Nuxt
×
Better Auth
Core Concepts

Route Protection

Protect pages with route rules or meta.

There are two protection layers:

Client pages

Global route middleware reads meta.auth / meta.role:

definePageMeta({
  auth: 'user',          // or 'guest'
  // role: 'admin',      // optional
})

If a user is not logged in and auth resolves to 'user', they are redirected to /login.

Route rules sync

The module copies routeRules.auth and routeRules.role into page meta at build time:

export default defineNuxtConfig({
  routeRules: {
    '/app/**': { auth: 'user' },
    '/admin/**': { auth: { role: 'admin' } },
    '/login': { auth: 'guest' },
  },
})

auth values

  • false or undefined: public
  • 'guest': only unauthenticated users
  • 'user': any authenticated user
  • { only?: 'guest' | 'user', role?: string | string[], redirectTo?: string }

See also

  • How the module works: /core-concepts/how-it-works
  • Security & caveats: /core-concepts/security-caveats

Sessions

SSR‑safe session state via `useUserSession()`.

Auto‑Imports and Aliases

What the module registers for you.