nuxt-feathers-zod 6.3.2 → 6.3.4

package/README.md

@@ -2,28 +2,29 @@
 
 [Documentation](https://vevedh.github.io/nuxt-feathers-zod/)
 
-`nuxt-feathers-zod` is a Nuxt 4 module that integrates **FeathersJS v5 (Dove)** with a **CLI-first** workflow and a Zod-oriented service generation approach.
+`nuxt-feathers-zod` is an official **Nuxt 4** module that embeds or connects to **FeathersJS v5 (Dove)** with a **CLI-first** workflow and optional **Zod-first** service generation.
 
 It supports two main usage patterns:
 
 - **embedded mode**: a Feathers server runs inside Nuxt/Nitro
 - **remote mode**: a Nuxt app uses a Feathers client against an external API
 
-## What is already in the open source core
+## Open source scope
+
+The public OSS module includes:
 
 - Nuxt 4 + Nitro integration
 - embedded and remote modes
 - REST and Socket.IO transports
 - embedded server with **Express** or **Koa**
 - CLI bootstrap for `init embedded`, `init remote`, `init templates`
-- CLI service generation with `add service`
-- adapter-less service generation with `add service --custom`
-- remote-service registration with `add remote-service`
+- CLI generation for services, remote services, middleware and server modules
+- schema modes `none | zod | json`
 - local/JWT auth flows
-- Keycloak SSO bridge
+- Keycloak SSO bridge for remote mode
 - optional legacy Swagger support
 - template overrides
-- embedded server modules
+- optional MongoDB management surface via `database.mongo.management`
 - client-side helpers with Pinia / feathers-pinia support
 
 ## Installation
@@ -39,7 +40,7 @@ Optional Swagger dependencies:
 bun add feathers-swagger swagger-ui-dist
 ```
 
-## Recommended quick start — new Nuxt 4 app in embedded mode
+## Quick start — embedded mode
 
 ```bash
 bunx nuxi@latest init my-nfz-app
@@ -61,7 +62,7 @@ bun install
 bun add nuxt-feathers-zod feathers-pinia feathers-swagger swagger-ui-dist
 bun add -D @pinia/nuxt
 bunx nuxt-feathers-zod init embedded --force --auth --swagger
-bunx nuxt-feathers-zod add service users --auth --adapter mongodb --collection users --idField _id --docs
+bunx nuxt-feathers-zod add service users --auth --adapter mongodb --schema zod --collection users --idField _id --docs
 bun dev
 ```
 
@@ -83,110 +84,94 @@ bun dev
 ```bash
 bunx nuxt-feathers-zod init embedded --force
 bunx nuxt-feathers-zod init remote --url https://api.example.com --transport rest --force
-bunx nuxt-feathers-zod add service users --adapter mongodb --collection users --idField _id
+bunx nuxt-feathers-zod add service users --adapter mongodb --schema zod --collection users --idField _id
+bunx nuxt-feathers-zod add service users --auth --authAware --schema zod --adapter mongodb --collection users --idField _id
 bunx nuxt-feathers-zod add service actions --custom --methods find --customMethods run,preview
 bunx nuxt-feathers-zod add remote-service users --path users --methods find,get
+bunx nuxt-feathers-zod add middleware trace-headers --target nitro
+bunx nuxt-feathers-zod add server-module helmet --preset helmet
+bunx nuxt-feathers-zod add mongodb-compose
+bunx nuxt-feathers-zod auth service users --enabled true
+bunx nuxt-feathers-zod schema users --show
 bunx nuxt-feathers-zod doctor
 ```
 
-## Open source core boundary
-
-The project is being stabilized around a predictable **standard open source core**.
-
-That core currently includes:
-
-- runtime + transports
-- auth basics
-- CLI generation
-- template overrides
-- server modules
-- docs and playground validation
-
-Potential future **license-key / Pro** candidates are intentionally kept outside that frozen core, such as advanced visual consoles, premium diagnostics, builders, enterprise presets, and packaged RBAC/policy layers.
-
-## Development commands
-
-```bash
-bun install
-bun run build
-bun run typecheck
-bun run docs:dev
-bun run docs:build
-```
+## Auth-aware generation for `users`
 
+For the `users` service, `--auth` and `--authAware` are distinct concerns:
 
-## Quality gates
+- `--auth` protects service methods with JWT hooks
+- `--authAware` enables local-auth-aware password handling
 
-The repository includes a standard open-source CI workflow on GitHub Actions.
-It validates the main surfaces of the module:
+When generating `users --auth`, the CLI keeps an **auto-safe default** and enables auth-aware behavior unless it is explicitly disabled.
 
-- install dependencies with Bun
-- lint the repository
-- run the template sanity check
-- build the Nuxt module
-- build the playground application
-- build the VitePress documentation
+Auth-aware generation ensures the generated service handles password concerns consistently across `schema=none|zod|json` and `adapter=memory|mongodb`:
 
-The workflow file is located at `.github/workflows/ci.yml`.
+- hashes `password` with `passwordHash({ strategy: 'local' })`
+- strips `password` from returned records/results
+- persists the `authAware` state in the service manifest
 
-## Release process
-
-The repository now includes two GitHub Actions workflows:
-
-- `.github/workflows/ci.yml` for the standard open-source validation gates
-- `.github/workflows/publish.yml` for validated npm publication on tag or manual trigger
-
-Manual release checklist:
+Examples:
 
 ```bash
-bun install
-bun run lint
-bun run sanity:templates
-bun run prepare
-bun run build
-bun run docs:build
-npm pack --dry-run
+bunx nuxt-feathers-zod add service users --auth --schema none --adapter memory --force
+bunx nuxt-feathers-zod add service users --auth --schema zod --adapter mongodb --collection users --idField _id --force
+bunx nuxt-feathers-zod add service users --auth --authAware false --schema json --adapter memory --force
 ```
 
-Then publish with either:
-
-```bash
-npm version patch
-npm publish --access public
+## Optional MongoDB management surface
+
+The OSS core can expose an optional MongoDB management layer from the generated `feathers/server/mongodb.ts` template, backed by `feathers-mongodb-management-ts`.
+
+Example:
+
+```ts
+export default defineNuxtConfig({
+  modules: ['nuxt-feathers-zod'],
+  feathers: {
+    database: {
+      mongo: {
+        url: 'mongodb://root:change-me@127.0.0.1:27017/app?authSource=admin',
+        management: {
+          enabled: true,
+          auth: true,
+          basePath: '/mongo',
+          exposeDatabasesService: true,
+          exposeCollectionsService: true,
+          exposeCollectionCrud: true,
+        },
+      },
+    },
+  },
+})
 ```
 
-or:
+This adds a controlled, opt-in management layer for:
 
-```bash
-npm version prerelease --preid beta
-npm publish --tag beta --access public
-```
+- `/mongo/databases`
+- `/mongo/<db>/collections`
+- `/mongo/<db>/<collection>`
 
-Public documentation builds intentionally exclude internal guide pages such as `open-core` and `playground` in production builds.
-
-## Publishing to npm
+## Protecting an existing service after generation
 
 ```bash
-npm login
-bun install
-bun run build
-npm pack --dry-run
-npm version patch
-npm publish --access public
+bunx nuxt-feathers-zod auth service users --enabled true
+bunx nuxt-feathers-zod auth service users --enabled false
 ```
 
-For a beta release:
+## Generating a local MongoDB Docker Compose file
 
 ```bash
-npm version prerelease --preid beta
-npm publish --tag beta --access public
+bunx nuxt-feathers-zod add mongodb-compose
+bunx nuxt-feathers-zod add mongodb-compose --out docker-compose-db.yaml --database app --rootPassword secret --force
 ```
 
 ## Notes
 
-- The recommended convention is `servicesDirs: ['services']`.
-- The recommended path is **CLI-first**.
-- Historical aliases may remain supported for backward compatibility, but the public docs only foreground the canonical forms.
+- Recommended convention: `servicesDirs: ['services']`
+- Recommended path: **CLI-first**
+- Historical aliases may remain supported for backward compatibility, but the public docs foreground canonical commands only
+- Maintainer-only publication and admin procedures are kept in `README_private.md` and intentionally excluded from the public repository surface
 
 ## License
 

package/bin/nuxt-feathers-zod

@@ -1,5 +1,11 @@
 #!/usr/bin/env bun
 
+import { handleCliError } from '../src/cli/core.ts'
 import { runCli } from '../src/cli/index.ts'
 
-await runCli(process.argv.slice(2), { cwd: process.cwd() })
+try {
+  await runCli(process.argv.slice(2), { cwd: process.cwd() })
+}
+catch (err) {
+  handleCliError(err)
+}

package/dist/module.json

@@ -4,7 +4,7 @@
   "compatibility": {
     "nuxt": "^4.0.0"
   },
-  "version": "6.3.2",
+  "version": "6.3.4",
   "builder": {
     "@nuxt/module-builder": "1.0.2",
     "unbuild": "3.6.1"

package/dist/module.mjs

@@ -13,7 +13,7 @@ import { getServerTemplates } from '../dist/runtime/templates/server/index.js';
 function setAliases(options, nuxt) {
   const resolver = createResolver(import.meta.url);
   const aliases = {
-    "nuxt-feathers-zod/server": resolver.resolve(options.templateDir, "server/server"),
+    "nuxt-feathers-zod/server": resolver.resolve(options.templateDir, "server/server.js"),
     "nuxt-feathers-zod/validators": resolver.resolve("runtime/zod/validators"),
     "nuxt-feathers-zod/query": resolver.resolve("runtime/zod/query"),
     "nuxt-feathers-zod/zod": resolver.resolve("runtime/zod/index"),
@@ -121,7 +121,7 @@ const module$1 = defineNuxtModule({
       for (const serverTemplate of getServerTemplates(resolvedOptions)) {
         const ov = resolveTemplateOverrideForFilename(serverTemplate.filename, resolvedOptions);
         const tpl = addTemplate(ov ? { filename: serverTemplate.filename, src: ov.absPath, write: true, options: resolvedOptions } : { ...serverTemplate, options: resolvedOptions });
-        if (serverTemplate.filename?.endsWith("server/plugin.ts") || serverTemplate.filename?.endsWith("server/plugin"))
+        if (serverTemplate.filename?.endsWith("server/plugin.ts") || serverTemplate.filename?.endsWith("server/plugin.js") || serverTemplate.filename?.endsWith("server/plugin"))
           serverPluginDst = tpl.dst;
       }
       addServerPlugin(serverPluginDst ?? resolver.resolve(resolvedOptions.templateDir, "server/plugin.ts"));
@@ -131,10 +131,11 @@ const module$1 = defineNuxtModule({
       const piniaEnabled = clientOptions.pinia !== false && Boolean(clientOptions.pinia);
       if (piniaEnabled) {
         nuxt.hook("vite:extendConfig", (config) => {
-          config.optimizeDeps = config.optimizeDeps || {};
-          config.optimizeDeps.include = config.optimizeDeps.include || [];
-          if (!config.optimizeDeps.include.includes("feathers-pinia"))
-            config.optimizeDeps.include.push("feathers-pinia");
+          const mutableConfig = config;
+          mutableConfig.optimizeDeps ||= {};
+          mutableConfig.optimizeDeps.include ||= [];
+          if (!mutableConfig.optimizeDeps.include.includes("feathers-pinia"))
+            mutableConfig.optimizeDeps.include.push("feathers-pinia");
         });
         const enableAuthBootstrap = Boolean(
           resolvedOptions.auth && serverEnabled || isResolvedRemoteAuthEnabled(resolvedOptions)

package/dist/runtime/composables/feathers.d.ts

@@ -1,6 +1,6 @@
-import type { ClientApplication, ServiceTypes } from 'nuxt-feathers-zod/client';
+import type { ServiceTypes } from 'nuxt-feathers-zod/client';
 export declare function useFeathers(): {
     api: unknown;
     client: ClientApplication;
 };
-export declare function useService<L extends keyof ServiceTypes>(path: L): import("@feathersjs/feathers").FeathersService<ClientApplication, ServiceTypes[ServiceTypes[L]]>;
+export declare function useService<L extends keyof ServiceTypes>(path: L): any;

package/dist/runtime/composables/useAuth.js

@@ -95,8 +95,12 @@ export function useAuth() {
   async function login(options) {
     if (provider.value === "keycloak")
       return keycloak.value?.login?.(options);
-    if (provider.value === "local")
-      return authStore.value?.login?.(options);
+    if (provider.value === "local") {
+      const store = authStore.value;
+      if (typeof store?.login === "function")
+        return store.login(options);
+      return store?.authenticate?.(options);
+    }
     if (provider.value === "remote") {
       const pub2 = useRuntimeConfig().public;
       const ra = getPublicRemoteAuthConfig(pub2);
@@ -110,10 +114,8 @@ export function useAuth() {
   async function logout(options) {
     if (provider.value === "keycloak")
       return keycloak.value?.logout?.(options);
-    if (provider.value === "local")
-      return authStore.value?.logout?.(options);
-    if (provider.value === "remote")
-      return authStore.value?.logout?.(options);
+    if (provider.value === "local" || provider.value === "remote")
+      return authStore.value?.logout?.();
   }
   return {
     provider,

package/dist/runtime/options/database/mongodb.d.ts

@@ -5,8 +5,30 @@ type PickSerializable<T> = {
 interface MongoUrlOption {
     url: string;
 }
+export interface MongoManagementOptions {
+    enabled?: boolean;
+    auth?: boolean;
+    exposeDatabasesService?: boolean;
+    exposeCollectionsService?: boolean;
+    exposeUsersService?: boolean;
+    exposeCollectionCrud?: boolean;
+    basePath?: string;
+}
+export interface ResolvedMongoManagementOptions {
+    enabled: boolean;
+    auth: boolean;
+    exposeDatabasesService: boolean;
+    exposeCollectionsService: boolean;
+    exposeUsersService: boolean;
+    exposeCollectionCrud: boolean;
+    basePath: string;
+}
 type SerializableMongoClientOptions = PickSerializable<MongoClientOptions>;
-export type MongoOptions = MongoUrlOption & SerializableMongoClientOptions;
-export type ResolvedMongoOptions = MongoOptions;
+export type MongoOptions = MongoUrlOption & SerializableMongoClientOptions & {
+    management?: MongoManagementOptions;
+};
+export type ResolvedMongoOptions = MongoUrlOption & SerializableMongoClientOptions & {
+    management: ResolvedMongoManagementOptions;
+};
 export declare function resolveMongoOptions(mongodb: MongoOptions): ResolvedMongoOptions;
 export {};

package/dist/runtime/options/database/mongodb.js

@@ -1,3 +1,15 @@
 export function resolveMongoOptions(mongodb) {
-  return mongodb;
+  const basePath = mongodb.management?.basePath || "/mongo";
+  return {
+    ...mongodb,
+    management: {
+      enabled: mongodb.management?.enabled === true,
+      auth: mongodb.management?.auth !== false,
+      exposeDatabasesService: mongodb.management?.exposeDatabasesService !== false,
+      exposeCollectionsService: mongodb.management?.exposeCollectionsService !== false,
+      exposeUsersService: mongodb.management?.exposeUsersService === true,
+      exposeCollectionCrud: mongodb.management?.exposeCollectionCrud !== false,
+      basePath: basePath.startsWith("/") ? basePath : `/${basePath}`
+    }
+  };
 }

package/dist/runtime/options/index.js

@@ -16,19 +16,19 @@ export async function resolveOptions(options, nuxt) {
   const srcDir = nuxt.options.srcDir;
   const servicesDirs = resolveServicesDirs(options.servicesDirs, rootDir);
   const templateDir = createResolver(nuxt.options.buildDir).resolve("feathers");
-  const transports = resolveTransportsOptions(options.transports);
+  const transports = resolveTransportsOptions(options.transports, nuxt.options.ssr);
   const database = resolveDataBaseOptions(options.database);
   const server = await resolveServerOptions(options.server, rootDir, srcDir);
-  const client = await resolveClientOptions(options.client, database.mongo, rootDir, srcDir);
+  const client = await resolveClientOptions(options.client, Boolean(database.mongo), rootDir, srcDir);
   const validator = resolveValidatorOptions(options.validator);
-  const swagger = resolveSwaggerOptions(options.swagger);
+  const swagger = resolveSwaggerOptions(options.swagger, transports);
   const templates = resolveTemplatesOptions(options.templates, rootDir);
-  const servicesImports = getResolvedClientMode({ client }) === "embedded" ? await getServicesImports(servicesDirs) : [];
+  const servicesImports = getResolvedClientMode(client) === "embedded" ? await getServicesImports(servicesDirs) : [];
   const auth = resolveAuthOptions(
     options.auth,
     {
       client: Boolean(client),
-      mode: client && isRemoteClientMode({ client }) ? "remote" : "embedded"
+      mode: client && isRemoteClientMode(client) ? "remote" : "embedded"
     },
     servicesImports,
     rootDir

package/dist/runtime/options/plugins.js

@@ -1,4 +1,6 @@
+import { existsSync } from "node:fs";
 import { createResolver } from "@nuxt/kit";
+import { consola } from "consola";
 import { scanDirExports, scanExports } from "unimport";
 import { filterExports, setImportsMeta } from "./utils.js";
 function forceArray(value) {
@@ -27,7 +29,14 @@ export function resolvePluginDirs(pluginDirs, rootDir, defaultDir) {
   return resolvedPluginDirs.map((dir) => rootResolver.resolve(dir));
 }
 export async function resolvePluginsFromPluginDirs(pluginDirs) {
-  const imports = await scanDirExports(pluginDirs, {
+  const existingPluginDirs = pluginDirs.filter((dir) => existsSync(dir));
+  const missingPluginDirs = pluginDirs.filter((dir) => !existsSync(dir));
+  for (const dir of missingPluginDirs) {
+    consola.debug(`[nuxt-feathers-zod] Skipping missing plugin directory: ${dir}`);
+  }
+  if (!existingPluginDirs.length)
+    return [];
+  const imports = await scanDirExports(existingPluginDirs, {
     filePatterns: ["*.ts"],
     types: false
   });

package/dist/runtime/options/server.js

@@ -135,7 +135,7 @@ function buildSecureServerModules(server) {
   if (hasMeaningfulValue(compression))
     push("compression", compression);
   const serveStatic = secure.serveStatic;
-  if (serveStatic && serveStatic !== false)
+  if (serveStatic)
     push("serve-static", serveStatic);
   return out;
 }

package/dist/runtime/options/transports/websocket.js

@@ -11,9 +11,11 @@ export function resolveWebsocketTransportsOptions(websocket) {
   if (websocket === true || websocket === void 0) {
     resolvedWebsocket = websocketDefaults;
   } else if (websocket !== false) {
-    resolvedWebsocket = defu(websocket, websocketDefaults);
-    if (resolvedWebsocket)
-      checkPath(resolvedWebsocket.path);
+    const merged = defu(websocket, websocketDefaults);
+    if (merged.cors == null)
+      delete merged.cors;
+    resolvedWebsocket = merged;
+    checkPath(merged.path);
   }
   return resolvedWebsocket;
 }

package/dist/runtime/plugins/feathers-auth.d.ts

@@ -10,5 +10,5 @@
  * IMPORTANT: we guard on `nuxtApp.$pinia` instead of declaring a plugin dependsOn,
  * to avoid noisy build-time warnings when Pinia is enabled dynamically by the module.
  */
-declare const _default: import("#app").Plugin<Record<string, unknown>> & import("#app").ObjectPlugin<Record<string, unknown>>;
+declare const _default: any;
 export default _default;

package/dist/runtime/plugins/keycloak-sso.d.ts

@@ -1,2 +1,2 @@
-declare const _default: import("#app").Plugin<Record<string, unknown>> & import("#app").ObjectPlugin<Record<string, unknown>>;
+declare const _default: any;
 export default _default;

package/dist/runtime/templates/server/app.js

@@ -9,6 +9,7 @@ export function getServerAppContents(options) {
     const sio = !!transports?.websocket;
     const authStrategies = options?.auth?.authStrategies;
     const auth = (authStrategies || []).length > 0;
+    const mongo = !!options.database?.mongo;
     const restPath = transports?.rest?.path;
     const websocketOptions = transports?.websocket || void 0;
     const websocketPath = JSON.stringify(websocketOptions?.path ?? "/socket.io");
@@ -27,6 +28,8 @@ ${puts([
       [sio, `import socketio from '@feathersjs/socketio'`]
     ])}
 ${put(rest, `import { ${framework}ErrorHandler } from '@gabortorma/feathers-nitro-adapter/handlers'`)}
+${put(auth, `import authentication from './authentication.js'`)}
+${put(mongo, `import mongodb from './mongodb.js'`)}
 
 export async function createFeathersApp(nitroApp, config) {
   const app = ${puts([
@@ -62,6 +65,22 @@ ${websocketConnectTimeout}${websocketTransports}${websocketCors}  }))
 
   return app
 }
+
+export async function configureFeathersInfrastructure(app, config) {
+  const mongoConfig = config?.database?.mongo
+  const mongoEnabled = !!(mongoConfig && mongoConfig.enabled && mongoConfig.url)
+
+  if (mongoEnabled) {
+    app.set('mongodb', mongoConfig.url)
+    app.set('mongoPath', mongoConfig.management?.basePath || '/mongo')
+  }
+
+${put(auth, `  if (config?.auth?.enabled !== false)
+    await app.configure(authentication)
+
+`)}${put(mongo, `  if (mongoEnabled)
+    await mongodb(app)
+`)} }
 `;
   };
 }

package/dist/runtime/templates/server/authentication.js

@@ -31,7 +31,7 @@ ${put(oauth, `  app.configure(oauth())
     before: {
       create: [
         async (context) => {
-          const d: any = context.data
+          const d = context.data
           if (d && typeof d === 'object') {
             // access_token -> accessToken
             if (d.access_token && !d.accessToken)
@@ -47,11 +47,6 @@ ${put(oauth, `  app.configure(oauth())
   })
 })
 
-declare module './server' {
-  interface ServiceTypes {
-    authentication: AuthenticationService
-  }
-}
 `;
   };
 }

package/dist/runtime/templates/server/index.js

@@ -4,47 +4,53 @@ import { getServerKeycloakContents } from "./keycloak.js";
 import { getServerMongodbContents } from "./mongodb.js";
 import { getServerPluginContents } from "./plugin.js";
 import { getSecureDefaultsModuleContents } from "./secure-defaults.js";
-import { getServerContents } from "./server.js";
+import { getServerRuntimeContents } from "./server-runtime.js";
+import { getServerTypesContents } from "./server-types.js";
 export function getServerTemplates(options) {
   const serverTemplates = [
     {
-      filename: "feathers/server/server.ts",
-      getContents: getServerContents(options),
+      filename: "feathers/server/server.js",
+      getContents: getServerRuntimeContents(options),
       write: true
     },
     {
-      filename: "feathers/server/app.ts",
+      filename: "feathers/server/server.d.ts",
+      getContents: getServerTypesContents(options),
+      write: true
+    },
+    {
+      filename: "feathers/server/app.js",
       getContents: getServerAppContents(options),
       write: true
     },
     {
-      filename: "feathers/server/modules/secure-defaults.ts",
+      filename: "feathers/server/modules/secure-defaults.js",
       getContents: getSecureDefaultsModuleContents(options),
       write: true
     },
     {
-      filename: "feathers/server/plugin.ts",
+      filename: "feathers/server/plugin.js",
       getContents: getServerPluginContents(options),
       write: true
     }
   ];
   if (options.database.mongo) {
     serverTemplates.push({
-      filename: "feathers/server/mongodb.ts",
+      filename: "feathers/server/mongodb.js",
       getContents: getServerMongodbContents(options),
       write: true
     });
   }
   if (options.auth) {
     serverTemplates.push({
-      filename: "feathers/server/authentication.ts",
+      filename: "feathers/server/authentication.js",
       getContents: getServerAuthContents(options),
       write: true
     });
   }
   if (options.keycloak) {
     serverTemplates.push({
-      filename: "feathers/server/keycloak.ts",
+      filename: "feathers/server/keycloak.js",
       getContents: getServerKeycloakContents(options),
       write: true
     });