feat(edgedb): refactor dsn management; improve runtimeConfig

Author: Tahul

playground/server/api/blogpost.ts

@@ -26,7 +26,7 @@ export default defineEventHandler(async (req) => {
       return blogpost as BlogPost
     }
 
-    const count = await useEdgeDb().query('select count(BlogPost);').then(([count]) => count)
+    const count = await useEdgeDb().query('select count(BlogPost);').then(count => count?.[0] || 0)
 
     return count ? await allBlogPosts() : []
   }

playground/server/plugins/auth.ts

@@ -1,5 +1,8 @@
 export default defineNitroPlugin((app) => {
-  app.hooks.hook('edgedb:auth:callback', (_) => {
-    // console.log(_)
-  })
+  app.hooks.hook(
+    'edgedb:auth:callback' as any,
+    () => {
+      console.log('auth callback!')
+    },
+  )
 })

src/module.ts

@@ -1,4 +1,5 @@
 import { existsSync } from 'node:fs'
+import type { NuxtModule } from 'nuxt/schema'
 import { addComponentsDir, addImports, addPlugin, addServerHandler, addServerImports, addServerPlugin, createResolver, defineNuxtModule } from '@nuxt/kit'
 import { createConsola } from 'consola'
 import { join } from 'pathe'
@@ -44,7 +45,7 @@ const activePrompts = {
   schemaPrompt: undefined as any,
 }
 
-export default defineNuxtModule<ModuleOptions>({
+const nuxtModule = defineNuxtModule<ModuleOptions>({
   meta: {
     name: 'nuxt-edgedb-module',
     configKey: 'edgeDb',
@@ -84,11 +85,105 @@ export default defineNuxtModule<ModuleOptions>({
     nuxt.options.build.transpile ??= []
     nuxt.options.build.transpile.push('edgedb')
 
-    // Set user model if `auth` is set.
-    ;(nuxt.options.runtimeConfig as any).edgeDb ??= {}
-    ;(nuxt.options.runtimeConfig.app as any).edgeDb ??= {
-      auth: options.auth,
-      identityModel: options.identityModel,
+    // Inject env credentials from `edgedb instance credentials`
+    if (options.injectDbCredentials) {
+      // http://localhost:10702/db/edgedb/ext/auth/
+      let dbCredentials: any | undefined
+      try {
+        dbCredentials = await execa.execaCommand(`edgedb instance credentials --json`, { cwd: resolveProject() })
+      }
+      catch (e) {
+        // Silently fail, the EdgeDB instance credentials command failed.
+      }
+      if (dbCredentials) {
+        const { host, port, database, user, password, tls_ca, tls_security } = JSON.parse(dbCredentials.stdout)
+
+        if (!process.env.NUXT_EDGEDB_HOST)
+          process.env.NUXT_EDGEDB_HOST = host
+        if (!process.env.NUXT_EDGEDB_PORT)
+          process.env.NUXT_EDGEDB_PORT = port
+        if (!process.env.NUXT_EDGEDB_DATABASE)
+          process.env.NUXT_EDGEDB_DATABASE = database
+        if (!process.env.NUXT_EDGEDB_USER)
+          process.env.NUXT_EDGEDB_USER = user
+        if (!process.env.NUXT_EDGEDB_PASS)
+          process.env.NUXT_EDGEDB_PASS = password
+        if (!process.env.NUXT_EDGEDB_TLS_CA)
+          process.env.NUXT_EDGEDB_TLS_CA = tls_ca
+        if (!process.env.NUXT_EDGEDB_TLS_SECURITY)
+          process.env.NUXT_EDGEDB_TLS_SECURITY = tls_security
+        if (!process.env.NUXT_EDGEDB_AUTH_BASE_URL)
+          process.env.NUXT_EDGEDB_AUTH_BASE_URL = `http://${host}:${port}/db/${database}/ext/auth/`
+      }
+    }
+
+    const envAppUrl = process.env.APP_URL || process.env.NUXT_EDGEDB_APP_URL
+
+    // Create dev app url
+    const devAppUrl = [
+      nuxt.options.devServer.https ? `https://` : `http://`,
+      nuxt.options.devServer.host ? nuxt.options.devServer.host : 'localhost',
+      nuxt.options.devServer.port ? `:${nuxt.options.devServer.port}` : '',
+    ].join('')
+
+    const appUrl = envAppUrl || devAppUrl
+
+    const {
+      // EdgeDB DSN settings
+      NUXT_EDGEDB_HOST: host,
+      NUXT_EDGEDB_PORT: port,
+      NUXT_EDGEDB_USER: user,
+      NUXT_EDGEDB_PASS: pass,
+      NUXT_EDGEDB_DATABASE: database,
+      NUXT_EDGEDB_TLS_CA: tlsCA,
+      NUXT_EDGEDB_TLS_SECURITY: tlsSecurity,
+
+      // EdgeDB Auth settings
+      NUXT_EDGEDB_IDENTITY_MODEL: identityModel = options.identityModel || 'User',
+
+      // EdgeDB Auth URls
+      NUXT_EDGEDB_AUTH_BASE_URL: authBaseUrl = `http://${host}:${port}/db/${database}/ext/auth/`,
+      NUXT_EDGEDB_OAUTH_CALLBACK: oAuthCallbackUrl = `http://${host}:${port}/db/${database}/ext/auth/callback`,
+
+      // EdgeDB Nuxt Auth URLs
+      NUXT_EDGEDB_AUTH_VERIFY_REDIRECT_URL: verifyRedirectUrl = `${appUrl}/auth/verify`,
+      NUXT_EDGEDB_AUTH_RESET_PASSWORD_URL: resetPasswordUrl = `${appUrl}/auth/reset-password`,
+      NUXT_EDGEDB_OAUTH_REDIRECT_URL: oAuthRedirectUrl = `${appUrl}/auth/callback`,
+    } = process.env
+
+    const dsn = {
+      host,
+      port,
+      user,
+      pass,
+      database,
+      tlsCA,
+      tlsSecurity: tlsSecurity as 'insecure' | 'no_host_verification' | 'strict' | 'default' | undefined,
+      full: `edgedb://${user}:${pass}@${host}:${port}/${database}`,
+    }
+
+    const urls = {
+      // EdgeDB Nuxt Auth URLs
+      appUrl: appUrl || devAppUrl,
+      resetPasswordUrl,
+      verifyRedirectUrl,
+      oAuthRedirectUrl,
+
+      // EdgeDB Auth URls
+      authBaseUrl,
+      oAuthCallbackUrl,
+    }
+
+    const auth = {
+      enabled: options.auth,
+      oauth: options.oauth,
+      identityModel,
+    }
+
+    nuxt.options.runtimeConfig.edgeDb ??= {
+      auth,
+      dsn,
+      urls,
     }
 
     async function piped$(
@@ -543,28 +638,6 @@ export default defineNuxtModule<ModuleOptions>({
     }
 
     if (options.auth) {
-      if (options.injectDbCredentials) {
-        // http://localhost:10702/db/edgedb/ext/auth/
-        let dbCredentials: any | undefined
-        try {
-          dbCredentials = await execa.execaCommand(`edgedb instance credentials --json`, { cwd: resolveProject() })
-        }
-        catch (e) {
-          //
-        }
-        if (dbCredentials) {
-          const { host, port, database, user, password, tls_ca, tls_security } = JSON.parse(dbCredentials.stdout)
-          process.env.NUXT_EDGEDB_HOST = host
-          process.env.NUXT_EDGEDB_PORT = port
-          process.env.NUXT_EDGEDB_DATABASE = database
-          process.env.NUXT_EDGEDB_USER = user
-          process.env.NUXT_EDGEDB_PASS = password
-          process.env.NUXT_EDGEDB_TLS_CA = tls_ca
-          process.env.NUXT_EDGEDB_TLS_SECURITY = tls_security
-          process.env.NUXT_EDGEDB_AUTH_BASE_URL = `http://${host}:${port}/db/${database}/ext/auth/`
-        }
-      }
-
       // Runtime
       addPlugin({
         src: resolveLocal('./runtime/plugins/edgedb-auth'),
@@ -661,3 +734,43 @@ function useLogger() {
     },
   )
 }
+
+export default nuxtModule
+
+declare module 'nuxt/schema' {
+  interface NuxtConfig {
+    ['edgeDb']?: typeof nuxtModule extends NuxtModule<infer O> ? Partial<O> : Record<string, any>
+  }
+
+  interface RuntimeConfig {
+    edgeDb: {
+      auth: {
+        enabled: boolean
+        oauth: boolean
+        identityModel: string
+      }
+      identityModel?: string
+      urls: {
+        appUrl?: string
+        authBaseUrl?: string
+        resetPasswordUrl?: string
+        verifyRedirectUrl?: string
+        oAuthCallbackUrl?: string
+        oAuthRedirectUrl?: string
+      }
+      dsn: {
+        host?: string
+        port?: string
+        user?: string
+        pass?: string
+        database?: string
+        tlsCA?: string
+        tlsSecurity?: 'insecure' | 'no_host_verification' | 'strict' | 'default' | undefined
+      }
+    }
+  }
+
+  interface PublicRuntimeConfig {
+
+  }
+}

src/runtime/api/auth/authorize.ts

@@ -1,4 +1,4 @@
-import { H3Error, defineEventHandler, getRequestURL, sendError } from 'h3'
+import { H3Error, defineEventHandler, getRequestURL, sendError, setHeaders } from 'h3'
 import { useEdgeDbEnv, useEdgeDbPKCE } from '../../server'
 
 /**
@@ -9,7 +9,8 @@ import { useEdgeDbEnv, useEdgeDbPKCE } from '../../server'
  * @param {Request} req
  */
 export default defineEventHandler(async (req) => {
-  const { authBaseUrl, oAuthRedirectUrl } = useEdgeDbEnv()
+  const { urls } = useEdgeDbEnv()
+  const { authBaseUrl, oAuthRedirectUrl } = urls
   const requestUrl = getRequestURL(req)
   const provider = requestUrl.searchParams.get('provider')
 
@@ -23,11 +24,14 @@ export default defineEventHandler(async (req) => {
   const redirectUrl = new URL('authorize', authBaseUrl)
   redirectUrl.searchParams.set('provider', provider)
   redirectUrl.searchParams.set('challenge', pkce.challenge)
-  redirectUrl.searchParams.set('redirect_to', oAuthRedirectUrl)
+  redirectUrl.searchParams.set('redirect_to', oAuthRedirectUrl!)
 
-  setHeaders(req, {
-    'Set-Cookie': `edgedb-pkce-verifier=${pkce.verifier}; HttpOnly; Path=/; Secure; SameSite=Strict`,
-  })
+  setHeaders(
+    req,
+    {
+      'Set-Cookie': `edgedb-pkce-verifier=${pkce.verifier}; HttpOnly; Path=/; Secure; SameSite=Strict`,
+    },
+  )
 
   return {
     redirect: redirectUrl,

src/runtime/api/auth/callback.ts

@@ -8,7 +8,8 @@ import { useEdgeDbEnv } from '../../server'
  * @param {Request} req
  */
 export default defineEventHandler(async (req) => {
-  const { authBaseUrl } = useEdgeDbEnv()
+  const { urls } = useEdgeDbEnv()
+  const { authBaseUrl } = urls
 
   const requestUrl = getRequestURL(req)
   const code = requestUrl.searchParams.get('code')

src/runtime/api/auth/identity.ts

@@ -2,7 +2,7 @@ import { defineEventHandler, deleteCookie, getCookie, setCookie } from 'h3'
 import { useEdgeDb, useEdgeDbEnv } from '../../server'
 
 export default defineEventHandler(async (event) => {
-  const { identityModel } = useEdgeDbEnv()
+  const { auth } = useEdgeDbEnv()
 
   const token = getCookie(event, 'edgedb-auth-token')
 
@@ -18,7 +18,7 @@ export default defineEventHandler(async (event) => {
 
     if (!identityTarget && token) {
       identityTarget = await client.query(`
-      insert ${identityModel} {
+      insert ${auth.identityModel} {
         name := '',
         identity := global ext::auth::ClientTokenIdentity
       }

src/runtime/api/auth/login.ts

@@ -3,7 +3,8 @@ import { useEdgeDbEnv, useEdgeDbPKCE } from '../../server'
 
 export default defineEventHandler(async (req) => {
   const pkce = useEdgeDbPKCE()
-  const { authBaseUrl } = useEdgeDbEnv()
+  const { urls } = useEdgeDbEnv()
+  const { authBaseUrl } = urls
 
   const { email, password, provider } = await readBody(req)
 

src/runtime/api/auth/reset-password-ui.ts

@@ -7,7 +7,8 @@ import { useEdgeDbEnv } from '../../server'
  * @param {Request} req
  */
 export default defineEventHandler((req) => {
-  const { authBaseUrl } = useEdgeDbEnv()
+  const { urls } = useEdgeDbEnv()
+  const { authBaseUrl } = urls
   const { reset_token } = getQuery(req)
 
   return {

src/runtime/api/auth/reset-password.ts

@@ -7,7 +7,8 @@ import { useEdgeDbEnv } from '../../server'
  * @param {Request} req
  */
 export default defineEventHandler(async (req) => {
-  const { authBaseUrl } = useEdgeDbEnv()
+  const { urls } = useEdgeDbEnv()
+  const { authBaseUrl } = urls
   const { reset_token, password } = await readBody(req)
 
   if (!reset_token || !password) {

src/runtime/api/auth/send-password-reset-email.ts

@@ -8,7 +8,8 @@ import { useEdgeDbEnv, useEdgeDbPKCE } from '../../server'
  */
 export default defineEventHandler(async (req) => {
   const pkce = useEdgeDbPKCE()
-  const { authBaseUrl, resetPasswordUrl: reset_url } = useEdgeDbEnv()
+  const { urls } = useEdgeDbEnv()
+  const { authBaseUrl, resetPasswordUrl: reset_url } = urls
 
   const { email } = await readBody(req)
   const provider = 'builtin::local_emailpassword'
@@ -41,9 +42,12 @@ export default defineEventHandler(async (req) => {
 
   const { email_sent } = await sendResetResponse.json()
 
-  setHeaders(req, {
-    'Set-Cookie': `edgedb-pkce-verifier=${pkce.verifier}; HttpOnly; Path=/; Secure; SameSite=Strict`,
-  })
+  setHeaders(
+    req,
+    {
+      'Set-Cookie': `edgedb-pkce-verifier=${pkce.verifier}; HttpOnly; Path=/; Secure; SameSite=Strict`,
+    },
+  )
 
   return {
     message: `Reset email sent to '${email_sent}'.`,