-
Notifications
You must be signed in to change notification settings - Fork 1
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat!: new implementation of sessionCookieStore #7
Conversation
const newAppSession = await refreshAppSession(refreshToken(fetch)(params))( | ||
currentAppSession, | ||
) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is this always called from the browser? Or is there a possibility that this can be run on the server side?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Always called from the server
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ah okay. then don't we need to pass fetch
from node-fetch
package?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Gosh, you're right 🤯
In the very beginning, the library used to have code running in the client as well as on the server. It seems like I've forgotten to purge the tsconfig compilerOptions.lib
"dom"
option.
The library has only been used by us in a Next which uses the isomorphic-fetch, so we never noticed.
I've opened a new ticket for it here: https://storyblok.atlassian.net/browse/EXT-1531
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice! Does the ticket include the replacement of fetch with node-fetch? Or how do you want to approach that part?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm not sure yet... there are a few options:
- use node-fetch
- require node version >= 18 (where fetch was added)
- use openid-client to make the refresh request. When I'm replacing grant, I'll use the openid-client library for making request to the Storyblok API.
Probably the last option here
Co-authored-by: Eunjae Lee <hey@eunjae.dev>
Co-authored-by: Eunjae Lee <hey@eunjae.dev>
const getCookie: GetCookie = (name) => | ||
getNodeCookie(requestParams.req, name) | ||
const setCookie: SetCookie = (name, value) => | ||
setNodeCookie(requestParams.res, name, value) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
So far, from my understanding this sessionCookieStore
is still relying on the Node.js request and response object because getNodeCookie
and setNodeCookie
expects them. And your plan to going to make this replaceable? Is it the changes you told me you're thinking of?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes exactly.
It also makes the other functions easier to test, because we don't need to mock request and response objects; just the getter and setter functions.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This PR looks good. Let's move onto the next one! :)
What
A new implementation of
sessionCookieStore
. It is based on the old one, with the following changes:autoRefresh
option insessionCookieStore.get
is removed since we've never used it. This is a breaking change, We can reintrodice it later if we need it.get
,getAll
,put
, andremove
. The implementation of these are now moved to dedicated files;getSession
,getAllSessions
,putSession
,removeSession
.utils
module that is only used by thecrud
module.matches
was renamed tokeysEquals
and moved to its own file.toKeys
was renamed tokeysFromQuery
and moved to its own file.getSignedCookie
andsetSignedCookie
were changed so that they no longer depend on Node.js (http
module)Why
In the
session
module, the only point where there is a dependency on Node.js is insessionCookieStore.ts
. All the other functions accepts functions for reading and writing string values (GetCookie
andSetCookie
), but they're actually completely agnostic to how these values are stored. This has two benefits that we will be able to leverage in the future:accessToken
is securely stored in a database instead of in a cookie (like we do with the deployments apps).The next step will be to replace grant with our own, custom request handlers.
How to test
Run the Nextjs starter project locally.
Check out this branch and build the project.
Link the packages with:
In the library:
and in the template
In the browser, clear the cookies and reload the app. Everything should work just as before without any modification to the code.