fix(types): support server auth config project refs (#312)

Author: onmax

src/module.ts

@@ -109,6 +109,49 @@ export default defineNuxtModule<BetterAuthModuleOptions>({
       nuxt.options.alias['#auth/server'] = serverConfigPath
     nuxt.options.alias['#auth/client'] = clientConfigPath
 
+    if (!clientOnly) {
+      nuxt.hook('prepare:types', ({ nodeTsConfig, nodeReferences, sharedReferences }) => {
+        nodeTsConfig.compilerOptions ||= {}
+        nodeTsConfig.compilerOptions.paths ||= {}
+
+        const serverDir = dirname(serverConfigPath)
+        const projectReferenceTypePaths = [
+          join(nuxt.options.buildDir, 'types/nitro-imports.d.ts'),
+          join(nuxt.options.buildDir, 'types/auth-database.d.ts'),
+          join(nuxt.options.buildDir, 'types/auth-schema.d.ts'),
+          join(nuxt.options.buildDir, 'types/auth-secondary-storage.d.ts'),
+        ]
+
+        if (hasHubDb)
+          projectReferenceTypePaths.push(join(nuxt.options.buildDir, 'hub/db.d.ts'))
+
+        const exactNodeAliases = {
+          '#server': serverDir,
+          '#auth/server': nuxt.options.alias['#auth/server'],
+          '#auth/client': nuxt.options.alias['#auth/client'],
+          '#auth/database': nuxt.options.alias['#auth/database'],
+          '#auth/schema': nuxt.options.alias['#auth/schema'],
+          '#auth/secondary-storage': nuxt.options.alias['#auth/secondary-storage'],
+          '#auth/route-rules': nuxt.options.alias['#auth/route-rules'],
+          '#nuxt-better-auth': nuxt.options.alias['#nuxt-better-auth'],
+        } as const
+
+        for (const [key, value] of Object.entries(exactNodeAliases)) {
+          if (typeof value === 'string')
+            nodeTsConfig.compilerOptions.paths[key] = [value]
+        }
+
+        nodeTsConfig.compilerOptions.paths['#server/*'] = [join(serverDir, '*')]
+
+        for (const path of projectReferenceTypePaths) {
+          if (!nodeReferences.some(reference => 'path' in reference && reference.path === path))
+            nodeReferences.push({ path })
+          if (!sharedReferences.some(reference => 'path' in reference && reference.path === path))
+            sharedReferences.push({ path })
+        }
+      })
+    }
+
     if (clientOnly) {
       setupRuntimeConfig({
         nuxt,

src/module/schema.ts

@@ -68,7 +68,12 @@ export function resolveHubSchemaPath(
 async function loadAuthOptions(context: SchemaContext) {
   const isProduction = !context.nuxt.options.dev
   const configFile = `${context.serverConfigPath}.ts`
-  const userConfig = await loadUserAuthConfig(configFile, isProduction)
+  const alias = Object.fromEntries(
+    Object.entries(context.nuxt.options.alias)
+      .filter(([, value]) => typeof value === 'string')
+      .map(([key, value]) => [key, value as string]),
+  )
+  const userConfig = await loadUserAuthConfig(configFile, isProduction, alias)
 
   const extendedConfig: { plugins?: BetterAuthPlugin[] } = {}
   await context.nuxt.callHook('better-auth:config:extend', extendedConfig)

src/module/type-templates.ts

@@ -21,18 +21,18 @@ declare module '#auth/secondary-storage' {
   export function createSecondaryStorage(): SecondaryStorage | undefined
 }
 `,
-  }, { nitro: true, node: true })
+  }, { nitro: true })
 
   addTypeTemplate({
     filename: 'types/auth-database.d.ts',
     getContents: () => `
 declare module '#auth/database' {
   import type { BetterAuthOptions } from 'better-auth'
-  export function createDatabase(): BetterAuthOptions['database']
+  export function createDatabase(event?: import('h3').H3Event): BetterAuthOptions['database']
   export const db: ${hasHubDb ? `typeof import('@nuxthub/db')['db']` : 'undefined'}
 }
 `,
-  }, { nitro: true, node: true })
+  }, { nitro: true })
 
   addTypeTemplate({
     filename: 'types/auth-schema.d.ts',
@@ -51,7 +51,7 @@ declare module '#auth/schema' {
   } | undefined
 }
 `,
-  }, { nitro: true, node: true })
+  }, { nitro: true })
 
   addTypeTemplate({
     filename: 'types/nuxt-better-auth-infer.d.ts',
@@ -315,6 +315,15 @@ declare module 'nitropack/types' {
   }
   interface InternalApi extends _GeneratedAuthInternalApi {}
 }
+declare module 'nitro/types' {
+  interface NitroRouteRules {
+    auth?: import('${runtimeTypesPath}').AuthMeta
+  }
+  interface NitroRouteConfig {
+    auth?: import('${runtimeTypesPath}').AuthMeta
+  }
+  interface InternalApi extends _GeneratedAuthInternalApi {}
+}
 export {}
 `,
   }, { nuxt: true, nitro: true, node: true })

src/runtime/server/utils/auth.ts

@@ -1,8 +1,6 @@
 import type { BetterAuthOptions } from 'better-auth'
 import type { H3Event } from 'h3'
-// @ts-expect-error Nuxt generates this virtual module in app builds.
 import { createDatabase, db } from '#auth/database'
-// @ts-expect-error Nuxt generates this virtual module in app builds.
 import { createSecondaryStorage } from '#auth/secondary-storage'
 import createServerAuth from '#auth/server'
 import { betterAuth } from 'better-auth'
@@ -12,12 +10,42 @@ import { withoutProtocol } from 'ufo'
 import { resolveCustomSecondaryStorageRequirement } from './custom-secondary-storage'
 
 type AuthOptions = ReturnType<typeof createServerAuth>
-type AuthInstance = ReturnType<typeof betterAuth<AuthOptions>>
+type UserAuthConfig = AuthOptions & {
+  trustedOrigins?: BetterAuthOptions['trustedOrigins']
+  secondaryStorage?: BetterAuthOptions['secondaryStorage']
+}
+type ResolvedAuthOptions = UserAuthConfig & {
+  secret: string
+  baseURL: string
+  trustedOrigins?: BetterAuthOptions['trustedOrigins']
+  database?: BetterAuthOptions['database']
+}
+type AuthInstance = ReturnType<typeof betterAuth<ResolvedAuthOptions>>
 
 const _authCache = new Map<string, AuthInstance>()
+const requestAuthKey = Symbol.for('nuxt-better-auth.requestAuth')
 let _baseURLInferenceLogged = false
 let _customSecondaryStorageMisconfigWarned = false
 
+interface RequestAuthContext {
+  [requestAuthKey]?: AuthInstance
+}
+
+const fallbackRequestAuthContext = new WeakMap<object, RequestAuthContext>()
+
+function getRequestAuthContext(event: H3Event): RequestAuthContext {
+  const eventWithContext = event as H3Event & { context?: unknown }
+  if (eventWithContext.context && typeof eventWithContext.context === 'object')
+    return eventWithContext.context as RequestAuthContext
+
+  let context = fallbackRequestAuthContext.get(event as object)
+  if (!context) {
+    context = {}
+    fallbackRequestAuthContext.set(event as object, context)
+  }
+  return context
+}
+
 function normalizeLoopbackOrigin(origin: string): string {
   if (!import.meta.dev)
     return origin
@@ -252,15 +280,13 @@ export function serverAuth(event?: H3Event): AuthInstance {
   const requestOrigin = resolveEventOrigin(event)
   const hasExplicitSiteUrl = runtimeConfig.public.siteUrl && typeof runtimeConfig.public.siteUrl === 'string'
   const cacheKey = hasExplicitSiteUrl ? '__explicit__' : siteUrl
+  const requestContext = event ? getRequestAuthContext(event) : undefined
 
-  const cached = _authCache.get(cacheKey)
-  if (cached)
-    return cached
+  if (requestContext?.[requestAuthKey])
+    return requestContext[requestAuthKey]
 
-  const database = createDatabase()
-  const userConfig = createServerAuth({ runtimeConfig, db, requestOrigin }) as BetterAuthOptions & {
-    secondaryStorage?: BetterAuthOptions['secondaryStorage']
-  }
+  const database = createDatabase(event)
+  const userConfig = createServerAuth({ runtimeConfig, db, requestOrigin }) as UserAuthConfig
   const trustedOrigins = withDevTrustedOrigins(userConfig.trustedOrigins, Boolean(hasExplicitSiteUrl))
 
   const hubSecondaryStorage = (runtimeConfig.auth as { hubSecondaryStorage?: boolean | 'custom' })?.hubSecondaryStorage
@@ -272,15 +298,30 @@ export function serverAuth(event?: H3Event): AuthInstance {
     console.warn(customSecondaryStorage.message)
   }
 
-  const auth = betterAuth({
+  if (!database) {
+    const cached = _authCache.get(cacheKey)
+    if (cached) {
+      if (requestContext)
+        requestContext[requestAuthKey] = cached
+      return cached
+    }
+  }
+
+  const authOptions: ResolvedAuthOptions = {
     ...userConfig,
-    ...(database && { database }),
-    ...(hubSecondaryStorage === true && { secondaryStorage: createSecondaryStorage() }),
+    ...(database ? { database } : {}),
+    ...(hubSecondaryStorage === true ? { secondaryStorage: createSecondaryStorage() } : {}),
     secret: runtimeConfig.betterAuthSecret,
     baseURL: siteUrl,
     trustedOrigins,
-  })
+  }
+  const auth = betterAuth(authOptions)
+
+  if (requestContext)
+    requestContext[requestAuthKey] = auth
+
+  if (!database)
+    _authCache.set(cacheKey, auth)
 
-  _authCache.set(cacheKey, auth)
   return auth
 }

src/runtime/server/virtual-modules.d.ts

@@ -3,6 +3,11 @@ declare module '#auth/database' {
   export function createDatabase(...args: any[]): any
 }
 
+declare module '#imports' {
+  export function getRouteRules(event: any): any
+  export function useRuntimeConfig(): any
+}
+
 declare module '#auth/secondary-storage' {
   export function createSecondaryStorage(...args: any[]): any
 }

src/schema-generator.ts

@@ -64,10 +64,14 @@ declare global {
   var __nuxtBetterAuthDefineServerAuth: RuntimeDefineServerAuthFn | undefined
 }
 
-export async function loadUserAuthConfig(configPath: string, throwOnError = false): Promise<Partial<BetterAuthOptions>> {
+export async function loadUserAuthConfig(
+  configPath: string,
+  throwOnError = false,
+  alias?: Record<string, string>,
+): Promise<Partial<BetterAuthOptions>> {
   const { createJiti } = await import('jiti')
   const { defineServerAuth: runtimeDefineServerAuth } = await import('./runtime/config')
-  const jiti = createJiti(import.meta.url, { interopDefault: true, moduleCache: false })
+  const jiti = createJiti(import.meta.url, { interopDefault: true, moduleCache: false, alias })
   const schemaGlobals = globalThis as typeof globalThis & SchemaGeneratorGlobals
 
   if (!schemaGlobals.__nuxtBetterAuthDefineServerAuth) {

test/cases/layer-server-auth-typecheck-base/app/app.vue

@@ -0,0 +1,3 @@
+<template>
+  <NuxtPage />
+</template>

test/cases/layer-server-auth-typecheck-base/app/auth.config.ts

@@ -0,0 +1,3 @@
+import { defineClientAuth } from '@onmax/nuxt-better-auth/config'
+
+export default defineClientAuth({})

test/cases/layer-server-auth-typecheck-base/nuxt.config.ts

@@ -0,0 +1,9 @@
+export default defineNuxtConfig({
+  modules: ['@nuxthub/core', '@onmax/nuxt-better-auth'],
+
+  hub: { db: 'sqlite' },
+
+  runtimeConfig: {
+    betterAuthSecret: 'test-secret-for-testing-only-32chars!',
+  },
+})

test/cases/layer-server-auth-typecheck-base/server/auth.config.ts

@@ -0,0 +1,16 @@
+import { defineServerAuth } from '@onmax/nuxt-better-auth/config'
+
+export default defineServerAuth(() => ({
+  emailAndPassword: {
+    enabled: true,
+  },
+  databaseHooks: {
+    session: {
+      create: {
+        async after() {
+          await sessionHookAfter()
+        },
+      },
+    },
+  },
+}))