diff --git a/.changesets/10064.md b/.changesets/10064.md index 785c49a2ec24..286624f3e066 100644 --- a/.changesets/10064.md +++ b/.changesets/10064.md @@ -1,7 +1,8 @@ - Add Storybook (Vite) framework package (#10064) by @arimendelow Adds: + - Storybook framework package for using Storybook with Vite. - CLI package (command: `yarn rw sbv`) for running Storybook using Vite. CLI package additionally creates Mock Service Worker, and, on first run, the project-side Storybook config files. -Current Storybook (Webpack) users will need to manually migrate any additional Storybook config (mocks, etc.). The primary user-facing difference between the old and new Storybook integrations is that the config used by the old one lives in the `@redwoodjs/testing` package, and the config used by this new one lives in the user's `web/.storybook` directory. \ No newline at end of file +Current Storybook (Webpack) users will need to manually migrate any additional Storybook config (mocks, etc.). The primary user-facing difference between the old and new Storybook integrations is that the config used by the old one lives in the `@redwoodjs/testing` package, and the config used by this new one lives in the user's `web/.storybook` directory. diff --git a/.changesets/10179.md b/.changesets/10179.md index 6cae15af6c5f..ffd8f9b7aaa7 100644 --- a/.changesets/10179.md +++ b/.changesets/10179.md @@ -5,7 +5,7 @@ This PR upgrades Redwood internally to Prettier v3. We believe this won't have a If you have Tailwind CSS configured, can upgrade `prettier-plugin-tailwindcss` to a version later than `0.4.1` if you make a few changes: - Change `prettier.config.js` to `prettier.config.mjs` (js -> mjs) -- `export default` instead of `module.exports` +- `export default` instead of `module.exports` - `await import('...')` any plugins instead of `require('...')` Here's an example of an updated `prettier.config.mjs` to work with `prettier-plugin-tailwindcss@^0.5.12`: diff --git a/.changesets/10266.md b/.changesets/10266.md index 1201549dc6bd..5556caf2e2f6 100644 --- a/.changesets/10266.md +++ b/.changesets/10266.md @@ -1,6 +1,5 @@ - chore(linting): Update versions and avoid `{}` (#10266) by @Josh-Walker-GM -This PR updates the versions of the `eslint` and the `@typescript-eslint` packages from v5 to v7. +This PR updates the versions of the `eslint` and the `@typescript-eslint` packages from v5 to v7. This is a major upgrade of the `@typescript-eslint` package and although we think it is unlikely to introduce a breaking change for you we would recommend that you read the associated documentation. The v6 upgrade can be found [here](https://typescript-eslint.io/blog/announcing-typescript-eslint-v6/) and the v7 one [here](https://typescript-eslint.io/blog/announcing-typescript-eslint-v7/). - diff --git a/.changesets/10342.md b/.changesets/10342.md index 9a2dffd923f2..5179cd5e797e 100644 --- a/.changesets/10342.md +++ b/.changesets/10342.md @@ -23,7 +23,6 @@ The `` above would get the following classes if it was the active link That same `` now only gets the `activeClassName` classes `active inline-block rounded-t-lg border-b-2 border-blue-600 p-4 text-blue-600 dark:border-blue-500 dark:text-blue-500` - ## Breaking If you were relying on the merging behavior you will now have to copy all classes from `className` and also include them in `activeClassName`. diff --git a/.changesets/10344.md b/.changesets/10344.md index bd41152c0142..277035ccfdb0 100644 --- a/.changesets/10344.md +++ b/.changesets/10344.md @@ -5,6 +5,7 @@ Add intellisense and color support for not only `className` (which is enabled by ## Manual Instructions If you already have TW set up and want to enable this, open `.vscode/settings.json` and add this: + ```json "tailwindCSS": { "classAttributes": ["class", "className", "activeClassName", "errorClassName"] diff --git a/.changesets/10395.md b/.changesets/10395.md index 4b0bbaf2ffd7..fbb0c98be5a3 100644 --- a/.changesets/10395.md +++ b/.changesets/10395.md @@ -1,22 +1,24 @@ - Middleware Routing & `registerMiddleware` (#10395) by @dac09 -Implements the new syntax of using Middleware after discussion. This sets us up for doing Auth better, but also for implementations like OG Image generation. +Implements the new syntax of using Middleware after discussion. This sets us up for doing Auth better, but also for implementations like OG Image generation. ```js export const registerMiddleware = async () => { - return [ - dbAuthMiddleware(), - [new OgMiddleware({ rootFilename: 'index' }), [ '/:route.:extension']] - ] + return [ + dbAuthMiddleware(), + [new OgMiddleware({ rootFilename: 'index' }), ['/:route.:extension']], + ] } ``` **Features** + - [x] Registering middleware with above syntax - [x] Chaining multiple middleware by passing array of middleware, or tuples - [x] Defining the route patterns to match in the find-my-way syntax ---- +--- + **What syntax are you using for the route patterns?** After discussion that Regexes are slow and unwieldy, I did some research and comparisons here: https://www.notion.so/redwoodjs/Middleware-Route-patterns-0f1c5587b4134073adfae896a782b5ea?pvs= @@ -24,11 +26,13 @@ This implementation uses https://github.com/delvedor/find-my-way - which is the **Important for understanding** Quoting from find-my-way docs: + > The nodes are matched in the following order: + static parametric node with static ending parametric(regex)/multi-parametric parametric wildcard -Which means, if you have a more specific one - example you have `[mw1, `*`]` and `[mw2, '/refresh_auth']` - then a request to /refresh_auth will ONLY trigger mw2. This is sort of counter intuitive, but them are the rules with fmw. +Which means, if you have a more specific one - example you have `[mw1, `\*`]` and `[mw2, '/refresh_auth']` - then a request to /refresh_auth will ONLY trigger mw2. This is sort of counter intuitive, but them are the rules with fmw. diff --git a/.changesets/10420.md b/.changesets/10420.md index 58c60cddc8c1..75481c745124 100644 --- a/.changesets/10420.md +++ b/.changesets/10420.md @@ -1,4 +1,4 @@ -- feat: [Auth] Common AuthProvider & use* changes for middleware auth #10420 by @dac09 and @dthyresson +- feat: [Auth] Common AuthProvider & use\* changes for middleware auth #10420 by @dac09 and @dthyresson * First step of supporting Auth using middleware * Ensure backwards compatibility with non-SSR auth @@ -6,7 +6,3 @@ ### Breaking Change Removes `skipFetchCurrentUser` which was used by the no longer existing nHost auth provider, but could potentially have been used by custom auth. - - - - diff --git a/.changesets/10441.md b/.changesets/10441.md index de04d1ae4272..66869280a58c 100644 --- a/.changesets/10441.md +++ b/.changesets/10441.md @@ -1,10 +1,10 @@ - feat(og-gen): Update implementation of useLocation | Update App template (#10441) by @dac09 -**Updated App.tsx template** -We modified the `App.tsx` template to accept possible children, and render them if present. This lets the og:image handler inject your component into the Document tree, without including the entire Router, but still style your og:image component using whatever you used to style the rest of your app (Tailwind, perhaps?) + **Updated App.tsx template** + We modified the `App.tsx` template to accept possible children, and render them if present. This lets the og:image handler inject your component into the Document tree, without including the entire Router, but still style your og:image component using whatever you used to style the rest of your app (Tailwind, perhaps?) **Updated useLocation implementation** We also modified the `useLocation()` hook to now return everything that the [URL API](https://developer.mozilla.org/en-US/docs/Web/API/URL) returns. Previously it only returned three attributes of the url (pathname, search, hash), now it returns everything available to a call to `new URL()` (origin, href, searchParams, etc.). The reason for this is now that we have SSR, we can get access to more details in the hook - in this case we needed origin -Both changes should be non-breaking! +Both changes should be non-breaking! diff --git a/.changesets/10444.md b/.changesets/10444.md index eb3f6aee2016..0e13368a17c0 100644 --- a/.changesets/10444.md +++ b/.changesets/10444.md @@ -1,4 +1,5 @@ - feat(server-auth): Part 1/3: dbAuth middleware support (web side changes) (#10444) by @dac09 -Adds ability to `createMiddlewareAuth` in dbAuth client which: + Adds ability to `createMiddlewareAuth` in dbAuth client which: + 1. Updates the dbAuth web client to speak to middleware instead of graphql 2. Implements fetching current user from middleware diff --git a/.changesets/10453.md b/.changesets/10453.md index 42f3da15e1cb..54ff985037dc 100644 --- a/.changesets/10453.md +++ b/.changesets/10453.md @@ -1,5 +1,5 @@ - feat: Remove `--performance` option from `yarn rw build` (#10453) by @Josh-Walker-GM -This change removes the `--performance` flag from the `yarn rw build` command. It will no longer be available to use and the CLI will no longer accept this flag being passed in. +This change removes the `--performance` flag from the `yarn rw build` command. It will no longer be available to use and the CLI will no longer accept this flag being passed in. -Additionally, the associated webpack config (`@redwoodjs/core/config/webpack.perf.js`) has been removed so it can no longer be imported if you were doing so. +Additionally, the associated webpack config (`@redwoodjs/core/config/webpack.perf.js`) has been removed so it can no longer be imported if you were doing so. diff --git a/.changesets/10457.md b/.changesets/10457.md index daa8f21d0e87..4cbf40a10c3a 100644 --- a/.changesets/10457.md +++ b/.changesets/10457.md @@ -1,28 +1,30 @@ -- feat(server-auth): dbAuth 3/3 - handle login, logout, signup, etc. requests if forwarded from middleware (#10457) by @dac09 +- feat(server-auth): dbAuth 3/3 - handle login, logout, signup, etc. requests if forwarded from middleware (#10457) by @dac09 -This PR updates the DbAuthHandler class to handle requests forwarded from middleware, so it can generate responses for login, logout, signup, etc. These are POST requests - it used to be to the `/auth` function, but now they will be captured by dbAuth middleware and forwarded onto DbAuthHandler. +This PR updates the DbAuthHandler class to handle requests forwarded from middleware, so it can generate responses for login, logout, signup, etc. These are POST requests - it used to be to the `/auth` function, but now they will be captured by dbAuth middleware and forwarded onto DbAuthHandler. **High level changes:** + - use the `Headers` class in each of the "method" responses. This allows us to set multi-value headers like Set-Cookie. A simple object would not. See type `AuthMethodOutput` -- extracts `buildResponse` into a testable function and adds test. For `Set-Cookie` headers we return an array of strings. +- extracts `buildResponse` into a testable function and adds test. For `Set-Cookie` headers we return an array of strings. In the middleware here's the code I had for the final conversion: -```ts - if (AUTHHANDLER_REQUEST) { - const output = await dbAuthHandler(req) - const finalHeaders = new Headers() - Object.entries(output.headers).forEach(([key, value]) => { - if (Array.isArray(value)) { - value.forEach((v) => finalHeaders.append(key, v)) - } else { - finalHeaders.append(key, value) - } - }) +```ts +if (AUTHHANDLER_REQUEST) { + const output = await dbAuthHandler(req) - return new MiddlewareResponse(output.body, { - headers: finalHeaders, - status: output.statusCode, - }) + const finalHeaders = new Headers() + Object.entries(output.headers).forEach(([key, value]) => { + if (Array.isArray(value)) { + value.forEach((v) => finalHeaders.append(key, v)) + } else { + finalHeaders.append(key, value) } + }) + + return new MiddlewareResponse(output.body, { + headers: finalHeaders, + status: output.statusCode, + }) +} ``` diff --git a/.changesets/10460.md b/.changesets/10460.md index 19bb349dd502..de8debaa45e3 100644 --- a/.changesets/10460.md +++ b/.changesets/10460.md @@ -1,8 +1,8 @@ - chore(dbauth-mw): Refactor web side dbAuth creation (#10460) by @dac09 -This PR changes how the webside auth is initialised, by removing the `createMiddlewareAuth` function, instead it just detects it internally. +This PR changes how the webside auth is initialised, by removing the `createMiddlewareAuth` function, instead it just detects it internally. -For dbAuth this is what it will looks like: +For dbAuth this is what it will looks like: ```js:web/src/auth.ts import { @@ -23,13 +23,16 @@ export const { AuthProvider, useAuth } = createAuth(dbAuthClient) For other auth providers we are going to export a similar looking function: ```js -import { createAuth, createSupabaseAuthClient } from '@redwoodjs/auth-supabase-web' +import { + createAuth, + createSupabaseAuthClient, +} from '@redwoodjs/auth-supabase-web' // This function is new, and just wraps creating supabase👇 const supabaseClient = createSupabaseAuthClient({ supabaseUrl: process.env.SUPABASE_URL || '', supabaseKey: process.env.SUPABASE_KEY || '', - middleware: true + middleware: true, }) export const { AuthProvider, useAuth } = createAuth(supabaseClient) diff --git a/.changesets/10464.md b/.changesets/10464.md index 5741c801f356..5e4985ea77a8 100644 --- a/.changesets/10464.md +++ b/.changesets/10464.md @@ -4,7 +4,7 @@ We were using both `index.ts` and `router.tsx` as barrel export files. We should This is a breaking change for anyone who does `import ... from '@redwoodjs/router/dist/router'` in their project. Which hopefully isn't very many. - - The quick fix is to find the original export and pull from there instead - - The real fix is to talk to us on the core team and see if we can provide an - official way of solving it instead of relying on internal implementation - details 🙂 +- The quick fix is to find the original export and pull from there instead +- The real fix is to talk to us on the core team and see if we can provide an + official way of solving it instead of relying on internal implementation + details 🙂 diff --git a/.changesets/10465.md b/.changesets/10465.md index 0c667c4d47dd..c5a10d3b5ba2 100644 --- a/.changesets/10465.md +++ b/.changesets/10465.md @@ -2,12 +2,12 @@ **1. Updates `getAuthenticationContext` to parse the cookie header and pass it to authDecoder.** -Note that the authentication context itself does not pull out the token from cookies, because with some providers (e.g. supabase) - we don't know the name of the cookie. This is left to the authDecoder implementation. +Note that the authentication context itself does not pull out the token from cookies, because with some providers (e.g. supabase) - we don't know the name of the cookie. This is left to the authDecoder implementation. -The return type from this function is actually just a deserialized cookie header i.e. +The return type from this function is actually just a deserialized cookie header i.e. `cookie: auth-provider=one; session=xx/yy/zz; somethingElse=bsbs` => `{ 'auth-provider': 'one', session: 'xx/yy/zz', somethingElse: 'bsbs'` -**2. Retains support for header/token based auth** +**2. Retains support for header/token based auth** See test on line 259 of `packages/api/src/auth/__tests__/getAuthenticationContext.test.ts`. If a the `authorization` and `auth-provider` headers are passed in the request (as we do for SPA based auth) - then cookies will take precedence. -The end result is that graphql requests will now work with middleware-based auth providers! +The end result is that graphql requests will now work with middleware-based auth providers! diff --git a/.changesets/10469.md b/.changesets/10469.md index 7b2c8a51ca2b..8bbb2e124e5d 100644 --- a/.changesets/10469.md +++ b/.changesets/10469.md @@ -1,45 +1,49 @@ -- feat(og-gen): Implement middleware and hooks (#10469) by @dac09 +- feat(og-gen): Implement middleware and hooks (#10469) by @dac09 -The OG Gen saga continues with @cannikin and @dac09 ⚔️ +The OG Gen saga continues with @cannikin and @dac09 ⚔️ This PR: + - adds OgImageMiddleware and Hooks to `@redwoodjs/og-gen`, complete with tests ⚠️ Template changes: + - updates entry.client template to pass in Routes to App - updates App to take children (i.e. Routes) This is so that we can pass the OG component to be rendered _with_ your App's CSS setup. - **How to use this?** 1. **Registering the middleware:** - ```ts - import OgImageMiddleware from '@redwoodjs/ogimage-gen/middleware' - export const registerMiddleware = () => { - const ogMw = new OgImageMiddleware({ - App, - Document, - }) + ```ts + import OgImageMiddleware from '@redwoodjs/ogimage-gen/middleware' - return [ogMw] - } - ``` + export const registerMiddleware = () => { + const ogMw = new OgImageMiddleware({ + App, + Document, + }) + + return [ogMw] + } + ``` 2. Configure your `vite.config.ts` - ```ts - import vitePluginOgImageGen from '@redwoodjs/ogimage-gen/plugin' - const viteConfig: UserConfig = { - // 👇 so it builds your OG components - plugins: [redwood(), vitePluginOgImageGen()], - } + ```ts + import vitePluginOgImageGen from '@redwoodjs/ogimage-gen/plugin' + + const viteConfig: UserConfig = { + // 👇 so it builds your OG components + plugins: [redwood(), vitePluginOgImageGen()], + } + + export default defineConfig(viteConfig) + ``` - export default defineConfig(viteConfig) - ``` 3. Add your OG Image component next to the page it's for -e.g. web/src/pages/AboutPage/AboutPage.png.tsx + e.g. web/src/pages/AboutPage/AboutPage.png.tsx 4. Use hooks on AboutPage to generate the ogURL diff --git a/.changesets/10493.md b/.changesets/10493.md index 461695b4b362..15861211dbae 100644 --- a/.changesets/10493.md +++ b/.changesets/10493.md @@ -10,10 +10,9 @@ const myCookie = mwRequest.cookies.get('myCookie') const actualValue = myCookie.value ``` -This is unwieldy, and feels unergonomic for the 98% of cases where `get` will be used to just see the value. +This is unwieldy, and feels unergonomic for the 98% of cases where `get` will be used to just see the value. **How do I still see the options of the cookie?** You can still access all the details of the cookie by doing `cookie.entries`. I don't really have a case for this yet, so let's not optimise for this case, but we know it's possible! - This is me just stabilizing the API for Middleware stuff, before we ship it out of experimental diff --git a/.changesets/10498.md b/.changesets/10498.md index 611d82c6371c..6543f393acda 100644 --- a/.changesets/10498.md +++ b/.changesets/10498.md @@ -6,5 +6,3 @@ This is because the dbauth-provider-web packages are still CJS only. When import **2. Updates the default auth provider state for middleware auth** Middleware auth default state is _almost_ the same as SPA default auth state. Except that loading is always false! Otherwise you can get stuck in a loading state forever. - - \ No newline at end of file diff --git a/.changesets/10499.md b/.changesets/10499.md index de951de649f5..f80f8fef394c 100644 --- a/.changesets/10499.md +++ b/.changesets/10499.md @@ -2,11 +2,9 @@ Implement Supabase Auth Middleware to authenticate server-side requests. -* Adds middleware to the Supabase auth-providers package. -* createSupabaseAuthMiddleware is responsible for authenticating Supabase requests -* It does so by checking if the request has a supabase auth-provider header, and then uses the authDecoder to verify the session cookie using the Supabase ServerAuthClient and returning a decoded access token -- or throwing an exception if the session cookie is invalid -* Once the middleware has the decoded JWT, it hands that to the provided getCurrentUser from he user's project to return the information about authenticated user -* Lastly, it sets serverAuthState with user and metadata info to know the request isAuthenticated -* If the session is invalid or the cookie tampered with such that the access token cannot be verified, serverAuthState is cleared as are the auth provider and Supabase cookies - - +- Adds middleware to the Supabase auth-providers package. +- createSupabaseAuthMiddleware is responsible for authenticating Supabase requests +- It does so by checking if the request has a supabase auth-provider header, and then uses the authDecoder to verify the session cookie using the Supabase ServerAuthClient and returning a decoded access token -- or throwing an exception if the session cookie is invalid +- Once the middleware has the decoded JWT, it hands that to the provided getCurrentUser from he user's project to return the information about authenticated user +- Lastly, it sets serverAuthState with user and metadata info to know the request isAuthenticated +- If the session is invalid or the cookie tampered with such that the access token cannot be verified, serverAuthState is cleared as are the auth provider and Supabase cookies diff --git a/.changesets/10502.md b/.changesets/10502.md index 51a50674f2b1..5d2452434ca6 100644 --- a/.changesets/10502.md +++ b/.changesets/10502.md @@ -1,2 +1,2 @@ - fix(dbauth-mw): Unset cookie instead of clearing (#10502) by @dac09 -Updates dbAuth middleware implementation to _unset_ the cookies, instead of clearing them. + Updates dbAuth middleware implementation to _unset_ the cookies, instead of clearing them. diff --git a/.changesets/10520.md b/.changesets/10520.md index f18c4c48d7c0..d926d379c501 100644 --- a/.changesets/10520.md +++ b/.changesets/10520.md @@ -1,3 +1,3 @@ - feat(eslint): Disable restricted $api imports for entryserver (#10520) by @dac09 -With the introduction of middleware, it's pretty common to import things from the $api side. This is a non-issue as entry.server.{jsx,tsx} is not part of the client bundle we generate. +With the introduction of middleware, it's pretty common to import things from the $api side. This is a non-issue as entry.server.{jsx,tsx} is not part of the client bundle we generate. diff --git a/.changesets/10522.md b/.changesets/10522.md index 915280d80667..84953f30fb31 100644 --- a/.changesets/10522.md +++ b/.changesets/10522.md @@ -5,7 +5,7 @@ In `web/src/auth.ts`: ``` -// 👇 notice where this is imported from! +// 👇 notice where this is imported from! import { createBrowserClient } from '@supabase/ssr' import { createAuth } from '@redwoodjs/auth-supabase-web' diff --git a/.changesets/10538.md b/.changesets/10538.md index 02f8016306de..1991248970db 100644 --- a/.changesets/10538.md +++ b/.changesets/10538.md @@ -1,6 +1,7 @@ - fix(serverauth): Export dbAuthMiddleware as default export to match supabase (#10538) by @dac09 An example: + ```js //before import { createDbAuthMiddleware } from '@redwoodjs/auth-dbauth-middleware' diff --git a/.changesets/10542.md b/.changesets/10542.md index 0d665cc2bc8b..229f41e551e3 100644 --- a/.changesets/10542.md +++ b/.changesets/10542.md @@ -1,4 +1,4 @@ -- Rename og component assets from *.png.jsx to just*.og.jsx (#10542) by @cannikin +- Rename og component assets from _.png.jsx to just_.og.jsx (#10542) by @cannikin We ran into a conflict where you could name your component file something like `AboutPage.png.jsx` (where the returned content-type would be image/png). But, when you invoke `useOgImage()` to actually create the URL for a `` tag, you could instead use a different extension, like `.jpg`. Which one should win? diff --git a/.changesets/10570.md b/.changesets/10570.md index 679568957b17..4226df248500 100644 --- a/.changesets/10570.md +++ b/.changesets/10570.md @@ -2,4 +2,4 @@ With an empty/null payload (which it is by default) the body should be empty, not the string `'null'` -This is a breaking change for anyone who was depending on the current "null" behavior in their api function tests. More specifically, if you're **NOT** passing `body` or `payload` to `mockHttpEvent({ ... })` or if you're trying to explicitly set `payload` to `null` you might have to update your tests. +This is a breaking change for anyone who was depending on the current "null" behavior in their api function tests. More specifically, if you're **NOT** passing `body` or `payload` to `mockHttpEvent({ ... })` or if you're trying to explicitly set `payload` to `null` you might have to update your tests. diff --git a/.changesets/10585.md b/.changesets/10585.md index 0bd8ded820ca..22640b7ba67e 100644 --- a/.changesets/10585.md +++ b/.changesets/10585.md @@ -4,12 +4,12 @@ First pass at implementing a per-request store that allows: - access to headers and cookies from requests in server components - access to serverAuthState from server components -- maps serverAuthState updated from middleware to the the per request store +- maps serverAuthState updated from middleware to the the per request store This PR also implements execution of middleware in the RSC handler. Note that this is done in a "good enough" way currently, because the RSC handler doesn't use Fetch requests (but everything else does) - + Important things to note: + - the store is initialised _again_ in the RSC worker, with the same values on each invocation of renderRsc - we have _not_ tested or tried in Dev because `rw dev` does not work in RSC yet -- we have _not_ tested behaviour on initial SSR - because this is not implemented yet in RSC - +- we have _not_ tested behaviour on initial SSR - because this is not implemented yet in RSC diff --git a/.changesets/10586.md b/.changesets/10586.md index 864ae5c1420e..c2317e8fd1f5 100644 --- a/.changesets/10586.md +++ b/.changesets/10586.md @@ -1,6 +1,6 @@ - feat(middleware): Add .shortCircuit to MiddlewareResponse (#10586) by @dac09 -Adds a helper to generate a intercept/short-circuit response, that will interrupt execution of _all_ middleware and react rendering, and immediately return the response. +Adds a helper to generate a intercept/short-circuit response, that will interrupt execution of _all_ middleware and react rendering, and immediately return the response. There's a few different ways you can use this, see examples below: @@ -24,7 +24,5 @@ const shortCircuitMw: Middleware = (req, res) => { headers: { shortCircuitDirect: 'yes' }, }) } - } ``` - diff --git a/.changesets/10656.md b/.changesets/10656.md index 8307e1eda502..89780e1a68cf 100644 --- a/.changesets/10656.md +++ b/.changesets/10656.md @@ -6,6 +6,7 @@ - Introduces new `clear()` function to remove auth state - just syntax sugar ## Example usage + ```tsx // In entry.server.tsx export const registerMiddleware = () => { @@ -15,9 +16,9 @@ export const registerMiddleware = () => { getCurrentUser, getRoles: (decoded) => { return decoded.currentUser.roles || [] - } + }, }) - + return [authMw] } ``` diff --git a/.changesets/10668.md b/.changesets/10668.md index 2c2b6830fb66..187acaad387f 100644 --- a/.changesets/10668.md +++ b/.changesets/10668.md @@ -1,10 +1,12 @@ - fix(dbAuthMw): Update and fix logic related to dbAuth "verbs" and decryptionErrors (#10668) by @dac09 This PR does the following: + - updates the dbauth mw to correctly handle the cookieName option (it should always have been optional) - throws an error when the `dbAuthSession` returns an empty decoded token so that it clears the authState -- we had a check for only "POST" requests to be passed to the dbAuthHandler. This was incorrect because some of the dbAuth "verbs" or actions - like `webAuthnRegOptions` - uses a GET request. +- we had a check for only "POST" requests to be passed to the dbAuthHandler. This was incorrect because some of the dbAuth "verbs" or actions - like `webAuthnRegOptions` - uses a GET request. As a result, the tests started showing failures, so I: + - added a mock for `dbAuthSession`, so we can check both happy path and unhappy paths for session decryption - updated the tests where relevant diff --git a/.changesets/10677.md b/.changesets/10677.md index 4113d125217d..a62f180d5450 100644 --- a/.changesets/10677.md +++ b/.changesets/10677.md @@ -1,6 +1,7 @@ - Adds `searchParams` option to `useOgImage()` hook for adding arbitrary query string vars to generated URL (#10677) by @cannikin This can be used like so: + ``` const { url } = useOgImage({ searchParams: { foo: 'bar' }) console.log(url) // => http://localhost:8910/photo.png?foo=bar diff --git a/.changesets/10680.md b/.changesets/10680.md index e1a54c0ea56f..34aad4ebc011 100644 --- a/.changesets/10680.md +++ b/.changesets/10680.md @@ -3,10 +3,10 @@ This PR adds the `page_identifier_str` of `pageIdentifier` to the Route Manifest. Known what page belongs to the route can be useful to : - -* ensure if rendering a page/component that it belongs to the route and its auth permissions -* for visualizing routes -* general completeness in the manifest with the Routes jsx in manifest form + +- ensure if rendering a page/component that it belongs to the route and its auth permissions +- for visualizing routes +- general completeness in the manifest with the Routes jsx in manifest form ## Example diff --git a/.changesets/10697.md b/.changesets/10697.md index 475e74ed509f..559b35e5c3c3 100644 --- a/.changesets/10697.md +++ b/.changesets/10697.md @@ -2,8 +2,8 @@ 1. Adds fullUrl property to serverStore 2. Adds two utility functions: -a) `getFullUrl` - to construct the absolute url from an express request -b) `getFullUrlFromFlightRequest` - this is used when we get a request to render RSCs in the rscRequestHandler. This one is different because the location we want is for the actual page, not of the request (which goes to to the RSC endpoint). + a) `getFullUrl` - to construct the absolute url from an express request + b) `getFullUrlFromFlightRequest` - this is used when we get a request to render RSCs in the rscRequestHandler. This one is different because the location we want is for the actual page, not of the request (which goes to to the RSC endpoint). 3. Adds `getLocation` function to retrieve the Location (URL object) from server store Short video demonstrating location coming through in two cases: @@ -13,6 +13,7 @@ b) Hard render https://s.tape.sh/4g7LFsYP **Usage example:** + ```tsx import { getLocation } from '@redwoodjs/vite/serverStore' @@ -21,4 +22,4 @@ const NavigationLayout = ({ children, rnd }: NavigationLayoutProps) => { console.log(`👉 \n ~ location:`, location) ``` -Longer term, we may want to change how the endpoint for flight requests so that the location doesn't have to be constructed specially. +Longer term, we may want to change how the endpoint for flight requests so that the location doesn't have to be constructed specially. diff --git a/.changesets/10702.md b/.changesets/10702.md index 908ec2de515c..e543463368b8 100644 --- a/.changesets/10702.md +++ b/.changesets/10702.md @@ -12,4 +12,4 @@ In production Docker, the server file was never run and therefore the plugin to Here api server, simply ran the GraphQL function as expected, but the plugin was never invoked so Realtime was never configured or added to the schema. -This happened because by default, production Docker launch the plain vanilla api server -- it didn't launch server file that uses `createServer` to setup a separate GraphQL server and also add in the realtime plugin. +This happened because by default, production Docker launch the plain vanilla api server -- it didn't launch server file that uses `createServer` to setup a separate GraphQL server and also add in the realtime plugin. diff --git a/.changesets/10768.md b/.changesets/10768.md index 30fe7ebd1b03..294985a45d0b 100644 --- a/.changesets/10768.md +++ b/.changesets/10768.md @@ -1,4 +1,5 @@ - Add Storybook Vite smoke tests (#10768) by @arimendelow Adds: + - Unit tests for storybook-vite CLI (based on those from the dataMigrate CLI) diff --git a/.changesets/10817.md b/.changesets/10817.md index 17d6b873a3c3..8617c77192c7 100644 --- a/.changesets/10817.md +++ b/.changesets/10817.md @@ -10,8 +10,8 @@ The plgin for persisted operations lets one define what can bypass trusted docs So, we can use that in the useTrustedDocuments plugin to just allow that specific request. -const REDWOOD__AUTH_GET_CURRENT_USER_QUERY = - '{"query":"query __REDWOOD__AUTH_GET_CURRENT_USER { redwood { currentUser } }"}' +const REDWOOD**AUTH_GET_CURRENT_USER_QUERY = +'{"query":"query **REDWOOD\_\_AUTH_GET_CURRENT_USER { redwood { currentUser } }"}' When using Redwood Auth, we want to allow the known, trusted redwood.currentUser query to be executed without a persisted operation. This is because the currentUser query is a special case that is used to get the current user from the auth provider. diff --git a/.changesets/10825.md b/.changesets/10825.md index 1b40b11bf61a..c5f527bf4c13 100644 --- a/.changesets/10825.md +++ b/.changesets/10825.md @@ -4,8 +4,7 @@ Fixes https://github.com/redwoodjs/redwood/issues/10807 If one used GraphQL fragments, when mocking the GraphQL query for use in Storybook, the `typename` for the data object must be included otherwise Apollo client cannot properly map the data. -This PR - -* adds the typename to the cell generator templates -* updates the testing and graphql mock and fragments documentation to show how properly defines mock data +This PR +- adds the typename to the cell generator templates +- updates the testing and graphql mock and fragments documentation to show how properly defines mock data diff --git a/.changesets/10830.md b/.changesets/10830.md index d667110d4ddf..906feae23a7b 100644 --- a/.changesets/10830.md +++ b/.changesets/10830.md @@ -1,3 +1,3 @@ - fix(cli): Add check for excessively long route (#10830) by @Josh-Walker-GM -This change adds an additional internal check to protect against route definitions which are preposterously long. +This change adds an additional internal check to protect against route definitions which are preposterously long. diff --git a/.changesets/10833.md b/.changesets/10833.md index 68a7d6449afe..08c80b8b931a 100644 --- a/.changesets/10833.md +++ b/.changesets/10833.md @@ -2,4 +2,4 @@ This change updates our firebase auth provider to use the v12 major version of the `firebase-admin` package. This will require you to update your own version of `firebase-admin` that is listed in your api side package json file. -We have noticed no breaking api changes in our limited testing. Please consult the `firebase-admin` upgrade guide if you experience problems after upgrading - especially if you have more extensive or complex use of the firebase suite of products. +We have noticed no breaking api changes in our limited testing. Please consult the `firebase-admin` upgrade guide if you experience problems after upgrading - especially if you have more extensive or complex use of the firebase suite of products. diff --git a/.changesets/10865.md b/.changesets/10865.md index 7f2848b9fd06..0dc3fba1dcaa 100644 --- a/.changesets/10865.md +++ b/.changesets/10865.md @@ -1,3 +1,3 @@ - feat(dbAuth): Prompt to generate dbAuth pages (#10865) by @Tobbe -When setting up dbAuth we'll now prompt if the user also wants to generate pages for login, signup, password reset etc. We only prompt if no existing pages exist. \ No newline at end of file +When setting up dbAuth we'll now prompt if the user also wants to generate pages for login, signup, password reset etc. We only prompt if no existing pages exist. diff --git a/.changesets/10867.md b/.changesets/10867.md index 09f6f86a07ad..6dcd0b7065fb 100644 --- a/.changesets/10867.md +++ b/.changesets/10867.md @@ -1,6 +1,7 @@ - breaking: remove webpack (#10867) by @Josh-Walker-GM This PR removes support for webpack. There are a number of breaking changes associated with removing a core component of previous versions. A list of such changes is: + 1. `prebuildWebFile` is function no longer exported from `@redwoodjs/babel-config` package 2. `@redwoodjs/cli-storybook` has been removed 3. `yarn rw build` no longer accepts the `--stats` flag diff --git a/.changesets/10869.md b/.changesets/10869.md index e87bb1dbb3f5..beac04684f9b 100644 --- a/.changesets/10869.md +++ b/.changesets/10869.md @@ -1,25 +1,25 @@ feat(prisma): Support multi file Prisma schemas (#10869) by @dthyresson -Prisma's `prismaSchemaFolder` [feature](https://www.prisma.io/docs/orm/prisma-schema/overview/location#multi-file-prisma-schema) allows you to define multiple files in a schema subdirectory of your prisma directory. +Prisma's `prismaSchemaFolder` [feature](https://www.prisma.io/docs/orm/prisma-schema/overview/location#multi-file-prisma-schema) allows you to define multiple files in a schema subdirectory of your prisma directory. This PR updates: -* Prisma utilities -* generators -* dbAuth setup -* documentation +- Prisma utilities +- generators +- dbAuth setup +- documentation to support single and multi file Prisma schemas. If you have enabled Prisma multi file schemas, you configure your project toml api `schemaPath` setting the directory where your schema.prisma can be found, for example: './api/db/schema' -When [organizing your Prisma Schema into multiple files](https://www.prisma.io/blog/organize-your-prisma-schema-with-multi-file-support), you will need [enable](https://www.prisma.io/docs/orm/prisma-schema/overview/location#multi-file-prisma-schema) that feature in Prisma, move your `schema.prisma` file into a new directory such as `./api/db/schema` and then set `schemaPath` in the api toml config. +When [organizing your Prisma Schema into multiple files](https://www.prisma.io/blog/organize-your-prisma-schema-with-multi-file-support), you will need [enable](https://www.prisma.io/docs/orm/prisma-schema/overview/location#multi-file-prisma-schema) that feature in Prisma, move your `schema.prisma` file into a new directory such as `./api/db/schema` and then set `schemaPath` in the api toml config. ::: For example: ```toml title="redwood.toml" [api] - port = 8911 + port = 8911 schemaPath = "./api/db/schema" ``` diff --git a/.changesets/10888.md b/.changesets/10888.md index 3369c04737f0..4a38e50a9410 100644 --- a/.changesets/10888.md +++ b/.changesets/10888.md @@ -1,3 +1,3 @@ - fix(prerender): Fold output to prevent crashing on large prerender counts (#10888) by @Josh-Walker-GM -This change alters the CLI output during prerendering to prevent crashes when prerendering a large number (>100,000) of routes. +This change alters the CLI output during prerendering to prevent crashes when prerendering a large number (>100,000) of routes. diff --git a/.changesets/10893.md b/.changesets/10893.md index ca4f270a6e2b..c83381b21236 100644 --- a/.changesets/10893.md +++ b/.changesets/10893.md @@ -2,7 +2,7 @@ fix(realtime/trusted-docs): Supports GraphQL subscriptions and trusted documents Fixes: https://github.com/redwoodjs/redwood/issues/10892 -This PR updates the SSELink to check if there is a trusted document hash in the request. If there is, then don't also include the query. +This PR updates the SSELink to check if there is a trusted document hash in the request. If there is, then don't also include the query. The persisted operations plugin checks if the params has a query. If it does then raises an error that only persisted operations are allowed. diff --git a/.changesets/10900.md b/.changesets/10900.md index 75831396d6ca..d2c810b34926 100644 --- a/.changesets/10900.md +++ b/.changesets/10900.md @@ -1,3 +1,3 @@ - feat(Storybook Vite): Add JS project support (#10900) by @arimendelow -This adds support to the SBV CLI for JS projects. \ No newline at end of file +This adds support to the SBV CLI for JS projects. diff --git a/.changesets/10911.md b/.changesets/10911.md index b1e68bee2c1c..b82c358dd9be 100644 --- a/.changesets/10911.md +++ b/.changesets/10911.md @@ -5,32 +5,32 @@ This change updates Redwood linting config and introduces some changes to the li Specifically: 1. `jsx-a11y/no-noninteractive-element-to-interactive-role` has it's default config updated. -3. `@typescript-eslint/explicit-function-return-type` used to be turned off, now it's no longer applied. -4. `@typescript-eslint/no-empty-interface` - used to be turned off, now it's no longer applied. -5. `@typescript-eslint/explicit-module-boundary-types` - used be turned off, now it's no longer applied. -6. `@typescript-eslint/ban-types` - used to be 'warn', now it's no longer applied. This has been replaces with a set of smaller more specific rules. -7. `no-empty-function` - used be turned off, now it's no longer applied. The ts-eslint flavour is still there and turned off still. -8. `camelcase` - used to be turned off, now it's 'warn'. -9. `@typescript-eslint/camelcase` - used to be turned off, now it's no longer applied. -10. `no-use-before-define` - used to be turned off, now it's no longer applied. -11. `@typescript-eslint/no-use-before-define` - used to be turned off, now it's no longer applied. -12. `@typescript-eslint/prefer-namespace-keyword` - used to be turned off, now it's 'error' -13. `unicode-bom` - used to be turned off, now it's no longer applied. -14. `@typescript-eslint/adjacent-overload-signatures` - used to be 'error', now it's no longer applied. -15. `@typescript-eslint/no-explicit-any` - used be 'warn', now 'error' -16. `@typescript-eslint/no-inferrable-types` - used to be 'error', now it's no longer applied. -17. `no-loss-of-precision` - used be 'off', now 'error' -18. `@typescript-eslint/no-loss-of-precision` - used be 'error', now it's no longer applied. -19. `@typescript-eslint/no-non-null-assertion` - used be 'warn', now it's no longer applied. -20. `valid-typeof` - used be either 'error' or 'off', now always 'error' -21. `no-unused-expressions` - used be always 'error', now either 'error' or 'off' -22. `@typescript-eslint/prefer-function-type` - newly added as 'off' -23. `@typescript-eslint/no-require-imports` - newly added as 'off' -24. `@typescript-eslint/no-empty-object-type` - newly added as 'off' -25. `unicorn/template-indent` - newly added as 'off' -26. `@typescript-eslint/no-duplicate-enum-values` - newly added as 'error' -27. `@typescript-eslint/no-unsafe-declaration-merging` - newly added as 'error' -28. `@typescript-eslint/no-unsafe-function-type` - newly added as 'error' -29. `@typescript-eslint/no-unused-expressions` - newly added as 'error' -30. `@typescript-eslint/no-wrapper-object-types` - newly added as 'error' -31. `no-new-native-nonconstructor` - newly added as 'off' +2. `@typescript-eslint/explicit-function-return-type` used to be turned off, now it's no longer applied. +3. `@typescript-eslint/no-empty-interface` - used to be turned off, now it's no longer applied. +4. `@typescript-eslint/explicit-module-boundary-types` - used be turned off, now it's no longer applied. +5. `@typescript-eslint/ban-types` - used to be 'warn', now it's no longer applied. This has been replaces with a set of smaller more specific rules. +6. `no-empty-function` - used be turned off, now it's no longer applied. The ts-eslint flavour is still there and turned off still. +7. `camelcase` - used to be turned off, now it's 'warn'. +8. `@typescript-eslint/camelcase` - used to be turned off, now it's no longer applied. +9. `no-use-before-define` - used to be turned off, now it's no longer applied. +10. `@typescript-eslint/no-use-before-define` - used to be turned off, now it's no longer applied. +11. `@typescript-eslint/prefer-namespace-keyword` - used to be turned off, now it's 'error' +12. `unicode-bom` - used to be turned off, now it's no longer applied. +13. `@typescript-eslint/adjacent-overload-signatures` - used to be 'error', now it's no longer applied. +14. `@typescript-eslint/no-explicit-any` - used be 'warn', now 'error' +15. `@typescript-eslint/no-inferrable-types` - used to be 'error', now it's no longer applied. +16. `no-loss-of-precision` - used be 'off', now 'error' +17. `@typescript-eslint/no-loss-of-precision` - used be 'error', now it's no longer applied. +18. `@typescript-eslint/no-non-null-assertion` - used be 'warn', now it's no longer applied. +19. `valid-typeof` - used be either 'error' or 'off', now always 'error' +20. `no-unused-expressions` - used be always 'error', now either 'error' or 'off' +21. `@typescript-eslint/prefer-function-type` - newly added as 'off' +22. `@typescript-eslint/no-require-imports` - newly added as 'off' +23. `@typescript-eslint/no-empty-object-type` - newly added as 'off' +24. `unicorn/template-indent` - newly added as 'off' +25. `@typescript-eslint/no-duplicate-enum-values` - newly added as 'error' +26. `@typescript-eslint/no-unsafe-declaration-merging` - newly added as 'error' +27. `@typescript-eslint/no-unsafe-function-type` - newly added as 'error' +28. `@typescript-eslint/no-unused-expressions` - newly added as 'error' +29. `@typescript-eslint/no-wrapper-object-types` - newly added as 'error' +30. `no-new-native-nonconstructor` - newly added as 'off' diff --git a/.changesets/10961.md b/.changesets/10961.md index 8cd365b8663c..ee75c7843a56 100644 --- a/.changesets/10961.md +++ b/.changesets/10961.md @@ -1,3 +1,3 @@ - fix(storybook): Fix import issues with storybook vite (#10961) by @Josh-Walker-GM -Fixes an issue with the `yarn rw storybook-vite` command where it would not start due to an import issue. +Fixes an issue with the `yarn rw storybook-vite` command where it would not start due to an import issue. diff --git a/.changesets/11062.md b/.changesets/11062.md index f8f9c2f818e3..a2e51acf7bf6 100644 --- a/.changesets/11062.md +++ b/.changesets/11062.md @@ -1,3 +1,3 @@ -- fix(router): Add check for excessively long path (#11062) by @Josh-Walker-GM +- fix(router): Add check for excessively long path (#11062) by @Josh-Walker-GM This change adds an additional internal check to protect against route paths which are excessively long. diff --git a/.changesets/11072.md b/.changesets/11072.md index e4b3635cf9e6..5c3a91845806 100644 --- a/.changesets/11072.md +++ b/.changesets/11072.md @@ -1,3 +1,3 @@ - feat(cli): Move docker setup out of experimental (#11072) by @Josh-Walker-GM -This change introduces `yarn rw setup docker`. This is a result of moving our docker setup command out of it's experimental phase. +This change introduces `yarn rw setup docker`. This is a result of moving our docker setup command out of it's experimental phase. diff --git a/.changesets/11108.md b/.changesets/11108.md index f98f93c7a310..8fe7cd0208af 100644 --- a/.changesets/11108.md +++ b/.changesets/11108.md @@ -1,16 +1,15 @@ -- feat(testing): Configure jest to ignore sidecar files in __tests__ folder (#11108) by @V1shvesh +- feat(testing): Configure jest to ignore sidecar files in **tests** folder (#11108) by @V1shvesh Solves for #10870 ### Description: + `./api` directory structure: image `./web` directory structure: image - - -Before: +Before: `yarn rw test api`: image @@ -18,12 +17,9 @@ Before: `yarn rw test web`: image - - After: `yarn rw test api`: image `yarn rw test web`: image - diff --git a/.changesets/11109.md b/.changesets/11109.md index 0a79d4a4c51b..860cf6226eb8 100644 --- a/.changesets/11109.md +++ b/.changesets/11109.md @@ -5,9 +5,10 @@ The more detail the better. E.g., is it a new feature? How do they use it? Code - fix: concurrent api builds (#11109) by @callingmedic911 A few users [reported](https://community.redwoodjs.com/t/redwood-v7-0-0-upgrade-guide/5713/90?u=callingmedic911) that the API server crashes with the error `EADDRINUSE` when switching between branches. This issue happens on the API side when: + 1. New files are added or existing files are removed. 2. Immediately after, an existing file is changed. This scenario is common when doing git operations like switching branches or using git stash, where these changes occur simultaneously. When this happens, step 1 triggers a full build (without esbuild's rebuild), and step 2, without canceling the build from step 1, triggers a separate `rebuild`. This results in concurrent builds and two instances of the API server trying to start. -This PR provides a quick fix for the issue. A follow-up PR will be created to refactor the process, aiming to avoid separate build processes altogether, ensure a cleaner separation between the build and the server, and improve overall readability. \ No newline at end of file +This PR provides a quick fix for the issue. A follow-up PR will be created to refactor the process, aiming to avoid separate build processes altogether, ensure a cleaner separation between the build and the server, and improve overall readability. diff --git a/.changesets/11135.md b/.changesets/11135.md index 932c7fa1fd0e..afb073672f46 100644 --- a/.changesets/11135.md +++ b/.changesets/11135.md @@ -1,6 +1,6 @@ - fix(cli-cache): Remove RW CLI cache on upgrade (#11135) by @dac09 -This change removes the redwood cli plugin cache in `.redwood/commandCache.json` on running `rw upgrade`. +This change removes the redwood cli plugin cache in `.redwood/commandCache.json` on running `rw upgrade`. This prevents the redwood CLI from using outdated versions of CLI plugins, and is particularly important when they same alias. diff --git a/.changesets/11170.md b/.changesets/11170.md index 4f4390a76c6e..3fd0e84e161e 100644 --- a/.changesets/11170.md +++ b/.changesets/11170.md @@ -1,9 +1,10 @@ - fix: Update default tsconfig options (target, module and moduleResolution) (#11170) by @Josh-Walker-GM This changes the default values of: - - target - - module - - moduleResolution + +- target +- module +- moduleResolution in the tsconfig files for both the API and web side. The benefit of this change is increased correctness for build time checking of the imports from packages which specify `exports` in their `package.json` files. diff --git a/.changesets/11189.md b/.changesets/11189.md index 8f823c814668..f5ee9ad36933 100644 --- a/.changesets/11189.md +++ b/.changesets/11189.md @@ -1,6 +1,7 @@ - fix(babel-plugins): Handle additional syntax when extracting graphql options (#11189) by @Josh-Walker-GM This fixes an issue with the automatic extraction of options from the `createGraphQLHandler` function when you were wrapping that function within a custom handler function. For example the following would have failed before this fix: + ```ts const graphQLHandler = createGraphQLHandler({ // ...options diff --git a/.changesets/young-spiders-ring.md b/.changesets/young-spiders-ring.md index 83912e0a90bb..4b9212d8ccee 100644 --- a/.changesets/young-spiders-ring.md +++ b/.changesets/young-spiders-ring.md @@ -2,4 +2,4 @@ fix: Fixes Unknown Fragment issues due to GraphQL Tag type mismatch in web (#10357) by @dthyresson - Users reported in #10322 an incompatibility with fragments and when using gql from global web. The TS errors were caused by the global web gql type not being compatible with the standard graphql-tag type. +Users reported in #10322 an incompatibility with fragments and when using gql from global web. The TS errors were caused by the global web gql type not being compatible with the standard graphql-tag type. diff --git a/.prettierignore b/.prettierignore index 27e9f9c57db3..c154d8af0520 100644 --- a/.prettierignore +++ b/.prettierignore @@ -24,5 +24,4 @@ packages/create-redwood-rsc-app # TODO(jgmw): Re-enable these in managable chunks tasks .github -.changesets packages/create-redwood-app/tests/e2e_prompts*