netlify[bot]
commented
1 year ago Deploy Preview for redwoodjs-com failed. Why did it fail? β
| Name | Link |
|---|---|
| Latest commit | e6cc3b4cc8b64e558638485c4958c66fa7711feb |
| Latest deploy log | https://app.netlify.com/sites/redwoodjs-com/deploys/66d7b79fc9541e000872b36b |
This PR contains the following updates:
^1.5.1->^8.0.0^1.5.1->^8.0.0^1.5.1->^8.0.0^1.5.1->^8.0.0^1.5.1->^8.0.0^1.5.1->^8.0.0Release Notes
redwoodjs/redwood (@redwoodjs/auth)
### [`v8.0.0`](https://redirect.github.com/redwoodjs/redwood/releases/tag/v8.0.0) [Compare Source](https://redirect.github.com/redwoodjs/redwood/compare/v7.7.4...v8.0.0) ##### Upgrade Guide https://redwoodjs.com/upgrade/v8 ##### Changelog ##### π¨ Breakingdeps(react): 18.3.1 (#10885) by @Tobbe
Please see #10885 for more detailsfix(template): Set scripts/ module resolution to match api/ (#11366) by @Tobbe
Make the module resolution for `scripts/` be more predictable/stable, and match that of `api/` See also [https://github.com/redwoodjs/redwood/pull/11170](https://redirect.github.com/redwoodjs/redwood/pull/11170)fix(tsconfig): set "module" to "ESNext" for web/tsconfig.json (#11368) by @Tobbe
Please see #11368 for more detailsrefactor(forms): Build with esbuild and add conditional exports (#11338) by @Josh-Walker-GM
This change introduces restrictions on what can be imported from the `@redwoodjs/forms` package. You can no longer import from `@redwoodjs/forms/dist/...`. All imports should be available simply from `@redwoodjs/forms`.refactor(prerender): build with esbuild and introduce conditional exports (#11337) by @Josh-Walker-GM
This change restricts the available imports from the `@redwoodjs/prerender` package. You will also have to use modern `moduleResolution` settings in your tsconfig to resolve the imports correctly within TS.refactor(api): Add conditional exports to package.json (#11307) by @Josh-Walker-GM
This change restricts the available imports from this package. You can no longer freely import from within the dist like `@redwoodjs/api/dist/...`. If you were doing so please consult the `@redwoodjs/api` `package.json` file to see what exports are now available.fix(internal): Move away from babel for building package (#11304) by @Josh-Walker-GM
Please see #11304 for more detailsfix: Update default tsconfig options (target, module and moduleResolution) (#11170) by @Josh-Walker-GM
This changes the default values of: - target - module - moduleResolution in the tsconfig files for both the API and web side. The benefit of this change is increased correctness for build time checking of the imports from packages which specify `exports` in their `package.json` files. This change will have a limited effect while Redwood apps are still built to CJS rather than ESM. After that switch to ESM there would be more breaking changes but they are not applied here and are a future concern.chore: brought in typescript-eslint@v8 with stylistic preset (#10911) by @JoshuaKGoldberg
This change updates Redwood linting config and introduces some changes to the linting rules that are applied to your project. Specifically: 1. `jsx-a11y/no-noninteractive-element-to-interactive-role` has it's default config updated. 2. `@typescript-eslint/explicit-function-return-type` used to be turned off, now it's no longer applied. 3. `@typescript-eslint/no-empty-interface` - used to be turned off, now it's no longer applied. 4. `@typescript-eslint/explicit-module-boundary-types` - used be turned off, now it's no longer applied. 5. `@typescript-eslint/ban-types` - used to be 'warn', now it's no longer applied. This has been replaces with a set of smaller more specific rules. 6. `no-empty-function` - used be turned off, now it's no longer applied. The ts-eslint flavour is still there and turned off still. 7. `camelcase` - used to be turned off, now it's 'warn'. 8. `@typescript-eslint/camelcase` - used to be turned off, now it's no longer applied. 9. `no-use-before-define` - used to be turned off, now it's no longer applied. 10. `@typescript-eslint/no-use-before-define` - used to be turned off, now it's no longer applied. 11. `@typescript-eslint/prefer-namespace-keyword` - used to be turned off, now it's 'error' 12. `unicode-bom` - used to be turned off, now it's no longer applied. 13. `@typescript-eslint/adjacent-overload-signatures` - used to be 'error', now it's no longer applied. 14. `@typescript-eslint/no-explicit-any` - used be 'warn', now 'error' 15. `@typescript-eslint/no-inferrable-types` - used to be 'error', now it's no longer applied. 16. `no-loss-of-precision` - used be 'off', now 'error' 17. `@typescript-eslint/no-loss-of-precision` - used be 'error', now it's no longer applied. 18. `@typescript-eslint/no-non-null-assertion` - used be 'warn', now it's no longer applied. 19. `valid-typeof` - used be either 'error' or 'off', now always 'error' 20. `no-unused-expressions` - used be always 'error', now either 'error' or 'off' 21. `@typescript-eslint/prefer-function-type` - newly added as 'off' 22. `@typescript-eslint/no-require-imports` - newly added as 'off' 23. `@typescript-eslint/no-empty-object-type` - newly added as 'off' 24. `unicorn/template-indent` - newly added as 'off' 25. `@typescript-eslint/no-duplicate-enum-values` - newly added as 'error' 26. `@typescript-eslint/no-unsafe-declaration-merging` - newly added as 'error' 27. `@typescript-eslint/no-unsafe-function-type` - newly added as 'error' 28. `@typescript-eslint/no-unused-expressions` - newly added as 'error' 29. `@typescript-eslint/no-wrapper-object-types` - newly added as 'error' 30. `no-new-native-nonconstructor` - newly added as 'off'fix(deps): update typescript-eslint monorepo to v8 (major) (#11235) by @Josh-Walker-GM
Please see #11235 for more detailsfix(api-server): Use createServer in all cases, to make fastify config consistent (#11176) by @dac09
\[BREAKING] Removes serverConfig support, in favour of server file to configure your Fastify instance. You can still customise your server settings by running `yarn rw setup server-file` first. See docs for [Server File](https://docs.redwoodjs.com/docs/docker/#using-the-server-file) This PR removes all the cases where we use `createFastifyInstance` for the api server, and replaces it with `createServer`. This makes sure that the API server config is always consistent - whether you use a server file or not.fix(deps): update dependency resend to v3 (#11040) by @Josh-Walker-GM
Please see #11040 for more detailsbreaking: remove webpack (#10867) by @Josh-Walker-GM
This PR removes support for webpack. There are a number of breaking changes associated with removing a core component of previous versions. A list of such changes is: 1. `prebuildWebFile` is function no longer exported from `@redwoodjs/babel-config` package 2. `@redwoodjs/cli-storybook` has been removed 3. `yarn rw build` no longer accepts the `--stats` flag 4. `yarn rw dev` no longer accepts the `--watchNodeModules` flag 5. `yarn rw setup custom-web-index` command has been removed 6. `yarn rw setup webpack` has been removed 7. `@redwoodjs/core` no longer provides `@redwoodjs/core/config/*` files 8. The `web.bundler` TOML config option has been removed 9. `@redwoodjs/testing` no longer provides storybook config files 10. `@redwoodjs/testing` no longer provides a `StorybookProvider` 11. The `webpack` bin has been removed from `@redwoodjs/web` You can also find more information on the upgrade guide.feat(colors): Add more chalk colors. And prepare for chalk upgrade (#10939) by @Tobbe
Add more colors to `@redwoodjs/cli-helpers`. Breaking: No longer exporting `green` as a color. Use `tip` or `success` instead depending on what you want to convey.remove(cli): Remove deprecated deploy providers (#10859) by @Josh-Walker-GM
This change removes the deprecated deploy providers edgio and ~~serverless~~. Serverless has been restored and is available in v8.chore(codemods): Remove pre v1 related content (#10831) by @Josh-Walker-GM
Please see #10831 for more detailsfix(deps): update dependency firebase-admin to v12 (#10833) by @renovate
This change updates our firebase auth provider to use the v12 major version of the `firebase-admin` package. This will require you to update your own version of `firebase-admin` that is listed in your api side package json file. We have noticed no breaking api changes in our limited testing. Please consult the `firebase-admin` upgrade guide if you experience problems after upgrading - especially if you have more extensive or complex use of the firebase suite of products.fix(functions-test): Fix mockHttpEvent for null bodies (#10570) by @Tobbe
With an empty/null payload (which it is by default) the body should be empty, not the string `'null'` This is a breaking change for anyone who was depending on the current "null" behavior in their api function tests. More specifically, if you're **NOT** passing `body` or `payload` to `mockHttpEvent({ ... })` or if you're trying to explicitly set `payload` to `null` you might have to update your tests.feat: Remove `--performance` option from `yarn rw build` (#10453) by @Josh-Walker-GM
This change removes the `--performance` flag from the `yarn rw build` command. It will no longer be available to use and the CLI will no longer accept this flag being passed in. Additionally, the associated webpack config (`@redwoodjs/core/config/webpack.perf.js`) has been removed so it can no longer be imported if you were doing so.fix(router): Remove barrel exports from router.tsx (#10464) by @Tobbe
We were using both `index.ts` and `router.tsx` as barrel export files. We should move away from barrel exports at some point, and we definitely don't need two files doing it in the same package. Everything that was exported from `router.tsx` is already exported by other files (except `Router` itself). So I updated the code to import from there directly instead. This is a breaking change for anyone who does `import ... from '@redwoodjs/router/dist/router'` in their project. Which hopefully isn't very many. - The quick fix is to find the original export and pull from there instead - The real fix is to talk to us on the core team and see if we can provide an official way of solving it instead of relying on internal implementation details πchore(linting): Update versions and avoid `{}` (#10266) by @Josh-Walker-GM
This PR updates the versions of the `eslint` and the `@typescript-eslint` packages from v5 to v7. This is a major upgrade of the `@typescript-eslint` package and although we think it is unlikely to introduce a breaking change for you we would recommend that you read the associated documentation. The v6 upgrade can be found [here](https://typescript-eslint.io/blog/announcing-typescript-eslint-v6/) and the v7 one [here](https://typescript-eslint.io/blog/announcing-typescript-eslint-v7/).fix(navlink): Replace (don't merge) className of active link (#10342) by @Tobbe
We should be replacing className with `activeClassName` for the active link. Currently we try to merge them, but that makes it very difficult for end users to have full control over exactly what classes are applied to active links Fixes [https://github.com/redwoodjs/redwood/issues/10296](https://redirect.github.com/redwoodjs/redwood/issues/10296) ##### Before ```tsxfeat(vite): upgrade to v5 (#10197) by @jtoar
Please see #10197 for more detailsfeat(prettier) upgrade to prettier v3 (#10179) by @jtoar
This PR upgrades Redwood internally to Prettier v3. We believe this won't have any downstream effect for users. If you have Tailwind CSS configured, can upgrade `prettier-plugin-tailwindcss` to a version later than `0.4.1` if you make a few changes: - Change `prettier.config.js` to `prettier.config.mjs` (js -> mjs) - `export default` instead of `module.exports` - `await import('...')` any plugins instead of `require('...')` Here's an example of an updated `prettier.config.mjs` to work with `prettier-plugin-tailwindcss@^0.5.12`: ```js // prettier.config.mjs export default { trailingComma: "es5", bracketSpacing: true, tabWidth: 2, semi: false, singleQuote: true, arrowParens: "always", overrides: [ { files: "Routes.*", options: { printWidth: 999, }, }, ], tailwindConfig: "./web/config/tailwind.config.js", plugins: [await import("prettier-plugin-tailwindcss")], }; ```RSC: createServerCell (#9987) by @Tobbe
Please see #9987 for more detailsfeat(uploads): Increase default fastify body limit to 100MB (#11412) by @dac09
Increases the default limit for receiving requests to 100MB (instead of 15MB). This number is arbitrary really, but it is the TOTAL size of the request, not of each file being uploaded. The user can override this in their server file. ```jsx // api/server.js const server = await createServer({ logger, fastifyServerOptions: { bodyLimit: 1048576 * 2, // 2 MiB }, }); ```feat(rsc): Initial support for RSA rerender (#11406) by @Tobbe
This PR makes it so that the entire page is re-rendered when a React Server Action returns. Previously when calling an RSA you'd only get the result of the action back. Now, when calling an RSA you'll still get the result back, and in addition to that the page will update. What this means is that if you for example update a counter on the server that a server component is displaying that counter will now immediately update. Also, if some data has been updated by something external to the app the new data will be displayed (like if someone used an external CMS to update some .md file you're rendering)feat(storage): Add support for createMany, updateMany and upsert (#11390) by @dac09
Extends the uploads Prisma client extension with the following: 1. `createMany`: support for bulk creation with automatic cleanup of uploaded files if the operation fails. 2. `updateMany`: bulk update functionality that manages file uploads across multiple records, including removal of old files after successful updates. 3. `upsert`: determining whether it's an insert or update and managing file uploads accordingly - delete files on creation fail, and replace files on updatefeat(uploads): Create uploads package with prisma extension and upload processors (#11263) by @dac09
Please see #11263 for more detailstemplate(db): Update `api/src/lib/db` template (#11379) by @dac09
Updates the template in `api/src/lib/db.{js,ts}` to export `db` differently. In your existing projects, you can make the following changes: ```diff import { PrismaClient } from '@prisma/client' import { emitLogLevels, handlePrismaLogging } from '@redwoodjs/api/logger' import { logger } from './logger' import { prismaExtension } from './uploads' - export const db = new PrismaClient({ + const prismaClient = new PrismaClient({ log: emitLogLevels(['info', 'warn', 'error']), }) handlePrismaLogging({ - db + db: prismaClient, logger, logLevels: ['info', 'warn', 'error'], }) + export const db = prismaClient ```feat(uploads): Add File scalar to rootSchema (#11378) by @dac09
Adds `File` scalar to rootSchema, to enable parsing fields set to File as a https://developer.mozilla.org/en-US/docs/Web/API/File The parsing and scalar is actually built in to GraphQL Yoga, this change just enables it by default instead of having to add `scalar File` to one or more of your SDLs.RCS: Basic support for 'use server' inside components (#11376) by @Tobbe
Please see #11376 for more detailsfeat(jobs): Expose types (#11369) by @Tobbe
Please see #11369 for more detailsAdds a "highlight" color option (#11345) by @cannikin
Please see #11345 for more detailsAdds background job scheduling and execution (#11238) by @cannikin
This new package provides scheduling and processing of background jobs. We want everything needed to run a modern web application to be included in Redwood itselfβyou shouldn't need any third party integrations if you don't want. Background jobs have been sorely missed, but the time has come! (If you do want to use a third party service we have had an [integration with Inngest](https://community.redwoodjs.com/t/ship-background-jobs-crons-webhooks-and-reliable-workflows-in-record-time-with-inngest-and-redwoodjs/4866) since May of 2023!) ##### Features - Named queues: you can schedule jobs in separate named queues and have a different number of workers monitoring each oneβmakes it much easier to scale your background processing - Priority: give your jobs a priority from 1 (highest) to 100 (lowest). Workers will sort available jobs by priority, working the most important ones first. - Configurable delay: run your job as soon as possible (default), wait a number of seconds before running, or run at a specific time in the future - Auto-retries with backoff: if your job fails it will back off at the rate of attempts \*\* 4 for a default of 24 tries, the time between the last two attempts is a little over three days. - Run inline: instead of scheduling to run in the background, run immediately - Integrates with Redwood's [logger](https://docs.redwoodjs.com/docs/logger): use your existing one in api/src/lib/logger or create a new one just for job loggingfeat(uploads): Configure apollo client to do multi-part form uploads (#11175) by @dac09
a) Configures the Apollo client we export to use upload link - https://github.com/jaydenseric/apollo-upload-client b) Configures our API side fastify server to accept multipart form data Notes: 1. apollo-upload-client is ESM only. In order to get this working for prerender, I had to bundle it for CJS version only. Without this change you get errors during prerender like this: Error [ERR_REQUIRE_ESM]: require() of ES Module /Users/dac09/Experiments/apollo-upload-link/node_modules/apollo-upload-client/createUploadLink.mjs not supported. 2. Currently the multi-part config only applies when you have a server file (see separate PR with fix: [https://github.com/redwoodjs/redwood/pull/11176](https://redirect.github.com/redwoodjs/redwood/pull/11176)) 3. The upload link internally will handle whether to do a regular POST or multipart POST. In order to make use of this on the backend you need to set your graphql schema field to a scalar of `File`feat(context): Build and publish package as dual esm/cjs (#11294) by @Josh-Walker-GM
Please see #11294 for more detailsfeat(exec): Add --silent to silence all RW output (#11278) by @Tobbe
Run with `--silent` (or `-s`) to not have the framework itself print anything to your console. Only console logs you have yourself in the script, or any files the script includes, will come through. If you're using Prisma you might want to tweak Prisma's logging (in `api/lib/db.ts`) and turn off "info" logging, depending on your goals.feat(rsc): Register top-level function-scoped RSAs (#11255) by @Tobbe
Please see #11255 for more detailsfeat(rsc): Detect single RSA functions (not just entire files) (#11168) by @Tobbe
Please see #11168 for more detailsfeature(studio): Make studioHandler install Studio v12 (#11131) by @Tobbe
Makes sure you get the latest version of Redwood Studio the first time you run `yarn rw studio`feat(rsc): rsc-cache-read (#11127) by @Tobbe
Please see #11127 for more detailsRSC cache control (#11126) by @Tobbe
Please see #11126 for more detailsfeat(crwrsca): Add support for --template (#11123) by @Tobbe
Please see #11123 for more detailsfeat(storybook): switch command for storybook vite (#11069) by @Josh-Walker-GM
This change moves the vite based storybook to the standard storybook command. Essentially making it the default storybook command.Introduce RSC "live reload." (#10932) by @peterp
Please see #10932 for more detailsfeat(cli): Move docker setup out of experimental (#11072) by @Josh-Walker-GM
This change introduces `yarn rw setup docker`. This is a result of moving our docker setup command out of it's experimental phase.feat(link): Pass options to navigate() (#11058) by @Tobbe
Allow passing `NavigateOptions` (which for now is just `replace`) from a `` and `feat(router): add router useBlocker hook (#10873) by @xmaxcooking
Add `useBlocker()` hook to router to allow blocking navigation. Most commonly used to prevent users from accidentally leaving a page with unsaved changes.feat(trusted-docs): Allows useRedwoodTrustedDocuments to set more custom UsePersistedOperationsOptions (#10894) by @dthyresson
Allows useRedwoodTrustedDocuments to set more custom UsePersistedOperationsOptions Allows the useRedwoodTrustedDocuments plugin to define: ```ts /** * Whether to allow execution of arbitrary GraphQL operations aside from persisted operations. */ allowArbitraryOperations?: boolean | AllowArbitraryOperationsHandler; /** * The path to the persisted operation id */ extractPersistedOperationId?: ExtractPersistedOperationId; /** * Whether to skip validation of the persisted operation */ skipDocumentValidation?: boolean; /** * Custom errors to be thrown */ customErrors?: CustomPersistedQueryErrors; ``` This can let you override to allow certain ops or skip validation etc: > If you validate your persisted operations while building your store, we recommend to skip the validation on the server. So this will reduce the work done by the server and the latency of the requests. The allow authenticated request is still considered, but `allowArbitraryOperations` can override. Omitted `getPersistedOperation` as this extracts hash from store.feat(prisma): Support multi file Prisma schemas (#10869) by @dthyresson
Prisma's `prismaSchemaFolder` [feature](https://www.prisma.io/docs/orm/prisma-schema/overview/location#multi-file-prisma-schema) allows you to define multiple files in a schema subdirectory of your prisma directory. This PR updates: - Prisma utilities - generators - dbAuth setup - documentation to support single and multi file Prisma schemas. If you have enabled Prisma multi file schemas, you configure your project toml api `schemaPath` setting the directory where your schema.prisma can be found, for example: './api/db/schema' When [organizing your Prisma Schema into multiple files](https://www.prisma.io/blog/organize-your-prisma-schema-with-multi-file-support), you will need [enable](https://www.prisma.io/docs/orm/prisma-schema/overview/location#multi-file-prisma-schema) that feature in Prisma, move your `schema.prisma` file into a new directory such as `./api/db/schema` and then set `schemaPath` in the api toml config. ::: For example: ```toml title="redwood.toml" [api] port = 8911 schemaPath = "./api/db/schema" ```feat(Storybook Vite): Add JS project support (#10900) by @arimendelow
This adds support to the SBV CLI for JS projects.RSC: Add auth support to ServerRouter (#10925) by @Tobbe
Please see #10925 for more detailsfeat(eslint-plugin): support flat config (#10910) by @JoshuaKGoldberg
Makes it possible to use the eslint-plugin package in the "flat config" eslint configuration format.feat(baremetal): Check for setup before running deploy (#10922) by @Tobbe
Print a helpful error message if baremetal has not been setup before running `yarn rw deploy baremetal`.RSC: Add auth support to ClientRouter (#10908) by @Tobbe
Please see #10908 for more detailsRSC: Make `rw g page` work for RSC projects (#10903) by @Tobbe
Please see #10903 for more detailsfeat(dbAuth): Hint about migration after setup (#10875) by @Tobbe
Please see #10875 for more detailsfeat(router): Navigate to splash page using routes.home() (#10874) by @Tobbe
This PR makes it so that `routes.home()` works even when there's no actual `/` route in the `Routes.tsx` file if navigating to `/` would show the splash page.feat(dbAuth): Automatically create User model in fresh projects (#10871) by @Tobbe
Automatically create a `User` model in the project's `schema.prisma` when setting up dbAuth in a new project.feat(dbAuth): Prompt to generate dbAuth pages (#10865) by @Tobbe
When setting up dbAuth we'll now prompt if the user also wants to generate pages for login, signup, password reset etc. We only prompt if no existing pages exist.feat(g dbAuth): Detect WebAuthn support (#10864) by @Tobbe
Automatically add WebAuthn support to generated pages when WebAuthn is enabled for dbAuthfeat(dbAuth): Prompt for creating User table (#10849) by @Tobbe
To skip the prompt you can pass `--createUserModel` (or just `-u`) to `yarn rw setup auth dbAuth`.RSC: Add 'use client' to auth templates (#10766) by @Tobbe
Please see #10766 for more detailsRSC: getLocation in ServerRouter (#10759) by @Tobbe
Please see #10759 for more detailsRSC: Externalize more modules during build (#10753) by @Tobbe
Please see #10753 for more detailsRSC: Include `` in SSR (#10688) by @Tobbe
Please see #10688 for more detailsfeat(rsc-auth): Implement getRoles function in auth mw & update default ServerAuthState (#10656) by @dac09
- Implement getRoles function in supabase and dbAuth middleware - Updates default serverAuthState to contain roles - Make cookieHeader a required attribute - Introduces new `clear()` function to remove auth state - just syntax sugar ##### Example usage ```tsx // In entry.server.tsx export const registerMiddleware = () => { // This actually returns [dbAuthMiddleware, '*'] const authMw = initDbAuthMiddleware({ dbAuthHandler, getCurrentUser, getRoles: (decoded) => { return decoded.currentUser.roles || []; }, }); return [authMw]; }; ```feat(serverStore): Add location to serverStore for RSCs to access location (#10697) by @dac09
1. Adds fullUrl property to serverStore 2. Adds two utility functions: a) `getFullUrl` - to construct the absolute url from an express request b) `getFullUrlFromFlightRequest` - this is used when we get a request to render RSCs in the rscRequestHandler. This one is different because the location we want is for the actual page, not of the request (which goes to to the RSC endpoint). 3. Adds `getLocation` function to retrieve the Location (URL object) from server store Short video demonstrating location coming through in two cases: a) Soft renders (makes a request to the RSC endpoint) b) Hard render https://s.tape.sh/4g7LFsYP **Usage example:** ```tsx import { getLocation } from '@redwoodjs/vite/serverStore' const NavigationLayout = ({ children, rnd }: NavigationLayoutProps) => { const location = getLocation() console.log(`π \n ~ location:`, location) ``` Longer term, we may want to change how the endpoint for flight requests so that the location doesn't have to be constructed specially.RSC: Cache client side navigation (#10686) by @Tobbe
Please see #10686 for more detailsIn useOgImage() hook adds searchParams option for setting arbitrary query string vars to generated URL (#10677) by @cannikin
This can be used like so: const { url } = useOgImage({ searchParams: { foo: 'bar' }) console.log(url) // => http://localhost:8910/photo.png?foo=barRSC Client Router (#10557) by @Tobbe
Please see #10557 for more detailsfeat: Reworks RSC server entries and route manifest building to derive from routes and include if route info related to authentication (#10572) by @dthyresson
This PR is in furtherance of authentication support in RSC. It refactors: - How server entries are built -- not from "processing the pages dir" (which is a deprecated function) but rather the routes ... and the page info for that route. Note here that a page can be used in multiple routes, so the auth info cannot really be determined here. - The route manifest building to include per route: - isPrivate - is the route private, i.e, is it wrapped in a PrivateSet - unauthenticated - what route to navigate to if the user in not authenticated - roles - the roles to check to see if user has the require RBAC permission to navigate to the route Now if some page, route request is being handled by RSC we might be able to check if it "isPrivate" and enforce auth with the roles and even where tp redirect to if not authenticated.feat(auth-middleware): Return a Tuple with Route pattern configuration when creating dbAuth middleware (#10642) by @dac09
- This PR renames createDbAuthMiddleware -> initDbAuthMiddleware - Returns a tuple of `[dbAuthMw, '*']` from the init function to make it harder to accidentally misconfigure the auth middlewarefeat(middleware): Add .shortCircuit to MiddlewareResponse (#10586) by @dac09
Adds a helper to generate a intercept/short-circuit response, that will interrupt execution of *all* middleware and react rendering, and immediately return the response. There's a few different ways you can use this, see examples below: ```ts const shortCircuitMw: Middleware = (req, res) => { // A) You can short circuit after building the response (or use the res param) // This allows you to use all the convenience helpers like cookies of MW Response if (req.url.includes("create-new-response")) { const shortCircuitResponse = new MiddlewareResponse("Short-circuiting"); shortCircuitResponse.headers.set("shortCircuit", "yes"); shortCircuitResponse.cookies.set("shortCircuitCookie", "do-not-allow", { expires: new Date(Date.now() + 1000 * 60 * 60), }); shortCircuitResponse.shortCircuit(); } // B) You can directly construct a new short-circuit response // (discarding whatever response was built before) if (req.url.includes("using-existing-res")) { res.shortCircuit("Short-circuiting directly", { headers: { shortCircuitDirect: "yes" }, }); } }; ```feat(rsc-auth): Implement serverStore to hold and pass req info to RSC (#10585) by @dac09
First pass at implementing a per-request store that allows: - access to headers and cookies from requests in server components - access to serverAuthState from server components - maps serverAuthState updated from middleware to the the per request store This PR also implements execution of middleware in the RSC handler. Note that this is done in a "good enough" way currently, because the RSC handler doesn't use Fetch requests (but everything else does) Important things to note: - the store is initialised *again* in the RSC worker, with the same values on each invocation of renderRsc - we have *not* tested or tried in Dev because `rw dev` does not work in RSC yet - we have *not* tested behaviour on initial SSR - because this is not implemented yet in RSCfeat(cli): Setup command and codemod for OG image middleware (#10485) by @Josh-Walker-GM
Please see #10485 for more detailsAdds a generator for creating og:image components (#10550) by @cannikin
feat(server-auth): Supabase web client implementation with middleware support (#10522) by @dac09
**Updates supabase auth client implementation to support middleware auth** In `web/src/auth.ts`: // π notice where this is imported from! import { createBrowserClient } from '@supabase/ssr' import { createAuth } from '@redwoodjs/auth-supabase-web' const supabaseClient = createBrowserClient( process.env.SUPABASE_URL || '', process.env.SUPABASE_KEY || '' ) export const { AuthProvider, useAuth } = createAuth(supabaseClient) - moves some types, and getCurrentUserFromMiddleware function to a common place so it can be shared with multiple auth implementationsfeat(RSC): Remove `entries.ts` file (#10533) by @Josh-Walker-GM
Please see #10533 for more detailsfeat(server-auth): Refactor useReauthenticate to prevent double currentUser calls (#10531) by @dac09
β¦by calling getCurrentUser to determine if youre logged in. We achieve this by swapping the order in which getUserMetadata and getCurrentUser is called in reauthenticate. Previously getUserMetadata was a short-hand for checking if the auth SDK think its logged in, however in middleware auth this is an issue because you *need* to getCurrentUser before getting user metadata in the case of purely cookie based auth like dbAuth (and potentially future ones like firebase, etc.) - since the cookie/token cannot be read on the browser.feat(auth): Implement Supabase Auth Middleware (#10499) by @dthyresson
Implement Supabase Auth Middleware to authenticate server-side requests. - Adds middleware to the Supabase auth-providers package. - createSupabaseAuthMiddleware is responsible for authenticating Supabase requests - It does so by checking if the request has a supabase auth-provider header, and then uses the authDecoder to verify the session cookie using the Supabase ServerAuthClient and returning a decoded access token -- or throwing an exception if the session cookie is invalid - Once the middleware has the decoded JWT, it hands that to the provided getCurrentUser from he user's project to return the information about authenticated user - Lastly, it sets serverAuthState with user and metadata info to know the request isAuthenticated - If the session is invalid or the cookie tampered with such that the access token cannot be verified, serverAuthState is cleared as are the auth provider and Supabase cookiesfeat(og-gen): Implement middleware and hooks (#10469) by @dac09
The OG Gen saga continues with [@cannikin](https://redirect.github.com/cannikin) and [@dac09](https://redirect.github.com/dac09) βοΈ This PR: - adds OgImageMiddleware and Hooks to `@redwoodjs/og-gen`, complete with tests β οΈ Template changes: - updates entry.client template to pass in Routes to App - updates App to take children (i.e. Routes) This is so that we can pass the OG component to be rendered *with* your App's CSS setup. **How to use this?** 1. **Registering the middleware:** ```ts import OgImageMiddleware from "@redwoodjs/ogimage-gen/middleware"; export const registerMiddleware = () => { const ogMw = new OgImageMiddleware({ App, Document, }); return [ogMw]; }; ``` 2. Configure your `vite.config.ts` ```ts import vitePluginOgImageGen from "@redwoodjs/ogimage-gen/plugin"; const viteConfig: UserConfig = { // π so it builds your OG components plugins: [redwood(), vitePluginOgImageGen()], }; export default defineConfig(viteConfig); ``` 3. Add your OG Image component next to the page it's for e.g. web/src/pages/AboutPage/AboutPage.png.tsx 4. Use hooks on AboutPage to generate the ogURLfeat(eslint): Disable restricted $api imports for entryserver (#10520) by @dac09
With the introduction of middleware, it's pretty common to import things from the $api side. This is a non-issue as entry.server.{jsx,tsx} is not part of the client bundle we generate.feat(server-auth): WebAuthN support during SSR (#10498) by @dac09
**This PR changes the following:** **1. Moves webAuthN imports to be dynamic imports** This is because the dbauth-provider-web packages are still CJS only. When importing in an ESM environment (such as SSR/RSC server) - it complains that about ESM imports **2. Updates the default auth provider state for middleware auth** Middleware auth default state is *almost* the same as SPA default auth state. Except that loading is always false! Otherwise you can get stuck in a loading state forever.feat(cookieJar): Change cookie.get to directly return value (#10493) by @dac09
**Motivation** My original design of the `CookeiJar.get` would return the full cookie object we store, including cookie options. This is not ideal because you need to access the cookie like this: ```js const myCookie = mwRequest.cookies.get("myCookie"); // π const actualValue = myCookie.value; ``` This is unwieldy, and feels unergonomic for the 98% of cases where `get` will be used to just see the value. **How do I still see the options of the cookie?** You can still access all the details of the cookie by doing `cookie.entries`. I don't really have a case for this yet, so let's not optimise for this case, but we know it's possible! This is me just stabilizing the API for Middleware stuff, before we ship it out of experimentalfeat: redwoodjs/auth-dbauth-middleware - Part 2/3 - Auth Middleware for dbAuth to authenticate users via cookie (#10447) by @dthyresson
- Implements createDbAuthMiddleware in [@redwoodjs/auth-dbauth-middleware](https://redirect.github.com/redwoodjs/auth-dbauth-middleware):build - Used to register middleware for dbAuth in RedwoodJS projectsRSC: vite/clientSsr (#10238) by @Tobbe
Please see #10238 for more detailsfeat(server-auth): Update getAuthenticationContext to support cookies and tokens both (#10465) by @dac09
**1. Updates `getAuthenticationContext` to parse the cookie header and pass it to authDecoder.** Note that the authentication context itself does not pull out the token from cookies, because with some providers (e.g. supabase) - we don't know the name of the cookie. This is left to the authDecoder implementation. The return type from this function is actually just a deserialized cookie header i.e. `cookie: auth-provider=one; session=xx/yy/zz; somethingElse=bsbs` => `{ 'auth-provider': 'one', session: 'xx/yy/zz', somethingElse: 'bsbs'` **2. Retains support for header/token based auth** See test on line 259 of `packages/api/src/auth/__tests__/getAuthenticationContext.test.ts`. If a the `authorization` and `auth-provider` headers are passed in the request (as we do for SPA based auth) - then cookies will take precedence. The end result is that graphql requests will now work with middleware-based auth providers!feat(server-auth): dbAuth 3/3 - handle login, logout, signup, etc. requests if forwarded from middleware (#10457) by @dac09
This PR updates the DbAuthHandler class to handle requests forwarded from middleware, so it can generate responses for login, logout, signup, etc. These are POST requests - it used to be to the `/auth` function, but now they will be captured by dbAuth middleware and forwarded onto DbAuthHandler. **High level changes:** - use the `Headers` class in each of the "method" responses. This allows us to set multi-value headers like Set-Cookie. A simple object would not. See type `AuthMethodOutput` - extracts `buildResponse` into a testable function and adds test. For `Set-Cookie` headers we return an array of strings. In the middleware here's the code I had for the final conversion: ```ts if (AUTHHANDLER_REQUEST) { const output = await dbAuthHandler(req); const finalHeaders = new Headers(); Object.entries(output.headers).forEach(([key, value]) => { if (Array.isArray(value)) { value.forEach((v) => finalHeaders.append(key, v)); } else { finalHeaders.append(key, value); } }); return new MiddlewareResponse(output.body, { headers: finalHeaders, status: output.statusCode, }); } ```feat(server-auth): Part 1/3: dbAuth middleware support (web side changes) (#10444) by @dac09
Adds ability to `createMiddlewareAuth` in dbAuth client which: 1. Updates the dbAuth web client to speak to middleware instead of graphql 2. Implements fetching current user from middlewarefeat(og-gen): Update implementation of useLocation | Update App template (#10441) by @dac09
**Updated App.tsx template** We modified the `App.tsx` template to accept possible children, and render them if present. This lets the og:image handler inject your component into the Document tree, without including the entire Router, but still style your og:image component using whatever you used to style the rest of your app (Tailwind, perhaps?) **Updated useLocation implementation** We also modified the `useLocation()` hook to now return everything that the [URL API](https://developer.mozilla.org/en-US/docs/Web/API/URL) returns. Previously it only returned three attributes of the url (pathname, search, hash), now it returns everything available to a call to `new URL()` (origin, href, searchParams, etc.). The reason for this is now that we have SSR, we can get access to more details in the hook - in this case we needed origin Both changes should be non-breaking!feat(og-gen): Adds package and vite plugin for dynamic og generation (#10439) by @dac09
feat: [Auth] Common AuthProvider & use* changes for middleware auth (#10420) by @dac09
- First step of supporting Auth using middleware - Ensure backwards compatibility with non-SSR auth ##### Breaking Change Removes `skipFetchCurrentUser` which was used by the no longer existing nHost auth provider, but could potentially have been used by custom auth.Middleware Routing & `registerMiddleware` (#10395) by @dac09
Implements the new syntax of using Middleware after discussion. This sets us up for doing Auth better, but also for implementations like OG Image generation. ```js export const registerMiddleware = async () => { return [ dbAuthMiddleware(), [new OgMiddleware({ rootFilename: "index" }), ["/:route.:extension"]], ]; }; ``` **Features** - \[x] Registering middleware with above syntax - \[x] Chaining multiple middleware by passing array of middleware, or tuples - \[x] Defining the route patterns to match in the find-my-way syntax *** **What syntax are you using for the route patterns?** After discussion that Regexes are slow and unwieldy, I did some research and comparisons here: https://www.notion.so/redwoodjs/Middleware-Route-patterns-0f1c5587b4134073adfae896a782b5ea?pvs= This implementation uses https://github.com/delvedor/find-my-way - which is the Fastify version - but still keeps us decoupled from Fastify (see implementation, or document for why). **Important for understanding** Quoting from find-my-way docs: > The nodes are matched in the following order: static parametric node with static ending parametric(regex)/multi-parametric parametric wildcard Which means, if you have a more specific one - example you have ` [mw1, `\*`]` and `[mw2, '/refresh_auth']` - then a request to /refresh_auth will ONLY trigger mw2. This is sort of counter intuitive, but them are the rules with fmw.feat: Send RSC Flight Payload to Studio (#10213) by @dthyresson
This PR sends the rendered RSC payload (aka "flight") to Studio to be ingested, persisted, and fetched. Performance and metadata enrichments are performed in order to visualize in StudioRSC: Initial pass at enabling `rw dev` for RSC (#10158) by @Tobbe
Please see #10158 for more detailsRSC: Update templates for setup command (#10130) by @Tobbe
Please see #10130 for more detailsfeat(rsc-streaming): Integrating RSC builds with Streaming and Client side hydration (#10031) by @dac09
Please see #10031 for more detailsRSC: Make babel insert `renderFromRscServer` calls into Routes.tsx (#10074) by @Tobbe
Please see #10074 for more detailsRSC: Simplify entriesFile loading (#10057) by @Tobbe
Please see #10057 for more detailsRSC: Transform client components during build (#10048) by @Tobbe
Please see #10048 for more detailsRSC: Insert 'use client' in scaffolded components (#9998) by @Tobbe
Please see #9998 for more detailsRSC: Enable babel plugins to get client Cell support (#9973) by @Tobbe
Please see #9973 for more detailsfeat(middleware): Add support for Middleware to SSR-Streaming server (#9883) by @dac09
Please see #9883 for more detailsfix: Use sse link with `@live` directive (#11375) by @callingmedic911
Use SSE links that allows proper headers that in turn show proper requests with the body in browser devtools.fix(cli-helpers): Don't add spaces around `=` for env vars (#11414) by @Tobbe
The `addEnvVar` helper function in `packages/cli-helpers` no longer adds spaces around `=` when setting environment variables.fix(template): api type declaration merging for scripts (#11367) by @Tobbe
Make imports in scripts (files in `scripts/`) find our mirror types used for declaration merging also for `api/src/` imports (not just web imports) Users upgrading are adviced to manually upgrade their tsconfig files to match what is now in the template.RSC: Disable client side flight caching for now (#11400) by @Tobbe
Please see #11400 for more detailsfeat(codegen): support sdl generation for model with compound id (#8556) by @russell-dot-js
The SDL generator will no longer error when handling a table with a composite id, like so: ```prisma model Order { tenantId String id String @unique @default(uuid()) @@id([tenantId, id]) } ``` It will now generate code in the SDL that handles input of both these variables: ```gql input TempIdInput { tenantId: String! id: String! } ``` If you are using a custom `sdl.{j,t}s.template` then you may have to update it to support the new `idInput`.few Flightcontrol template & doc updates (#11383) by @flybayer
Updates the flight control deployment command and documentation. Corrects issue [#10754](https://redirect.github.com/redwoodjs/redwood/issues/10754) which is to do with an outdated database setup.Catch errors when studio is not running and mail tries to send (#11387) by @cannikin
Please see #11387 for more detailsfix(jobs): Fix the `deleteSuccessfulJobs` type showing up (#11377) by @Josh-Walker-GM
Please see #11377 for more detailsfix(jobs): Allow passing empty array when scheduling parameterless jobs (#11372) by @Josh-Walker-GM
Please see #11372 for more detailsfix(jobs): Type-safe arguments passing to jobs from scheduler (#11371) by @Tobbe
Please see #11371 for more detailsfix(template): Format tsconfig and jsconfig (#