Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: [Auth] Common AuthProvider & use* changes for middleware auth #10420

Merged
merged 6 commits into from
Apr 10, 2024

Conversation

dac09
Copy link
Collaborator

@dac09 dac09 commented Apr 4, 2024

Pairing with @dthyresson

  • First step of supporting Auth using middleware. This PR is the smallest slice possible.
  • Also removes the unused skipFetchCurrentUser, that was only used in nhost - a deprecated auth provider. This technically makes this change breaking, so we need to think it through!

To make use of this functionality, we will need:
1. A specialised middleware auth client
(naming TBC) - in your web/src/auth.ts, you will need to instantiate the create auth differently.

import {
  createDbAuthClient,
  createMiddlewareAuth, // 👈 not in this PR
} from '@redwoodjs/auth-dbauth-web'

const dbAuthClient = createDbAuthClient({
  middleware: true, // 👈 not in this PR
})

export const { AuthProvider, useAuth } = createMiddlewareAuth(dbAuthClient)
  1. The middleware to perform auth
export const registerMiddleware = () => {
  console.log('Registering middleware')
  const dbAuthMiddleware = createDbAuthMiddleware({
    cookieName,
  })
  return [dbAuthMiddleware]
}
  1. Updated dbAuth handler for dbAuth

Checklist

  • Ensure backwards compatibility with non-SSR auth
  • Should we undo the changes to skipFetchCurrentUser

@dac09 dac09 requested a review from dthyresson April 4, 2024 15:58
@dac09 dac09 added this to the SSR milestone Apr 4, 2024
@dac09 dac09 added the release:feature This PR introduces a new feature label Apr 4, 2024
@dac09
Copy link
Collaborator Author

dac09 commented Apr 9, 2024

@dthyresson what do you think of looking at the outstanding checklist here? I think it would be helpful to have the person not writing the code do the validation, right?

…auth-provider-p1

* 'main' of github.com:redwoodjs/redwood:
  fix(middleware): Handle POST requests in middleware router too (#10418)
  chore(ci): get ci running on next (#10432)
  RSC: Explain noExternal vite config option (#10429)
  chore(web): Fix .d.ts overwrite build issue (#10431)
  chore(web): .js imports to prep for ESM (#10430)
  chore(refactor): Split rwjs/forms up into several smaller logical units (#10428)
  chore(rsc): simplify `noExternals` config (#10220)
  chore(deps): Update vite to 5.2.8 (#10427)
  chore(auth): Convert `@redwoodjs/auth` to ESM+CJS dual build (#10417)
  chore(framework-tools): Warn about missing metafile (#10426)
  chore(test): Switch rwjs/auth over to vitest (#10423)
  chore(whatwg-fetch): Switch to importing instead of requiring (#10424)
  chore(deps): bump undici from 5.28.3 to 5.28.4 in /.github/actions/check_changesets (#10421)
  chore(route-manifest): Add relativeFilePath to route manifest (#10416)
@dthyresson
Copy link
Contributor

@dthyresson what do you think of looking at the outstanding checklist here? I think it would be helpful to have the person not writing the code do the validation, right?

For

Should we undo the changes to skipFetchCurrentUser

As I understand it, skipFetchCurrentUser was introduced as nHost's auth required it -- but nHost 1) no longer exists as a service and 2) no longer supported as an auth provider. Unless we can think of a reason to keep it (how it would be used moving forward) it seems ok to remove to and listed as a potential breaking change.

@dthyresson dthyresson self-assigned this Apr 9, 2024
@dthyresson dthyresson marked this pull request as ready for review April 9, 2024 16:18
@dthyresson dthyresson self-requested a review April 9, 2024 16:18
@dthyresson dthyresson changed the title feat(server-auth): Support auth without graphql feat: [Auth] Common AuthProvider & use* changes for middleware auth Apr 9, 2024
Copy link
Contributor

@dthyresson dthyresson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Confirmed that with classic GraphQL and dbAuth, cookie dbAuth behaves as expected:

  • sign up
  • login
  • permissions respected
  • cookie set

image

image

image

@dthyresson dthyresson enabled auto-merge (squash) April 10, 2024 14:43
@dthyresson dthyresson merged commit 3252de7 into main Apr 10, 2024
45 checks passed
@dthyresson dthyresson deleted the feat/server-auth-provider-p1 branch April 10, 2024 14:45
dac09 added a commit to dac09/redwood that referenced this pull request Apr 11, 2024
… into feat/og-gen-mw-vite-plugin

* 'feat/og-gen-mw-vite-plugin' of github.com:dac09/redwood:
  Update rbac.md - code match (redwoodjs#10405)
  chore: make crwa e2e test work across branches (redwoodjs#10437)
  feat: [Auth] Common AuthProvider & use* changes for middleware auth (redwoodjs#10420)
dac09 added a commit that referenced this pull request Apr 11, 2024
…th-mw-auth

* 'main' of github.com:redwoodjs/redwood: (21 commits)
  fix(auth): Handle when authorization header is lowercased (#10442)
  Update rbac.md - code match (#10405)
  chore: make crwa e2e test work across branches (#10437)
  feat: [Auth] Common AuthProvider & use* changes for middleware auth (#10420)
  fix(cli): only show webpack options for dev if `bundler = "webpack"` (#10359)
  fix(vercel): specify build env vars as a string (#10436)
  fix(vercel): write `vercel.json` as a part of setup (#10355)
  fix(middleware): Handle POST requests in middleware router too (#10418)
  chore(ci): get ci running on next (#10432)
  RSC: Explain noExternal vite config option (#10429)
  chore(web): Fix .d.ts overwrite build issue (#10431)
  chore(web): .js imports to prep for ESM (#10430)
  chore(refactor): Split rwjs/forms up into several smaller logical units (#10428)
  chore(rsc): simplify `noExternals` config (#10220)
  chore(deps): Update vite to 5.2.8 (#10427)
  chore(auth): Convert `@redwoodjs/auth` to ESM+CJS dual build (#10417)
  chore(framework-tools): Warn about missing metafile (#10426)
  chore(test): Switch rwjs/auth over to vitest (#10423)
  chore(whatwg-fetch): Switch to importing instead of requiring (#10424)
  chore(deps): bump undici from 5.28.3 to 5.28.4 in /.github/actions/check_changesets (#10421)
  ...
dac09 added a commit that referenced this pull request Apr 12, 2024
…g-gen-mw-p2

* 'main' of github.com:redwoodjs/redwood:
  feat(og-gen): Adds package and vite plugin for dynamic og generation (#10439)
  chore(deps): bump browserify-sign from 4.2.1 to 4.2.3 (#10446)
  chore(deps): bump tar from 6.1.11 to 6.2.1 in /docs (#10438)
  chore(deps): update dependency firebase to v10.11.0 (#10366)
  fix(auth): Handle when authorization header is lowercased (#10442)
  Update rbac.md - code match (#10405)
  chore: make crwa e2e test work across branches (#10437)
  feat: [Auth] Common AuthProvider & use* changes for middleware auth (#10420)
@Josh-Walker-GM Josh-Walker-GM modified the milestones: SSR, v8.0.0 Sep 4, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
release:feature This PR introduces a new feature
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants