Add layout for authenticated pages #3058
Conversation
There was a problem hiding this comment.
Thanks for figuring this out! That said, let's not merge this yet, since it includes #3051 which is probably not the right approach. But once we've figured out auth, we can based the followup work on this.
(Alternatively, we can remove the commit from that PR from this PR?)
Waiting for deciding on how to handle auth sounds good to me — marked this PR as “draft”. |
| </div> | ||
| </a> | ||
| </li> | ||
| <hr /> |
There was a problem hiding this comment.
nit: Not sure this is valid. I ran the following snippet through https://validator.w3.org/nu/#textarea and it threw the following error:
Error: Element
hrnot allowed as child of elementmenuin this context. (Suppressing further errors from this subtree.)
<!DOCTYPE html>
<html lang="en">
<head>
<title>OK, Computer</title>
</head>
<body>
<menu>
<li>One</li>
<li>Two</li>
<hr />
<li>Four</li>
</menu>
</body>
</html>There was a problem hiding this comment.
Oh. Thanks for catching this one. This right now is how we have it on the existing Monitor site — I’ll replace it because invalid syntax is really not optimal. Otherwise, the JSX for the pages is almost one-to-one taken from the existing string literals as a first step to replace the existing architecture with Next.
Seems like moving it does the trick: d98c919.
| <li tabIndex={1}> | ||
| <a | ||
| href={AppConstants.FXA_SETTINGS_URL} | ||
| target="_blank" |
There was a problem hiding this comment.
Do we need to add rel="noreferrer noopener" to these external links, or is that handled elsewhere in headers, etc?
There was a problem hiding this comment.
Note that noopener is implied when using _blank now: https://developer.mozilla.org/en-US/docs/Web/HTML/Attributes/rel/noopener - it's not harmful but not necessary in modern browsers to avoid reverse-tabnapping etc. if the FxA server was compromised.
I think we probably do want to send the referrer to FxA though.
| className="user-menu-button" | ||
| title={l10n.getString("menu-button-title")} | ||
| > | ||
| <img src={fxaUser?.avatar} alt={l10n.getString("menu-button-alt")} /> |
There was a problem hiding this comment.
Q: Should this be a vanilla <img> or Next <Image>?
Also, what's the ?. check in the src attribute? Does that imply that we might not actually have an avatar image and if so, we'd get something like an empty src="" or something like src="undefined" if somehow the fxaUser was falsey?
There was a problem hiding this comment.
I guess follow up question, do we need a width= and/or height= attribute on the image (whichever version we go with) to avoid potential CLS?
There was a problem hiding this comment.
Yes I have the same question re: Image, one of the benefits to switching in the ADR was to get things like the automatic image optimization without having to do the way we do it now.
If however the approach here is to first convert from existing templates -> jsx with a minimum of changes and then later convert to Next components I think that's a fine approach, but we should be explicit if so.
There was a problem hiding this comment.
FWIW, looks like the only usage of <img /> tag in src/app/(nextjs_migration/** directory:
git grep -n "<img " src/app/\(nextjs_migration\) | cat
src/app/(nextjs_migration)/(authenticated)/user/layout.tsx:61: <img src={fxaUser?.avatar} alt={l10n.getString("menu-button-alt")} />It's been a while since I've looked at Next.js linting, so I might need to read up on https://nextjs.org/docs/pages/building-your-application/configuring/eslint and see what the latest recommendations are.
"Well, actually…", it looks like running npx next lint flags this, fascinating!
npx next lint
./src/app/(nextjs_migration)/(authenticated)/user/layout.tsx
61:11 Warning: Using `<img>` could result in slower LCP and higher bandwidth. Consider using `<Image />` from `next/image` to automatically optimize images. This may incur additional usage or cost from your provider. See: https://nextjs.org/docs/messages/no-img-element @next/next/no-img-element
...NOTE: And for anybody else odd enough to try getting into piping and grepping next lint output, I had to tweak the following to disable colors (since --no-color was --no-bueno, and they seem to be writing to STDERR instead of STDOUT):
FORCE_COLOR=0 npx next lint &> lint.logTook a bit of poking around https://github.com/vercel/next.js/blob/canary/packages/next/src/cli/next-lint.ts and https://github.com/chalk/chalk to piece that together.
There was a problem hiding this comment.
Thanks for the awesome grep reference!
| <div className="pages-nav"> | ||
| <a | ||
| href="/user/breaches" | ||
| className={`nav-item ${isBreachesPage ? "current" : ""}`} |
There was a problem hiding this comment.
FYI: not an endorsement one way or the other, but in FxA/SubPlat, we've been using https://www.npmjs.com/package/classnames and it seems to be a nice enhancement.
className={ classNames("nav-item", { current: isBreachesPage }) }Same w/ L198 below, if we want to add the extra dependency (which might already be in the node_modules anyways):
className={`nav-item ${isSettingsPage ? "current" : ""}`}There was a problem hiding this comment.
I like classNames — I’ll bring it up with the other engineers.
| href="https://relay.firefox.com/?utm_medium=mozilla-websites&utm_source=monitor&utm_campaign=&utm_content=nav-bar-global" | ||
| target="_blank" | ||
| > | ||
| <Image alt={l10n.getString("brand-relay")} src={RelayLogo} /> |
There was a problem hiding this comment.
I noticed below (L237) for the Mozilla logo we added loading="lazy" attribute. Not sure if we need that here (and possibly L224 for the VPN logo).
| {new Date(props.breach.AddedDate).toLocaleString(getLocale(), { | ||
| year: "numeric", | ||
| month: "long", | ||
| day: "numeric", | ||
| })} |
There was a problem hiding this comment.
I feel like the date localizer should possibly be in a helper. I think I've seen this pattern 2-3+ other places in the codebase too, so might be nice to just have a single helper that formats a date using a specified locale.
git grep -En "day: ['\"]numeric['\"]" | cat
public/nextjs_migration/client/js/scan.js:118: newCard.querySelector('.exposure-scan-breach-added dd').textContent = new Date(breach.AddedDate).toLocaleString(navigator.languages, { year: 'numeric', month: 'long', day: 'numeric' })
src/app/(nextjs_migration)/(guest)/breaches/layout.tsx:100: day: "numeric",
src/app/(nextjs_migration)/(guest)/breaches/page.tsx:77: <dd>{new Date(props.breach.AddedDate).toLocaleString(getLocale(), { year: 'numeric', month: 'long', day: 'numeric' })}</dd>
src/client/js/partials/exposureScan.js:118: newCard.querySelector('.exposure-scan-breach-added dd').textContent = new Date(breach.AddedDate).toLocaleString(navigator.languages, { year: 'numeric', month: 'long', day: 'numeric' })
src/utils/formatDate.js:7: const options = { year: 'numeric', month: 'long', day: 'numeric' }
src/views/partials/allBreaches.js:19: <dd>${new Date(breach.AddedDate).toLocaleString(getLocale(), { year: 'numeric', month: 'long', day: 'numeric' })}</dd>
src/views/partials/breachDetail.js:152: breachDate: data.breach.BreachDate.toLocaleString(getLocale(), { year: 'numeric', month: 'long', day: 'numeric' }),
src/views/partials/breachDetail.js:154: addedDate: data.breach.AddedDate.toLocaleString(getLocale(), { year: 'numeric', month: 'long', day: 'numeric' })Actually, we might already have said helper function in https://github.com/mozilla/blurts-server/blob/main/src/utils/formatDate.js.
blurts-server/src/utils/formatDate.js
Lines 5 to 13 in 0bb98e8
| return new Intl.ListFormat(getLocale(), { | ||
| type: "unit", | ||
| style: "short", | ||
| }).format(list); |
| cookieName: "monitor-iron-session", | ||
| password: process.env.IRON_SESSION_PASSPHRASE!, | ||
| cookieOptions: { | ||
| secure: process.env.NODE_ENV !== "development", |
There was a problem hiding this comment.
Not sure if we need some helper to determine whether we're in a specific environment. I noticed we seem to do that quite often. Where we're checking if we're in development, NOT development, heroku, NOT production, or one suspicious check against "dev" (not "development").
git grep -En "process.env.NODE_ENV \!?={2,3}" | cat
next.config.js:19: `script-src 'self' ${process.env.NODE_ENV === 'development' ? "'unsafe-eval' 'unsafe-inline'" : ''} https://*.googletagmanager.com`,
next.config.js:21: `connect-src 'self' ${process.env.NODE_ENV === 'development' ? 'webpack://*' : ''} https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com`,
next.config.js:24: `style-src 'self' ${process.env.NODE_ENV === 'development' ? "'unsafe-inline'" : ''}`,
src/app/functions/server/sessionHelpers.ts:19: secure: process.env.NODE_ENV !== "development",
src/appConstants.js:60:if (!process.env.SERVER_URL && process.env.NODE_ENV === 'heroku') {
src/middleware/error.js:41: message: process.env.NODE_ENV !== 'production' ? errMsg : 'Something went wrong', // hide error message when in production
src/middleware/error.js:42: stack: process.env.NODE_ENV === 'dev' ? err.stack : {} // hide stack when not in devThere was a problem hiding this comment.
Yeah, that dev one seems suspicious. I’ll take a look!
| title: "Create Next App", | ||
| description: "Generated by create next app", |
There was a problem hiding this comment.
Are these user facing at all? (ie: getting somehow shimmed into <meta> tags?)
They look a bit suspicious.
There was a problem hiding this comment.
I believe these are intended for meta tags so they will show up in social media and search engines and we do indeed want to set them appropriately.
There was a problem hiding this comment.
OK, think I found some useful docs on this… https://nextjs.org/docs/app/api-reference/functions/generate-metadata 👀
There was a problem hiding this comment.
Yes, these are user-facing. We’ll have to port over the meta tags from the current Monitor site for which we have a separate task. :)
| 'use client' | ||
|
|
||
| import { signIn, useSession } from "next-auth/react"; | ||
| "use client"; |
There was a problem hiding this comment.
| * License, v. 2.0. If a copy of the MPL was not distributed with this | ||
| * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | ||
|
|
||
| "use client"; |
There was a problem hiding this comment.
Ideally, this would not need to be a client-side component …
There was a problem hiding this comment.
I was confused for a bit why it couldn't be (I'm still getting used to the distinction as well), but I think it's fine. We basically want this component to update whenever the user changes pages, which means we need code to run on the client-side - hence client components. Client components will still be prerendered on the server side; the differences is that additionally, code will also be shipped to the client-side to re-render it in response to user changes.
I found this comment helpful.
There was a problem hiding this comment.
I see, that makes sense. Thanks for the link to the comment!
| }; | ||
|
|
||
| export const UserMenu = (props: Props) => { | ||
| export const UserMenu = ({ session, fxaSettingsUrl }: Props) => { |
There was a problem hiding this comment.
We’ll have to decide how we handle duplicate components best: The one we need/would like to have for the current site and then new ones that will be built in a “React way” for Premium.
There was a problem hiding this comment.
I'd suggest (like in a different comment in this PR) to keep everything that's directly copied over from the "old" site inside the (nextjs_migration) directory, and create new versions of these components outside of them. I'd like to avoid applying the global stylesheet from the old website inside the new one, and would rather incrementally recreate them using CSS modules.
So all the components in this PR that are inside /components/client would be moved, since they won't look right in the parts of the website we do "the React way".
| * License, v. 2.0. If a copy of the MPL was not distributed with this | ||
| * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | ||
|
|
||
| "use client"; |
There was a problem hiding this comment.
I was confused for a bit why it couldn't be (I'm still getting used to the distinction as well), but I think it's fine. We basically want this component to update whenever the user changes pages, which means we need code to run on the client-side - hence client components. Client components will still be prerendered on the server side; the differences is that additionally, code will also be shipped to the client-side to re-render it in response to user changes.
I found this comment helpful.
| import { UserMenu } from "../../../components/client/UserMenu"; | ||
| import { SiteNavigation } from "../../../components/client/SiteNavigation"; |
There was a problem hiding this comment.
Could we maybe move these components into the (nextjs_migration) folder as well? Just to indicate that we probably don't want to use them as-is on proper React pages.
I'm still not sure exactly where we'll land in the end when it comes to where to save components (i.e. do we keep them inside of /src/app/?), but that'll probably be easier to figure out when we get rid of a lot of the old folders, and moving them is easy with TypeScript anyway.
There was a problem hiding this comment.
Moved them into nextjs_migration with 5a5c222.
| href="https://support.mozilla.org/kb/firefox-monitor-faq" | ||
| target="_blank" | ||
| > | ||
| FAQ |
There was a problem hiding this comment.
TIL that we never submitted this for translation 😂
There was a problem hiding this comment.
I was already wondering if “FAQ” is just something that was decided to not be translated.
There was a problem hiding this comment.
Ha! Was wondering why this sounded familiar...
| const session = await getServerSession(authOptions); | ||
| if (session) { | ||
| redirect("/user/breaches"); | ||
| } |
There was a problem hiding this comment.
Wasn't it intentional in the current website that we wouldn't redirect use to the dashboard from the landing page, even if they're logged in?
There was a problem hiding this comment.
Ah, I didn't realise you'd have to specify a redirect URL when calling signIn, but nice, that works well.
| }; | ||
|
|
||
| export const UserMenu = (props: Props) => { | ||
| export const UserMenu = ({ session, fxaSettingsUrl }: Props) => { |
There was a problem hiding this comment.
I'd suggest (like in a different comment in this PR) to keep everything that's directly copied over from the "old" site inside the (nextjs_migration) directory, and create new versions of these components outside of them. I'd like to avoid applying the global stylesheet from the old website inside the new one, and would rather incrementally recreate them using CSS modules.
So all the components in this PR that are inside /components/client would be moved, since they won't look right in the parts of the website we do "the React way".
Description
Adds the layout for pages that we use for authenticated pages.
Screenshot
How to test
/oauth/init/user/breachesand make sure the user menu shows the current users dataChecklist (Definition of Done)