npm - export-runtime - Versions diffs - 0.0.9 → 0.0.11 - Mend

export-runtime 0.0.9 → 0.0.11

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/auth.js ADDED Viewed

@@ -0,0 +1,129 @@
+// Better-auth integration for export-runtime
+// This module provides authentication via better-auth with D1 storage
+let betterAuthModule = null;
+// Lazy load better-auth (optional peer dependency)
+const loadBetterAuth = async () => {
+  if (betterAuthModule) return betterAuthModule;
+  try {
+    betterAuthModule = await import("better-auth");
+    return betterAuthModule;
+  } catch {
+    return null;
+  }
+};
+// Create auth instance for a request
+export const createAuth = async (env, authConfig) => {
+  const { betterAuth } = await loadBetterAuth() || {};
+  if (!betterAuth) {
+    console.warn("[export-runtime] better-auth not installed. Run: npm install better-auth");
+    return null;
+  }
+  const { database, providers = {}, ...restConfig } = authConfig;
+  const dbBinding = database || "AUTH_DB";
+  const db = env[dbBinding];
+  if (!db) {
+    console.warn(`[export-runtime] D1 binding "${dbBinding}" not found for auth`);
+    return null;
+  }
+  // Build social providers config
+  const socialProviders = {};
+  if (providers.google) {
+    socialProviders.google = {
+      clientId: providers.google.clientId || env.GOOGLE_CLIENT_ID,
+      clientSecret: providers.google.clientSecret || env.GOOGLE_CLIENT_SECRET,
+    };
+  }
+  if (providers.github) {
+    socialProviders.github = {
+      clientId: providers.github.clientId || env.GITHUB_CLIENT_ID,
+      clientSecret: providers.github.clientSecret || env.GITHUB_CLIENT_SECRET,
+    };
+  }
+  if (providers.discord) {
+    socialProviders.discord = {
+      clientId: providers.discord.clientId || env.DISCORD_CLIENT_ID,
+      clientSecret: providers.discord.clientSecret || env.DISCORD_CLIENT_SECRET,
+    };
+  }
+  // Initialize better-auth
+  const auth = betterAuth({
+    database: {
+      provider: "sqlite",
+      url: db, // D1 is SQLite-compatible
+    },
+    secret: env.BETTER_AUTH_SECRET || env.AUTH_SECRET,
+    emailAndPassword: {
+      enabled: true,
+    },
+    socialProviders,
+    session: {
+      expiresIn: 60 * 60 * 24 * 7, // 7 days
+      updateAge: 60 * 60 * 24, // Refresh after 1 day
+      cookieCache: {
+        enabled: true,
+        maxAge: 5 * 60, // 5 minutes
+      },
+    },
+    ...restConfig,
+  });
+  return auth;
+};
+// Handle auth HTTP routes
+export const handleAuthRoute = async (request, env, authConfig) => {
+  const auth = await createAuth(env, authConfig);
+  if (!auth) {
+    return new Response(JSON.stringify({ error: "Auth not configured" }), {
+      status: 500,
+      headers: { "Content-Type": "application/json" },
+    });
+  }
+  // Let better-auth handle the request
+  return auth.handler(request);
+};
+// Get session from request headers (for WebSocket auth)
+export const getSessionFromRequest = async (request, env, authConfig) => {
+  const auth = await createAuth(env, authConfig);
+  if (!auth) return null;
+  try {
+    const session = await auth.api.getSession({
+      headers: request.headers,
+    });
+    return session;
+  } catch {
+    return null;
+  }
+};
+// Verify session token (for WebSocket messages)
+export const verifySession = async (token, env, authConfig) => {
+  const auth = await createAuth(env, authConfig);
+  if (!auth) return null;
+  try {
+    // Create a mock request with the session cookie
+    const mockHeaders = new Headers();
+    mockHeaders.set("Cookie", `better-auth.session_token=${token}`);
+    const session = await auth.api.getSession({
+      headers: mockHeaders,
+    });
+    return session;
+  } catch {
+    return null;
+  }
+};

package/bin/auth.mjs ADDED Viewed

@@ -0,0 +1,313 @@
+#!/usr/bin/env node
+import fs from "fs";
+import path from "path";
+const cwd = process.cwd();
+const pkgPath = path.join(cwd, "package.json");
+// Supported OAuth providers and their required env vars
+const PROVIDERS = {
+  google: {
+    clientId: "GOOGLE_CLIENT_ID",
+    clientSecret: "GOOGLE_CLIENT_SECRET",
+  },
+  github: {
+    clientId: "GITHUB_CLIENT_ID",
+    clientSecret: "GITHUB_CLIENT_SECRET",
+  },
+  discord: {
+    clientId: "DISCORD_CLIENT_ID",
+    clientSecret: "DISCORD_CLIENT_SECRET",
+  },
+  twitter: {
+    clientId: "TWITTER_CLIENT_ID",
+    clientSecret: "TWITTER_CLIENT_SECRET",
+  },
+  facebook: {
+    clientId: "FACEBOOK_CLIENT_ID",
+    clientSecret: "FACEBOOK_CLIENT_SECRET",
+  },
+  apple: {
+    clientId: "APPLE_CLIENT_ID",
+    clientSecret: "APPLE_CLIENT_SECRET",
+  },
+  microsoft: {
+    clientId: "MICROSOFT_CLIENT_ID",
+    clientSecret: "MICROSOFT_CLIENT_SECRET",
+  },
+  linkedin: {
+    clientId: "LINKEDIN_CLIENT_ID",
+    clientSecret: "LINKEDIN_CLIENT_SECRET",
+  },
+};
+function readPackageJson() {
+  if (!fs.existsSync(pkgPath)) {
+    console.error("package.json not found in", cwd);
+    process.exit(1);
+  }
+  return JSON.parse(fs.readFileSync(pkgPath, "utf8"));
+}
+function writePackageJson(pkg) {
+  fs.writeFileSync(pkgPath, JSON.stringify(pkg, null, 2) + "\n");
+}
+function readEnvFile() {
+  const envPath = path.join(cwd, ".dev.vars");
+  if (!fs.existsSync(envPath)) {
+    return {};
+  }
+  const content = fs.readFileSync(envPath, "utf8");
+  const env = {};
+  for (const line of content.split("\n")) {
+    const trimmed = line.trim();
+    if (!trimmed || trimmed.startsWith("#")) continue;
+    const eqIndex = trimmed.indexOf("=");
+    if (eqIndex > 0) {
+      const key = trimmed.slice(0, eqIndex).trim();
+      let value = trimmed.slice(eqIndex + 1).trim();
+      // Remove quotes if present
+      if ((value.startsWith('"') && value.endsWith('"')) ||
+          (value.startsWith("'") && value.endsWith("'"))) {
+        value = value.slice(1, -1);
+      }
+      env[key] = value;
+    }
+  }
+  return env;
+}
+function writeEnvFile(env) {
+  const envPath = path.join(cwd, ".dev.vars");
+  const lines = [];
+  // Add header comment if file is new
+  if (!fs.existsSync(envPath)) {
+    lines.push("# Local development environment variables");
+    lines.push("# These are used by wrangler dev and should NOT be committed to git");
+    lines.push("");
+  }
+  for (const [key, value] of Object.entries(env)) {
+    // Quote values that contain spaces or special characters
+    const needsQuotes = /[\s"'=]/.test(value);
+    lines.push(`${key}=${needsQuotes ? `"${value}"` : value}`);
+  }
+  fs.writeFileSync(envPath, lines.join("\n") + "\n");
+}
+function ensureGitignore() {
+  const gitignorePath = path.join(cwd, ".gitignore");
+  let content = "";
+  if (fs.existsSync(gitignorePath)) {
+    content = fs.readFileSync(gitignorePath, "utf8");
+  }
+  if (!content.includes(".dev.vars")) {
+    const lines = content ? content.split("\n") : [];
+    if (lines.length > 0 && lines[lines.length - 1] !== "") {
+      lines.push("");
+    }
+    lines.push("# Local secrets (wrangler dev)");
+    lines.push(".dev.vars");
+    lines.push("");
+    fs.writeFileSync(gitignorePath, lines.join("\n"));
+    console.log("Added .dev.vars to .gitignore");
+  }
+}
+function addProvider(provider, credentials) {
+  const providerLower = provider.toLowerCase();
+  if (!PROVIDERS[providerLower]) {
+    console.error(`Unknown provider: ${provider}`);
+    console.error("Supported providers:", Object.keys(PROVIDERS).join(", "));
+    process.exit(1);
+  }
+  // Parse credentials (format: clientId:clientSecret or just clientId if secret provided separately)
+  let clientId, clientSecret;
+  if (credentials.includes(":")) {
+    [clientId, clientSecret] = credentials.split(":", 2);
+  } else {
+    clientId = credentials;
+    clientSecret = process.argv[5]; // Fourth argument
+  }
+  if (!clientId || !clientSecret) {
+    console.error("Usage: npm run auth:add -- <provider> <clientId>:<clientSecret>");
+    console.error("   or: npm run auth:add -- <provider> <clientId> <clientSecret>");
+    process.exit(1);
+  }
+  // Update package.json to enable auth
+  const pkg = readPackageJson();
+  if (!pkg.cloudflare) pkg.cloudflare = {};
+  if (!pkg.cloudflare.auth) pkg.cloudflare.auth = {};
+  if (pkg.cloudflare.auth === true) pkg.cloudflare.auth = {};
+  // Add provider to auth config
+  if (!pkg.cloudflare.auth.providers) pkg.cloudflare.auth.providers = [];
+  if (!pkg.cloudflare.auth.providers.includes(providerLower)) {
+    pkg.cloudflare.auth.providers.push(providerLower);
+  }
+  writePackageJson(pkg);
+  console.log(`Enabled ${provider} authentication in package.json`);
+  // Update .dev.vars with credentials
+  const env = readEnvFile();
+  const providerConfig = PROVIDERS[providerLower];
+  env[providerConfig.clientId] = clientId;
+  env[providerConfig.clientSecret] = clientSecret;
+  // Ensure BETTER_AUTH_SECRET exists
+  if (!env.BETTER_AUTH_SECRET) {
+    env.BETTER_AUTH_SECRET = generateSecret();
+    console.log("Generated BETTER_AUTH_SECRET");
+  }
+  writeEnvFile(env);
+  ensureGitignore();
+  console.log(`Saved ${provider} credentials to .dev.vars`);
+  console.log("");
+  console.log("For production, set these secrets in Cloudflare dashboard:");
+  console.log(`  ${providerConfig.clientId}=${clientId}`);
+  console.log(`  ${providerConfig.clientSecret}=***`);
+  console.log(`  BETTER_AUTH_SECRET=***`);
+  console.log("");
+  console.log("OAuth callback URL:");
+  console.log(`  https://your-worker.workers.dev/api/auth/callback/${providerLower}`);
+}
+function removeProvider(provider) {
+  const providerLower = provider.toLowerCase();
+  if (!PROVIDERS[providerLower]) {
+    console.error(`Unknown provider: ${provider}`);
+    process.exit(1);
+  }
+  // Update package.json
+  const pkg = readPackageJson();
+  if (pkg.cloudflare?.auth?.providers) {
+    pkg.cloudflare.auth.providers = pkg.cloudflare.auth.providers.filter(p => p !== providerLower);
+    if (pkg.cloudflare.auth.providers.length === 0) {
+      delete pkg.cloudflare.auth.providers;
+    }
+    // If auth config is empty object, set to true for simpler config
+    if (Object.keys(pkg.cloudflare.auth).length === 0) {
+      pkg.cloudflare.auth = true;
+    }
+  }
+  writePackageJson(pkg);
+  console.log(`Removed ${provider} from package.json`);
+  // Remove from .dev.vars
+  const env = readEnvFile();
+  const providerConfig = PROVIDERS[providerLower];
+  delete env[providerConfig.clientId];
+  delete env[providerConfig.clientSecret];
+  writeEnvFile(env);
+  console.log(`Removed ${provider} credentials from .dev.vars`);
+  console.log("");
+  console.log("Remember to also remove the secrets from Cloudflare dashboard");
+}
+function listProviders() {
+  const pkg = readPackageJson();
+  const env = readEnvFile();
+  console.log("Available OAuth providers:");
+  console.log("");
+  for (const [name, config] of Object.entries(PROVIDERS)) {
+    const hasCredentials = env[config.clientId] && env[config.clientSecret];
+    const isEnabled = pkg.cloudflare?.auth?.providers?.includes(name);
+    const status = isEnabled && hasCredentials ? "[configured]" :
+                   isEnabled ? "[enabled, missing credentials]" :
+                   hasCredentials ? "[credentials only]" : "";
+    console.log(`  ${name} ${status}`);
+  }
+  console.log("");
+  if (pkg.cloudflare?.auth) {
+    console.log("Auth is enabled in package.json");
+  } else {
+    console.log("Auth is not enabled. Run: npm run auth:add -- <provider> <credentials>");
+  }
+}
+function generateSecret() {
+  const chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
+  let result = "";
+  const randomValues = new Uint8Array(32);
+  crypto.getRandomValues(randomValues);
+  for (let i = 0; i < 32; i++) {
+    result += chars[randomValues[i] % chars.length];
+  }
+  return result;
+}
+function showHelp() {
+  console.log(`
+export-auth - Manage OAuth providers for export-runtime
+Usage:
+  npm run auth:add -- <provider> <clientId>:<clientSecret>
+  npm run auth:add -- <provider> <clientId> <clientSecret>
+  npm run auth:remove -- <provider>
+  npm run auth:list
+Commands:
+  add      Add an OAuth provider with credentials
+  remove   Remove an OAuth provider
+  list     List available providers and their status
+Supported providers:
+  ${Object.keys(PROVIDERS).join(", ")}
+Examples:
+  npm run auth:add -- google 123456.apps.googleusercontent.com:GOCSPX-xxx
+  npm run auth:add -- github Iv1.abc123:ghp_xxx
+  npm run auth:remove -- google
+  npm run auth:list
+`);
+}
+// Main
+const [,, command, ...args] = process.argv;
+switch (command) {
+  case "add":
+    if (args.length < 2) {
+      console.error("Usage: npm run auth:add -- <provider> <clientId>:<clientSecret>");
+      process.exit(1);
+    }
+    addProvider(args[0], args[1]);
+    break;
+  case "remove":
+    if (args.length < 1) {
+      console.error("Usage: npm run auth:remove -- <provider>");
+      process.exit(1);
+    }
+    removeProvider(args[0]);
+    break;
+  case "list":
+    listProviders();
+    break;
+  case "help":
+  case "--help":
+  case "-h":
+    showHelp();
+    break;
+  default:
+    showHelp();
+    process.exit(command ? 1 : 0);
+}

package/bin/generate-types.mjs CHANGED Viewed

@@ -9,25 +9,69 @@ import { fileURLToPath } from "url";
 const cwd = process.cwd();
-// Read wrangler.toml to find source root
-const wranglerPath = path.join(cwd, "wrangler.toml");
-if (!fs.existsSync(wranglerPath)) {
-  console.error("wrangler.toml not found in", cwd);
+// --- Read package.json for configuration ---
+const pkgPath = path.join(cwd, "package.json");
+if (!fs.existsSync(pkgPath)) {
+  console.error("package.json not found in", cwd);
   process.exit(1);
 }
-const wranglerContent = fs.readFileSync(wranglerPath, "utf8");
-const aliasMatch = wranglerContent.match(/"__USER_MODULE__"\s*=\s*"([^"]+)"/);
-if (!aliasMatch) {
-  console.error('Could not find __USER_MODULE__ alias in wrangler.toml');
+const pkg = JSON.parse(fs.readFileSync(pkgPath, "utf8"));
+// Required fields
+const workerName = pkg.name;
+if (!workerName) {
+  console.error("package.json must have a 'name' field for the Worker name");
   process.exit(1);
 }
-// Derive source root directory from the alias (e.g., "./src/index.ts" → "./src")
-const aliasTarget = aliasMatch[1];
-// If alias points to the module map, resolve src dir from it; otherwise derive from file
-const srcDir = aliasTarget.includes(".export-module-map")
-  ? path.resolve(cwd, "src")
-  : path.resolve(cwd, path.dirname(aliasTarget.replace(/^\.\//, "")));
+const exportsEntry = pkg.exports;
+if (!exportsEntry) {
+  console.error("package.json must have an 'exports' field pointing to the source entry (e.g., './src' or './src/index.ts')");
+  process.exit(1);
+}
+// Optional: static assets directory
+const assetsDir = pkg.main || null;
+// Optional: Cloudflare bindings configuration (d1, r2, kv, auth)
+const cloudflareConfig = pkg.cloudflare || {};
+const d1Bindings = cloudflareConfig.d1 || [];
+const r2Bindings = cloudflareConfig.r2 || [];
+const kvBindings = cloudflareConfig.kv || [];
+const authConfig = cloudflareConfig.auth || null;
+// Auth requires a D1 database for better-auth
+const allD1Bindings = [...d1Bindings];
+if (authConfig && !allD1Bindings.includes("AUTH_DB")) {
+  allD1Bindings.unshift("AUTH_DB");
+}
+// Validate binding names
+const validateBindings = (bindings, type) => {
+  for (const name of bindings) {
+    if (!/^[A-Z][A-Z0-9_]*$/.test(name)) {
+      console.error(`Invalid ${type} binding name: "${name}". Use UPPER_SNAKE_CASE.`);
+      process.exit(1);
+    }
+  }
+};
+validateBindings(d1Bindings, "D1");
+validateBindings(r2Bindings, "R2");
+validateBindings(kvBindings, "KV");
+// --- Resolve source directory from exports field ---
+const exportsPath = path.resolve(cwd, exportsEntry.replace(/^\.\//, ""));
+const srcDir = fs.existsSync(exportsPath) && fs.statSync(exportsPath).isDirectory()
+  ? exportsPath
+  : path.dirname(exportsPath);
+if (!fs.existsSync(srcDir)) {
+  console.error(`Source directory not found: ${srcDir}`);
+  process.exit(1);
+}
 // --- Discover all source files under srcDir ---
@@ -242,7 +286,17 @@ for (const mod of modules) {
 // --- Minify core modules ---
 const __dirname = path.dirname(fileURLToPath(import.meta.url));
-const { CORE_CODE, SHARED_CORE_CODE } = await import(path.join(__dirname, "..", "client.js"));
+const { generateCoreCode } = await import(path.join(__dirname, "..", "client.js"));
+// Generate core code with export config
+const coreConfig = {
+  d1: allD1Bindings,
+  r2: r2Bindings,
+  kv: kvBindings,
+  auth: !!authConfig,
+};
+const CORE_CODE = generateCoreCode(coreConfig);
+const SHARED_CORE_CODE = generateCoreCode({ ...coreConfig, shared: true });
 const minified = minifySync("_core.js", CORE_CODE);
 if (minified.errors?.length) console.error("Minification errors (core):", minified.errors);
@@ -327,7 +381,100 @@ for (const mod of modules) {
 sharedLines.push(`export { getStub };`);
 fs.writeFileSync(sharedModulePath, sharedLines.join("\n") + "\n");
+// --- Generate wrangler.toml ---
+const wranglerLines = [
+  `# Auto-generated by export-runtime. Do not edit manually.`,
+  `name = "${workerName}"`,
+  `main = "node_modules/export-runtime/entry.js"`,
+  `compatibility_date = "2024-11-01"`,
+  ``,
+];
+// Add static assets configuration if main is specified
+if (assetsDir) {
+  const normalizedAssetsDir = assetsDir.startsWith("./") ? assetsDir : `./${assetsDir}`;
+  wranglerLines.push(
+    `[assets]`,
+    `directory = "${normalizedAssetsDir}"`,
+    `binding = "ASSETS"`,
+    `run_worker_first = true`,
+    ``,
+  );
+}
+// Add Durable Objects for shared state
+wranglerLines.push(
+  `[durable_objects]`,
+  `bindings = [`,
+  `  { name = "SHARED_EXPORT", class_name = "SharedExportDO" }`,
+  `]`,
+  ``,
+  `[[migrations]]`,
+  `tag = "v1"`,
+  `new_classes = ["SharedExportDO"]`,
+  ``,
+);
+// Add D1 bindings
+if (allD1Bindings.length > 0) {
+  for (const name of allD1Bindings) {
+    wranglerLines.push(`[[d1_databases]]`);
+    wranglerLines.push(`binding = "${name}"`);
+    wranglerLines.push(`database_name = "${workerName}-${name.toLowerCase().replace(/_/g, "-")}"`);
+    wranglerLines.push(`database_id = "" # Run: wrangler d1 create ${workerName}-${name.toLowerCase().replace(/_/g, "-")}`);
+    wranglerLines.push(``);
+  }
+}
+// Add R2 bindings
+if (r2Bindings.length > 0) {
+  for (const name of r2Bindings) {
+    wranglerLines.push(`[[r2_buckets]]`);
+    wranglerLines.push(`binding = "${name}"`);
+    wranglerLines.push(`bucket_name = "${workerName}-${name.toLowerCase().replace(/_/g, "-")}"`);
+    wranglerLines.push(``);
+  }
+}
+// Add KV bindings
+if (kvBindings.length > 0) {
+  for (const name of kvBindings) {
+    wranglerLines.push(`[[kv_namespaces]]`);
+    wranglerLines.push(`binding = "${name}"`);
+    wranglerLines.push(`id = "" # Run: wrangler kv namespace create ${name}`);
+    wranglerLines.push(``);
+  }
+}
+// Add alias
+wranglerLines.push(
+  `[alias]`,
+  `"__USER_MODULE__" = "./.export-module-map.js"`,
+  `"__GENERATED_TYPES__" = "./.export-types.js"`,
+  `"__SHARED_MODULE__" = "./.export-shared.js"`,
+  `"__EXPORT_CONFIG__" = "./.export-config.js"`,
+  ``,
+);
+// --- Write .export-config.js ---
+const configPath = path.join(cwd, ".export-config.js");
+const configContent = `// Auto-generated export configuration
+export const d1Bindings = ${JSON.stringify(allD1Bindings)};
+export const r2Bindings = ${JSON.stringify(r2Bindings)};
+export const kvBindings = ${JSON.stringify(kvBindings)};
+export const authConfig = ${JSON.stringify(authConfig)};
+`;
+fs.writeFileSync(configPath, configContent);
+const wranglerPath = path.join(cwd, "wrangler.toml");
+fs.writeFileSync(wranglerPath, wranglerLines.join("\n"));
+// --- Output summary ---
 console.log(`Discovered ${modules.length} module(s): ${modules.map(m => m.routePath || "/").join(", ")}`);
 console.log("Generated type definitions + minified core →", outPath);
 console.log("Generated module map →", moduleMapPath);
 console.log("Generated shared import module →", sharedModulePath);
+console.log("Generated wrangler.toml →", wranglerPath);

package/client.js CHANGED Viewed

@@ -1,4 +1,5 @@
 // Core module template. __WS_SUFFIX__ is replaced: "./" for normal, "./?shared" for shared.
+// __D1_BINDINGS__, __R2_BINDINGS__, __KV_BINDINGS__, __AUTH_ENABLED__ are replaced with config.
 const CORE_TEMPLATE = `
 const stringify = (value) => {
   const stringified = [];
@@ -109,22 +110,77 @@ const parse = (serialized) => {
 const _u = new URL("__WS_SUFFIX__", import.meta.url);
 _u.protocol = _u.protocol === "https:" ? "wss:" : "ws:";
-const ws = new WebSocket(_u.href);
+let ws = new WebSocket(_u.href);
 const pending = new Map();
 let nextId = 1;
 let keepaliveInterval;
+let sessionToken = null;
-const ready = new Promise((resolve, reject) => {
-  ws.onopen = () => {
+const setupWs = (socket) => {
+  socket.onopen = () => {
     keepaliveInterval = setInterval(() => {
-      if (ws.readyState === WebSocket.OPEN) ws.send(stringify({ type: "ping", id: 0 }));
+      if (socket.readyState === WebSocket.OPEN) socket.send(stringify({ type: "ping", id: 0 }));
     }, 30000);
-    resolve();
+    // Send session token if available
+    if (sessionToken) {
+      socket.send(stringify({ type: "auth", token: sessionToken, id: 0 }));
+    }
+  };
+  socket.onclose = () => { clearInterval(keepaliveInterval); };
+  socket.onmessage = (event) => {
+    const msg = parse(event.data);
+    // Handle auth response
+    if (msg.type === "auth-result") {
+      if (msg.token) sessionToken = msg.token;
+      return;
+    }
+    const resolver = pending.get(msg.id);
+    if (!resolver) return;
+    pending.delete(msg.id);
+    if (msg.type === "error") {
+      resolver.reject(new Error(msg.error));
+    } else if (msg.type === "result") {
+      if (msg.valueType === "function") resolver.resolve(createProxy(msg.path));
+      else if (msg.valueType === "instance") resolver.resolve(createInstanceProxy(msg.instanceId));
+      else if (msg.valueType === "asynciterator") resolver.resolve({
+        [Symbol.asyncIterator]() { return this; },
+        next: () => sendRequest({ type: "iterate-next", iteratorId: msg.iteratorId }),
+        return: () => sendRequest({ type: "iterate-return", iteratorId: msg.iteratorId })
+      });
+      else if (msg.valueType === "readablestream") resolver.resolve(new ReadableStream({
+        async pull(c) {
+          try { const r = await sendRequest({ type: "stream-read", streamId: msg.streamId }); r.done ? c.close() : c.enqueue(r.value); }
+          catch (e) { c.error(e); }
+        },
+        cancel: () => sendRequest({ type: "stream-cancel", streamId: msg.streamId })
+      }));
+      else resolver.resolve(msg.value);
+    } else if (msg.type === "iterate-result") {
+      resolver.resolve({ value: msg.value, done: msg.done });
+    } else if (msg.type === "stream-result") {
+      resolver.resolve({ value: Array.isArray(msg.value) ? new Uint8Array(msg.value) : msg.value, done: msg.done });
+    }
   };
-  ws.onerror = reject;
+};
+setupWs(ws);
+const ready = new Promise((resolve, reject) => {
+  ws.addEventListener("open", () => resolve(), { once: true });
+  ws.addEventListener("error", reject, { once: true });
 });
-ws.onclose = () => { clearInterval(keepaliveInterval); };
+const reconnect = () => {
+  if (ws.readyState === WebSocket.OPEN) ws.close();
+  ws = new WebSocket(_u.href);
+  setupWs(ws);
+  return new Promise((resolve) => {
+    ws.addEventListener("open", () => resolve(), { once: true });
+  });
+};
 const sendRequest = async (msg) => {
   await ready;
@@ -135,37 +191,6 @@ const sendRequest = async (msg) => {
   });
 };
-ws.onmessage = (event) => {
-  const msg = parse(event.data);
-  const resolver = pending.get(msg.id);
-  if (!resolver) return;
-  pending.delete(msg.id);
-  if (msg.type === "error") {
-    resolver.reject(new Error(msg.error));
-  } else if (msg.type === "result") {
-    if (msg.valueType === "function") resolver.resolve(createProxy(msg.path));
-    else if (msg.valueType === "instance") resolver.resolve(createInstanceProxy(msg.instanceId));
-    else if (msg.valueType === "asynciterator") resolver.resolve({
-      [Symbol.asyncIterator]() { return this; },
-      next: () => sendRequest({ type: "iterate-next", iteratorId: msg.iteratorId }),
-      return: () => sendRequest({ type: "iterate-return", iteratorId: msg.iteratorId })
-    });
-    else if (msg.valueType === "readablestream") resolver.resolve(new ReadableStream({
-      async pull(c) {
-        try { const r = await sendRequest({ type: "stream-read", streamId: msg.streamId }); r.done ? c.close() : c.enqueue(r.value); }
-        catch (e) { c.error(e); }
-      },
-      cancel: () => sendRequest({ type: "stream-cancel", streamId: msg.streamId })
-    }));
-    else resolver.resolve(msg.value);
-  } else if (msg.type === "iterate-result") {
-    resolver.resolve({ value: msg.value, done: msg.done });
-  } else if (msg.type === "stream-result") {
-    resolver.resolve({ value: Array.isArray(msg.value) ? new Uint8Array(msg.value) : msg.value, done: msg.done });
-  }
-};
 const createInstanceProxy = (instanceId, path = []) => new Proxy(function(){}, {
   get(_, prop) {
     if (prop === "then" || prop === Symbol.toStringTag) return undefined;
@@ -190,7 +215,198 @@ export const createProxy = (path = []) => new Proxy(function(){}, {
   async apply(_, __, args) { return sendRequest({ type: "call", path, args }); },
   construct(_, args) { return sendRequest({ type: "construct", path, args }); }
 });
+// --- Client object (default export) ---
+// D1 query builder with template literal support
+const createD1Query = (binding, sql, params) => {
+  const query = {
+    sql,
+    params,
+    then(resolve, reject) {
+      // Default to .all()
+      return sendRequest({ type: "d1", binding, method: "all", sql, params }).then(resolve, reject);
+    },
+    all() {
+      return sendRequest({ type: "d1", binding, method: "all", sql, params });
+    },
+    first(colName) {
+      return sendRequest({ type: "d1", binding, method: "first", sql, params, colName });
+    },
+    run() {
+      return sendRequest({ type: "d1", binding, method: "run", sql, params });
+    },
+    raw() {
+      return sendRequest({ type: "d1", binding, method: "raw", sql, params });
+    }
+  };
+  return query;
+};
+// D1 tagged template literal handler
+const createD1Proxy = (binding) => {
+  return (strings, ...values) => {
+    // Build parameterized SQL
+    let sql = strings[0];
+    for (let i = 0; i < values.length; i++) {
+      sql += "?" + strings[i + 1];
+    }
+    return createD1Query(binding, sql, values);
+  };
+};
+// R2 bucket proxy
+const createR2Proxy = (binding) => ({
+  get: (key, options) => sendRequest({ type: "r2", binding, method: "get", key, options }),
+  put: (key, value, options) => sendRequest({ type: "r2", binding, method: "put", key, value, options }),
+  delete: (key) => sendRequest({ type: "r2", binding, method: "delete", key }),
+  list: (options) => sendRequest({ type: "r2", binding, method: "list", options }),
+  head: (key) => sendRequest({ type: "r2", binding, method: "head", key }),
+});
+// KV namespace proxy
+const createKVProxy = (binding) => ({
+  get: (key, options) => sendRequest({ type: "kv", binding, method: "get", key, options }),
+  put: (key, value, options) => sendRequest({ type: "kv", binding, method: "put", key, value, options }),
+  delete: (key) => sendRequest({ type: "kv", binding, method: "delete", key }),
+  list: (options) => sendRequest({ type: "kv", binding, method: "list", options }),
+  getWithMetadata: (key, options) => sendRequest({ type: "kv", binding, method: "getWithMetadata", key, options }),
+});
+// Auth client proxy
+const createAuthProxy = () => {
+  // Check for session token in URL hash (after OAuth redirect)
+  const checkUrlToken = () => {
+    if (typeof window !== "undefined" && window.location.hash) {
+      const params = new URLSearchParams(window.location.hash.slice(1));
+      const token = params.get("token");
+      if (token) {
+        sessionToken = token;
+        // Clean up URL
+        window.history.replaceState(null, "", window.location.pathname + window.location.search);
+        return token;
+      }
+    }
+    return null;
+  };
+  // Try to restore session on init
+  checkUrlToken();
+  const signIn = {
+    social: async (provider, options = {}) => {
+      const result = await sendRequest({ type: "auth", method: "signIn.social", provider, options });
+      if (result.redirectUrl) {
+        // Redirect to OAuth provider
+        if (typeof window !== "undefined") {
+          window.location.href = result.redirectUrl;
+          // Return a promise that never resolves (page is redirecting)
+          return new Promise(() => {});
+        }
+        return result;
+      }
+      if (result.token) {
+        sessionToken = result.token;
+        await reconnect();
+      }
+      return result;
+    },
+    email: async (email, password, options) => {
+      const result = await sendRequest({ type: "auth", method: "signIn.email", email, password, options });
+      if (result.success && result.token) {
+        sessionToken = result.token;
+        await reconnect();
+      }
+      return result;
+    },
+  };
+  const signUp = {
+    email: async (email, password, name, options) => {
+      const result = await sendRequest({ type: "auth", method: "signUp.email", email, password, name, options });
+      if (result.success && result.token) {
+        sessionToken = result.token;
+        await reconnect();
+      }
+      return result;
+    },
+  };
+  return {
+    signIn,
+    signUp,
+    signOut: async () => {
+      const result = await sendRequest({ type: "auth", method: "signOut" });
+      sessionToken = null;
+      await reconnect();
+      return result;
+    },
+    getSession: () => sendRequest({ type: "auth", method: "getSession" }),
+    getUser: () => sendRequest({ type: "auth", method: "getUser" }),
+    // Manually set token (useful after OAuth redirect)
+    setToken: async (token) => {
+      const result = await sendRequest({ type: "auth", method: "setToken", token });
+      if (result.success) {
+        sessionToken = token;
+        await reconnect();
+      }
+      return result;
+    },
+    // Check if user is authenticated
+    get isAuthenticated() {
+      return sessionToken !== null;
+    },
+  };
+};
+// Build client object based on config
+const d1Bindings = __D1_BINDINGS__;
+const r2Bindings = __R2_BINDINGS__;
+const kvBindings = __KV_BINDINGS__;
+const authEnabled = __AUTH_ENABLED__;
+const d1 = {};
+for (const binding of d1Bindings) {
+  d1[binding] = createD1Proxy(binding);
+}
+const r2 = {};
+for (const binding of r2Bindings) {
+  r2[binding] = createR2Proxy(binding);
+}
+const kv = {};
+for (const binding of kvBindings) {
+  kv[binding] = createKVProxy(binding);
+}
+const auth = authEnabled ? createAuthProxy() : null;
+export default { d1, r2, kv, auth };
 `;
-export const CORE_CODE = CORE_TEMPLATE.replace("__WS_SUFFIX__", "./");
-export const SHARED_CORE_CODE = CORE_TEMPLATE.replace("__WS_SUFFIX__", "./?shared");
+// Generate core code with config
+export const generateCoreCode = (config = {}) => {
+  const { d1 = [], r2 = [], kv = [], auth = false, shared = false } = config;
+  return CORE_TEMPLATE
+    .replace("__WS_SUFFIX__", shared ? "./?shared" : "./")
+    .replace("__D1_BINDINGS__", JSON.stringify(d1))
+    .replace("__R2_BINDINGS__", JSON.stringify(r2))
+    .replace("__KV_BINDINGS__", JSON.stringify(kv))
+    .replace("__AUTH_ENABLED__", String(!!auth));
+};
+// Legacy exports for backward compatibility
+export const CORE_CODE = CORE_TEMPLATE
+  .replace("__WS_SUFFIX__", "./")
+  .replace("__D1_BINDINGS__", "[]")
+  .replace("__R2_BINDINGS__", "[]")
+  .replace("__KV_BINDINGS__", "[]")
+  .replace("__AUTH_ENABLED__", "false");
+export const SHARED_CORE_CODE = CORE_TEMPLATE
+  .replace("__WS_SUFFIX__", "./?shared")
+  .replace("__D1_BINDINGS__", "[]")
+  .replace("__R2_BINDINGS__", "[]")
+  .replace("__KV_BINDINGS__", "[]")
+  .replace("__AUTH_ENABLED__", "false");

package/entry.js CHANGED Viewed

@@ -1,6 +1,7 @@
 import moduleMap from "__USER_MODULE__";
 import generatedTypes, { minifiedCore, minifiedSharedCore, coreId } from "__GENERATED_TYPES__";
+import * as exportConfig from "__EXPORT_CONFIG__";
 import { createHandler } from "./handler.js";
 export { SharedExportDO } from "./shared-do.js";
-export default createHandler(moduleMap, generatedTypes, minifiedCore, coreId, minifiedSharedCore);
+export default createHandler(moduleMap, generatedTypes, minifiedCore, coreId, minifiedSharedCore, exportConfig);

package/handler.js CHANGED Viewed

@@ -1,6 +1,7 @@
 import { stringify, parse } from "devalue";
-import { CORE_CODE, SHARED_CORE_CODE } from "./client.js";
+import { generateCoreCode, CORE_CODE, SHARED_CORE_CODE } from "./client.js";
 import { createRpcDispatcher } from "./rpc.js";
+import { handleAuthRoute, getSessionFromRequest, verifySession } from "./auth.js";
 const JS = "application/javascript; charset=utf-8";
 const TS = "application/typescript; charset=utf-8";
@@ -13,16 +14,27 @@ const jsResponse = (body, extra = {}) =>
 const tsResponse = (body, status = 200) =>
   new Response(body, { status, headers: { "Content-Type": TS, ...CORS, "Cache-Control": "no-cache" } });
-export const createHandler = (moduleMap, generatedTypes, minifiedCore, coreId, minifiedSharedCore) => {
+export const createHandler = (moduleMap, generatedTypes, minifiedCore, coreId, minifiedSharedCore, exportConfig = {}) => {
   // moduleMap: { routePath: moduleNamespace, ... }
   const moduleRoutes = Object.keys(moduleMap); // e.g. ["", "greet", "utils/math"]
   const moduleExportKeys = {};
   for (const [route, mod] of Object.entries(moduleMap)) {
-    moduleExportKeys[route] = Object.keys(mod);
+    const keys = Object.keys(mod);
+    if (keys.includes("default")) {
+      const modulePath = route || "(root)";
+      console.warn(`[export-runtime] WARN: default export in "${modulePath}" is ignored. Use named exports instead.`);
+    }
+    moduleExportKeys[route] = keys.filter(k => k !== "default");
   }
-  const coreModuleCode = minifiedCore || CORE_CODE;
-  const sharedCoreModuleCode = minifiedSharedCore || SHARED_CORE_CODE;
+  // Export configuration
+  const { d1Bindings = [], r2Bindings = [], kvBindings = [], authConfig = null } = exportConfig;
+  const hasClient = d1Bindings.length > 0 || r2Bindings.length > 0 || kvBindings.length > 0 || authConfig;
+  // Generate core code with config
+  const coreConfig = { d1: d1Bindings, r2: r2Bindings, kv: kvBindings, auth: !!authConfig };
+  const coreModuleCode = minifiedCore || generateCoreCode(coreConfig);
+  const sharedCoreModuleCode = minifiedSharedCore || generateCoreCode({ ...coreConfig, shared: true });
   const corePath = `/${coreId || crypto.randomUUID()}.js`;
   const sharedCorePath = corePath.replace(".js", "-shared.js");
@@ -58,7 +70,9 @@ export const createHandler = (moduleMap, generatedTypes, minifiedCore, coreId, m
     const namedExports = keys
       .map((key) => `export const ${key} = createProxy([${JSON.stringify(route)}, ${JSON.stringify(key)}]);`)
       .join("\n");
-    return `import { createProxy } from ".${cpath}";\n${namedExports}`;
+    // Include default export (client) if configured
+    const defaultExport = hasClient ? `\nexport { default } from ".${cpath}";` : "";
+    return `import { createProxy } from ".${cpath}";\n${namedExports}${defaultExport}`;
   };
   const buildExportModule = (cpath, route, name) =>
@@ -66,7 +80,197 @@ export const createHandler = (moduleMap, generatedTypes, minifiedCore, coreId, m
     `const _export = createProxy([${JSON.stringify(route)}, ${JSON.stringify(name)}]);\n` +
     `export default _export;\nexport { _export as ${name} };`;
-  const dispatchMessage = async (dispatcher, msg) => {
+  // D1 request handler
+  const handleD1Request = async (env, msg) => {
+    const { binding, method, sql, params = [], colName } = msg;
+    const db = env[binding];
+    if (!db) throw new Error(`D1 binding not found: ${binding}`);
+    const stmt = db.prepare(sql).bind(...params);
+    switch (method) {
+      case "all": return { type: "result", value: await stmt.all() };
+      case "first": return { type: "result", value: await stmt.first(colName) };
+      case "run": return { type: "result", value: await stmt.run() };
+      case "raw": return { type: "result", value: await stmt.raw() };
+      default: throw new Error(`Unknown D1 method: ${method}`);
+    }
+  };
+  // R2 request handler
+  const handleR2Request = async (env, msg) => {
+    const { binding, method, key, value, options } = msg;
+    const bucket = env[binding];
+    if (!bucket) throw new Error(`R2 binding not found: ${binding}`);
+    switch (method) {
+      case "get": {
+        const obj = await bucket.get(key, options);
+        if (!obj) return { type: "result", value: null };
+        // Return object metadata and body as ArrayBuffer
+        const body = await obj.arrayBuffer();
+        return {
+          type: "result",
+          value: {
+            body: new Uint8Array(body),
+            key: obj.key,
+            version: obj.version,
+            size: obj.size,
+            etag: obj.etag,
+            httpEtag: obj.httpEtag,
+            httpMetadata: obj.httpMetadata,
+            customMetadata: obj.customMetadata,
+          }
+        };
+      }
+      case "put": {
+        const result = await bucket.put(key, value, options);
+        return { type: "result", value: result };
+      }
+      case "delete": {
+        await bucket.delete(key);
+        return { type: "result", value: true };
+      }
+      case "list": {
+        const result = await bucket.list(options);
+        return { type: "result", value: result };
+      }
+      case "head": {
+        const obj = await bucket.head(key);
+        return { type: "result", value: obj };
+      }
+      default: throw new Error(`Unknown R2 method: ${method}`);
+    }
+  };
+  // KV request handler
+  const handleKVRequest = async (env, msg) => {
+    const { binding, method, key, value, options } = msg;
+    const kv = env[binding];
+    if (!kv) throw new Error(`KV binding not found: ${binding}`);
+    switch (method) {
+      case "get": return { type: "result", value: await kv.get(key, options) };
+      case "put": {
+        await kv.put(key, value, options);
+        return { type: "result", value: true };
+      }
+      case "delete": {
+        await kv.delete(key);
+        return { type: "result", value: true };
+      }
+      case "list": return { type: "result", value: await kv.list(options) };
+      case "getWithMetadata": return { type: "result", value: await kv.getWithMetadata(key, options) };
+      default: throw new Error(`Unknown KV method: ${method}`);
+    }
+  };
+  // Auth request handler (WebSocket-based auth operations)
+  const handleAuthRequest = async (env, msg, wsSession) => {
+    const { method, provider, email, password, name, options, token } = msg;
+    // Handle methods that work without auth config
+    if (!authConfig) {
+      switch (method) {
+        case "signOut":
+          return { type: "result", value: { success: true } };
+        case "getSession":
+        case "getUser":
+          return { type: "result", value: null };
+        case "signIn.social": {
+          const hint = provider ? ` For ${provider} OAuth, also set ${provider.toUpperCase()}_CLIENT_ID/SECRET env vars.` : "";
+          return { type: "result", value: { error: `Auth not configured. Add 'auth: true' to cloudflare config in package.json.${hint}` } };
+        }
+        default:
+          if (!["signIn.email", "signUp.email", "setToken"].includes(method)) {
+            throw new Error(`Unknown auth method: ${method}`);
+          }
+          return { type: "result", value: { error: "Auth not configured. Add 'auth: true' to cloudflare config in package.json." } };
+      }
+    }
+    const baseUrl = env.WORKER_URL || "https://localhost:8787";
+    switch (method) {
+      case "signIn.social": {
+        // Return the OAuth URL for client to redirect to
+        const callbackUrl = options?.callbackUrl || "/";
+        const authUrl = `${baseUrl}/api/auth/signin/${provider}?callbackUrl=${encodeURIComponent(callbackUrl)}`;
+        return { type: "result", value: { redirectUrl: authUrl } };
+      }
+      case "signIn.email": {
+        // Forward to better-auth via internal fetch
+        try {
+          const response = await fetch(`${baseUrl}/api/auth/signin/email`, {
+            method: "POST",
+            headers: { "Content-Type": "application/json" },
+            body: JSON.stringify({ email, password }),
+          });
+          const data = await response.json();
+          if (response.ok && data.token) {
+            return { type: "result", value: { success: true, token: data.token, user: data.user } };
+          }
+          return { type: "result", value: { error: data.error || "Sign in failed" } };
+        } catch (err) {
+          return { type: "result", value: { error: String(err) } };
+        }
+      }
+      case "signUp.email": {
+        try {
+          const response = await fetch(`${baseUrl}/api/auth/signup/email`, {
+            method: "POST",
+            headers: { "Content-Type": "application/json" },
+            body: JSON.stringify({ email, password, name }),
+          });
+          const data = await response.json();
+          if (response.ok && data.token) {
+            return { type: "result", value: { success: true, token: data.token, user: data.user } };
+          }
+          return { type: "result", value: { error: data.error || "Sign up failed" } };
+        } catch (err) {
+          return { type: "result", value: { error: String(err) } };
+        }
+      }
+      case "signOut": {
+        // Clear session via better-auth
+        if (wsSession?.token) {
+          try {
+            await fetch(`${baseUrl}/api/auth/signout`, {
+              method: "POST",
+              headers: {
+                "Content-Type": "application/json",
+                "Cookie": `better-auth.session_token=${wsSession.token}`,
+              },
+            });
+          } catch {}
+        }
+        return { type: "result", value: { success: true } };
+      }
+      case "getSession": {
+        if (!wsSession?.token) return { type: "result", value: null };
+        const session = await verifySession(wsSession.token, env, authConfig);
+        return { type: "result", value: session };
+      }
+      case "getUser": {
+        if (!wsSession?.token) return { type: "result", value: null };
+        const session = await verifySession(wsSession.token, env, authConfig);
+        return { type: "result", value: session?.user || null };
+      }
+      case "setToken": {
+        // Client sends token after OAuth redirect
+        if (token) {
+          const session = await verifySession(token, env, authConfig);
+          if (session) {
+            return { type: "result", value: { success: true, session } };
+          }
+        }
+        return { type: "result", value: { error: "Invalid token" } };
+      }
+      default:
+        throw new Error(`Unknown auth method: ${method}`);
+    }
+  };
+  const dispatchMessage = async (dispatcher, msg, env, wsSession) => {
     const { type, path = [], args = [], instanceId, iteratorId, streamId } = msg;
     switch (type) {
       case "ping": return { type: "pong" };
@@ -82,16 +286,39 @@ export const createHandler = (moduleMap, generatedTypes, minifiedCore, coreId, m
       case "iterate-return": return dispatcher.rpcIterateReturn(iteratorId);
       case "stream-read": return dispatcher.rpcStreamRead(streamId);
       case "stream-cancel": return dispatcher.rpcStreamCancel(streamId);
+      // Client requests
+      case "d1": return handleD1Request(env, msg);
+      case "r2": return handleR2Request(env, msg);
+      case "kv": return handleKVRequest(env, msg);
+      case "auth": return handleAuthRequest(env, msg, wsSession);
     }
   };
-  const wireWebSocket = (server, dispatcher, onClose) => {
+  const wireWebSocket = (server, dispatcher, env, onClose) => {
+    // Track session state for this WebSocket connection
+    const wsSession = { token: null };
     server.addEventListener("message", async (event) => {
       let id;
       try {
         const msg = parse(event.data);
         id = msg.id;
-        const result = await dispatchMessage(dispatcher, msg);
+        // Handle auth token updates (on reconnect or explicit setToken)
+        if (msg.type === "auth" && msg.token && !msg.method) {
+          // Direct token send on reconnect - just update session
+          wsSession.token = msg.token;
+          server.send(stringify({ type: "auth-result", id, success: true }));
+          return;
+        }
+        const result = await dispatchMessage(dispatcher, msg, env, wsSession);
+        // Extract token from auth responses
+        if (result?.value?.token && msg.type === "auth") {
+          wsSession.token = result.value.token;
+        }
         if (result) server.send(stringify({ ...result, id }));
       } catch (err) {
         if (id !== undefined) server.send(stringify({ type: "error", id, error: String(err) }));
@@ -114,10 +341,10 @@ export const createHandler = (moduleMap, generatedTypes, minifiedCore, coreId, m
         if (isShared && env?.SHARED_EXPORT) {
           const room = url.searchParams.get("room") || "default";
           const stub = env.SHARED_EXPORT.get(env.SHARED_EXPORT.idFromName(room));
-          wireWebSocket(server, stub);
+          wireWebSocket(server, stub, env);
         } else {
           const dispatcher = createRpcDispatcher(moduleMap);
-          wireWebSocket(server, dispatcher, () => dispatcher.clearAll());
+          wireWebSocket(server, dispatcher, env, () => dispatcher.clearAll());
         }
         return new Response(null, { status: 101, webSocket: client });
@@ -126,6 +353,11 @@ export const createHandler = (moduleMap, generatedTypes, minifiedCore, coreId, m
       // --- HTTP routing ---
       const pathname = url.pathname;
+      // Auth routes (handled by better-auth)
+      if (authConfig && pathname.startsWith("/api/auth/")) {
+        return handleAuthRoute(request, env, authConfig);
+      }
       // Core modules
       if (pathname === corePath) return jsResponse(coreModuleCode, { "Cache-Control": IMMUTABLE });
       if (pathname === sharedCorePath) return jsResponse(sharedCoreModuleCode, { "Cache-Control": IMMUTABLE });
@@ -154,7 +386,13 @@ export const createHandler = (moduleMap, generatedTypes, minifiedCore, coreId, m
       const cpath = isShared ? sharedCorePath : corePath;
       const resolved = resolveRoute(pathname);
-      if (!resolved) return new Response("Not found", { status: 404 });
+      if (!resolved) {
+        // Fallback to static assets if ASSETS binding is available
+        if (env?.ASSETS) {
+          return env.ASSETS.fetch(request);
+        }
+        return new Response("Not found", { status: 404 });
+      }
       const { route, exportName } = resolved;

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "export-runtime",
-  "version": "0.0.9",
+  "version": "0.0.11",
   "description": "Cloudflare Workers ESM Export Framework Runtime",
   "keywords": [
     "cloudflare",
@@ -31,11 +31,22 @@
     "client.js",
     "rpc.js",
     "shared-do.js",
-    "bin/generate-types.mjs"
+    "auth.js",
+    "bin/generate-types.mjs",
+    "bin/auth.mjs"
   ],
   "dependencies": {
+    "better-auth": "^1.2.0",
     "devalue": "^5.1.1",
     "oxc-minify": "^0.121.0",
     "oxc-parser": "^0.121.0"
+  },
+  "peerDependencies": {
+    "better-auth": "^1.2.0"
+  },
+  "peerDependenciesMeta": {
+    "better-auth": {
+      "optional": true
+    }
   }
 }

package/rpc.js CHANGED Viewed

@@ -65,6 +65,8 @@ export function createRpcDispatcher(moduleMap) {
   // path = [route, ...exportPath] — route selects the module, exportPath walks its exports
   const splitPath = (path) => {
     const [route, ...rest] = path;
+    // Reject default export access
+    if (rest[0] === "default") throw new Error("Export not found: default");
     return { exports: resolveModule(route), exportPath: rest };
   };