import { admin } from 'better-auth/plugins'
import { defineServerAuth } from '@onmax/nuxt-better-auth/config'
export default defineServerAuth({ plugins: [admin()] })
// nuxt.config.ts - role is now typed!
routeRules: {
'/admin/**': { auth: { user: { role: 'admin' } } },
'/staff/**': { auth: { user: { role: ['admin', 'moderator'] } } },
}
// Works the same way with any plugin fields
routeRules: {
'/team/**': { auth: { user: { teamRole: 'owner' } } },
}
// Any field on AuthUser works
routeRules: {
'/premium/**': { auth: { user: { isPremium: true } } },
'/verified/**': { auth: { user: { emailVerified: true } } },
}
// Must be admin AND verified
{ auth: { user: { role: 'admin', emailVerified: true } } }
// Must be admin OR moderator
{ auth: { user: { role: ['admin', 'moderator'] } } }
For complex authorization, use custom middleware or requireUserSession with a rule callback.
For authorization logic that can't be expressed with field matching:
export default defineNuxtConfig({
routeRules: {
'/admin/**': {
auth: {
rule: (session) => {
// User must be admin AND have verified email
return session.user.role === 'admin' && session.user.emailVerified
}
}
}
}
})
export default defineEventHandler(async (event) => {
await requireUserSession(event, {
rule: (session) => {
// User must have 'reports:read' permission
return session.user.permissions?.includes('reports:read')
}
})
return getReports()
})