nuxt-auto-crud 1.5.0 → 1.7.0

package/README.md

@@ -4,11 +4,21 @@
 
 Auto-generate RESTful CRUD APIs for your **Nuxt** application based solely on your database schema. Minimal configuration required.
 
+**Core Philosophy:**
+The main objective of this module is to **expose CRUD APIs without the need for writing code**. You define your database schema, and `nuxt-auto-crud` handles the rest.
+
+You don't need to setup an extra server or database to create an MVP of an application. The Nuxt (Nitro) server and SQLite can save you time and money.
+And you don't need a separate Strapi or Supabase setup to automate your CRUD process. `nuxt-auto-crud` will help you with that and accelerate your development exponentially.
+
+While we provide a playground with a CMS-like interface, this is primarily to demonstrate the capabilities. You are expected to build your own frontend application to consume these APIs.
+
 - [✨ Release Notes](/CHANGELOG.md)
 - [🎮 Try the Playground](/playground)
 
 ## 🚀 CRUD APIs are ready to use without code
 
+Once installed, your database tables automatically become API endpoints:
+
 - `GET /api/:model` - List all records
 - `POST /api/:model` - Create a new record
 - `GET /api/:model/:id` - Get record by ID
@@ -29,6 +39,11 @@ bun db:generate
 bun run dev
 ```
 
+**Template Usage Modes:**
+
+1.  **Fullstack App**: The template includes the `nuxt-auto-crud` module, providing both the backend APIs and the frontend UI.
+2.  **Frontend Only**: You can use the template just for the frontend. In this case, you don't need to install the module in the frontend app. Instead, you would install `nuxt-auto-crud` in a separate backend setup (e.g., another Nuxt project acting as the API).
+
 Detailed instructions can be found in [https://auto-crud.clifland.in/](https://auto-crud.clifland.in/)
 
 ### 2. Manual Setup (Existing Project)
@@ -78,6 +93,7 @@ Add the generation script to your `package.json`:
   "scripts": {
     "db:generate": "drizzle-kit generate"
   }
+  // ...
 }
 ```
 
@@ -89,7 +105,7 @@ import { defineConfig } from 'drizzle-kit'
 
 export default defineConfig({
   dialect: 'sqlite',
-  schema: './server/database/schema.ts',
+  schema: './server/database/schema/index.ts', // Point to your schema index file
   out: './server/database/migrations'
 })
 ```
@@ -116,10 +132,10 @@ export type User = typeof schema.users.$inferSelect
 
 #### Define your database schema
 
-Create `server/database/schema.ts`:
+Create your schema files in `server/database/schema/`. For example, `server/database/schema/users.ts`:
 
 ```typescript
-// server/database/schema.ts
+// server/database/schema/users.ts
 import { sqliteTable, text, integer } from 'drizzle-orm/sqlite-core'
 
 export const users = sqliteTable('users', {
@@ -132,6 +148,8 @@ export const users = sqliteTable('users', {
 })
 ```
 
+> **Note:** The `organization.ts` and `cms.ts` files you might see in the playground are just examples and are commented out by default. You should implement a robust schema tailored to your production needs.
+
 #### Run the project
 
 ```bash
@@ -217,6 +235,10 @@ export default {
 }
 ```
 
+## ⚠️ Known Issues
+
+- **Foreign Key Naming:** Currently, if you have multiple foreign keys referring to the same table (e.g., `customer_id` and `author_id` both referring to the `users` table), the automatic relation handling might assume `user_id` for both. This is a known limitation in the current alpha version.
+
 ## 🎮 Try the Playground
 
 Want to see it in action? Clone this repo and try the playground:
@@ -234,12 +256,6 @@ cd playground
 bun install
 bun db:generate
 bun run dev
-
-# Run the playground (Backend Only)
-cd playground-backendonly
-bun install
-bun db:generate
-bun run dev
 ```
 
 ## 📖 Usage Examples
@@ -285,6 +301,10 @@ const updated = await $fetch("/api/users/1", {
 ```typescript
 await $fetch("/api/users/1", {
   method: "DELETE",
+  headers: {
+    // If auth is enabled
+    Authorization: 'Bearer ...' 
+  }
 });
 ```
 

package/dist/module.json

@@ -1,7 +1,7 @@
 {
   "name": "nuxt-auto-crud",
   "configKey": "autoCrud",
-  "version": "1.5.0",
+  "version": "1.7.0",
   "builder": {
     "@nuxt/module-builder": "1.0.2",
     "unbuild": "3.6.1"

package/dist/module.mjs

@@ -1,4 +1,4 @@
-import { defineNuxtModule, createResolver, addServerHandler, addServerImportsDir } from '@nuxt/kit';
+import { defineNuxtModule, createResolver, addServerHandler, addServerImportsDir, addImportsDir, addServerPlugin } from '@nuxt/kit';
 
 const module$1 = defineNuxtModule({
   meta: {
@@ -74,6 +74,21 @@ const module$1 = defineNuxtModule({
       resources: mergedResources || {}
     };
     const apiDir = resolver.resolve("./runtime/server/api");
+    addServerHandler({
+      route: "/api/_schema",
+      method: "get",
+      handler: resolver.resolve(apiDir, "_schema/index.get")
+    });
+    addServerHandler({
+      route: "/api/_schema/:table",
+      method: "get",
+      handler: resolver.resolve(apiDir, "_schema/[table].get")
+    });
+    addServerHandler({
+      route: "/api/_relations",
+      method: "get",
+      handler: resolver.resolve(apiDir, "_relations.get")
+    });
     addServerHandler({
       route: "/api/:model",
       method: "get",
@@ -100,9 +115,8 @@ const module$1 = defineNuxtModule({
       handler: resolver.resolve(apiDir, "[model]/[id].delete")
     });
     addServerImportsDir(resolver.resolve("./runtime/server/utils"));
-    console.log("\u{1F680} Auto CRUD module loaded!");
-    console.log(`   - Schema: ${options.schemaPath}`);
-    console.log(`   - API: /api/[model]`);
+    addImportsDir(resolver.resolve("./runtime/composables"));
+    addServerPlugin(resolver.resolve("./runtime/server/plugins/seed"));
   }
 });
 

package/dist/runtime/composables/useRelationDisplay.d.ts

@@ -0,0 +1,12 @@
+export declare const useRelationDisplay: (schema: {
+    resource: string;
+    fields: {
+        name: string;
+        type: string;
+        required?: boolean;
+    }[];
+}) => {
+    fetchRelations: () => Promise<void>;
+    getDisplayValue: (key: string, value: unknown) => unknown;
+    relationsMap: import("vue").Ref<Record<string, Record<string, string>>, Record<string, Record<string, string>>>;
+};

package/dist/runtime/composables/useRelationDisplay.js

@@ -0,0 +1,48 @@
+import { ref, useFetch, useRequestHeaders } from "#imports";
+export const useRelationDisplay = (schema) => {
+  const resourceName = schema.resource;
+  const relationsMap = ref({});
+  const displayValues = ref({});
+  const headers = useRequestHeaders(["cookie"]);
+  const fetchRelations = async () => {
+    const { data: relations } = await useFetch("/api/_relations");
+    if (relations.value) {
+      relationsMap.value = relations.value;
+    }
+    const resourceRelations = relationsMap.value[resourceName] || {};
+    const relationFields = Object.keys(resourceRelations);
+    if (relationFields.length === 0) return;
+    await Promise.all(
+      relationFields.map(async (fieldName) => {
+        const targetTable = resourceRelations[fieldName];
+        try {
+          const relatedData = await $fetch(`/api/${targetTable}`, { headers });
+          if (relatedData) {
+            displayValues.value[fieldName] = relatedData.reduce(
+              (acc, item) => {
+                const id = item.id;
+                const label = item.name || item.title || item.email || item.username || `#${item.id}`;
+                acc[id] = label;
+                return acc;
+              },
+              {}
+            );
+          }
+        } catch (error) {
+          console.error(`Failed to fetch relation data for ${targetTable}:`, error);
+        }
+      })
+    );
+  };
+  const getDisplayValue = (key, value) => {
+    if (displayValues.value[key] && (typeof value === "number" || typeof value === "string")) {
+      return displayValues.value[key][value] || value;
+    }
+    return value;
+  };
+  return {
+    fetchRelations,
+    getDisplayValue,
+    relationsMap
+  };
+};

package/dist/runtime/composables/useResourceSchemas.d.ts

@@ -0,0 +1,19 @@
+import type { Ref } from 'vue';
+export interface ResourceField {
+    name: string;
+    type: string;
+    required?: boolean;
+    selectOptions?: string[];
+}
+export interface ResourceSchema {
+    resource: string;
+    fields: ResourceField[];
+}
+export type ResourceSchemas = Record<string, ResourceSchema>;
+export declare const useResourceSchemas: () => Promise<{
+    schemas: Ref<ResourceSchemas | null | undefined>;
+    getSchema: (resource: string) => ResourceSchema | undefined;
+    status: Ref<"idle" | "pending" | "success" | "error">;
+    error: Ref<any>;
+    refresh: () => Promise<void>;
+}>;

package/dist/runtime/composables/useResourceSchemas.js

@@ -0,0 +1,17 @@
+import { useAsyncData, useRequestHeaders } from "#imports";
+export const useResourceSchemas = async () => {
+  const { data: schemas, status, error, refresh } = await useAsyncData("resource-schemas", () => $fetch("/api/_schema", {
+    headers: useRequestHeaders(["cookie"])
+  }));
+  const getSchema = (resource) => {
+    if (!schemas.value) return void 0;
+    return schemas.value[resource];
+  };
+  return {
+    schemas,
+    getSchema,
+    status,
+    error,
+    refresh
+  };
+};

package/dist/runtime/server/api/[model]/[id].patch.js

@@ -21,6 +21,9 @@ export default eventHandler(async (event) => {
   const table = getTableForModel(model);
   const body = await readBody(event);
   const payload = filterUpdatableFields(model, body);
+  if ("updatedAt" in table) {
+    payload.updatedAt = /* @__PURE__ */ new Date();
+  }
   const updatedRecord = await useDrizzle().update(table).set(payload).where(eq(table.id, Number(id))).returning().get();
   if (!updatedRecord) {
     throw createError({

package/dist/runtime/server/api/[model]/index.get.js

@@ -3,6 +3,7 @@ import { getTableForModel, filterHiddenFields, filterPublicColumns } from "../..
 import { useDrizzle } from "#site/drizzle";
 import { useAutoCrudConfig } from "../../utils/config.js";
 import { checkAdminAccess } from "../../utils/auth.js";
+import { desc } from "drizzle-orm";
 export default eventHandler(async (event) => {
   console.log("[GET] Request received", event.path);
   const { resources } = useAutoCrudConfig();
@@ -19,7 +20,7 @@ export default eventHandler(async (event) => {
     }
   }
   const table = getTableForModel(model);
-  const results = await useDrizzle().select().from(table).all();
+  const results = await useDrizzle().select().from(table).orderBy(desc(table.id)).all();
   return results.map((item) => {
     if (isAdmin) {
       return filterHiddenFields(model, item);

package/dist/runtime/server/api/_relations.get.d.ts

@@ -0,0 +1,2 @@
+declare const _default: import("h3").EventHandler<import("h3").EventHandlerRequest, Promise<Record<string, Record<string, string>>>>;
+export default _default;

package/dist/runtime/server/api/_relations.get.js

@@ -0,0 +1,24 @@
+import { eventHandler, createError } from "h3";
+import { getRelations } from "../utils/schema.js";
+import { useAutoCrudConfig } from "../utils/config.js";
+import { verifyJwtToken } from "../utils/jwt.js";
+export default eventHandler(async (event) => {
+  const { auth } = useAutoCrudConfig();
+  if (auth?.authentication) {
+    let isAuthenticated = false;
+    if (auth.type === "jwt" && auth.jwtSecret) {
+      isAuthenticated = await verifyJwtToken(event, auth.jwtSecret);
+    } else {
+      try {
+        await requireUserSession(event);
+        isAuthenticated = true;
+      } catch {
+        isAuthenticated = false;
+      }
+    }
+    if (!isAuthenticated) {
+      throw createError({ statusCode: 401, message: "Unauthorized" });
+    }
+  }
+  return getRelations();
+});

package/dist/runtime/server/api/_schema/[table].get.d.ts

@@ -0,0 +1,10 @@
+declare const _default: import("h3").EventHandler<import("h3").EventHandlerRequest, Promise<{
+    resource: string;
+    fields: {
+        name: string;
+        type: string;
+        required: any;
+        selectOptions: undefined;
+    }[];
+}>>;
+export default _default;

package/dist/runtime/server/api/_schema/[table].get.js

@@ -0,0 +1,32 @@
+import { eventHandler, createError, getRouterParam } from "h3";
+import { getSchema } from "../../utils/schema.js";
+import { useAutoCrudConfig } from "../../utils/config.js";
+import { verifyJwtToken } from "../../utils/jwt.js";
+export default eventHandler(async (event) => {
+  const { auth } = useAutoCrudConfig();
+  const tableName = getRouterParam(event, "table");
+  if (auth?.authentication) {
+    let isAuthenticated = false;
+    if (auth.type === "jwt" && auth.jwtSecret) {
+      isAuthenticated = await verifyJwtToken(event, auth.jwtSecret);
+    } else {
+      try {
+        await requireUserSession(event);
+        isAuthenticated = true;
+      } catch {
+        isAuthenticated = false;
+      }
+    }
+    if (!isAuthenticated) {
+      throw createError({ statusCode: 401, message: "Unauthorized" });
+    }
+  }
+  if (!tableName) {
+    throw createError({ statusCode: 400, message: "Table name is required" });
+  }
+  const schema = await getSchema(tableName);
+  if (!schema) {
+    throw createError({ statusCode: 404, message: `Table '${tableName}' not found` });
+  }
+  return schema;
+});

package/dist/runtime/server/api/_schema/index.get.d.ts

@@ -0,0 +1,2 @@
+declare const _default: import("h3").EventHandler<import("h3").EventHandlerRequest, Promise<Record<string, any>>>;
+export default _default;

package/dist/runtime/server/api/_schema/index.get.js

@@ -0,0 +1,24 @@
+import { eventHandler, createError } from "h3";
+import { getAllSchemas } from "../../utils/schema.js";
+import { useAutoCrudConfig } from "../../utils/config.js";
+import { verifyJwtToken } from "../../utils/jwt.js";
+export default eventHandler(async (event) => {
+  const { auth } = useAutoCrudConfig();
+  if (auth?.authentication) {
+    let isAuthenticated = false;
+    if (auth.type === "jwt" && auth.jwtSecret) {
+      isAuthenticated = await verifyJwtToken(event, auth.jwtSecret);
+    } else {
+      try {
+        await requireUserSession(event);
+        isAuthenticated = true;
+      } catch {
+        isAuthenticated = false;
+      }
+    }
+    if (!isAuthenticated) {
+      throw createError({ statusCode: 401, message: "Unauthorized" });
+    }
+  }
+  return getAllSchemas();
+});

package/dist/runtime/server/plugins/seed.d.ts

@@ -0,0 +1,2 @@
+declare const _default: any;
+export default _default;

package/dist/runtime/server/plugins/seed.js

@@ -0,0 +1,29 @@
+import { eq } from "drizzle-orm";
+import { useDrizzle } from "#site/drizzle";
+import * as tables from "#site/schema";
+import { useAutoCrudConfig } from "../utils/config.js";
+import { defineNitroPlugin, hashPassword } from "#imports";
+export default defineNitroPlugin(async () => {
+  onHubReady(async () => {
+    const { auth } = useAutoCrudConfig();
+    if (!auth?.authentication || !tables.users) {
+      return;
+    }
+    const db = useDrizzle();
+    const existingAdmin = await db.select().from(tables.users).where(eq(tables.users.email, "admin@example.com")).get();
+    if (!existingAdmin) {
+      console.log("Seeding admin user...");
+      const hashedPassword = await hashPassword("$1Password");
+      await db.insert(tables.users).values({
+        email: "admin@example.com",
+        password: hashedPassword,
+        name: "Admin User",
+        avatar: "https://i.pravatar.cc/150?u=admin",
+        role: "admin",
+        createdAt: /* @__PURE__ */ new Date(),
+        updatedAt: /* @__PURE__ */ new Date()
+      });
+      console.log("Admin user seeded.");
+    }
+  });
+});

package/dist/runtime/server/utils/auth.js

@@ -1,4 +1,5 @@
 import { createError } from "h3";
+import { requireUserSession } from "#imports";
 import { useAutoCrudConfig } from "./config.js";
 import { verifyJwtToken } from "./jwt.js";
 export async function checkAdminAccess(event, model, action) {
@@ -13,9 +14,6 @@ export async function checkAdminAccess(event, model, action) {
     }
     return verifyJwtToken(event, auth.jwtSecret);
   }
-  if (typeof requireUserSession !== "function") {
-    throw new TypeError("requireUserSession is not available");
-  }
   try {
     await requireUserSession(event);
     if (auth.authorization) {

package/dist/runtime/server/utils/modelMapper.js

@@ -1,10 +1,10 @@
 import * as schema from "#site/schema";
 import pluralize from "pluralize";
 import { pascalCase } from "scule";
-import { getTableColumns as getDrizzleTableColumns } from "drizzle-orm";
+import { getTableColumns as getDrizzleTableColumns, getTableName } from "drizzle-orm";
 import { createError } from "h3";
 import { useRuntimeConfig } from "#imports";
-const PROTECTED_FIELDS = ["id", "createdAt", "created_at"];
+const PROTECTED_FIELDS = ["id", "created_at", "updated_at", "createdAt", "updatedAt"];
 const HIDDEN_FIELDS = ["password", "secret", "token"];
 export const customUpdatableFields = {
   // Add custom field restrictions here if needed
@@ -17,11 +17,12 @@ function buildModelTableMap() {
   const tableMap = {};
   for (const [key, value] of Object.entries(schema)) {
     if (value && typeof value === "object") {
-      const hasTableSymbol = Symbol.for("drizzle:Name") in value;
-      const hasUnderscore = "_" in value;
-      const hasTableConfig = "table" in value || "$inferSelect" in value;
-      if (hasTableSymbol || hasUnderscore || hasTableConfig) {
-        tableMap[key] = value;
+      try {
+        const tableName = getTableName(value);
+        if (tableName) {
+          tableMap[key] = value;
+        }
+      } catch {
       }
     }
   }
@@ -60,9 +61,16 @@ export function getUpdatableFields(modelName) {
 export function filterUpdatableFields(modelName, data) {
   const allowedFields = getUpdatableFields(modelName);
   const filtered = {};
+  const table = modelTableMap[modelName];
+  const columns = table ? getDrizzleTableColumns(table) : {};
   for (const field of allowedFields) {
     if (data[field] !== void 0) {
-      filtered[field] = data[field];
+      let value = data[field];
+      const column = columns[field];
+      if (column && column.mode === "timestamp" && typeof value === "string") {
+        value = new Date(value);
+      }
+      filtered[field] = value;
     }
   }
   return filtered;

package/dist/runtime/server/utils/schema.d.ts

@@ -0,0 +1,20 @@
+export declare function drizzleTableToFields(table: any, resourceName: string): {
+    resource: string;
+    fields: {
+        name: string;
+        type: string;
+        required: any;
+        selectOptions: undefined;
+    }[];
+};
+export declare function getRelations(): Promise<Record<string, Record<string, string>>>;
+export declare function getAllSchemas(): Promise<Record<string, any>>;
+export declare function getSchema(tableName: string): Promise<{
+    resource: string;
+    fields: {
+        name: string;
+        type: string;
+        required: any;
+        selectOptions: undefined;
+    }[];
+} | undefined>;

package/dist/runtime/server/utils/schema.js

@@ -0,0 +1,70 @@
+import { getTableColumns } from "drizzle-orm";
+import { getTableConfig } from "drizzle-orm/sqlite-core";
+import { modelTableMap } from "./modelMapper.js";
+export function drizzleTableToFields(table, resourceName) {
+  const columns = getTableColumns(table);
+  const fields = [];
+  for (const [key, col] of Object.entries(columns)) {
+    const column = col;
+    const isRequired = column.notNull;
+    let type = "string";
+    const selectOptions = void 0;
+    if (column.dataType === "number" || column.columnType === "SQLiteInteger" || column.columnType === "SQLiteReal") {
+      type = "number";
+      if (column.name.endsWith("_at") || column.name.endsWith("At")) {
+        type = "date";
+      }
+    } else if (column.dataType === "boolean") {
+      type = "boolean";
+    } else if (column.dataType === "date" || column.dataType === "string" && (column.name.endsWith("_at") || column.name.endsWith("At"))) {
+      type = "date";
+    }
+    fields.push({
+      name: key,
+      type,
+      required: isRequired,
+      selectOptions
+    });
+  }
+  return {
+    resource: resourceName,
+    fields
+  };
+}
+export async function getRelations() {
+  const relations = {};
+  for (const [tableName, table] of Object.entries(modelTableMap)) {
+    try {
+      const config = getTableConfig(table);
+      if (config.foreignKeys.length > 0) {
+        const tableRelations = {};
+        relations[tableName] = tableRelations;
+        const columns = getTableColumns(table);
+        const columnToProperty = {};
+        for (const [key, col] of Object.entries(columns)) {
+          columnToProperty[col.name] = key;
+        }
+        config.foreignKeys.forEach((fk) => {
+          const sourceColumnName = fk.reference().columns[0].name;
+          const sourceProperty = columnToProperty[sourceColumnName] || sourceColumnName;
+          const targetTable = fk.reference().foreignTable[Symbol.for("drizzle:Name")];
+          tableRelations[sourceProperty] = targetTable;
+        });
+      }
+    } catch {
+    }
+  }
+  return relations;
+}
+export async function getAllSchemas() {
+  const schemas = {};
+  for (const [tableName, table] of Object.entries(modelTableMap)) {
+    schemas[tableName] = drizzleTableToFields(table, tableName);
+  }
+  return schemas;
+}
+export async function getSchema(tableName) {
+  const table = modelTableMap[tableName];
+  if (!table) return void 0;
+  return drizzleTableToFields(table, tableName);
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "nuxt-auto-crud",
-  "version": "1.5.0",
+  "version": "1.7.0",
   "description": "Exposes RESTful CRUD APIs for your Nuxt app based solely on your database migrations.",
   "author": "Cliford Pereira",
   "license": "MIT",
@@ -55,9 +55,12 @@
     "jose": "^5.9.6"
   },
   "peerDependencies": {
-    "drizzle-orm": "^0.30.0"
+    "drizzle-orm": ">=0.30.0"
   },
   "devDependencies": {
+    "@iconify-json/heroicons": "^1.2.3",
+    "@iconify-json/lucide": "^1.2.77",
+    "@iconify-json/simple-icons": "^1.2.61",
     "@nuxt/devtools": "^3.1.0",
     "@nuxt/eslint-config": "^1.10.0",
     "@nuxt/module-builder": "^1.0.2",

package/src/runtime/composables/useRelationDisplay.ts

@@ -0,0 +1,67 @@
+import { ref, useFetch, useRequestHeaders } from '#imports'
+
+export const useRelationDisplay = (
+  schema: {
+    resource: string
+    fields: { name: string, type: string, required?: boolean }[]
+  },
+) => {
+  const resourceName = schema.resource
+  const relationsMap = ref<Record<string, Record<string, string>>>({})
+  const displayValues = ref<Record<string, Record<string, string>>>({})
+  const headers = useRequestHeaders(['cookie'])
+
+  const fetchRelations = async () => {
+    // 1. Fetch relations metadata
+    const { data: relations } = await useFetch<Record<string, Record<string, string>>>('/api/_relations')
+    if (relations.value) {
+      relationsMap.value = relations.value
+    }
+
+    // 2. Identify relation fields for this resource
+    const resourceRelations = relationsMap.value[resourceName] || {}
+    const relationFields = Object.keys(resourceRelations)
+
+    if (relationFields.length === 0) return
+
+    // 3. Fetch data for each relation
+    await Promise.all(
+      relationFields.map(async (fieldName) => {
+        const targetTable = resourceRelations[fieldName]
+        // We assume the API for targetTable is /api/[targetTable]
+        try {
+          const relatedData = await $fetch<Record<string, unknown>[]>(`/api/${targetTable}`, { headers })
+
+          if (relatedData) {
+            displayValues.value[fieldName] = relatedData.reduce<Record<string, string>>(
+              (acc, item) => {
+                const id = item.id as number
+                // Try to find a good display name
+                const label = (item.name || item.title || item.email || item.username || `#${item.id}`) as string
+                acc[id] = label
+                return acc
+              },
+              {},
+            )
+          }
+        }
+        catch (error) {
+          console.error(`Failed to fetch relation data for ${targetTable}:`, error)
+        }
+      }),
+    )
+  }
+
+  const getDisplayValue = (key: string, value: unknown) => {
+    if (displayValues.value[key] && (typeof value === 'number' || typeof value === 'string')) {
+      return displayValues.value[key][value as string] || value
+    }
+    return value
+  }
+
+  return {
+    fetchRelations,
+    getDisplayValue,
+    relationsMap,
+  }
+}

package/src/runtime/composables/useResourceSchemas.ts

@@ -0,0 +1,42 @@
+import { useAsyncData, useRequestHeaders } from '#imports'
+import type { Ref } from 'vue'
+
+export interface ResourceField {
+  name: string
+  type: string
+  required?: boolean
+  selectOptions?: string[]
+}
+
+export interface ResourceSchema {
+  resource: string
+  fields: ResourceField[]
+}
+
+export type ResourceSchemas = Record<string, ResourceSchema>
+
+export const useResourceSchemas = async (): Promise<{
+  schemas: Ref<ResourceSchemas | null | undefined>
+  getSchema: (resource: string) => ResourceSchema | undefined
+  status: Ref<'idle' | 'pending' | 'success' | 'error'>
+  // eslint-disable-next-line @typescript-eslint/no-explicit-any
+  error: Ref<any>
+  refresh: () => Promise<void>
+}> => {
+  const { data: schemas, status, error, refresh } = await useAsyncData<ResourceSchemas>('resource-schemas', () => $fetch('/api/_schema', {
+    headers: useRequestHeaders(['cookie']),
+  }))
+
+  const getSchema = (resource: string) => {
+    if (!schemas.value) return undefined
+    return schemas.value[resource]
+  }
+
+  return {
+    schemas,
+    getSchema,
+    status,
+    error,
+    refresh: refresh as unknown as () => Promise<void>,
+  }
+}

package/src/runtime/server/api/[model]/[id].patch.ts

@@ -34,6 +34,11 @@ export default eventHandler(async (event) => {
   const body = await readBody(event)
   const payload = filterUpdatableFields(model, body)
 
+  // Automatically update updatedAt if it exists
+  if ('updatedAt' in table) {
+    payload.updatedAt = new Date()
+  }
+
   const updatedRecord = await useDrizzle()
     .update(table)
     .set(payload)

package/src/runtime/server/api/[model]/index.get.ts

@@ -8,6 +8,9 @@ import { useDrizzle } from '#site/drizzle'
 import { useAutoCrudConfig } from '../../utils/config'
 import { checkAdminAccess } from '../../utils/auth'
 
+import { desc } from 'drizzle-orm'
+import type { TableWithId } from '../../types'
+
 export default eventHandler(async (event) => {
   console.log('[GET] Request received', event.path)
   const { resources } = useAutoCrudConfig()
@@ -28,9 +31,9 @@ export default eventHandler(async (event) => {
     }
   }
 
-  const table = getTableForModel(model)
+  const table = getTableForModel(model) as TableWithId
 
-  const results = await useDrizzle().select().from(table).all()
+  const results = await useDrizzle().select().from(table).orderBy(desc(table.id)).all()
 
   return results.map((item: Record<string, unknown>) => {
     if (isAdmin) {

package/src/runtime/server/api/_relations.get.ts

@@ -0,0 +1,31 @@
+import { eventHandler, createError } from 'h3'
+import { getRelations } from '../utils/schema'
+import { useAutoCrudConfig } from '../utils/config'
+import { verifyJwtToken } from '../utils/jwt'
+
+export default eventHandler(async (event) => {
+  const { auth } = useAutoCrudConfig()
+
+  if (auth?.authentication) {
+    let isAuthenticated = false
+    if (auth.type === 'jwt' && auth.jwtSecret) {
+      isAuthenticated = await verifyJwtToken(event, auth.jwtSecret)
+    }
+    else {
+      try {
+        // @ts-expect-error - requireUserSession is auto-imported
+        await requireUserSession(event)
+        isAuthenticated = true
+      }
+      catch {
+        isAuthenticated = false
+      }
+    }
+
+    if (!isAuthenticated) {
+      throw createError({ statusCode: 401, message: 'Unauthorized' })
+    }
+  }
+
+  return getRelations()
+})

package/src/runtime/server/api/_schema/[table].get.ts

@@ -0,0 +1,41 @@
+import { eventHandler, createError, getRouterParam } from 'h3'
+import { getSchema } from '../../utils/schema'
+import { useAutoCrudConfig } from '../../utils/config'
+import { verifyJwtToken } from '../../utils/jwt'
+
+export default eventHandler(async (event) => {
+  const { auth } = useAutoCrudConfig()
+  const tableName = getRouterParam(event, 'table')
+
+  if (auth?.authentication) {
+    let isAuthenticated = false
+    if (auth.type === 'jwt' && auth.jwtSecret) {
+      isAuthenticated = await verifyJwtToken(event, auth.jwtSecret)
+    }
+    else {
+      try {
+        // @ts-expect-error - requireUserSession is auto-imported
+        await requireUserSession(event)
+        isAuthenticated = true
+      }
+      catch {
+        isAuthenticated = false
+      }
+    }
+
+    if (!isAuthenticated) {
+      throw createError({ statusCode: 401, message: 'Unauthorized' })
+    }
+  }
+
+  if (!tableName) {
+    throw createError({ statusCode: 400, message: 'Table name is required' })
+  }
+
+  const schema = await getSchema(tableName)
+  if (!schema) {
+    throw createError({ statusCode: 404, message: `Table '${tableName}' not found` })
+  }
+
+  return schema
+})

package/src/runtime/server/api/_schema/index.get.ts

@@ -0,0 +1,31 @@
+import { eventHandler, createError } from 'h3'
+import { getAllSchemas } from '../../utils/schema'
+import { useAutoCrudConfig } from '../../utils/config'
+import { verifyJwtToken } from '../../utils/jwt'
+
+export default eventHandler(async (event) => {
+  const { auth } = useAutoCrudConfig()
+
+  if (auth?.authentication) {
+    let isAuthenticated = false
+    if (auth.type === 'jwt' && auth.jwtSecret) {
+      isAuthenticated = await verifyJwtToken(event, auth.jwtSecret)
+    }
+    else {
+      try {
+        // @ts-expect-error - requireUserSession is auto-imported
+        await requireUserSession(event)
+        isAuthenticated = true
+      }
+      catch {
+        isAuthenticated = false
+      }
+    }
+
+    if (!isAuthenticated) {
+      throw createError({ statusCode: 401, message: 'Unauthorized' })
+    }
+  }
+
+  return getAllSchemas()
+})

package/src/runtime/server/plugins/seed.ts

@@ -0,0 +1,42 @@
+import { eq } from 'drizzle-orm'
+// @ts-expect-error - #site/drizzle is an alias defined by the module
+import { useDrizzle } from '#site/drizzle'
+// @ts-expect-error - #site/schema is an alias defined by the module
+import * as tables from '#site/schema'
+import { useAutoCrudConfig } from '../utils/config'
+// @ts-expect-error - #imports is available in runtime
+import { defineNitroPlugin, hashPassword } from '#imports'
+
+export default defineNitroPlugin(async () => {
+  // @ts-expect-error - onHubReady is auto-imported from @nuxthub/core
+  onHubReady(async () => {
+    const { auth } = useAutoCrudConfig()
+
+    // Only seed if auth is enabled and we have a users table
+    if (!auth?.authentication || !tables.users) {
+      return
+    }
+
+    const db = useDrizzle()
+
+    // Check if admin exists
+    const existingAdmin = await db.select().from(tables.users).where(eq(tables.users.email, 'admin@example.com')).get()
+
+    if (!existingAdmin) {
+      console.log('Seeding admin user...')
+
+      const hashedPassword = await hashPassword('$1Password')
+
+      await db.insert(tables.users).values({
+        email: 'admin@example.com',
+        password: hashedPassword,
+        name: 'Admin User',
+        avatar: 'https://i.pravatar.cc/150?u=admin',
+        role: 'admin',
+        createdAt: new Date(),
+        updatedAt: new Date(),
+      })
+      console.log('Admin user seeded.')
+    }
+  })
+})

package/src/runtime/server/utils/auth.ts

@@ -1,5 +1,7 @@
 import type { H3Event } from 'h3'
 import { createError } from 'h3'
+// @ts-expect-error - #imports is available in runtime
+import { requireUserSession } from '#imports'
 import { useAutoCrudConfig } from './config'
 import { verifyJwtToken } from './jwt'
 
@@ -19,13 +21,7 @@ export async function checkAdminAccess(event: H3Event, model: string, action: st
   }
 
   // Session based (default)
-  // @ts-expect-error - requireUserSession is auto-imported
-  if (typeof requireUserSession !== 'function') {
-    throw new TypeError('requireUserSession is not available')
-  }
-
   try {
-    // @ts-expect-error - requireUserSession is auto-imported
     await requireUserSession(event)
 
     // Check authorization if enabled
@@ -49,7 +45,7 @@ export async function checkAdminAccess(event: H3Event, model: string, action: st
     if ((e as any).statusCode === 403) {
       throw e
     }
-    // Otherwise (401 from requireUserSession), return false (treat as guest)
+    // Otherwise (401 from requireUserSession or function not available), return false (treat as guest)
     return false
   }
 }

package/src/runtime/server/utils/modelMapper.ts

@@ -3,7 +3,7 @@
 import * as schema from '#site/schema'
 import pluralize from 'pluralize'
 import { pascalCase } from 'scule'
-import { getTableColumns as getDrizzleTableColumns } from 'drizzle-orm'
+import { getTableColumns as getDrizzleTableColumns, getTableName } from 'drizzle-orm'
 import type { SQLiteTable } from 'drizzle-orm/sqlite-core'
 import { createError } from 'h3'
 import { useRuntimeConfig } from '#imports'
@@ -11,7 +11,7 @@ import { useRuntimeConfig } from '#imports'
 /**
  * Fields that should never be updatable via PATCH requests
  */
-const PROTECTED_FIELDS = ['id', 'createdAt', 'created_at']
+const PROTECTED_FIELDS = ['id', 'created_at', 'updated_at', 'createdAt', 'updatedAt']
 
 /**
  * Fields that should never be returned in API responses
@@ -50,15 +50,18 @@ function buildModelTableMap(): Record<string, unknown> {
   // Iterate through all exports from schema
   for (const [key, value] of Object.entries(schema)) {
     // Check if it's a Drizzle table
-    // Drizzle tables have specific properties we can check
     if (value && typeof value === 'object') {
-      // Check for common Drizzle table properties
-      const hasTableSymbol = Symbol.for('drizzle:Name') in value
-      const hasUnderscore = '_' in value
-      const hasTableConfig = 'table' in value || '$inferSelect' in value
-
-      if (hasTableSymbol || hasUnderscore || hasTableConfig) {
-        tableMap[key] = value
+      try {
+        // getTableName returns the table name for valid tables, and undefined/null for others (like relations)
+        // This is a more robust check than checking for properties
+        // eslint-disable-next-line @typescript-eslint/no-explicit-any
+        const tableName = getTableName(value as any)
+        if (tableName) {
+          tableMap[key] = value
+        }
+      }
+      catch {
+        // Ignore if it throws (not a table)
       }
     }
   }
@@ -139,10 +142,21 @@ export function getUpdatableFields(modelName: string): string[] {
 export function filterUpdatableFields(modelName: string, data: Record<string, unknown>): Record<string, unknown> {
   const allowedFields = getUpdatableFields(modelName)
   const filtered: Record<string, unknown> = {}
+  const table = modelTableMap[modelName]
+  // eslint-disable-next-line @typescript-eslint/no-explicit-any
+  const columns = table ? getDrizzleTableColumns(table as any) : {}
 
   for (const field of allowedFields) {
     if (data[field] !== undefined) {
-      filtered[field] = data[field]
+      let value = data[field]
+      const column = columns[field]
+
+      // Coerce timestamp fields to Date objects if they are strings
+      if (column && column.mode === 'timestamp' && typeof value === 'string') {
+        value = new Date(value)
+      }
+
+      filtered[field] = value
     }
   }
 

package/src/runtime/server/utils/schema.ts

@@ -0,0 +1,96 @@
+import { getTableColumns } from 'drizzle-orm'
+import { getTableConfig } from 'drizzle-orm/sqlite-core'
+import { modelTableMap } from './modelMapper'
+
+// eslint-disable-next-line @typescript-eslint/no-explicit-any
+export function drizzleTableToFields(table: any, resourceName: string) {
+  const columns = getTableColumns(table)
+  const fields = []
+
+  for (const [key, col] of Object.entries(columns)) {
+    // eslint-disable-next-line @typescript-eslint/no-explicit-any
+    const column = col as any
+    const isRequired = column.notNull
+    let type = 'string'
+    const selectOptions: string[] | undefined = undefined
+
+    // Map Drizzle types to frontend types
+    if (column.dataType === 'number' || column.columnType === 'SQLiteInteger' || column.columnType === 'SQLiteReal') {
+      type = 'number'
+      // Check if it is a timestamp
+      if (column.name.endsWith('_at') || column.name.endsWith('At')) {
+        type = 'date'
+      }
+    }
+    else if (column.dataType === 'boolean') {
+      type = 'boolean'
+    }
+    else if (column.dataType === 'date' || (column.dataType === 'string' && (column.name.endsWith('_at') || column.name.endsWith('At')))) {
+      type = 'date'
+    }
+
+    fields.push({
+      name: key,
+      type,
+      required: isRequired,
+      selectOptions,
+    })
+  }
+
+  return {
+    resource: resourceName,
+    fields,
+  }
+}
+
+export async function getRelations() {
+  const relations: Record<string, Record<string, string>> = {}
+
+  for (const [tableName, table] of Object.entries(modelTableMap)) {
+    try {
+      // eslint-disable-next-line @typescript-eslint/no-explicit-any
+      const config = getTableConfig(table as any)
+      if (config.foreignKeys.length > 0) {
+        const tableRelations: Record<string, string> = {}
+        relations[tableName] = tableRelations
+
+        // Map column names to property names
+        // eslint-disable-next-line @typescript-eslint/no-explicit-any
+        const columns = getTableColumns(table as any)
+        const columnToProperty: Record<string, string> = {}
+        for (const [key, col] of Object.entries(columns)) {
+          // eslint-disable-next-line @typescript-eslint/no-explicit-any
+          columnToProperty[(col as any).name] = key
+        }
+
+        // eslint-disable-next-line @typescript-eslint/no-explicit-any
+        config.foreignKeys.forEach((fk: any) => {
+          const sourceColumnName = fk.reference().columns[0].name
+          const sourceProperty = columnToProperty[sourceColumnName] || sourceColumnName
+          const targetTable = fk.reference().foreignTable[Symbol.for('drizzle:Name')]
+          tableRelations[sourceProperty] = targetTable
+        })
+      }
+    }
+    catch {
+      // Ignore tables that don't have config (e.g. not Drizzle tables)
+    }
+  }
+  return relations
+}
+
+export async function getAllSchemas() {
+  // eslint-disable-next-line @typescript-eslint/no-explicit-any
+  const schemas: Record<string, any> = {}
+
+  for (const [tableName, table] of Object.entries(modelTableMap)) {
+    schemas[tableName] = drizzleTableToFields(table, tableName)
+  }
+  return schemas
+}
+
+export async function getSchema(tableName: string) {
+  const table = modelTableMap[tableName]
+  if (!table) return undefined
+  return drizzleTableToFields(table, tableName)
+}