Merge branch 'main' of github.com:redwoodjs/redwood

* 'main' of github.com:redwoodjs/redwood:
  Revert "chore(location): Accept URL-like object" (redwoodjs#10473)
  RSC: Be consistent about inlining rollup input (redwoodjs#10472)
  chore(paths): Remove outdated comment (redwoodjs#10471)
  feat(server-auth): Update getAuthenticationContext to support cookies and tokens both (redwoodjs#10465)
  chore(location): Accept URL-like object (redwoodjs#10467)
  fix(router): Remove barrel exports from router.tsx (redwoodjs#10464)
  chore(dbauth-mw): Refactor web side dbAuth creation (redwoodjs#10460)
  chore(router): Prevent circular dependency for namedRoutes (redwoodjs#10463)
  chore(router): route-validators: Better types and clean up comments (redwoodjs#10462)
  feat(server-auth): dbAuth 3/3 -  handle login, logout, signup, etc. requests if forwarded from middleware (redwoodjs#10457)
  docs(router): Document new NavLink className replacement behavior (redwoodjs#10401)
  chore(refactor): Split the router out into smaller logical units (redwoodjs#10434)
  feat(server-auth): Part 1/3: dbAuth middleware support (web side changes) (redwoodjs#10444)
  chore(auth): Build: Put ESM at the root, and CJS in /cjs (redwoodjs#10458)
  fix(ssr): Successfully serve static assets like `favicon.png` (redwoodjs#10455)
  chore(deps): update chore (redwoodjs#10367)
  (docs) Fix useCache headers and links (redwoodjs#10451)
  chore: remove aws-lambda (redwoodjs#10450)
  chore(deps): update dependency typescript to v5.4.5 (redwoodjs#10452)

.changesets/10444.md

@@ -0,0 +1,4 @@
+- feat(server-auth): Part 1/3: dbAuth middleware support (web side changes) (#10444) by @dac09
+Adds ability to `createMiddlewareAuth` in dbAuth client which:
+1. Updates the dbAuth web client to speak to middleware instead of graphql
+2. Implements fetching current user from middleware

.changesets/10457.md

@@ -0,0 +1,28 @@
+- feat(server-auth): dbAuth 3/3 -  handle login, logout, signup, etc. requests if forwarded from middleware (#10457) by @dac09
+
+This PR updates the DbAuthHandler class to handle requests forwarded from middleware, so it can generate responses for login, logout, signup, etc. These are POST requests - it used to be to the `/auth` function, but now they will be captured by dbAuth middleware and forwarded onto DbAuthHandler. 
+
+**High level changes:**
+- use the `Headers` class in each of the "method" responses. This allows us to set multi-value headers like Set-Cookie. A simple object would not. See type `AuthMethodOutput`
+- extracts `buildResponse` into a testable function and adds test. For `Set-Cookie` headers we return an array of strings. 
+
+In the middleware here's the code I had for the final conversion:
+```ts
+    if (AUTHHANDLER_REQUEST) {
+      const output = await dbAuthHandler(req)
+
+      const finalHeaders = new Headers()
+      Object.entries(output.headers).forEach(([key, value]) => {
+        if (Array.isArray(value)) {
+          value.forEach((v) => finalHeaders.append(key, v))
+        } else {
+          finalHeaders.append(key, value)
+        }
+      })
+
+      return new MiddlewareResponse(output.body, {
+        headers: finalHeaders,
+        status: output.statusCode,
+      })
+    }
+```

.changesets/10460.md

@@ -0,0 +1,38 @@
+- chore(dbauth-mw): Refactor web side dbAuth creation (#10460) by @dac09
+
+This PR changes how the webside auth is initialised, by removing the `createMiddlewareAuth` function, instead it just detects it internally. 
+
+For dbAuth this is what it will looks like: 
+
+```js:web/src/auth.ts
+import {
+  createDbAuthClient,
+  createAuth,
+} from '@redwoodjs/auth-dbauth-web'
+
+const dbAuthClient = createDbAuthClient({
+  middleware: true,
+})
+
+// Internally we know to use the middleware version of the client
+// because middleware is set to true above!
+export const { AuthProvider, useAuth } = createAuth(dbAuthClient)
+
+```
+
+For other auth providers we are going to export a similar looking function:
+
+```js
+import { createAuth, createSupabaseAuthClient } from '@redwoodjs/auth-supabase-web'
+
+// This function is new, and just wraps creating supabase👇
+const supabaseClient = createSupabaseAuthClient({
+  supabaseUrl: process.env.SUPABASE_URL || '',
+  supabaseKey: process.env.SUPABASE_KEY || '',
+  middleware: true
+})
+
+export const { AuthProvider, useAuth } = createAuth(supabaseClient)
+```
+
+This also means our users won't need to change where supabase client is imported from, for example.

.changesets/10464.md

@@ -0,0 +1,15 @@
+- fix(router): Remove barrel exports from router.tsx (#10464) by @Tobbe
+
+We were using both `index.ts` and `router.tsx` as barrel export files. We
+should move away from barrel exports at some point, and we definitely don't
+need two files doing it in the same package. Everything that was exported from
+`router.tsx` is already exported by other files (except `Router` itself). So I
+updated the code to import from there directly instead.
+
+This is a breaking change for anyone who does
+`import ... from '@redwoodjs/router/dist/router'` in their project. Which
+hopefully isn't very many.
+ - The quick fix is to find the original export and pull from there instead
+ - The real fix is to talk to us on the core team and see if we can provide an
+   official way of solving it instead of relying on internal implementation
+   details 🙂 

.changesets/10465.md

@@ -0,0 +1,13 @@
+- feat(server-auth): Update getAuthenticationContext to support cookies and tokens both (#10465) by @dac09
+
+**1. Updates `getAuthenticationContext` to parse the cookie header and pass it to authDecoder.**
+
+Note that the authentication context itself does not pull out the token from cookies, because with some providers (e.g. supabase) - we don't know the name of the cookie. This is left to the authDecoder implementation. 
+
+The return type from this function is actually just a deserialized cookie header i.e. 
+`cookie: auth-provider=one; session=xx/yy/zz; somethingElse=bsbs` => `{ 'auth-provider': 'one',  session: 'xx/yy/zz', somethingElse: 'bsbs'`
+
+**2. Retains support for header/token based auth** 
+See test on line 259 of `packages/api/src/auth/__tests__/getAuthenticationContext.test.ts`. If a the `authorization` and `auth-provider` headers are passed in the request (as we do for SPA based auth) - then cookies will take precedence.
+
+The end result is that graphql requests will now work with middleware-based auth providers! 

docs/docs/graphql.md

@@ -868,7 +868,7 @@ In order to use Union types web-side with your Apollo GraphQL client, you will n
 
 :::
 
-### useCache
+## useCache
 
 Apollo Client stores the results of your GraphQL queries in a local, normalized, in-memory cache. This enables the client to respond almost immediately to queries for already-cached data, without even sending a network request.
 
@@ -878,14 +878,14 @@ useCache is a custom hook that returns the cache object and some useful methods
 * [extract](#extract)
 * [identify](#identify)
 * [modify](#modify)
-* [resetStore](#resetStore)
-* [clearStore](#clearStore)
+* [resetStore](#resetstore)
+* [clearStore](#clearstore)
 
 ```ts
 import { useCache } from '@redwoodjs/web/apollo'
 ```
 
-#### cache
+### cache
 
 Returns the normalized, in-memory cache.
 
@@ -895,7 +895,7 @@ import { useCache } from '@redwoodjs/web/apollo'
 const { cache } = useCache()
 ```
 
-#### evict
+### evict
 
 Either removes a normalized object from the cache or removes a specific field from a normalized object in the cache.
 
@@ -911,7 +911,7 @@ const Fruit = ({ id }: { id: FragmentIdentifier }) => {
 }
 ```
 
-#### extract
+### extract
 
 Returns a serialized representation of the cache's current contents
 
@@ -926,7 +926,7 @@ const Fruit = ({ id }: { id: FragmentIdentifier }) => {
 
 ```
 
-#### identify
+### identify
 
 ```ts
 import { useCache } from '@redwoodjs/web/apollo'
@@ -940,7 +940,7 @@ const Fruit = ({ id }: { id: FragmentIdentifier }) => {
 }
 ```
 
-#### modify
+### modify
 
 Modifies one or more field values of a cached object. Must provide a modifier function for each field to modify. A modifier function takes a cached field's current value and returns the value that should replace it.
 
@@ -966,7 +966,7 @@ const Fruit = ({ id }: { id: FragmentIdentifier }) => {
 }
 ```
 
-#### clearStore
+### clearStore
 
 To reset the cache without refetching active queries, use the clearStore method.
 
@@ -981,7 +981,7 @@ const Fruit = ({ id }: { id: FragmentIdentifier }) => {
 }
 ```
 
-#### resetStore
+### resetStore
 
 Reset the cache entirely, such as when a user logs out.
 

docs/docs/router.md

@@ -218,26 +218,34 @@ Named route functions simply return a string, so you can still pass in hardcoded
 
 ## Active links
 
-`NavLink` is a special version of `Link` that will add an `activeClassName` to the rendered element when it matches the current URL.
+`NavLink` is a special version of `Link` that will switch to the
+`activeClassName` classes for the rendered element when it matches the current
+URL.
 
 ```jsx title="MainMenu.jsx"
 import { NavLink, routes } from '@redwoodjs/router'
 
-// Will render <a className="link activeLink" {...rest}> respectively when on the page
 const MainMenu = () =>
   <ul>
     <li>
-      <!-- Adds "activeLink" when the URL matches "/" -->
+      <!--
+        Normally renders as `<a className="link homeLink" ...>`, but when the
+        URL matches "/" it'll switch to render
+        `<a className="activeLink homeLink" ...>`
+      -->
       <NavLink
-        className="link"
-        activeClassName="activeLink"
+        className="link homeLink"
+        activeClassName="activeLink homeLink"
         to={routes.home()}>
         Home
       </NavLink>
     </li>
     <li>
-      <!-- Adds "activeLink" when the URL matches "/?tab=tutorial" -->
-      <!-- (params order insensitive) -->
+      <!--
+        Normally renders as `<a className="link" ...>`, but when the URL
+        matches "/?tab=tutorial" (params order insensitive) it'll switch to
+        render `<a className="activeLink" ...>`
+      -->
       <NavLink
         className="link"
         activeClassName="activeLink"
@@ -248,12 +256,14 @@ const MainMenu = () =>
   </ul>
 ```
 
-The `activeMatchParams` prop can be used to control how query params are matched:
+The `activeMatchParams` prop can be used to control how query params are
+matched:
 
 ```jsx
 import { NavLink, routes } from '@redwoodjs/router'
 
-// Will render <a href="/?tab=tutorial&page=2" className="link activeLink"> when on any Home tutorial page
+// Will render <a href="/?tab=tutorial&page=2" className="activeLink"> when on
+// any Home tutorial page
 const MainMenu = () => (
   <li>
     <NavLink
@@ -268,9 +278,11 @@ const MainMenu = () => (
 )
 ```
 
-> Note `activeMatchParams` is an array of `string` _(key only)_ or `Record<string, any>` _(key and value)_
+> Note `activeMatchParams` is an array of `string` _(key only)_ or
+> `Record<string, any>` _(key and value)_
 
-More granular match; needs to be on the tutorial tab (`tab=tutorial`) and have the `page` key specified:
+More granular match; needs to be on the tutorial tab (`tab=tutorial`) and have
+the `page` key specified:
 
 ```jsx
 // Match /?tab=tutorial&page=*

docs/package.json

@@ -38,7 +38,7 @@
   "devDependencies": {
     "@docusaurus/module-type-aliases": "3.1.1",
     "@docusaurus/tsconfig": "3.1.1",
-    "typescript": "5.4.3"
+    "typescript": "5.4.5"
   },
   "packageManager": "yarn@4.1.1"
 }

docs/yarn.lock

@@ -4917,7 +4917,7 @@ __metadata:
     react: "npm:18.2.0"
     react-dom: "npm:18.2.0"
     react-player: "npm:2.15.1"
-    typescript: "npm:5.4.3"
+    typescript: "npm:5.4.5"
   languageName: unknown
   linkType: soft
 
@@ -10976,23 +10976,23 @@ __metadata:
   languageName: node
   linkType: hard
 
-"typescript@npm:5.4.3":
-  version: 5.4.3
-  resolution: "typescript@npm:5.4.3"
+"typescript@npm:5.4.5":
+  version: 5.4.5
+  resolution: "typescript@npm:5.4.5"
   bin:
     tsc: bin/tsc
     tsserver: bin/tsserver
-  checksum: 10c0/22443a8760c3668e256c0b34b6b45c359ef6cecc10c42558806177a7d500ab1a7d7aac1f976d712e26989ddf6731d2fbdd3212b7c73290a45127c1c43ba2005a
+  checksum: 10c0/2954022ada340fd3d6a9e2b8e534f65d57c92d5f3989a263754a78aba549f7e6529acc1921913560a4b816c46dce7df4a4d29f9f11a3dc0d4213bb76d043251e
   languageName: node
   linkType: hard
 
-"typescript@patch:typescript@npm%3A5.4.3#optional!builtin<compat/typescript>":
-  version: 5.4.3
-  resolution: "typescript@patch:typescript@npm%3A5.4.3#optional!builtin<compat/typescript>::version=5.4.3&hash=5adc0c"
+"typescript@patch:typescript@npm%3A5.4.5#optional!builtin<compat/typescript>":
+  version: 5.4.5
+  resolution: "typescript@patch:typescript@npm%3A5.4.5#optional!builtin<compat/typescript>::version=5.4.5&hash=5adc0c"
   bin:
     tsc: bin/tsc
     tsserver: bin/tsserver
-  checksum: 10c0/6e51f8b7e6ec55b897b9e56b67e864fe8f44e30f4a14357aad5dc0f7432db2f01efc0522df0b6c36d361c51f2dc3dcac5c832efd96a404cfabf884e915d38828
+  checksum: 10c0/db2ad2a16ca829f50427eeb1da155e7a45e598eec7b086d8b4e8ba44e5a235f758e606d681c66992230d3fc3b8995865e5fd0b22a2c95486d0b3200f83072ec9
   languageName: node
   linkType: hard
 

package.json

@@ -81,10 +81,10 @@
     "babel-plugin-remove-code": "0.0.6",
     "boxen": "5.1.2",
     "core-js": "3.36.1",
-    "cypress": "13.7.1",
+    "cypress": "13.7.3",
     "cypress-fail-fast": "7.1.0",
     "cypress-wait-until": "3.0.1",
-    "dependency-cruiser": "16.2.4",
+    "dependency-cruiser": "16.3.1",
     "dotenv": "16.4.5",
     "eslint": "8.57.0",
     "execa": "5.1.1",
@@ -100,14 +100,14 @@
     "ncp": "2.0.0",
     "nodemon": "3.1.0",
     "npm-packlist": "8.0.2",
-    "nx": "18.1.3",
+    "nx": "18.2.4",
     "octokit": "3.1.2",
     "ora": "7.0.1",
     "prompts": "2.4.2",
     "rimraf": "5.0.5",
     "tstyche": "1.1.0",
     "tsx": "4.7.1",
-    "typescript": "5.4.3",
+    "typescript": "5.4.5",
     "vitest": "1.4.0",
     "yargs": "17.7.2",
     "zx": "7.2.3"

packages/adapters/fastify/web/package.json

@@ -31,7 +31,7 @@
     "@redwoodjs/framework-tools": "workspace:*",
     "fastify": "4.26.2",
     "tsx": "4.7.1",
-    "typescript": "5.4.3",
+    "typescript": "5.4.5",
     "vitest": "1.4.0"
   },
   "gitHead": "3905ed045508b861b495f8d5630d76c7a157d8f1"

packages/api-server/package.json

@@ -55,10 +55,9 @@
     "@types/qs": "6.9.14",
     "@types/split2": "4.2.3",
     "@types/yargs": "17.0.32",
-    "aws-lambda": "1.0.7",
     "pino-abstract-transport": "1.1.0",
     "tsx": "4.7.1",
-    "typescript": "5.4.3",
+    "typescript": "5.4.5",
     "vitest": "1.4.0"
   },
   "peerDependencies": {

packages/api/package.json

@@ -50,11 +50,12 @@
     "@types/memjs": "1",
     "@types/pascalcase": "1.0.3",
     "@types/split2": "4.2.3",
+    "cookie": "0.6.0",
     "memjs": "1.3.2",
     "redis": "4.6.7",
     "split2": "4.2.0",
     "ts-toolbelt": "9.6.0",
-    "typescript": "5.4.3",
+    "typescript": "5.4.5",
     "vitest": "1.4.0"
   },
   "peerDependencies": {