SSR support |
-| Password Hashing      | ✅      | Client-side SHA256 hashing             |
+| --------------------- | ------ | -------------------------------------- |
+| Email & Password      | ✅     | Standard email/password authentication |
+| Two-Factor Auth (2FA) | ✅     | TOTP-based 2FA with backup codes       |
+| Passkey (WebAuthn)    | ✅     | Passwordless authentication            |
+| Session Management    | ✅     | Cookie-based sessions with SSR support |
+| Password Hashing      | ✅     | Client-side SHA256 hashing             |
 ## Architecture
@@ -44,7 +44,7 @@ The template uses [Better Auth](https://www.better-auth.com/) for authentication
 ## Files
 | File                                 | Purpose                          |
-|--------------------------------------|----------------------------------|
+| ------------------------------------ | -------------------------------- |
 | `app/lib/auth-client.ts`             | Better Auth client configuration |
 | `app/composables/use-better-auth.ts` | Auth state management composable |
 | `app/pages/auth/login.vue`           | Login page                       |
@@ -153,8 +153,8 @@ import { createBetterAuthClient } from '~/lib/auth-client';
 // Create a custom client
 const customClient = createBetterAuthClient({
   baseURL: 'https://api.example.com',
-  basePath: '/auth',  // Default: '/iam'
-  twoFactorRedirectPath: '/login/2fa',  // Default: '/auth/2fa'
+  basePath: '/auth', // Default: '/iam'
+  twoFactorRedirectPath: '/login/2fa', // Default: '/auth/2fa'
   enableAdmin: false,
   enableTwoFactor: true,
   enablePasskey: true,
@@ -174,6 +174,7 @@ const hashedPassword = await sha256(plainPassword);
 ```
 **Why client-side hashing?**
 1. Prevents plain text passwords in network logs
 2. Works with nest-server's `normalizePasswordForIam()` which detects SHA256 hashes
 3. Server re-hashes with bcrypt for storage
@@ -183,7 +184,7 @@ const hashedPassword = await sha256(plainPassword);
 Sessions are stored in cookies for SSR compatibility:
 | Cookie                      | Purpose                    |
-|-----------------------------|----------------------------|
+| --------------------------- | -------------------------- |
 | `auth-state`                | User data (SSR-compatible) |
 | `token`                     | Session token              |
 | `better-auth.session_token` | Better Auth native cookie  |
@@ -200,6 +201,7 @@ fetchOptions: {
 ```
 **Backend CORS Configuration:**
 ```typescript
 // In nest-server config
 cors: {
@@ -215,7 +217,7 @@ The following endpoints are provided by the nest-server backend:
 ### Authentication
 | Endpoint             | Method | Description                 |
-|----------------------|--------|-----------------------------|
+| -------------------- | ------ | --------------------------- |
 | `/iam/sign-in/email` | POST   | Email/password sign in      |
 | `/iam/sign-up/email` | POST   | Email/password registration |
 | `/iam/sign-out`      | POST   | Sign out                    |
@@ -224,7 +226,7 @@ The following endpoints are provided by the nest-server backend:
 ### Passkey (WebAuthn)
 | Endpoint                                     | Method | Description              |
-|----------------------------------------------|--------|--------------------------|
+| -------------------------------------------- | ------ | ------------------------ |
 | `/iam/passkey/generate-register-options`     | GET    | Get registration options |
 | `/iam/passkey/verify-registration`           | POST   | Verify registration      |
 | `/iam/passkey/generate-authenticate-options` | GET    | Get auth options         |
@@ -235,7 +237,7 @@ The following endpoints are provided by the nest-server backend:
 ### Two-Factor Authentication
 | Endpoint                             | Method | Description        |
-|--------------------------------------|--------|--------------------|
+| ------------------------------------ | ------ | ------------------ |
 | `/iam/two-factor/enable`             | POST   | Enable 2FA         |
 | `/iam/two-factor/disable`            | POST   | Disable 2FA        |
 | `/iam/two-factor/verify-totp`        | POST   | Verify TOTP code   |
@@ -267,7 +269,7 @@ The passkey response only contains the session, not the user. Call `validateSess
 ```typescript
 if (result.data?.session) {
-  await validateSession();  // Fetches user data
+  await validateSession(); // Fetches user data
 }
 ```

package/CHANGELOG.md CHANGED Viewed

@@ -2,29 +2,66 @@
 All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
+## [2.0.0](https://github.com/lenneTech/nuxt-base-starter/compare/v1.2.0...v2.0.0) (2026-01-24)
+### ⚠ BREAKING CHANGES
+* Local auth, upload, and utility files replaced by package
+Migration to @lenne.tech/nuxt-extensions v1.0.1:
+- Remove local composables (use-better-auth, use-tus-upload, use-file, use-share, use-tw)
+- Remove local lib files (auth-client, auth-state)
+- Remove local plugins (auth-interceptor.client)
+- Remove local utils (crypto)
+- Remove local interfaces (upload.interface)
+- Remove local Transition components (now provided by package as Lt* prefix)
+- Simplify user.interface.ts to re-export LtUser from package
+- Update all imports to use auto-imported composables (useLtAuth, useLtTusUpload, etc.)
+- Update package.json to use npm package instead of yalc
+All authentication features now provided by the package:
+- Cookie/JWT dual-mode authentication
+- Passkey/WebAuthn support
+- 2FA/TOTP support
+- Auto-logout on 401
+Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
+### Bug Fixes
+* use exact version 1.0.1 for [@lenne](https://github.com/lenne).tech/nuxt-extensions ([fe8d4c2](https://github.com/lenneTech/nuxt-base-starter/commit/fe8d4c21575977bd093a304adc2e18c7edc61110))
+* migrate to [@lenne](https://github.com/lenne).tech/nuxt-extensions package ([4c8b732](https://github.com/lenneTech/nuxt-base-starter/commit/4c8b732b9d017a0ff7fb21ef09136dcd7fff81f0))
+## [1.2.0](https://github.com/lenneTech/nuxt-base-starter/compare/v1.1.2...v1.2.0) (2026-01-22)
+### Features
+* **auth:** add Cookie/JWT dual-mode authentication with automatic fallback ([8005425](https://github.com/lenneTech/nuxt-base-starter/commit/800542585dc22c1710f8bf587ee8371458454c79))
 ### [1.1.2](https://github.com/lenneTech/nuxt-base-starter/compare/v1.1.1...v1.1.2) (2026-01-22)
 ### [1.1.1](https://github.com/lenneTech/nuxt-base-starter/compare/v1.1.0...v1.1.1) (2026-01-20)
 ### Bug Fixes
-* **auth:** auto-login after registration and improved passkey handling ([625128b](https://github.com/lenneTech/nuxt-base-starter/commit/625128b18fe812c141859946c196f8efb0738dca))
-* **auth:** improve 2FA UX and document dev-mode proxy requirements ([4c4b1f4](https://github.com/lenneTech/nuxt-base-starter/commit/4c4b1f4d8b77fa93469ccc1a31d4f3292cc7c724))
+- **auth:** auto-login after registration and improved passkey handling ([625128b](https://github.com/lenneTech/nuxt-base-starter/commit/625128b18fe812c141859946c196f8efb0738dca))
+- **auth:** improve 2FA UX and document dev-mode proxy requirements ([4c4b1f4](https://github.com/lenneTech/nuxt-base-starter/commit/4c4b1f4d8b77fa93469ccc1a31d4f3292cc7c724))
 ## [1.1.0](https://github.com/lenneTech/nuxt-base-starter/compare/v1.0.3...v1.1.0) (2026-01-20)
 ### Features
-* add complete Better-Auth integration with Passkey support and comprehensive documentation ([e0d470c](https://github.com/lenneTech/nuxt-base-starter/commit/e0d470c8229c37bed2948d929676620f344f4878))
+- add complete Better-Auth integration with Passkey support and comprehensive documentation ([e0d470c](https://github.com/lenneTech/nuxt-base-starter/commit/e0d470c8229c37bed2948d929676620f344f4878))
 ## [1.2.0](https://github.com/lenneTech/nuxt-base-starter/compare/v1.0.3...v1.2.0) (2026-01-20)
 ### Features
-* add complete Better-Auth integration with Passkey support and comprehensive documentation ([70fbec1](https://github.com/lenneTech/nuxt-base-starter/commit/70fbec14e38673c5185195fe05f0cd82bf72a800))
+- add complete Better-Auth integration with Passkey support and comprehensive documentation ([70fbec1](https://github.com/lenneTech/nuxt-base-starter/commit/70fbec14e38673c5185195fe05f0cd82bf72a800))
 ## [1.1.0](https://github.com/lenneTech/nuxt-base-starter/compare/v1.0.3...v1.1.0) (2026-01-20)
@@ -32,19 +69,17 @@ All notable changes to this project will be documented in this file. See [standa
 ### [1.0.2](https://github.com/lenneTech/nuxt-base-starter/compare/v1.0.1...v1.0.2) (2026-01-12)
 ### Bug Fixes
-* add repository field in package.json ([1f43eae](https://github.com/lenneTech/nuxt-base-starter/commit/1f43eae4445b2f8a54cf4442c79be1bd55cf711c))
+- add repository field in package.json ([1f43eae](https://github.com/lenneTech/nuxt-base-starter/commit/1f43eae4445b2f8a54cf4442c79be1bd55cf711c))
 ### [1.0.1](https://github.com/lenneTech/nuxt-base-starter/compare/v1.0.0...v1.0.1) (2026-01-12)
 ## [1.0.0](https://github.com/lenneTech/nuxt-base-starter/compare/v0.3.17...v1.0.0) (2026-01-12)
 ### Bug Fixes
-* **DEV-609:** removed duplicate public folder inside app ([#10](https://github.com/lenneTech/nuxt-base-starter/issues/10)) ([25fe0fe](https://github.com/lenneTech/nuxt-base-starter/commit/25fe0fe3c53bc3400373d9c3f0a4b6705952171b))
+- **DEV-609:** removed duplicate public folder inside app ([#10](https://github.com/lenneTech/nuxt-base-starter/issues/10)) ([25fe0fe](https://github.com/lenneTech/nuxt-base-starter/commit/25fe0fe3c53bc3400373d9c3f0a4b6705952171b))
 ### [0.3.17](https://github.com/lenneTech/nuxt-base-starter/compare/v0.3.16...v0.3.17) (2025-10-17)

package/README.md CHANGED Viewed

@@ -17,7 +17,7 @@ The development server starts at **http://localhost:3001**
 ### Core Framework
 | Technology   | Version | Description                           |
-|--------------|---------|---------------------------------------|
+| ------------ | ------- | ------------------------------------- |
 | Nuxt         | 4.x     | Vue 3 meta-framework with SSR support |
 | TypeScript   | 5.9.x   | Strict type checking enabled          |
 | Tailwind CSS | 4.x     | Utility-first CSS with Vite plugin    |
@@ -28,7 +28,7 @@ The development server starts at **http://localhost:3001**
 Complete authentication system using [Better Auth](https://www.better-auth.com/):
 | Feature            | Description                                           |
-|--------------------|-------------------------------------------------------|
+| ------------------ | ----------------------------------------------------- |
 | Email/Password     | Standard auth with client-side SHA256 hashing         |
 | Two-Factor (2FA)   | TOTP-based 2FA with backup codes                      |
 | Passkey/WebAuthn   | Passwordless authentication (Touch ID, Face ID, etc.) |
@@ -42,7 +42,7 @@ Pre-built auth pages: login, register, forgot-password, reset-password, 2fa
 ### State & Data
 | Package               | Purpose                     |
-|-----------------------|-----------------------------|
+| --------------------- | --------------------------- |
 | Pinia                 | State management            |
 | VueUse                | Vue composition utilities   |
 | @hey-api/client-fetch | Type-safe API client        |
@@ -57,7 +57,7 @@ Pre-built auth pages: login, register, forgot-password, reset-password, 2fa
 ### Developer Experience
 | Tool               | Purpose                            |
-|--------------------|------------------------------------|
+| ------------------ | ---------------------------------- |
 | OxLint             | Fast linting                       |
 | OxFmt              | Code formatting                    |
 | Playwright         | E2E testing                        |
@@ -104,7 +104,7 @@ my-project/
 ## Available Scripts
 | Script                   | Description                            |
-|--------------------------|----------------------------------------|
+| ------------------------ | -------------------------------------- |
 | `npm run dev`            | Start development server               |
 | `npm run build`          | Build for production                   |
 | `npm run preview`        | Preview production build               |

package/nuxt-base-template/README.md CHANGED Viewed

@@ -91,17 +91,17 @@ npm run generate-types
 ## Tech Stack
-| Technology | Version | Description |
-|------------|---------|-------------|
-| Nuxt | 4.2.x | Vue 3 meta-framework with SSR |
-| TypeScript | 5.9.x | Strict type checking |
-| Tailwind CSS | 4.1.x | Utility-first CSS (Vite plugin) |
-| NuxtUI | 4.3.x | Component library with dark mode |
-| Pinia | 0.11.x | State management |
-| Better Auth | 1.4.x | Authentication framework |
-| Playwright | 1.57.x | E2E testing |
-| @hey-api/client-fetch | 0.13.x | Type-safe API client |
-| Valibot | 1.2.x | Schema validation |
+| Technology            | Version | Description                      |
+| --------------------- | ------- | -------------------------------- |
+| Nuxt                  | 4.2.x   | Vue 3 meta-framework with SSR    |
+| TypeScript            | 5.9.x   | Strict type checking             |
+| Tailwind CSS          | 4.1.x   | Utility-first CSS (Vite plugin)  |
+| NuxtUI                | 4.3.x   | Component library with dark mode |
+| Pinia                 | 0.11.x  | State management                 |
+| Better Auth           | 1.4.x   | Authentication framework         |
+| Playwright            | 1.57.x  | E2E testing                      |
+| @hey-api/client-fetch | 0.13.x  | Type-safe API client             |
+| Valibot               | 1.2.x   | Schema validation                |
 ## Key Features

package/nuxt-base-template/app/components/Modal/ModalBackupCodes.vue CHANGED Viewed

@@ -7,7 +7,8 @@ import type { InferOutput } from 'valibot';
 import * as v from 'valibot';
-import { authClient } from '~/lib/auth-client';
+// Auth client from @lenne.tech/nuxt-extensions (auto-imported as ltAuthClient)
+const authClient = ltAuthClient;
 // ============================================================================
 // Props & Emits

package/nuxt-base-template/app/components/Upload/TusFileUpload.vue CHANGED Viewed

@@ -1,5 +1,5 @@
 <script setup lang="ts">
-import type { UploadItem } from '~/interfaces/upload.interface';
+import type { LtUploadItem } from '@lenne.tech/nuxt-extensions';
 // ============================================================================
 // Props & Emits
@@ -45,11 +45,11 @@ const props = withDefaults(defineProps<Props>(), {
 const emit = defineEmits<{
   /** Alle Uploads abgeschlossen */
-  complete: [items: UploadItem[]];
+  complete: [items: LtUploadItem[]];
   /** Upload-Fehler */
-  error: [item: UploadItem, error: Error];
+  error: [item: LtUploadItem, error: Error];
   /** Ein Upload abgeschlossen */
-  success: [item: UploadItem];
+  success: [item: LtUploadItem];
   /** Files geaendert */
   'update:modelValue': [files: File[]];
 }>();
@@ -58,12 +58,12 @@ const emit = defineEmits<{
 // Composables
 // ============================================================================
 const toast = useToast();
-const { formatDuration, formatFileSize } = useFile();
+const { formatDuration, formatFileSize } = useLtFile();
 // ============================================================================
 // TUS Upload Setup
 // ============================================================================
-const { addFiles, cancelAll, cancelUpload, clearCompleted, isUploading, pauseAll, pauseUpload, resumeAll, resumeUpload, retryUpload, totalProgress, uploads } = useTusUpload({
+const { addFiles, cancelAll, cancelUpload, clearCompleted, isUploading, pauseAll, pauseUpload, resumeAll, resumeUpload, retryUpload, totalProgress, uploads } = useLtTusUpload({
   autoStart: props.autoStart,
   chunkSize: props.chunkSize,
   endpoint: props.endpoint,
@@ -162,7 +162,7 @@ function getStatusLabel(status: string): string {
 // ============================================================================
 // Helpers
 // ============================================================================
-function getUploadForFile(file: File, index: number): undefined | UploadItem {
+function getUploadForFile(file: File, index: number): undefined | LtUploadItem {
   // Versuche ueber Index zu matchen (funktioniert wenn Reihenfolge gleich)
   const upload = uploads.value[index];
   if (upload?.file.name === file.name && upload?.file.size === file.size) {

package/nuxt-base-template/app/interfaces/user.interface.ts CHANGED Viewed

@@ -1,12 +1,5 @@
-export interface User {
-  banExpires?: Date;
-  banned?: boolean;
-  banReason?: string;
-  email: string;
-  emailVerified: boolean;
-  id: string;
-  image?: string;
-  name?: string;
-  role?: string;
-  twoFactorEnabled?: boolean;
-}
+/**
+ * Re-export LtUser from @lenne.tech/nuxt-extensions as User
+ * This provides backwards compatibility while using the package type
+ */
+export type { LtUser as User } from '@lenne.tech/nuxt-extensions';

package/nuxt-base-template/app/layouts/default.vue CHANGED Viewed

@@ -1,7 +1,7 @@
 <script setup lang="ts">
 import type { NavigationMenuItem } from '@nuxt/ui';
-const { isAuthenticated, signOut, user } = useBetterAuth();
+const { isAuthenticated, signOut, user } = useLtAuth();
 async function handleLogout() {
   await signOut();

package/nuxt-base-template/app/middleware/admin.global.ts CHANGED Viewed

@@ -4,20 +4,40 @@ export default defineNuxtRouteMiddleware(async (to) => {
     return;
   }
-  const { isAdmin, isAuthenticated, isLoading } = useBetterAuth();
+  let isAuthenticated = false;
+  let isAdmin = false;
-  // Wait for session to load
-  if (isLoading.value) {
-    return;
+  // On client, read directly from document.cookie for accurate state
+  if (import.meta.client) {
+    try {
+      const cookie = document.cookie.split('; ').find((row) => row.startsWith('lt-auth-state='));
+      if (cookie) {
+        const parts = cookie.split('=');
+        const value = parts.length > 1 ? decodeURIComponent(parts.slice(1).join('=')) : '';
+        const state = JSON.parse(value);
+        isAuthenticated = !!state?.user;
+        isAdmin = state?.user?.role === 'admin';
+      }
+    } catch {
+      // Ignore parse errors
+    }
+  } else {
+    // On server, use useCookie
+    const authStateCookie = useCookie<{ user: { role?: string } | null; authMode: string } | null>('lt-auth-state');
+    isAuthenticated = !!authStateCookie.value?.user;
+    isAdmin = authStateCookie.value?.user?.role === 'admin';
   }
   // Redirect to login if not authenticated
-  if (!isAuthenticated.value) {
-    return navigateTo('/auth/login');
+  if (!isAuthenticated) {
+    return navigateTo({
+      path: '/auth/login',
+      query: { redirect: to.fullPath },
+    });
   }
   // Redirect to /app if authenticated but not admin
-  if (!isAdmin.value) {
+  if (!isAdmin) {
     return navigateTo('/app');
   }
 });

package/nuxt-base-template/app/middleware/auth.global.ts CHANGED Viewed

@@ -4,15 +4,32 @@ export default defineNuxtRouteMiddleware(async (to) => {
     return;
   }
-  const { isAuthenticated, isLoading } = useBetterAuth();
+  let isAuthenticated = false;
-  // Wait for session to load
-  if (isLoading.value) {
-    return;
+  // On client, read directly from document.cookie for accurate state
+  if (import.meta.client) {
+    try {
+      const cookie = document.cookie.split('; ').find((row) => row.startsWith('lt-auth-state='));
+      if (cookie) {
+        const parts = cookie.split('=');
+        const value = parts.length > 1 ? decodeURIComponent(parts.slice(1).join('=')) : '';
+        const state = JSON.parse(value);
+        isAuthenticated = !!state?.user;
+      }
+    } catch {
+      // Ignore parse errors
+    }
+  } else {
+    // On server, use useCookie
+    const authStateCookie = useCookie<{ user: unknown; authMode: string } | null>('lt-auth-state');
+    isAuthenticated = !!authStateCookie.value?.user;
   }
   // Redirect to login if not authenticated
-  if (!isAuthenticated.value) {
-    return navigateTo('/auth/login');
+  if (!isAuthenticated) {
+    return navigateTo({
+      path: '/auth/login',
+      query: { redirect: to.fullPath },
+    });
   }
 });

package/nuxt-base-template/app/middleware/guest.global.ts CHANGED Viewed

@@ -4,15 +4,30 @@ export default defineNuxtRouteMiddleware(async (to) => {
     return;
   }
-  const { isAuthenticated, isLoading } = useBetterAuth();
+  let isAuthenticated = false;
-  // Wait for session to load
-  if (isLoading.value) {
-    return;
+  // On client, read directly from document.cookie for accurate state
+  if (import.meta.client) {
+    try {
+      const cookie = document.cookie.split('; ').find((row) => row.startsWith('lt-auth-state='));
+      if (cookie) {
+        const parts = cookie.split('=');
+        const value = parts.length > 1 ? decodeURIComponent(parts.slice(1).join('=')) : '';
+        const state = JSON.parse(value);
+        isAuthenticated = !!state?.user;
+      }
+    } catch {
+      // Ignore parse errors
+    }
+  } else {
+    // On server, use useCookie
+    const authStateCookie = useCookie<{ user: unknown; authMode: string } | null>('lt-auth-state');
+    isAuthenticated = !!authStateCookie.value?.user;
   }
-  // Redirect to /app if already authenticated
-  if (isAuthenticated.value) {
-    return navigateTo('/app');
+  // Redirect to /app (or redirect query) if already authenticated
+  if (isAuthenticated) {
+    const redirect = to.query.redirect as string;
+    return navigateTo(redirect || '/app');
   }
 });

package/nuxt-base-template/app/pages/app/index.vue CHANGED Viewed

@@ -2,7 +2,7 @@
 // ============================================================================
 // Composables
 // ============================================================================
-const { user, signOut } = useBetterAuth();
+const { user, signOut } = useLtAuth();
 // ============================================================================
 // Variables
@@ -29,9 +29,7 @@ async function handleSignOut(): Promise<void> {
   <div class="mx-auto max-w-4xl px-4 py-8">
     <!-- Welcome Header -->
     <div class="mb-8">
-      <h1 class="text-3xl font-bold">
-        Willkommen{{ user?.name ? `, ${user.name}` : '' }}!
-      </h1>
+      <h1 class="text-3xl font-bold">Willkommen{{ user?.name ? `, ${user.name}` : '' }}!</h1>
       <p class="mt-2 text-muted">
         {{ user?.email }}
       </p>
@@ -41,12 +39,7 @@ async function handleSignOut(): Promise<void> {
     <div class="mb-8">
       <h2 class="mb-4 text-xl font-semibold">Schnellzugriff</h2>
       <div class="grid gap-4 sm:grid-cols-2 lg:grid-cols-3">
-        <UCard
-          v-for="page in pages"
-          :key="page.to"
-          class="cursor-pointer transition-shadow hover:shadow-lg"
-          @click="navigateTo(page.to)"
-        >
+        <UCard v-for="page in pages" :key="page.to" class="cursor-pointer transition-shadow hover:shadow-lg" @click="navigateTo(page.to)">
           <div class="flex items-start gap-4">
             <div class="rounded-lg bg-primary/10 p-3">
               <UIcon :name="page.icon" class="size-6 text-primary" />
@@ -87,14 +80,7 @@ async function handleSignOut(): Promise<void> {
       </div>
       <template #footer>
-        <UButton
-          color="error"
-          variant="outline"
-          icon="i-lucide-log-out"
-          @click="handleSignOut"
-        >
-          Abmelden
-        </UButton>
+        <UButton color="error" variant="outline" icon="i-lucide-log-out" @click="handleSignOut"> Abmelden </UButton>
       </template>
     </UCard>
   </div>

package/nuxt-base-template/app/pages/app/settings/security.vue CHANGED Viewed

@@ -8,7 +8,6 @@ import type { InferOutput } from 'valibot';
 import * as v from 'valibot';
 import ModalBackupCodes from '~/components/Modal/ModalBackupCodes.vue';
-import { authClient } from '~/lib/auth-client';
 // ============================================================================
 // Interfaces
@@ -24,7 +23,8 @@ interface Passkey {
 // ============================================================================
 const toast = useToast();
 const overlay = useOverlay();
-const { is2FAEnabled, registerPasskey, setUser, user } = useBetterAuth();
+const { is2FAEnabled, registerPasskey, setUser, user } = useLtAuth();
+const authClient = useLtAuthClient();
 // ============================================================================
 // Variables

package/nuxt-base-template/app/pages/auth/2fa.vue CHANGED Viewed

@@ -7,13 +7,12 @@ import type { InferOutput } from 'valibot';
 import * as v from 'valibot';
-import { authClient } from '~/lib/auth-client';
 // ============================================================================
 // Composables
 // ============================================================================
 const toast = useToast();
-const { setUser, validateSession } = useBetterAuth();
+const { fetchWithAuth, setUser, switchToJwtMode, jwtToken } = useLtAuth();
+const authClient = useLtAuthClient();
 // ============================================================================
 // Page Meta
@@ -76,13 +75,45 @@ async function onSubmit(payload: FormSubmitEvent<Schema>): Promise<void> {
       }
     }
-    // Update auth state with user data from response
+    // Extract token and user data from response (JWT mode: cookies: false)
+    const token = result?.token || result?.data?.token;
     const userData = result?.data?.user || result?.user;
-    if (userData) {
-      setUser(userData);
+    if (token) {
+      // JWT mode: Token is in the response
+      jwtToken.value = token;
+      if (userData) {
+        setUser(userData, 'jwt');
+      }
+      console.debug('[Auth] JWT token received from 2FA response');
+    } else if (userData) {
+      // Cookie mode: No token in response, use cookies
+      setUser(userData, 'cookie');
+      // Try to get JWT token for fallback
+      switchToJwtMode().catch(() => {});
     } else {
-      // Fallback: validate session to get user data
-      await validateSession();
+      // Fallback: fetch session data from API using authenticated fetch
+      try {
+        const isDev = import.meta.dev;
+        const runtimeConfig = useRuntimeConfig();
+        const apiBase = isDev ? '/api/iam' : `${runtimeConfig.public.apiUrl || 'http://localhost:3000'}/iam`;
+        const sessionResponse = await fetchWithAuth(`${apiBase}/get-session`);
+        if (sessionResponse.ok) {
+          const sessionData = await sessionResponse.json();
+          const sessionToken = sessionData?.token;
+          if (sessionToken) {
+            jwtToken.value = sessionToken;
+            if (sessionData?.user) {
+              setUser(sessionData.user, 'jwt');
+            }
+          } else if (sessionData?.user) {
+            setUser(sessionData.user, 'cookie');
+            switchToJwtMode().catch(() => {});
+          }
+        }
+      } catch {
+        // Ignore session fetch errors
+      }
     }
     await navigateTo('/app');

package/nuxt-base-template/app/pages/auth/forgot-password.vue CHANGED Viewed

@@ -7,7 +7,8 @@ import type { InferOutput } from 'valibot';
 import * as v from 'valibot';
-import { authClient } from '~/lib/auth-client';
+// Auth client from @lenne.tech/nuxt-extensions (auto-imported as ltAuthClient)
+const authClient = ltAuthClient;
 // ============================================================================
 // Composables