nuxt-auto-crud 1.21.0 → 1.22.1

package/README.md

@@ -1,6 +1,6 @@
 # Nuxt Auto CRUD
 
-> **Note:** This module is widely used in MVP development and is rapidly maturing. While currently in **Beta**, the core API (CRUD) is stable. Breaking changes may still occur in configuration or advanced features. Production use is encouraged with version pinning.
+> **Note:** This module is production-ready and actively maintained. The core CRUD API is stable. Minor breaking changes may occasionally occur in advanced features or configuration. We recommend version pinning for production deployments.
 
 Auto-expose RESTful CRUD APIs for your **Nuxt** application based solely on your database schema. Minimal configuration required.
 
@@ -56,20 +56,13 @@ If you want to add `nuxt-auto-crud` to an existing project, follow these steps:
 #### Install dependencies
 
 ```bash
-# Install module and required dependencies
 npm install nuxt-auto-crud @nuxthub/core@^0.10.0 drizzle-orm
-
-# Optional: Install auth dependencies if using Session Auth (Recommended)
-npm install nuxt-auth-utils nuxt-authorization
-
+npm install nuxt-auth-utils nuxt-authorization  # Optional: for authentication
 npm install --save-dev wrangler drizzle-kit
-
-# Or using bun
-bun add nuxt-auto-crud @nuxthub/core@latest drizzle-orm
-bun add nuxt-auth-utils nuxt-authorization
-bun add --dev wrangler drizzle-kit
 ```
 
+> You can also use `bun` or `pnpm` instead of `npm`.
+
 #### Configure Nuxt
 
 Add the modules to your `nuxt.config.ts`:
@@ -227,81 +220,18 @@ export default defineConfig({
 })
 ```
 
-## 🔐 Authentication Configuration
-
-The module enables authentication by default. To test APIs without authentication, you can set `auth: false`.
-
-### Session Auth (Default)
-
-Requires `nuxt-auth-utils` and `nuxt-authorization` to be installed in your project.
-
-```bash
-npm install nuxt-auth-utils nuxt-authorization
-```
-
-```typescript
-export default defineNuxtConfig({
-  modules: [
-    'nuxt-auth-utils',
-    'nuxt-authorization',
-    'nuxt-auto-crud'
-  ],
-  autoCrud: {
-    auth: {
-      type: 'session',
-      authentication: true, // Enables requireUserSession() check
-      authorization: true // Enables authorize(model, action) check
-    }
-  }
-})
-```
-
-### JWT Auth
+## 🔐 Authentication
 
-Useful for backend-only apps. Does **not** require `nuxt-auth-utils`.
+Authentication is enabled by default using **Session Auth** (requires `nuxt-auth-utils` and `nuxt-authorization`).
 
+To disable auth for testing:
 ```typescript
-export default defineNuxtConfig({
-  autoCrud: {
-    auth: {
-      type: 'jwt',
-      authentication: true,
-      jwtSecret: process.env.JWT_SECRET,
-      authorization: true
-    }
-  }
-})
+autoCrud: { auth: false }
 ```
 
-### Disabling Auth
+For **JWT Auth** (backend-only apps) or advanced configuration, see the [Authentication docs](https://auto-crud.clifland.in/docs/configuration/authentication).
 
-You can disable authentication entirely for testing or public APIs.
 
-```typescript
-export default defineNuxtConfig({
-  autoCrud: {
-    auth: {
-      authentication: false,
-      authorization: false
-    }
-    // OR simply:
-    // auth: false
-  }
-})
-```
-
-## 🧪 Testing
-
-This module is tested using **Vitest**.
-
-- **Unit Tests:** We cover utility functions and helpers.
-- **E2E Tests:** We verify the API endpoints using a real Nuxt server instance.
-
-To run the tests locally:
-
-```bash
-npm run test
-```
 
 ## 🛡️ Public View Configuration (Field Visibility)
 
@@ -346,12 +276,6 @@ export const posts = sqliteTable('posts', {
 })
 ```
 
-## ⚠️ Known Issues
-
-- **Automatic Relation Expansion:** The module tries to automatically expand foreign keys (e.g., `user_id` -> `user: { name: ... }`). However, this relies on the foreign key column name matching the target table name (e.g., `user_id` for `users`).
-  - **Limitation:** If you have custom FK names like `customer_id` or `author_id` pointing to `users`, the automatic expansion will not work yet.
-  - **Workaround:** Ensure your FK columns follow the `tablename_id` convention where possible for now.
-
 ## 🎮 Try the Playground
 
 Want to see it in action? Clone this repo and try the playground:
@@ -421,51 +345,7 @@ await $fetch("/api/users/1", {
 > - **Fullstack App:** The module integrates with `nuxt-auth-utils`, so session cookies are handled automatically.
 > - **Backend-only App:** You must include the `Authorization: Bearer <token>` header in your requests.
 
-## Configuration
-
-### Module Options
-
-```typescript
 
-export default defineNuxtConfig({
-  autoCrud: {
-    // Path to your database schema file (relative to project root)
-    schemaPath: "server/db/schema", // default
-    
-    // Authentication configuration (see "Authentication Configuration" section)
-    auth: {
-        // ...
-    },
-
-    // Public Guest View Configuration (Field Visibility)
-    resources: {
-        users: ['id', 'name', 'avatar'],
-    },
-  },
-});
-```
-
-### Protected Fields
-
-By default, the following fields are protected from updates:
-
-- `id`
-- `createdAt`
-- `created_at`
-- `updatedAt`
-- `updated_at`
-
-You can customize updatable fields in your schema by modifying the `modelMapper.ts` utility.
-
-### Hidden Fields
-
-By default, the following fields are hidden from API responses for security:
-
-- `password`
-- `secret`
-- `token`
-
-You can customize hidden fields by modifying the `modelMapper.ts` utility.
 
 ## 🔧 Requirements
 
@@ -473,18 +353,12 @@ You can customize hidden fields by modifying the `modelMapper.ts` utility.
 - Drizzle ORM (SQLite)
 - NuxtHub >= 0.10.0
 
-## 🔗 Other Helpful Links
-
-- **Template:** [https://github.com/clifordpereira/nuxt-auto-crud_template](https://github.com/clifordpereira/nuxt-auto-crud_template)
-- **Docs:** [https://auto-crud.clifland.in/docs/auto-crud](https://auto-crud.clifland.in/docs/auto-crud)
-- **Repo:** [https://github.com/clifordpereira/nuxt-auto-crud](https://github.com/clifordpereira/nuxt-auto-crud)
-- **YouTube (Installation):** [https://youtu.be/M9-koXmhB9k](https://youtu.be/M9-koXmhB9k)
-- **YouTube (Add Schemas):** [https://youtu.be/7gW0KW1KtN0](https://youtu.be/7gW0KW1KtN0)
-- **YouTube (Various Permissions):** [https://www.youtube.com/watch?v=Yty3OCYbwOo](https://www.youtube.com/watch?v=Yty3OCYbwOo)
-- **YouTube (Dynamic RBAC):** [https://www.youtube.com/watch?v=W0ju4grRC9M](https://www.youtube.com/watch?v=W0ju4grRC9M)
-- **npm:** [https://www.npmjs.com/package/nuxt-auto-crud](https://www.npmjs.com/package/nuxt-auto-crud)
-- **Github Discussions:** [https://github.com/clifordpereira/nuxt-auto-crud/discussions/1](https://github.com/clifordpereira/nuxt-auto-crud/discussions/1)
-- **Discord:** [https://discord.gg/hGgyEaGu](https://discord.gg/hGgyEaGu)
+## 🔗 Links
+
+- **📚 Documentation:** [auto-crud.clifland.in](https://auto-crud.clifland.in/docs/auto-crud)
+- **🎬 Video Tutorials:** [YouTube Channel](https://www.youtube.com/@ClifordPereira)
+- **💬 Community:** [Discord](https://discord.gg/FBkQQfRFJM) • [GitHub Discussions](https://github.com/clifordpereira/nuxt-auto-crud/discussions/1)
+- **📦 npm:** [nuxt-auto-crud](https://www.npmjs.com/package/nuxt-auto-crud)
 
 ## 🤝 Contributing
 

package/dist/module.json

@@ -1,7 +1,7 @@
 {
   "name": "nuxt-auto-crud",
   "configKey": "autoCrud",
-  "version": "1.21.0",
+  "version": "1.22.1",
   "builder": {
     "@nuxt/module-builder": "1.0.2",
     "unbuild": "3.6.1"

package/dist/runtime/server/api/[model]/[id].delete.js

@@ -1,8 +1,9 @@
-import { eventHandler, getRouterParams, createError } from "h3";
+import { eventHandler, getRouterParams } from "h3";
 import { eq } from "drizzle-orm";
 import { getTableForModel, getModelSingularName } from "../../utils/modelMapper.js";
 import { db } from "hub:db";
 import { ensureResourceAccess, formatResourceResult } from "../../utils/handler.js";
+import { RecordNotFoundError } from "../../exceptions.js";
 export default eventHandler(async (event) => {
   const { model, id } = getRouterParams(event);
   const isAdmin = await ensureResourceAccess(event, model, "delete", { id });
@@ -10,10 +11,7 @@ export default eventHandler(async (event) => {
   const singularName = getModelSingularName(model);
   const deletedRecord = await db.delete(table).where(eq(table.id, Number(id))).returning().get();
   if (!deletedRecord) {
-    throw createError({
-      statusCode: 404,
-      message: `${singularName} not found`
-    });
+    throw new RecordNotFoundError(`${singularName} not found`);
   }
   return formatResourceResult(model, deletedRecord, isAdmin);
 });

package/dist/runtime/server/api/[model]/[id].get.js

@@ -1,27 +1,22 @@
-import { eventHandler, getRouterParams, createError } from "h3";
+import { eventHandler, getRouterParams } from "h3";
 import { eq } from "drizzle-orm";
 import { getTableForModel } from "../../utils/modelMapper.js";
 import { db } from "hub:db";
 import { ensureResourceAccess, formatResourceResult } from "../../utils/handler.js";
 import { checkAdminAccess } from "../../utils/auth.js";
+import { RecordNotFoundError } from "../../exceptions.js";
 export default eventHandler(async (event) => {
   const { model, id } = getRouterParams(event);
   const isAdmin = await ensureResourceAccess(event, model, "read");
   const table = getTableForModel(model);
   const record = await db.select().from(table).where(eq(table.id, Number(id))).get();
   if (!record) {
-    throw createError({
-      statusCode: 404,
-      message: "Record not found"
-    });
+    throw new RecordNotFoundError();
   }
   if ("status" in record && record.status !== "active") {
     const canListAll = await checkAdminAccess(event, model, "list_all");
     if (!canListAll) {
-      throw createError({
-        statusCode: 404,
-        message: "Record not found"
-      });
+      throw new RecordNotFoundError();
     }
   }
   return formatResourceResult(model, record, isAdmin);

package/dist/runtime/server/api/[model]/[id].patch.js

@@ -1,9 +1,10 @@
-import { eventHandler, getRouterParams, readBody, createError } from "h3";
+import { eventHandler, getRouterParams, readBody } from "h3";
 import { getUserSession } from "#imports";
 import { eq } from "drizzle-orm";
 import { getTableForModel, filterUpdatableFields } from "../../utils/modelMapper.js";
 import { db } from "hub:db";
 import { ensureResourceAccess, formatResourceResult, hashPayloadFields } from "../../utils/handler.js";
+import { RecordNotFoundError } from "../../exceptions.js";
 export default eventHandler(async (event) => {
   const { model, id } = getRouterParams(event);
   const isAdmin = await ensureResourceAccess(event, model, "update", { id });
@@ -25,10 +26,7 @@ export default eventHandler(async (event) => {
   }
   const updatedRecord = await db.update(table).set(payload).where(eq(table.id, Number(id))).returning().get();
   if (!updatedRecord) {
-    throw createError({
-      statusCode: 404,
-      message: "Record not found"
-    });
+    throw new RecordNotFoundError();
   }
   return formatResourceResult(model, updatedRecord, isAdmin);
 });

package/dist/runtime/server/exceptions.d.ts

@@ -0,0 +1,9 @@
+export declare class AutoCrudError extends Error {
+    statusCode: number;
+    statusMessage?: string;
+    constructor(message: string, statusCode: number);
+    toH3Error(): import("h3").H3Error<unknown>;
+}
+export declare class RecordNotFoundError extends AutoCrudError {
+    constructor(message?: string);
+}

package/dist/runtime/server/exceptions.js

@@ -0,0 +1,21 @@
+import { createError } from "h3";
+export class AutoCrudError extends Error {
+  statusCode;
+  statusMessage;
+  constructor(message, statusCode) {
+    super(message);
+    this.statusCode = statusCode;
+    this.statusMessage = message;
+  }
+  toH3Error() {
+    return createError({
+      statusCode: this.statusCode,
+      message: this.message
+    });
+  }
+}
+export class RecordNotFoundError extends AutoCrudError {
+  constructor(message = "Record not found") {
+    super(message, 404);
+  }
+}

package/dist/runtime/server/utils/schema.js

@@ -19,12 +19,13 @@ export function drizzleTableToFields(table, resourceName) {
     const config = getTableConfig(table);
     config.foreignKeys.forEach((fk) => {
       const sourceColumnName = fk.reference().columns[0].name;
-      const field = fields.find((f) => {
-        return f.name === sourceColumnName;
-      });
-      if (field) {
-        const targetTable = fk.reference().foreignTable[Symbol.for("drizzle:Name")];
-        field.references = targetTable;
+      const propertyName = Object.entries(columns).find(([_, col]) => col.name === sourceColumnName)?.[0];
+      if (propertyName) {
+        const field = fields.find((f) => f.name === propertyName);
+        if (field) {
+          const targetTable = fk.reference().foreignTable[Symbol.for("drizzle:Name")];
+          field.references = targetTable;
+        }
       }
     });
   } catch {
@@ -51,6 +52,9 @@ function mapColumnType(column) {
     }
     return { type: "number" };
   }
+  if (["content", "description", "bio", "message"].includes(column.name)) {
+    return { type: "textarea" };
+  }
   return { type: "string" };
 }
 export async function getRelations() {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "nuxt-auto-crud",
-  "version": "1.21.0",
+  "version": "1.22.1",
   "description": "Exposes RESTful CRUD APIs for your Nuxt app based solely on your database migrations.",
   "author": "Cliford Pereira",
   "license": "MIT",
@@ -35,8 +35,8 @@
   ],
   "scripts": {
     "prepack": "nuxt-module-build build",
-    "dev": "npm run dev:prepare && nuxi dev playground",
-    "dev:build": "nuxi build playground",
+    "dev": "bun run dev:prepare && nuxi dev --bun playground",
+    "dev:build": "nuxi build --bun playground",
     "dev:prepare": "nuxt-module-build build --stub && nuxt-module-build prepare && nuxi prepare playground",
     "release": "npm run lint && npm run test && npm run prepack && changelogen --release && npm publish && git push --follow-tags",
     "lint": "eslint .",
@@ -47,7 +47,7 @@
     "link": "npm link"
   },
   "dependencies": {
-    "@nuxt/kit": "^4.2.1",
+    "@nuxt/kit": "^4.2.2",
     "@nuxt/scripts": "^0.13.0",
     "@types/pluralize": "^0.0.33",
     "c12": "^2.0.1",
@@ -78,6 +78,8 @@
     "drizzle-orm": "^0.38.3",
     "eslint": "^9.39.1",
     "nuxt": "^4.2.1",
+    "nuxt-auth-utils": "^0.5.26",
+    "nuxt-authorization": "^0.3.5",
     "typescript": "~5.9.3",
     "vitest": "^4.0.13",
     "vue-tsc": "^3.1.5",

package/src/runtime/server/api/[model]/[id].delete.ts

@@ -1,11 +1,12 @@
 // server/api/[model]/[id].delete.ts
-import { eventHandler, getRouterParams, createError } from 'h3'
+import { eventHandler, getRouterParams } from 'h3'
 import { eq } from 'drizzle-orm'
 import { getTableForModel, getModelSingularName } from '../../utils/modelMapper'
 import type { TableWithId } from '../../types'
 // @ts-expect-error - hub:db is a virtual alias
 import { db } from 'hub:db'
 import { ensureResourceAccess, formatResourceResult } from '../../utils/handler'
+import { RecordNotFoundError } from '../../exceptions'
 
 export default eventHandler(async (event) => {
   const { model, id } = getRouterParams(event) as { model: string, id: string }
@@ -21,10 +22,7 @@ export default eventHandler(async (event) => {
     .get()
 
   if (!deletedRecord) {
-    throw createError({
-      statusCode: 404,
-      message: `${singularName} not found`,
-    })
+    throw new RecordNotFoundError(`${singularName} not found`)
   }
 
   return formatResourceResult(model, deletedRecord as Record<string, unknown>, isAdmin)

package/src/runtime/server/api/[model]/[id].get.ts

@@ -1,5 +1,5 @@
 // server/api/[model]/[id].get.ts
-import { eventHandler, getRouterParams, createError } from 'h3'
+import { eventHandler, getRouterParams } from 'h3'
 import { eq } from 'drizzle-orm'
 import { getTableForModel } from '../../utils/modelMapper'
 import type { TableWithId } from '../../types'
@@ -7,6 +7,7 @@ import type { TableWithId } from '../../types'
 import { db } from 'hub:db'
 import { ensureResourceAccess, formatResourceResult } from '../../utils/handler'
 import { checkAdminAccess } from '../../utils/auth'
+import { RecordNotFoundError } from '../../exceptions'
 
 export default eventHandler(async (event) => {
   const { model, id } = getRouterParams(event) as { model: string, id: string }
@@ -21,10 +22,7 @@ export default eventHandler(async (event) => {
     .get()
 
   if (!record) {
-    throw createError({
-      statusCode: 404,
-      message: 'Record not found',
-    })
+    throw new RecordNotFoundError()
   }
 
   // Filter inactive rows for non-admins (or those without list_all) if status field exists
@@ -32,10 +30,7 @@ export default eventHandler(async (event) => {
   if ('status' in record && (record as any).status !== 'active') {
     const canListAll = await checkAdminAccess(event, model, 'list_all')
     if (!canListAll) {
-      throw createError({
-        statusCode: 404,
-        message: 'Record not found',
-      })
+      throw new RecordNotFoundError()
     }
   }
 

package/src/runtime/server/api/[model]/[id].patch.ts

@@ -1,5 +1,5 @@
 // server/api/[model]/[id].patch.ts
-import { eventHandler, getRouterParams, readBody, createError } from 'h3'
+import { eventHandler, getRouterParams, readBody } from 'h3'
 import type { H3Event } from 'h3'
 import { getUserSession } from '#imports'
 import { eq } from 'drizzle-orm'
@@ -9,6 +9,7 @@ import type { TableWithId } from '../../types'
 // @ts-expect-error - hub:db is a virtual alias
 import { db } from 'hub:db'
 import { ensureResourceAccess, formatResourceResult, hashPayloadFields } from '../../utils/handler'
+import { RecordNotFoundError } from '../../exceptions'
 
 export default eventHandler(async (event) => {
   const { model, id } = getRouterParams(event) as { model: string, id: string }
@@ -20,7 +21,6 @@ export default eventHandler(async (event) => {
   const body = await readBody(event)
   const payload = filterUpdatableFields(model, body)
 
-  // Auto-hash fields based on config (default: ['password'])
   // Auto-hash fields based on config (default: ['password'])
   await hashPayloadFields(payload)
 
@@ -52,10 +52,7 @@ export default eventHandler(async (event) => {
     .get()
 
   if (!updatedRecord) {
-    throw createError({
-      statusCode: 404,
-      message: 'Record not found',
-    })
+    throw new RecordNotFoundError()
   }
 
   return formatResourceResult(model, updatedRecord as Record<string, unknown>, isAdmin)

package/src/runtime/server/exceptions.ts

@@ -0,0 +1,25 @@
+import { createError } from 'h3'
+
+export class AutoCrudError extends Error {
+  statusCode: number
+  statusMessage?: string
+
+  constructor(message: string, statusCode: number) {
+    super(message)
+    this.statusCode = statusCode
+    this.statusMessage = message
+  }
+
+  toH3Error() {
+    return createError({
+      statusCode: this.statusCode,
+      message: this.message,
+    })
+  }
+}
+
+export class RecordNotFoundError extends AutoCrudError {
+  constructor(message: string = 'Record not found') {
+    super(message, 404)
+  }
+}

package/src/runtime/server/utils/schema.ts

@@ -36,18 +36,18 @@ export function drizzleTableToFields(table: any, resourceName: string) {
     // eslint-disable-next-line @typescript-eslint/no-explicit-any
     config.foreignKeys.forEach((fk: any) => {
       const sourceColumnName = fk.reference().columns[0].name
-      // Find the field that matches this column
-      const field = fields.find((f) => {
-        // In simple cases, field.name matches column name.
-        // If camelCase mapping handles it differently, we might need adjustments,
-        // but typically Drizzle key = field name.
-        return f.name === sourceColumnName
-      })
-
-      if (field) {
-        // Get target table name
-        const targetTable = fk.reference().foreignTable[Symbol.for('drizzle:Name')] as string
-        field.references = targetTable
+
+      // Find the TS property name (key) that corresponds to this SQL column name
+      // eslint-disable-next-line @typescript-eslint/no-explicit-any
+      const propertyName = Object.entries(columns).find(([_, col]: [string, any]) => col.name === sourceColumnName)?.[0]
+
+      if (propertyName) {
+        const field = fields.find(f => f.name === propertyName)
+        if (field) {
+          // Get target table name
+          const targetTable = fk.reference().foreignTable[Symbol.for('drizzle:Name')] as string
+          field.references = targetTable
+        }
       }
     })
   }
@@ -86,6 +86,10 @@ function mapColumnType(column: any): { type: string, selectOptions?: string[] }
     return { type: 'number' }
   }
 
+  if (['content', 'description', 'bio', 'message'].includes(column.name)) {
+    return { type: 'textarea' }
+  }
+
   return { type: 'string' }
 }