V3 is coming

[rphlmr]

Discussed in #66

^{Originally posted by rphlmr February 17, 2023}
Hello there,

I'll publish a v3 with some breaking changes on the "auth module".

I have launched a new stack with a new way to commit auth session and I want to have the same pattern on every stack I maintain :)

Nothing hard to understand but a major change: requireAuthSession will no more magically refresh the session in loader.
Currently:

• in loader function, If the access_token expires, I refresh it and reload the loader.
• in action function, because we can't reload it, you have to commit the session in every return json.

In future, you will have to commit the session in loader and action.
Because writing the full header is too long, I have imagined something and will provide a response helper to handle that for you.

export async function loader({ request }: LoaderArgs) {
  const authSession = await requireAuthSession(request); // maybe a refreshed authSession
  const { userId } = authSession;

  try {
    const notes = await getNotes({ userId });

    return response.ok(
      { notes },
      { authSession } // will commit it for you
    );
  } catch (cause) {
    throw response.error(cause, { authSession });
  }
}

export async function action({ request, params }: ActionArgs) {
  const authSession = await requireAuthSession(request); // maybe a refreshed authSession
  const { userId } = authSession;

  try {
    await deleteNote(params.id);

    return response.ok(
      { success: true },
      { authSession } // will commit it for you
    );
  } catch (cause) {
    return response.error(cause, { authSession });
  }
}

Spoilers: authSession will have a cookie property that is nothing more than the result of sessionStorage.commitSession(session, { maxAge: SESSION_MAX_AGE, }).
Then, response.ok or response.error will put this cookie in headers :)

You can check what is coming here: https://github.com/rphlmr/supa-stripe-stack

[dan-cooke]

Hey! nice stack dude!

Would you consider following the docs here https://supabase.com/docs/guides/auth/auth-helpers/remix and using the remix helper library for supabase? (not sure if this existed when you started)

[rphlmr]

Hey! nice stack dude!

Would you consider following the docs here https://supabase.com/docs/guides/auth/auth-helpers/remix and using the remix helper library for supabase? (not sure if this existed when you started)

Thanks 😇

I have one with only Supabase : https://github.com/rphlmr/supa-remix-stack but it is not up to date 😅

[dan-cooke]

Awesome! i'll check it out - I also noticed your benchmarks around using RLS with Supabase... thats a real kicker 200ms delay is not nice.

Do you know if theres a way to avoid going through Gotrue with Supabase, I doubt it - but just wondering!

Really want to use RLS with managed Postgres, just exploring my options at the minute

[rphlmr]

Since this stack, I have built a SAAS project.
Server-side, I don't use RLS.
I use it front side to use RealTime on tables I want to react on change (for example: on a new mention in a comment, Realtime triggers a Remix revalidator.revalidate() to refresh the notification counter).
RLS here helps me to only react if the logged user is concerned.

[rphlmr]

I plan to make a new stack around Supabase, with Drizzle ORM (faster than Prisma, true SQL) and Realtime 🫢

[rphlmr]

I’ll try to use RLS server side in pure SQL when I have time.
If I found something reliable, I’ll ping you ;)

[dan-cooke]

@rphlmr I appreciate that! I'll have a look into it myself in the mean time