Hono Sessions crypto error on Cloudflare Pages

[callmetwan]

Hello again!

I'm having an issue where Hono Sessions seems to require a crypto API that is unavailable when running in Cloudflare Pages

Repo to reproduce here: https://github.com/callmetwan/hono-sessions-crypto-error/blob/main/README.md

This is a brand new Hono project using the Hono create CLI. I added Hono Sessions (the only dependency aside from Hono) and I immediately get failures when running wrangler

✘ [ERROR] 1 error(s) and 0 warning(s) when compiling Worker.
▲ [WARNING] Failed to bundle _worker.js. Error: Build failed with 1 error:
  _worker.js:1:538: ERROR: Could not resolve "crypto"
      at failureErrorWithLog (/Users/anthony/dev/my-app/node_modules/esbuild/lib/main.js:1636:15)
      at /Users/anthony/dev/my-app/node_modules/esbuild/lib/main.js:1048:25
      at /Users/anthony/dev/my-app/node_modules/esbuild/lib/main.js:1512:9
      at process.processTicksAndRejections (node:internal/process/task_queues:95:5) {
    errors: [
      {
        detail: undefined,
        id: '',
        location: [Object],
        notes: [Array],
        pluginName: '',
        text: 'Could not resolve "crypto"'
      }
    ],
    warnings: []
  }

Cloudflare supports some of the browser Crypto APIs so I'm surprised to see this. Is Iron depending on something not supported by Cloudflare?

[callmetwan]

I wonder if this has something to do with Vite actually. Also, forgot to mention that I know Hono Sessions doesn't technically declare support for Cloudflare Pages they are very similar and was hoping for some help 😅

[jcs224]

Looks like npm run dev and npm run build work for me. preview doesn't, though. Could be a dependency such as iron-webcrypto. Cloudflare Workers is one of the test targets and it works there. Needs more investigation.

[callmetwan]

I did a ton of debugging in between now and my initial post.

I’m reasonably confident the culprit is nanoid. Hono Sessions is using v4 which utilizes Node’s crypto APIs. In v5 the nanoid folks rewrote it to use the Web Crypto APIs.

I did have a test working that proved this but it involved importing Hono Sessions as a locally linked dependency and I broke something in the dependency management chain (shakes fist at yarn).

If you are able to test with v5 of nanoid (maybe the preview command that wasn’t working) that would be helpful! I’m not at all familiar with Deno or how the repository of dependencies are structured and I couldn’t get a local version running with v5; I’m sure it would be trivial for someone that knew what they were doing.

Thanks for taking a look!!

[jcs224]

Thanks for investigating!

I have a branch called cloudflare-pages-compat where I got rid of nanoid altogether and just use web crypto randomUUID. This is probably the way forward for better compatibility (and more performant, too). It shouldn't break existing sessions, it just won't create new ones based off of nanoid anymore.

[callmetwan]

Glad to do it! Thanks for swapping things out. I'll see if I can get this branch linked locally sometime this weekend

[callmetwan]

It worked!!

My project using Hono Sessions as published on npm:

My project using Hono sessions branch cloudflare-pages-compat :

[jcs224]

Excellent, thanks for trying it out! Glad it's working for you :smile: I'll test a little more then merge it in soon!

[jcs224]

Merged the new changes and cut a new version!

[callmetwan]

Thanks you!!