fix: leverage runtimeConfig to check password

README.md

@@ -53,9 +53,10 @@ export default defineNuxtConfig({
 NUXT_SESSION_PASSWORD=password-with-at-least-32-characters
 ```
 
-Nuxt Auth Utils can generate one for you when running Nuxt in development the first time when no `NUXT_SESSION_PASSWORD` is set.
+Nuxt Auth Utils generates one for you when running Nuxt in development the first time if no `NUXT_SESSION_PASSWORD` is set.
+
+3. That's it! You can now add authentication to your Nuxt app ✨
 
-4. That's it! You can now add authentication to your Nuxt app ✨
 
 ## Vue Composables
 

src/module.ts

@@ -17,19 +17,6 @@ export default defineNuxtModule<ModuleOptions>({
   async setup (options, nuxt) {
     const resolver = createResolver(import.meta.url)
 
-    // Generate the session password
-    if (nuxt.options.dev && !process.env.NUXT_SESSION_PASSWORD) {
-      process.env.NUXT_SESSION_PASSWORD = randomUUID().replace(/-/g, '')
-      // Add it to .env
-      const envPath = join(nuxt.options.rootDir, '.env')
-      const envContent = await readFile(envPath, 'utf-8').catch(() => '')
-      if (!envContent.includes('NUXT_SESSION_PASSWORD')) {
-        await writeFile(envPath, `${envContent ? envContent + '\n' : envContent}NUXT_SESSION_PASSWORD=${process.env.NUXT_SESSION_PASSWORD}`, 'utf-8')
-      }
-    } else if (!nuxt.options._prepare && !process.env.NUXT_SESSION_PASSWORD) {
-      throw new Error('NUXT_SESSION_PASSWORD environment variable is not set')
-    }
-
     nuxt.options.alias['#auth-utils'] = resolver.resolve('./runtime/types/index')
 
     // App
@@ -75,11 +62,25 @@ export default defineNuxtModule<ModuleOptions>({
     const runtimeConfig = nuxt.options.runtimeConfig
     runtimeConfig.session = defu(runtimeConfig.session, {
       name: 'nuxt-session',
-      password: '',
+      password: process.env.NUXT_SESSION_PASSWORD || '',
       cookie: {
         sameSite: 'lax'
       }
     })
+
+    // Generate the session password
+    if (nuxt.options.dev && !runtimeConfig.session.password) {
+      runtimeConfig.session.password = randomUUID().replace(/-/g, '')
+      // Add it to .env
+      const envPath = join(nuxt.options.rootDir, '.env')
+      const envContent = await readFile(envPath, 'utf-8').catch(() => '')
+      if (!envContent.includes('NUXT_SESSION_PASSWORD')) {
+        await writeFile(envPath, `${envContent ? envContent + '\n' : envContent}NUXT_SESSION_PASSWORD=${runtimeConfig.session.password}`, 'utf-8')
+      }
+    } else if (!nuxt.options._prepare && !runtimeConfig.session.password) {
+      throw new Error('NUXT_SESSION_PASSWORD environment variable or runtimeConfig.session.password not set')
+    }
+
     // OAuth settings
     runtimeConfig.oauth = defu(runtimeConfig.oauth, {})
     // GitHub OAuth

src/runtime/server/utils/session.ts

@@ -72,12 +72,8 @@ export async function requireUserSession(event: H3Event): Promise<UserSession &
   return userSession as UserSession & { user: User }
 }
 
-let sessionConfig: SessionConfig
+const sessionConfig: SessionConfig = useRuntimeConfig().session
 
 function _useSession (event: H3Event) {
-  if (!sessionConfig) {
-    // @ts-ignore
-    sessionConfig = defu({ password: process.env.NUXT_SESSION_PASSWORD }, useRuntimeConfig(event).session)
-  }
   return useSession<UserSession>(event, sessionConfig)
 }

test/basic.test.ts

@@ -1,10 +1,18 @@
 import { describe, it, expect } from 'vitest'
 import { fileURLToPath } from 'node:url'
 import { setup, $fetch } from '@nuxt/test-utils'
+import { randomUUID } from 'uncrypto'
 
 describe('ssr', async () => {
   await setup({
     rootDir: fileURLToPath(new URL('./fixtures/basic', import.meta.url)),
+    nuxtConfig: {
+      runtimeConfig: {
+        session: {
+          password: randomUUID()
+        }
+      }
+    }
   })
 
   it('renders the index page', async () => {