DEV Community: Dale Nguyen The latest articles on DEV Community by Dale Nguyen (@dalenguyen). https://dev.to/dalenguyen https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F182614%2Fc2a1f0d0-ca0f-4892-9dd5-9b701476ccf3.jpeg DEV Community: Dale Nguyen https://dev.to/dalenguyen en Free Model Providers to Use with Hermes Agent Dale Nguyen Fri, 29 May 2026 04:12:02 +0000 https://dev.to/dalenguyen/free-model-providers-to-use-with-hermes-agent-13l9 https://dev.to/dalenguyen/free-model-providers-to-use-with-hermes-agent-13l9 <p><a href="https://github.com/nousresearch/hermes-agent" rel="noopener noreferrer">Hermes Agent</a> by NousResearch is an open-source AI agent that does something most frameworks do not: it learns from experience. It creates skills during use, refines its memory across sessions, and supports parallel subagents and a built-in cron scheduler. You can run it on a $5 VPS, a GPU cluster, or serverless infrastructure.</p> <p>The part that makes it immediately approachable is its provider flexibility. Hermes supports 200+ models across a growing list of providers, and you switch between them with a single command — no code changes. That means you can get started entirely on free tiers before committing to a paid API.</p> <p>This post covers which free providers work with Hermes Agent and how to get up and running with each.</p> <h2> Installing Hermes Agent </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>curl <span class="nt">-fsSL</span> https://raw.githubusercontent.com/NousResearch/hermes-agent/main/scripts/install.sh | bash <span class="nb">source</span> ~/.bashrc hermes </code></pre> </div> <p>That drops you into the interactive CLI. Run <code>hermes setup</code> to walk through the full configuration wizard, or <code>hermes setup --portal</code> to connect via Nous Portal (their own hosted service with OAuth, which consolidates all your API keys into one subscription).</p> <h2> Switching providers </h2> <p>Once installed, switching providers is a single command:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>hermes model </code></pre> </div> <p>Or inline during a conversation: <code>/model [provider:model]</code></p> <p>No config file edits, no restarts. This is what makes free-tier exploration practical — you can try a model, hit a rate limit, and switch to another in seconds.</p> <h2> Free providers supported by Hermes Agent </h2> <h3> Nous Portal </h3> <p><a href="https://nousresearch.com" rel="noopener noreferrer">Nous Portal</a> is Hermes's native provider. It consolidates model access, web search, image generation, and TTS under one subscription. If you want the tightest integration with Hermes and the Nous ecosystem, this is the starting point. Check their current free tier on signup.</p> <h3> OpenRouter </h3> <p><a href="https://openrouter.ai" rel="noopener noreferrer">OpenRouter</a> is the most flexible free option. It gives you access to 200+ models — including Llama 4, DeepSeek, Gemma, and Mistral — through a single API key. The free tier covers 27+ models (marked with a <code>:free</code> suffix) at 200 requests per day and 20 requests per minute.</p> <p>Because Hermes supports OpenRouter natively, you can point it at any of those free models immediately. This is the best option if you want to compare how Hermes behaves across different underlying models without managing multiple accounts.</p> <h3> NVIDIA NIM </h3> <p><a href="https://build.nvidia.com" rel="noopener noreferrer">NVIDIA NIM</a> gives you free API credits on signup with no credit card required. The catalog includes 80+ models — Llama 4, Qwen, Mistral, and NousResearch's own Hermes 3 model — at roughly 40 requests per minute. Credits do not expire.</p> <p>NIM is the best free option if you specifically want to run a NousResearch model underneath Hermes Agent, since it hosts the Hermes 3 fine-tune directly.</p> <h3> Hugging Face </h3> <p><a href="https://huggingface.co/docs/inference-providers" rel="noopener noreferrer">Hugging Face Inference Providers</a> gives every account monthly free credits routed across a network of inference providers (Groq, Together, SambaNova, and others). Hermes Agent supports HuggingFace natively.</p> <p>The free tier is best for trying niche or smaller models. Cold starts can be slow on the free tier, so it is less suitable for long interactive sessions but fine for batch tasks or evaluation.</p> <h3> NovitaAI </h3> <p><a href="https://novita.ai" rel="noopener noreferrer">NovitaAI</a> is a cost-efficient inference provider with a generous free tier for new accounts. Hermes supports it natively. It is worth trying if OpenRouter and NVIDIA NIM rate limits become a bottleneck during heavy agent development.</p> <h3> Kimi / Moonshot </h3> <p><a href="https://kimi.moonshot.cn" rel="noopener noreferrer">Kimi</a> (by Moonshot AI) offers a free tier with long-context models. Hermes Agent lists it as a supported provider. Particularly useful if your agent tasks involve processing large documents or long conversation histories that would exhaust the context windows of other free-tier models.</p> <h2> Provider comparison at a glance </h2> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Provider</th> <th>Free Tier</th> <th>Best for with Hermes</th> </tr> </thead> <tbody> <tr> <td><a href="https://nousresearch.com" rel="noopener noreferrer"><strong>Nous Portal</strong></a></td> <td>Check on signup</td> <td>Tightest Hermes integration</td> </tr> <tr> <td><a href="https://openrouter.ai" rel="noopener noreferrer"><strong>OpenRouter</strong></a></td> <td>200 req/day, 27+ free models</td> <td>Model variety, easy switching</td> </tr> <tr> <td><a href="https://build.nvidia.com" rel="noopener noreferrer"><strong>NVIDIA NIM</strong></a></td> <td>Credits on signup, no expiry</td> <td>Running NousResearch models</td> </tr> <tr> <td><a href="https://huggingface.co/docs/inference-providers" rel="noopener noreferrer"><strong>Hugging Face</strong></a></td> <td>Monthly credits</td> <td>Niche models, batch tasks</td> </tr> <tr> <td><a href="https://novita.ai" rel="noopener noreferrer"><strong>NovitaAI</strong></a></td> <td>Free credits on signup</td> <td>Alternative when hitting rate limits</td> </tr> <tr> <td><a href="https://kimi.moonshot.cn" rel="noopener noreferrer"><strong>Kimi / Moonshot</strong></a></td> <td>Free tier</td> <td>Long-context tasks</td> </tr> </tbody> </table></div> <h2> Tips for running Hermes on free tiers </h2> <p><strong>Rate limits compound in agentic loops.</strong> Hermes's learning loop and subagent features can make many model calls per task. At 20 req/min (OpenRouter free), a multi-step task hits the ceiling quickly. Use <code>hermes model</code> to switch to a provider with a higher limit mid-session, or configure a fallback provider.</p> <p><strong>Use NVIDIA NIM for NousResearch models specifically.</strong> If you want the model that Hermes was designed around — the Hermes 3 fine-tune — NIM hosts it directly at <code>nousresearch/hermes-3-llama-3.1-70b</code>. The free credits cover meaningful development without hitting a daily request cap.</p> <p><strong>OpenRouter first for exploration.</strong> Its unified free tier across 27+ models is the fastest way to understand how Hermes Agent behaves with different underlying models. No separate accounts, one key, switch with <code>/model</code>.</p> <p><strong>Run <code>hermes doctor</code> when something breaks.</strong> The built-in diagnostics command checks your provider configuration and surfaces misconfigurations before you spend time debugging the wrong thing.</p> <h2> Summary </h2> <p>Hermes Agent is one of the few open-source agents with a genuine learning loop built in, and its multi-provider support means you are not locked into any single API. To get started for free: install Hermes, run <code>hermes setup</code>, and connect <a href="https://openrouter.ai" rel="noopener noreferrer">OpenRouter</a> or <a href="https://build.nvidia.com" rel="noopener noreferrer">NVIDIA NIM</a> — both work out of the box with no credit card. Switch models with <code>hermes model</code> as you explore what works best for your use case.</p> ai agents opensource llm Building a Personal Assistant in Zo Computer and Adding Hermes as a Second Assistant Dale Nguyen Sun, 24 May 2026 14:03:23 +0000 https://dev.to/dalenguyen/building-a-personal-assistant-in-zo-computer-and-adding-hermes-as-a-second-assistant-3mcn https://dev.to/dalenguyen/building-a-personal-assistant-in-zo-computer-and-adding-hermes-as-a-second-assistant-3mcn <p>Zo Computer works well as a personal operating system for life admin, creative work, learning, and day-to-day coordination. If you set it up intentionally, it can feel less like a chat app and more like a real assistant that lives with your files, routines, and preferences.</p> <p>The good news is that getting started costs nothing. Zo has a free tier that is a perfect place to test a personal assistant setup before committing to anything. On the Hermes side, <a href="https://build.nvidia.com/settings/api-keys" rel="noopener noreferrer">NVIDIA offers free API credits</a> through their developer platform, so you can run Hermes against a capable model without paying for API usage upfront. That means you can build out the full two-assistant setup described in this post for free.</p> <p>A strong pattern is to use Zo as your main personal assistant and Hermes as a second assistant that handles a different lane of work. Zo stays close to your files, your rules, your automations, and your personal workflows. Hermes becomes the extra pair of hands: a separate agent for focused tasks, parallel research, and longer-running jobs.</p> <h2> Why a personal assistant in Zo is useful </h2> <p>Zo is especially good for personal use because it can sit near the center of your life instead of scattered across separate apps. That means you can keep the things an assistant needs in one place:</p> <ul> <li>notes and documents</li> <li>recurring routines</li> <li>calendar-aware tasks</li> <li>saved preferences and rules</li> <li>files you want the assistant to work from</li> <li>automations that run without you micromanaging them</li> </ul> <p>The real advantage is continuity. A personal assistant becomes much more useful when it can remember your style, keep track of ongoing projects, and work from the same environment every day.</p> <h2> What "personal assistant" should mean in Zo </h2> <p>A good assistant in Zo should do more than answer questions. It should help you actually move things forward.</p> <p>That usually means:</p> <ul> <li>drafting messages, notes, and documents</li> <li>organizing ideas into something usable</li> <li>turning vague thoughts into a plan</li> <li>reminding you about routines and deadlines</li> <li>summarizing information from files or the web</li> <li>handling repeatable life admin tasks</li> <li>keeping track of preferences so you do not repeat yourself</li> </ul> <p>If you treat Zo like a small command center, it stops being a generic chatbot and starts becoming a trusted helper.</p> <h2> The cleanest setup: one main assistant, one second assistant </h2> <p>The best setup is usually not "one AI that does everything." It is:</p> <ul> <li>Zo as your primary assistant</li> <li>Hermes as your second assistant</li> </ul> <p>That split is useful because the assistants can have different jobs.</p> <h3> Zo as the primary assistant </h3> <p>Use Zo for:</p> <ul> <li>personal life management</li> <li>writing and editing</li> <li>working directly from your files</li> <li>scheduling and recurring routines</li> <li>decisions that need your preferences</li> <li>things you want tightly integrated with your Zo workspace</li> </ul> <h3> Hermes as the second assistant </h3> <p>Use Hermes for:</p> <ul> <li>parallel research</li> <li>long-running work</li> <li>independent task handling</li> <li>a separate memory stream</li> <li>a different working style</li> <li>conversations or jobs you want isolated from your main assistant</li> </ul> <p>This is the important idea: the second assistant should not be a clone of the first. It should be a specialist.</p> <h2> How Hermes fits in </h2> <p>Hermes is designed as an autonomous agent with a built-in learning loop. According to its documentation, it can keep improving through use, remember across sessions, and work through messaging platforms like Telegram. It is meant to live somewhere persistent, such as a local machine, a VPS, or another hosted environment.</p> <p>That makes Hermes a good second assistant when you want another agent running in parallel with Zo instead of replacing Zo.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F5uu9p5b2pofwdxlzpffl.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F5uu9p5b2pofwdxlzpffl.png" alt="Zo Computer running as a Telegram bot — asking it to find a flight with one transit stop." width="800" height="1731"></a></p> <h2> Basic Hermes installation path </h2> <p>The easiest way to get started is to simply ask Zo to do it for you. Open a Zo chat and type something like:</p> <blockquote> <p>"Install Hermes on my machine"</p> </blockquote> <p>Zo will handle the setup steps, walk you through any configuration it needs, and get Hermes running without you having to touch the terminal. This is the fastest path if you are already inside Zo.</p> <p>If you prefer to install manually, the official Hermes docs show a straightforward install flow for Linux, macOS, and WSL2:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>curl <span class="nt">-fsSL</span> https://raw.githubusercontent.com/NousResearch/hermes-agent/main/scripts/install.sh | bash </code></pre> </div> <p>For native Windows, the docs also provide a PowerShell installer. After installation, Hermes can be configured to run in the environment you want and connected to messaging tools like Telegram.</p> <p>The practical setup pattern is:</p> <ol> <li>install Hermes</li> <li>choose where it will run</li> <li>connect its messaging or command interface</li> <li>give it a clear role</li> <li>keep Zo as the main personal assistant</li> </ol> <h2> How to divide work between Zo and Hermes </h2> <p>If you want the setup to feel sane, give each assistant a clear job.</p> <h3> Zo handles the personal layer </h3> <p>Zo should own:</p> <ul> <li>your personal notes</li> <li>your tasks and routines</li> <li>files you keep locally</li> <li>preferences and recurring habits</li> <li>writing that needs your voice</li> <li>decisions that depend on your context</li> </ul> <h3> Hermes handles the parallel layer </h3> <p>Hermes should own:</p> <ul> <li>research you want to run in the background</li> <li>tasks that can be broken into substeps</li> <li>experiments</li> <li>alternate drafts or viewpoints</li> <li>work that benefits from isolation</li> </ul> <p>This division prevents the assistants from stepping on each other.</p> <h2> A simple working model </h2> <p>Here is a practical way to think about it:</p> <ul> <li>Zo is the assistant that knows you.</li> <li>Hermes is the assistant that helps you scale.</li> </ul> <p>Zo keeps your life organized. Hermes helps you get more done.</p> <p>That combination is especially useful when you are juggling creative work, learning, and admin at the same time. One assistant can stay close to your personal system while the other handles the overflow.</p> <h2> Tips for making the setup actually useful </h2> <h3> 1. Give each assistant a role </h3> <p>Do not let both assistants do the same job. That creates noise. Be explicit:</p> <ul> <li>Zo = personal coordinator</li> <li>Hermes = second operator</li> </ul> <h3> 2. Keep preferences in one place </h3> <p>The more you repeat yourself, the less useful the system feels. Store your standards, defaults, and routines where the assistant can reuse them.</p> <h3> 3. Use the assistant for real workflows </h3> <p>Do not use it only for chat. Make it draft, organize, summarize, and schedule. Real utility comes from repeatable workflows.</p> <h3> 4. Keep the assistant close to your files </h3> <p>Your files are the memory of the system. The assistant gets more useful when it can work from documents, notes, and living records instead of starting from scratch each time.</p> <h3> 5. Treat the second assistant like an aide, not a boss </h3> <p>Hermes should support your system, not replace your judgment. The best assistant setup is still human-led.</p> <h2> Example use case </h2> <p>A good two-assistant workflow might look like this:</p> <ul> <li>Zo manages your personal planning, drafts, and routines.</li> <li>Hermes runs a background research task, collects notes, and returns a concise summary.</li> <li>You review both outputs and decide what to do next.</li> </ul> <p>That is the sweet spot: one assistant keeps your life coherent, and the other adds throughput.</p> <h2> Bottom line </h2> <p>If you want a personal assistant inside Zo Computer, start by making Zo the center of your daily system: files, rules, routines, drafts, and reminders. Then add Hermes as a second assistant for parallel work, deeper automation, and independent tasks.</p> <p>The result is not just "two AIs." It is a better division of labor:</p> <ul> <li>Zo for your personal operating system</li> <li>Hermes for your extra capacity</li> </ul> <p>That is the setup that actually feels like having help.</p> <p><em>If you want to try Zo Computer, you can sign up using my <a href="https://zo-computer.cello.so/WSr8vEbM6k1" rel="noopener noreferrer">invite link</a> (affiliate link).</em></p> agents ai productivity automation Securing Your MCP Server with Firebase Auth: A Production Walkthrough Dale Nguyen Fri, 15 May 2026 16:10:31 +0000 https://dev.to/dalenguyen/securing-your-mcp-server-with-firebase-auth-a-production-walkthrough-53j7 https://dev.to/dalenguyen/securing-your-mcp-server-with-firebase-auth-a-production-walkthrough-53j7 <p>Model Context Protocol (MCP) servers let AI assistants interact with real user data. That means auth isn't optional — it's the difference between a useful tool and a data breach. This post walks through exactly how <a href="https://cantax.fyi" rel="noopener noreferrer">Can Tax Pro</a> secures its Python MCP server with Firebase Authentication, supporting both Firebase ID tokens (for direct access) and a custom OAuth 2.0 flow (for third-party clients like Claude.ai).</p> <h2> Architecture Overview </h2> <p>The system has three moving parts:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Browser / Claude.ai Client │ │ Authorization: Bearer &lt;token&gt; ▼ MCP Server (Python/FastMCP on Cloud Run) │ │ Firebase Admin SDK ▼ Firestore (data isolated by userId) </code></pre> </div> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fylnw0d3ysn13hpq6ak7l.gif" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fylnw0d3ysn13hpq6ak7l.gif" alt="Can Tax Pro MCP authentication flow demonstration" width="600" height="475"></a></p> <p>The MCP server accepts <strong>two token types</strong>:</p> <ol> <li> <strong>Firebase ID tokens</strong> — issued by Firebase Authentication, verified cryptographically</li> <li> <strong>Custom OAuth tokens</strong> (<code>ctpo_*</code>) — issued by the web app's OAuth server, stored as hashes in Firestore</li> </ol> <p>The web app itself acts as the OAuth authorization server for third-party integrations.</p> <h2> Step 1: Initialize Firebase Admin SDK </h2> <p>The server initializes Firebase Admin once at startup, with environment-aware credential resolution:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># main.py </span><span class="kn">import</span> <span class="n">firebase_admin</span> <span class="kn">from</span> <span class="n">firebase_admin</span> <span class="kn">import</span> <span class="n">credentials</span><span class="p">,</span> <span class="n">auth</span> <span class="k">as</span> <span class="n">firebase_auth</span><span class="p">,</span> <span class="n">firestore</span> <span class="k">if</span> <span class="ow">not</span> <span class="n">firebase_admin</span><span class="p">.</span><span class="n">_apps</span><span class="p">:</span> <span class="n">sa_json</span> <span class="o">=</span> <span class="n">os</span><span class="p">.</span><span class="n">environ</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">FIREBASE_SERVICE_ACCOUNT</span><span class="sh">"</span><span class="p">)</span> <span class="n">project_id</span> <span class="o">=</span> <span class="n">os</span><span class="p">.</span><span class="n">environ</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">FIREBASE_PROJECT_ID</span><span class="sh">"</span><span class="p">)</span> <span class="k">if</span> <span class="n">sa_json</span><span class="p">:</span> <span class="n">cred</span> <span class="o">=</span> <span class="n">credentials</span><span class="p">.</span><span class="nc">Certificate</span><span class="p">(</span><span class="n">json</span><span class="p">.</span><span class="nf">loads</span><span class="p">(</span><span class="n">sa_json</span><span class="p">))</span> <span class="n">firebase_admin</span><span class="p">.</span><span class="nf">initialize_app</span><span class="p">(</span><span class="n">cred</span><span class="p">,</span> <span class="p">{</span><span class="sh">"</span><span class="s">projectId</span><span class="sh">"</span><span class="p">:</span> <span class="n">project_id</span><span class="p">})</span> <span class="k">else</span><span class="p">:</span> <span class="n">firebase_admin</span><span class="p">.</span><span class="nf">initialize_app</span><span class="p">(</span><span class="n">options</span><span class="o">=</span><span class="p">{</span><span class="sh">"</span><span class="s">projectId</span><span class="sh">"</span><span class="p">:</span> <span class="n">project_id</span><span class="p">})</span> </code></pre> </div> <p><strong>Locally</strong>: set <code>FIREBASE_SERVICE_ACCOUNT</code> to your service account JSON.<br> <strong>On Cloud Run</strong>: omit it entirely — the SDK picks up Application Default Credentials (ADC) automatically via Workload Identity.</p> <p>This means no secrets in production. Your Cloud Run service account just needs the <code>Firebase Admin SDK Administrator Service Agent</code> IAM role.</p> <h2> Step 2: Token Resolution </h2> <p>Two resolver functions handle each token type:</p> <h3> OAuth Tokens (<code>ctpo_*</code>) </h3> <p>Custom tokens are never stored in plaintext. The server hashes them with SHA-256 and looks up the hash in Firestore:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">def</span> <span class="nf">resolve_oauth_token</span><span class="p">(</span><span class="n">bearer_token</span><span class="p">:</span> <span class="nb">str</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="nb">str</span><span class="p">:</span> <span class="n">token_hash</span> <span class="o">=</span> <span class="n">hashlib</span><span class="p">.</span><span class="nf">sha256</span><span class="p">(</span><span class="n">bearer_token</span><span class="p">.</span><span class="nf">encode</span><span class="p">()).</span><span class="nf">hexdigest</span><span class="p">()</span> <span class="n">doc</span> <span class="o">=</span> <span class="n">db</span><span class="p">.</span><span class="nf">collection</span><span class="p">(</span><span class="sh">"</span><span class="s">oauthTokens</span><span class="sh">"</span><span class="p">).</span><span class="nf">document</span><span class="p">(</span><span class="n">token_hash</span><span class="p">).</span><span class="nf">get</span><span class="p">()</span> <span class="k">if</span> <span class="ow">not</span> <span class="n">doc</span><span class="p">.</span><span class="n">exists</span><span class="p">:</span> <span class="k">raise</span> <span class="nc">ValueError</span><span class="p">(</span><span class="sh">"</span><span class="s">Invalid or revoked OAuth token</span><span class="sh">"</span><span class="p">)</span> <span class="n">data</span> <span class="o">=</span> <span class="n">doc</span><span class="p">.</span><span class="nf">to_dict</span><span class="p">()</span> <span class="n">expires_at</span> <span class="o">=</span> <span class="n">data</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">expiresAt</span><span class="sh">"</span><span class="p">)</span> <span class="k">if</span> <span class="n">expires_at</span> <span class="ow">and</span> <span class="n">expires_at</span> <span class="o">&lt;</span> <span class="n">datetime</span><span class="p">.</span><span class="nf">now</span><span class="p">(</span><span class="n">timezone</span><span class="p">.</span><span class="n">utc</span><span class="p">):</span> <span class="k">raise</span> <span class="nc">ValueError</span><span class="p">(</span><span class="sh">"</span><span class="s">OAuth token expired</span><span class="sh">"</span><span class="p">)</span> <span class="k">return</span> <span class="n">data</span><span class="p">[</span><span class="sh">"</span><span class="s">userId</span><span class="sh">"</span><span class="p">]</span> </code></pre> </div> <p>The Firestore document stores <code>userId</code>, <code>expiresAt</code>, <code>clientId</code>, and a <code>refreshTokenHash</code>. Revocation is instant — delete the document and the token stops working on the next request.</p> <h3> Firebase ID Tokens </h3> <p>Firebase handles the hard part:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">def</span> <span class="nf">resolve_id_token</span><span class="p">(</span><span class="n">id_token</span><span class="p">:</span> <span class="nb">str</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="nb">str</span><span class="p">:</span> <span class="n">decoded</span> <span class="o">=</span> <span class="n">firebase_auth</span><span class="p">.</span><span class="nf">verify_id_token</span><span class="p">(</span><span class="n">id_token</span><span class="p">)</span> <span class="k">return</span> <span class="n">decoded</span><span class="p">[</span><span class="sh">"</span><span class="s">uid</span><span class="sh">"</span><span class="p">]</span> </code></pre> </div> <p><code>verify_id_token</code> checks the signature against Google's public keys and validates claims (expiry, issuer, audience). It caches the public keys locally so it doesn't make a network call on every request.</p> <h2> Step 3: The Auth Middleware </h2> <p>A Starlette <code>BaseHTTPMiddleware</code> wraps every request. It tries the OAuth path first, then falls back to Firebase ID tokens:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">class</span> <span class="nc">AuthMiddleware</span><span class="p">(</span><span class="n">BaseHTTPMiddleware</span><span class="p">):</span> <span class="k">async</span> <span class="k">def</span> <span class="nf">dispatch</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">request</span><span class="p">:</span> <span class="n">Request</span><span class="p">,</span> <span class="n">call_next</span><span class="p">):</span> <span class="c1"># Skip auth for public endpoints </span> <span class="k">if</span> <span class="n">request</span><span class="p">.</span><span class="n">url</span><span class="p">.</span><span class="n">path</span> <span class="ow">in</span> <span class="n">_PUBLIC_PATHS</span><span class="p">:</span> <span class="k">return</span> <span class="k">await</span> <span class="nf">call_next</span><span class="p">(</span><span class="n">request</span><span class="p">)</span> <span class="n">auth_header</span> <span class="o">=</span> <span class="n">request</span><span class="p">.</span><span class="n">headers</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">Authorization</span><span class="sh">"</span><span class="p">,</span> <span class="sh">""</span><span class="p">)</span> <span class="k">if</span> <span class="ow">not</span> <span class="n">auth_header</span><span class="p">.</span><span class="nf">startswith</span><span class="p">(</span><span class="sh">"</span><span class="s">Bearer </span><span class="sh">"</span><span class="p">):</span> <span class="k">return</span> <span class="nc">Response</span><span class="p">(</span> <span class="n">status_code</span><span class="o">=</span><span class="mi">401</span><span class="p">,</span> <span class="n">headers</span><span class="o">=</span><span class="p">{</span><span class="sh">"</span><span class="s">WWW-Authenticate</span><span class="sh">"</span><span class="p">:</span> <span class="sh">'</span><span class="s">Bearer realm=</span><span class="sh">"</span><span class="s">tax-mcp</span><span class="sh">"'</span><span class="p">},</span> <span class="p">)</span> <span class="n">token</span> <span class="o">=</span> <span class="n">auth_header</span><span class="p">.</span><span class="nf">removeprefix</span><span class="p">(</span><span class="sh">"</span><span class="s">Bearer </span><span class="sh">"</span><span class="p">).</span><span class="nf">strip</span><span class="p">()</span> <span class="n">token_set</span> <span class="o">=</span> <span class="n">_user_id_var</span><span class="p">.</span><span class="nf">set</span><span class="p">(</span><span class="sh">""</span><span class="p">)</span> <span class="k">try</span><span class="p">:</span> <span class="c1"># Try OAuth token first </span> <span class="k">if</span> <span class="n">token</span><span class="p">.</span><span class="nf">startswith</span><span class="p">(</span><span class="sh">"</span><span class="s">ctpo_</span><span class="sh">"</span><span class="p">):</span> <span class="n">user_id</span> <span class="o">=</span> <span class="nf">resolve_oauth_token</span><span class="p">(</span><span class="n">token</span><span class="p">)</span> <span class="k">else</span><span class="p">:</span> <span class="n">user_id</span> <span class="o">=</span> <span class="nf">resolve_id_token</span><span class="p">(</span><span class="n">token</span><span class="p">)</span> <span class="n">_user_id_var</span><span class="p">.</span><span class="nf">set</span><span class="p">(</span><span class="n">user_id</span><span class="p">)</span> <span class="k">return</span> <span class="k">await</span> <span class="nf">call_next</span><span class="p">(</span><span class="n">request</span><span class="p">)</span> <span class="k">except</span> <span class="nb">Exception</span> <span class="k">as</span> <span class="n">e</span><span class="p">:</span> <span class="k">return</span> <span class="nc">Response</span><span class="p">(</span> <span class="n">status_code</span><span class="o">=</span><span class="mi">401</span><span class="p">,</span> <span class="n">content</span><span class="o">=</span><span class="nf">str</span><span class="p">(</span><span class="n">e</span><span class="p">),</span> <span class="n">headers</span><span class="o">=</span><span class="p">{</span><span class="sh">"</span><span class="s">WWW-Authenticate</span><span class="sh">"</span><span class="p">:</span> <span class="sh">'</span><span class="s">Bearer realm=</span><span class="sh">"</span><span class="s">tax-mcp</span><span class="sh">"'</span><span class="p">},</span> <span class="p">)</span> <span class="k">finally</span><span class="p">:</span> <span class="n">_user_id_var</span><span class="p">.</span><span class="nf">reset</span><span class="p">(</span><span class="n">token_set</span><span class="p">)</span> </code></pre> </div> <p>Public paths (<code>/health</code>, <code>/.well-known/oauth-protected-resource</code>) bypass auth — necessary for health checks and OAuth discovery.</p> <h2> Step 4: Thread-Safe User Context </h2> <p>Tools shouldn't take a <code>user_id</code> parameter — that would pollute every signature and make testing awkward. Instead, use a <code>ContextVar</code> to propagate identity through the async call stack:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># _context.py </span><span class="kn">from</span> <span class="n">contextvars</span> <span class="kn">import</span> <span class="n">ContextVar</span> <span class="n">_user_id_var</span><span class="p">:</span> <span class="n">ContextVar</span><span class="p">[</span><span class="nb">str</span><span class="p">]</span> <span class="o">=</span> <span class="nc">ContextVar</span><span class="p">(</span><span class="sh">"</span><span class="s">user_id</span><span class="sh">"</span><span class="p">)</span> <span class="k">def</span> <span class="nf">get_user_id</span><span class="p">()</span> <span class="o">-&gt;</span> <span class="nb">str</span><span class="p">:</span> <span class="k">try</span><span class="p">:</span> <span class="k">return</span> <span class="n">_user_id_var</span><span class="p">.</span><span class="nf">get</span><span class="p">()</span> <span class="k">except</span> <span class="nb">LookupError</span><span class="p">:</span> <span class="k">raise</span> <span class="nc">RuntimeError</span><span class="p">(</span><span class="sh">"</span><span class="s">User context not set — request did not pass through auth middleware.</span><span class="sh">"</span><span class="p">)</span> </code></pre> </div> <p>Every tool calls <code>get_user_id()</code> to scope its Firestore queries:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># tools/income.py </span><span class="kn">from</span> <span class="n">.._context</span> <span class="kn">import</span> <span class="n">get_user_id</span> <span class="nd">@mcp.tool</span><span class="p">()</span> <span class="k">def</span> <span class="nf">list_income</span><span class="p">(</span><span class="n">tax_year_id</span><span class="p">:</span> <span class="nb">str</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="nb">list</span><span class="p">[</span><span class="nb">dict</span><span class="p">]:</span> <span class="n">docs</span> <span class="o">=</span> <span class="p">(</span> <span class="n">db</span><span class="p">.</span><span class="nf">collection</span><span class="p">(</span><span class="sh">"</span><span class="s">users</span><span class="sh">"</span><span class="p">)</span> <span class="p">.</span><span class="nf">document</span><span class="p">(</span><span class="nf">get_user_id</span><span class="p">())</span> <span class="p">.</span><span class="nf">collection</span><span class="p">(</span><span class="sh">"</span><span class="s">taxYears</span><span class="sh">"</span><span class="p">)</span> <span class="p">.</span><span class="nf">document</span><span class="p">(</span><span class="n">tax_year_id</span><span class="p">)</span> <span class="p">.</span><span class="nf">collection</span><span class="p">(</span><span class="sh">"</span><span class="s">incomeEntries</span><span class="sh">"</span><span class="p">)</span> <span class="p">.</span><span class="nf">stream</span><span class="p">()</span> <span class="p">)</span> <span class="k">return</span> <span class="p">[{</span><span class="sh">"</span><span class="s">id</span><span class="sh">"</span><span class="p">:</span> <span class="n">d</span><span class="p">.</span><span class="nb">id</span><span class="p">,</span> <span class="o">**</span><span class="n">d</span><span class="p">.</span><span class="nf">to_dict</span><span class="p">()}</span> <span class="k">for</span> <span class="n">d</span> <span class="ow">in</span> <span class="n">docs</span><span class="p">]</span> </code></pre> </div> <p><code>ContextVar</code> is async-safe — each concurrent request gets its own context, so there's no cross-contamination between users even under high concurrency.</p> <p>The middleware resets the var in a <code>finally</code> block, which is critical: without cleanup, the context leaks to the next request on a reused coroutine.</p> <h2> Step 5: The OAuth 2.0 Server (Web App Side) </h2> <p>For third-party clients (Claude.ai, etc.), the web app implements an OAuth 2.0 authorization server. Here's the flow:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>1. Client → GET /oauth/authorize?client_id=...&amp;code_challenge=... 2. User logs in (Firebase Auth) 3. Server → redirect with authorization_code 4. Client → POST /oauth/token with code + code_verifier 5. Server → { access_token: "ctpo_...", refresh_token: "ctpr_..." } </code></pre> </div> <p><strong>Token generation</strong> (TypeScript, server-side):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// server/routes/oauth/token.post.ts</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">createHash</span><span class="p">,</span> <span class="nx">randomBytes</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">crypto</span><span class="dl">"</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">accessToken</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">ctpo_</span><span class="dl">"</span> <span class="o">+</span> <span class="nf">randomBytes</span><span class="p">(</span><span class="mi">32</span><span class="p">).</span><span class="nf">toString</span><span class="p">(</span><span class="dl">"</span><span class="s2">hex</span><span class="dl">"</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">tokenHash</span> <span class="o">=</span> <span class="nf">createHash</span><span class="p">(</span><span class="dl">"</span><span class="s2">sha256</span><span class="dl">"</span><span class="p">).</span><span class="nf">update</span><span class="p">(</span><span class="nx">accessToken</span><span class="p">).</span><span class="nf">digest</span><span class="p">(</span><span class="dl">"</span><span class="s2">hex</span><span class="dl">"</span><span class="p">);</span> <span class="k">await</span> <span class="nx">db</span><span class="p">.</span><span class="nf">collection</span><span class="p">(</span><span class="dl">"</span><span class="s2">oauthTokens</span><span class="dl">"</span><span class="p">).</span><span class="nf">doc</span><span class="p">(</span><span class="nx">tokenHash</span><span class="p">).</span><span class="nf">set</span><span class="p">({</span> <span class="na">userId</span><span class="p">:</span> <span class="nx">session</span><span class="p">.</span><span class="nx">userId</span><span class="p">,</span> <span class="na">clientId</span><span class="p">:</span> <span class="nx">session</span><span class="p">.</span><span class="nx">clientId</span><span class="p">,</span> <span class="na">expiresAt</span><span class="p">:</span> <span class="k">new</span> <span class="nc">Date</span><span class="p">(</span><span class="nb">Date</span><span class="p">.</span><span class="nf">now</span><span class="p">()</span> <span class="o">+</span> <span class="mi">60</span> <span class="o">*</span> <span class="mi">60</span> <span class="o">*</span> <span class="mi">1000</span><span class="p">),</span> <span class="c1">// 1 hour</span> <span class="na">createdAt</span><span class="p">:</span> <span class="k">new</span> <span class="nc">Date</span><span class="p">(),</span> <span class="p">});</span> <span class="k">return</span> <span class="p">{</span> <span class="na">access_token</span><span class="p">:</span> <span class="nx">accessToken</span><span class="p">,</span> <span class="na">token_type</span><span class="p">:</span> <span class="dl">"</span><span class="s2">bearer</span><span class="dl">"</span><span class="p">,</span> <span class="na">expires_in</span><span class="p">:</span> <span class="mi">3600</span> <span class="p">};</span> </code></pre> </div> <p>The <code>ctpo_</code> prefix lets the MCP server route to the right resolver without trying Firebase first. Only the hash ever touches the database.</p> <p><strong>PKCE</strong> (Proof Key for Code Exchange) protects the authorization code flow. The client sends a <code>code_challenge</code> (SHA-256 of a random <code>code_verifier</code>) in step 1, then proves ownership by sending the raw <code>code_verifier</code> in step 4. The server hashes it and compares:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">const</span> <span class="nx">verifierHash</span> <span class="o">=</span> <span class="nf">createHash</span><span class="p">(</span><span class="dl">"</span><span class="s2">sha256</span><span class="dl">"</span><span class="p">)</span> <span class="p">.</span><span class="nf">update</span><span class="p">(</span><span class="nx">body</span><span class="p">.</span><span class="nx">code_verifier</span><span class="p">)</span> <span class="p">.</span><span class="nf">digest</span><span class="p">(</span><span class="dl">"</span><span class="s2">base64url</span><span class="dl">"</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="nx">verifierHash</span> <span class="o">!==</span> <span class="nx">session</span><span class="p">.</span><span class="nx">codeChallenge</span><span class="p">)</span> <span class="p">{</span> <span class="k">throw</span> <span class="nf">createError</span><span class="p">({</span> <span class="na">statusCode</span><span class="p">:</span> <span class="mi">400</span><span class="p">,</span> <span class="na">message</span><span class="p">:</span> <span class="dl">"</span><span class="s2">Invalid code_verifier</span><span class="dl">"</span> <span class="p">});</span> <span class="p">}</span> </code></pre> </div> <h2> Step 6: Client-Side (Browser) </h2> <p>The Angular/Analog web app attaches Firebase ID tokens to outbound API requests via an HTTP interceptor:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// auth.interceptor.ts</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">authInterceptor</span><span class="p">:</span> <span class="nx">HttpInterceptorFn</span> <span class="o">=</span> <span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">next</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">auth</span> <span class="o">=</span> <span class="nf">inject</span><span class="p">(</span><span class="nx">Auth</span><span class="p">);</span> <span class="k">return</span> <span class="k">from</span><span class="p">(</span><span class="nx">auth</span><span class="p">.</span><span class="nx">currentUser</span><span class="p">?.</span><span class="nf">getIdToken</span><span class="p">()</span> <span class="o">??</span> <span class="nb">Promise</span><span class="p">.</span><span class="nf">resolve</span><span class="p">(</span><span class="kc">null</span><span class="p">)).</span><span class="nf">pipe</span><span class="p">(</span> <span class="nf">switchMap</span><span class="p">((</span><span class="nx">token</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">token</span><span class="p">)</span> <span class="k">return</span> <span class="nf">next</span><span class="p">(</span><span class="nx">req</span><span class="p">);</span> <span class="k">return</span> <span class="nf">next</span><span class="p">(</span><span class="nx">req</span><span class="p">.</span><span class="nf">clone</span><span class="p">({</span> <span class="na">setHeaders</span><span class="p">:</span> <span class="p">{</span> <span class="na">Authorization</span><span class="p">:</span> <span class="s2">`Bearer </span><span class="p">${</span><span class="nx">token</span><span class="p">}</span><span class="s2">`</span> <span class="p">},</span> <span class="p">}));</span> <span class="p">}),</span> <span class="p">);</span> <span class="p">};</span> </code></pre> </div> <p><code>getIdToken()</code> auto-refreshes the token when it's close to expiry, so you never send a stale JWT.</p> <h2> Step 7: Firestore Security Rules </h2> <p>The MCP server uses the <strong>Admin SDK</strong>, which bypasses all Firestore security rules. The <code>get_user_id()</code> context is your authorization layer. But rules provide defense-in-depth for direct client SDK access:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="n">rules_version</span> <span class="o">=</span> <span class="s1">'2'</span><span class="p">;</span> <span class="n">service</span> <span class="n">cloud</span><span class="p">.</span><span class="n">firestore</span> <span class="p">{</span> <span class="k">match</span> <span class="o">/</span><span class="n">databases</span><span class="o">/</span><span class="p">{</span><span class="k">database</span><span class="p">}</span><span class="o">/</span><span class="n">documents</span> <span class="p">{</span> <span class="k">match</span> <span class="o">/</span><span class="n">users</span><span class="o">/</span><span class="p">{</span><span class="n">userId</span><span class="p">}</span><span class="o">/</span><span class="p">{</span><span class="n">document</span><span class="o">=**</span><span class="p">}</span> <span class="p">{</span> <span class="n">allow</span> <span class="k">read</span><span class="p">,</span> <span class="k">write</span><span class="p">:</span> <span class="n">if</span> <span class="n">request</span><span class="p">.</span><span class="n">auth</span> <span class="o">!=</span> <span class="k">null</span> <span class="o">&amp;&amp;</span> <span class="n">request</span><span class="p">.</span><span class="n">auth</span><span class="p">.</span><span class="n">uid</span> <span class="o">==</span> <span class="n">userId</span><span class="p">;</span> <span class="p">}</span> <span class="k">match</span> <span class="o">/</span><span class="n">oauthTokens</span><span class="o">/</span><span class="p">{</span><span class="n">tokenId</span><span class="p">}</span> <span class="p">{</span> <span class="n">allow</span> <span class="k">read</span><span class="p">,</span> <span class="k">write</span><span class="p">:</span> <span class="n">if</span> <span class="k">false</span><span class="p">;</span> <span class="o">//</span> <span class="n">Server</span><span class="o">-</span><span class="k">only</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>OAuth token documents are locked to server-only access. Users can never read or write them directly.</p> <h2> Step 8: OAuth Discovery Endpoint </h2> <p>Well-behaved OAuth clients (including Claude.ai) auto-discover server capabilities. Expose the RFC 9728 metadata endpoint:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="nd">@app.get</span><span class="p">(</span><span class="sh">"</span><span class="s">/.well-known/oauth-protected-resource</span><span class="sh">"</span><span class="p">)</span> <span class="k">async</span> <span class="k">def</span> <span class="nf">oauth_protected_resource</span><span class="p">():</span> <span class="k">return</span> <span class="nc">JSONResponse</span><span class="p">({</span> <span class="sh">"</span><span class="s">resource</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">https://your-mcp-server.run.app</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">authorization_servers</span><span class="sh">"</span><span class="p">:</span> <span class="p">[</span><span class="sh">"</span><span class="s">https://your-web-app.com</span><span class="sh">"</span><span class="p">],</span> <span class="sh">"</span><span class="s">bearer_methods_supported</span><span class="sh">"</span><span class="p">:</span> <span class="p">[</span><span class="sh">"</span><span class="s">header</span><span class="sh">"</span><span class="p">],</span> <span class="p">})</span> </code></pre> </div> <p>This tells clients where to find the authorization server and how to present tokens. It's a public endpoint (no auth required) — make sure it's in <code>_PUBLIC_PATHS</code>.</p> <h2> Step 9: Local Testing </h2> <p>Don't rely on a real Firebase project for unit tests. Seed a test token directly:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># test_auth.py </span><span class="kn">import</span> <span class="n">hashlib</span> <span class="kn">from</span> <span class="n">firebase_admin</span> <span class="kn">import</span> <span class="n">firestore</span> <span class="kn">from</span> <span class="n">datetime</span> <span class="kn">import</span> <span class="n">datetime</span><span class="p">,</span> <span class="n">timezone</span><span class="p">,</span> <span class="n">timedelta</span> <span class="n">TEST_TOKEN</span> <span class="o">=</span> <span class="sh">"</span><span class="s">ctpo_localtest_</span><span class="sh">"</span> <span class="o">+</span> <span class="sh">"</span><span class="s">a</span><span class="sh">"</span> <span class="o">*</span> <span class="mi">48</span> <span class="n">TEST_TOKEN_HASH</span> <span class="o">=</span> <span class="n">hashlib</span><span class="p">.</span><span class="nf">sha256</span><span class="p">(</span><span class="n">TEST_TOKEN</span><span class="p">.</span><span class="nf">encode</span><span class="p">()).</span><span class="nf">hexdigest</span><span class="p">()</span> <span class="k">def</span> <span class="nf">seed_test_token</span><span class="p">(</span><span class="n">db</span><span class="p">,</span> <span class="n">user_id</span><span class="p">:</span> <span class="nb">str</span><span class="p">):</span> <span class="n">db</span><span class="p">.</span><span class="nf">collection</span><span class="p">(</span><span class="sh">"</span><span class="s">oauthTokens</span><span class="sh">"</span><span class="p">).</span><span class="nf">document</span><span class="p">(</span><span class="n">TEST_TOKEN_HASH</span><span class="p">).</span><span class="nf">set</span><span class="p">({</span> <span class="sh">"</span><span class="s">userId</span><span class="sh">"</span><span class="p">:</span> <span class="n">user_id</span><span class="p">,</span> <span class="sh">"</span><span class="s">clientId</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">test-client</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">expiresAt</span><span class="sh">"</span><span class="p">:</span> <span class="n">datetime</span><span class="p">.</span><span class="nf">now</span><span class="p">(</span><span class="n">timezone</span><span class="p">.</span><span class="n">utc</span><span class="p">)</span> <span class="o">+</span> <span class="nf">timedelta</span><span class="p">(</span><span class="n">hours</span><span class="o">=</span><span class="mi">1</span><span class="p">),</span> <span class="p">})</span> <span class="k">def</span> <span class="nf">cleanup</span><span class="p">(</span><span class="n">db</span><span class="p">):</span> <span class="n">db</span><span class="p">.</span><span class="nf">collection</span><span class="p">(</span><span class="sh">"</span><span class="s">oauthTokens</span><span class="sh">"</span><span class="p">).</span><span class="nf">document</span><span class="p">(</span><span class="n">TEST_TOKEN_HASH</span><span class="p">).</span><span class="nf">delete</span><span class="p">()</span> </code></pre> </div> <p>Then test the three critical paths: no token → 401, invalid token → 401, valid token → 200.</p> <h2> Security Properties </h2> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Property</th> <th>How it's achieved</th> </tr> </thead> <tbody> <tr> <td>Token confidentiality</td> <td>Only SHA-256 hashes stored; raw tokens never persist</td> </tr> <tr> <td>Revocation</td> <td>Delete Firestore doc; effective immediately</td> </tr> <tr> <td>Expiry</td> <td>Enforced server-side on every request</td> </tr> <tr> <td>Multi-user isolation</td> <td> <code>ContextVar</code> scopes every Firestore query to <code>userId</code> </td> </tr> <tr> <td>No key management in prod</td> <td>Cloud Run Workload Identity + ADC</td> </tr> <tr> <td>Code injection protection</td> <td>PKCE on OAuth code exchange</td> </tr> <tr> <td>Defense in depth</td> <td>Firestore rules lock down client SDK access</td> </tr> </tbody> </table></div> <h2> Summary </h2> <p>Securing an MCP server with Firebase Auth comes down to four things:</p> <ol> <li> <strong>Middleware</strong> that validates tokens before any tool runs</li> <li> <strong>ContextVar</strong> to propagate user identity without polluting tool signatures</li> <li> <strong>Hash-only storage</strong> for custom OAuth tokens</li> <li> <strong>Workload Identity</strong> to eliminate service account key management in production</li> </ol> <p>The dual-token design (Firebase ID tokens for direct use, custom OAuth tokens for third-party clients) keeps the server flexible while maintaining a single, auditable auth path. Every request either has a valid, unexpired token mapping to a real user, or it gets a 401.</p> firebase mcp python oauth Building MCP Apps with Angular Dale Nguyen Sat, 25 Apr 2026 03:43:44 +0000 https://dev.to/dalenguyen/building-mcp-apps-with-angular-3849 https://dev.to/dalenguyen/building-mcp-apps-with-angular-3849 <p>If you've been building MCP servers, you know the drill: your tool returns JSON, the host renders it as text, and the user squints at a timestamp string. <a href="https://github.com/modelcontextprotocol/ext-apps" rel="noopener noreferrer">MCP Apps</a> change that — they let your server ship an interactive UI that the host renders in an iframe, right inside the conversation.</p> <p>MCP Apps are built on the <strong>Model Context Protocol</strong> — an open standard. They're not tied to Claude or any specific AI provider. Any host that implements the MCP Apps specification (Claude Desktop, custom chat clients, or other AI assistants that adopt MCP) can render your UI. You build it once, and it works everywhere MCP is supported.</p> <p>This post walks through building MCP Apps with Angular. We'll start with a single tool, add a second tool with its own UI, and then show how to share code between them without bloating either bundle.</p> <h2> How MCP Apps Work (Quick Recap) </h2> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>View (Angular App) &lt;--PostMessageTransport--&gt; Host (AppBridge) &lt;--MCP Client--&gt; MCP Server </code></pre> </div> <ul> <li> <strong>Server</strong> registers tools and resources. Each tool can point to a resource URI containing the UI.</li> <li> <strong>Host</strong> (the chat client) fetches that resource and renders it in a sandboxed iframe.</li> <li> <strong>View</strong> is your Angular app running inside that iframe. It uses the <code>App</code> class from <code>@modelcontextprotocol/ext-apps</code> to communicate with the host.</li> </ul> <p>The key insight: your UI is bundled into a <strong>single self-contained HTML file</strong> using Vite and <code>vite-plugin-singlefile</code>. The host doesn't need to know it's Angular — it just loads HTML.</p> <h2> Project Structure </h2> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>basic-server-angular/ ├── mcp-app.html # HTML entry point for UI #1 ├── greeting-app.html # HTML entry point for UI #2 ├── src/ │ ├── main.ts # Angular bootstrap for UI #1 │ ├── app.component.ts # Get Time component │ ├── greeting-main.ts # Angular bootstrap for UI #2 │ ├── greeting.component.ts # Greeting component │ ├── shared/ │ │ └── mcp-app-setup.ts # Shared App + theming setup │ └── global.css # Host-aware CSS variables ├── server.ts # MCP server (registers tools + resources) ├── main.ts # Server entry point (HTTP + stdio) └── vite.config.ts # Builds each HTML into a single file </code></pre> </div> <h2> Step 1: The Server </h2> <p>Every MCP App starts on the server side. You register a <strong>tool</strong> (what the LLM calls) and a <strong>resource</strong> (the HTML that gets rendered). They're linked by a resource URI.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// server.ts</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">McpServer</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">@modelcontextprotocol/sdk/server/mcp.js</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="kd">type</span> <span class="p">{</span> <span class="nx">CallToolResult</span><span class="p">,</span> <span class="nx">ReadResourceResult</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">@modelcontextprotocol/sdk/types.js</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="nx">fs</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">node:fs/promises</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="nx">path</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">node:path</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">registerAppTool</span><span class="p">,</span> <span class="nx">registerAppResource</span><span class="p">,</span> <span class="nx">RESOURCE_MIME_TYPE</span><span class="p">,</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">@modelcontextprotocol/ext-apps/server</span><span class="dl">"</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">DIST_DIR</span> <span class="o">=</span> <span class="k">import</span><span class="p">.</span><span class="nx">meta</span><span class="p">.</span><span class="nx">filename</span><span class="p">.</span><span class="nf">endsWith</span><span class="p">(</span><span class="dl">"</span><span class="s2">.ts</span><span class="dl">"</span><span class="p">)</span> <span class="p">?</span> <span class="nx">path</span><span class="p">.</span><span class="nf">join</span><span class="p">(</span><span class="k">import</span><span class="p">.</span><span class="nx">meta</span><span class="p">.</span><span class="nx">dirname</span><span class="p">,</span> <span class="dl">"</span><span class="s2">dist</span><span class="dl">"</span><span class="p">)</span> <span class="p">:</span> <span class="k">import</span><span class="p">.</span><span class="nx">meta</span><span class="p">.</span><span class="nx">dirname</span><span class="p">;</span> <span class="k">export</span> <span class="kd">function</span> <span class="nf">createServer</span><span class="p">():</span> <span class="nx">McpServer</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">server</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">McpServer</span><span class="p">({</span> <span class="na">name</span><span class="p">:</span> <span class="dl">"</span><span class="s2">Basic MCP App Server (Angular)</span><span class="dl">"</span><span class="p">,</span> <span class="na">version</span><span class="p">:</span> <span class="dl">"</span><span class="s2">1.0.0</span><span class="dl">"</span><span class="p">,</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">resourceUri</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">ui://get-time/mcp-app.html</span><span class="dl">"</span><span class="p">;</span> <span class="c1">// Register the tool — this is what the LLM calls</span> <span class="nf">registerAppTool</span><span class="p">(</span><span class="nx">server</span><span class="p">,</span> <span class="dl">"</span><span class="s2">get-time</span><span class="dl">"</span><span class="p">,</span> <span class="p">{</span> <span class="na">title</span><span class="p">:</span> <span class="dl">"</span><span class="s2">Get Time</span><span class="dl">"</span><span class="p">,</span> <span class="na">description</span><span class="p">:</span> <span class="dl">"</span><span class="s2">Returns the current server time as an ISO 8601 string.</span><span class="dl">"</span><span class="p">,</span> <span class="na">inputSchema</span><span class="p">:</span> <span class="p">{},</span> <span class="na">_meta</span><span class="p">:</span> <span class="p">{</span> <span class="na">ui</span><span class="p">:</span> <span class="p">{</span> <span class="nx">resourceUri</span> <span class="p">}</span> <span class="p">},</span> <span class="c1">// Links this tool to its UI</span> <span class="p">},</span> <span class="k">async </span><span class="p">():</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="nx">CallToolResult</span><span class="o">&gt;</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">time</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Date</span><span class="p">().</span><span class="nf">toISOString</span><span class="p">();</span> <span class="k">return</span> <span class="p">{</span> <span class="na">content</span><span class="p">:</span> <span class="p">[{</span> <span class="na">type</span><span class="p">:</span> <span class="dl">"</span><span class="s2">text</span><span class="dl">"</span><span class="p">,</span> <span class="na">text</span><span class="p">:</span> <span class="nx">time</span> <span class="p">}]</span> <span class="p">};</span> <span class="p">});</span> <span class="c1">// Register the resource — the bundled HTML for this tool's UI</span> <span class="nf">registerAppResource</span><span class="p">(</span><span class="nx">server</span><span class="p">,</span> <span class="nx">resourceUri</span><span class="p">,</span> <span class="nx">resourceUri</span><span class="p">,</span> <span class="p">{</span> <span class="na">mimeType</span><span class="p">:</span> <span class="nx">RESOURCE_MIME_TYPE</span><span class="p">,</span> <span class="p">},</span> <span class="k">async </span><span class="p">():</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="nx">ReadResourceResult</span><span class="o">&gt;</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">html</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">fs</span><span class="p">.</span><span class="nf">readFile</span><span class="p">(</span> <span class="nx">path</span><span class="p">.</span><span class="nf">join</span><span class="p">(</span><span class="nx">DIST_DIR</span><span class="p">,</span> <span class="dl">"</span><span class="s2">mcp-app.html</span><span class="dl">"</span><span class="p">),</span> <span class="dl">"</span><span class="s2">utf-8</span><span class="dl">"</span><span class="p">,</span> <span class="p">);</span> <span class="k">return</span> <span class="p">{</span> <span class="na">contents</span><span class="p">:</span> <span class="p">[{</span> <span class="na">uri</span><span class="p">:</span> <span class="nx">resourceUri</span><span class="p">,</span> <span class="na">mimeType</span><span class="p">:</span> <span class="nx">RESOURCE_MIME_TYPE</span><span class="p">,</span> <span class="na">text</span><span class="p">:</span> <span class="nx">html</span> <span class="p">}],</span> <span class="p">};</span> <span class="p">});</span> <span class="k">return</span> <span class="nx">server</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <p>The <code>_meta.ui.resourceUri</code> is the glue. When the host calls this tool, it reads that field to know which resource to fetch and render.</p> <h2> Step 2: The HTML Entry Point </h2> <p>Each UI needs an HTML file at the project root. This is the Vite entry point that gets bundled into a single self-contained file.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight html"><code><span class="c">&lt;!-- mcp-app.html --&gt;</span> <span class="cp">&lt;!DOCTYPE html&gt;</span> <span class="nt">&lt;html</span> <span class="na">lang=</span><span class="s">"en"</span><span class="nt">&gt;</span> <span class="nt">&lt;head&gt;</span> <span class="nt">&lt;meta</span> <span class="na">charset=</span><span class="s">"UTF-8"</span><span class="nt">&gt;</span> <span class="nt">&lt;meta</span> <span class="na">name=</span><span class="s">"viewport"</span> <span class="na">content=</span><span class="s">"width=device-width, initial-scale=1.0"</span><span class="nt">&gt;</span> <span class="nt">&lt;meta</span> <span class="na">name=</span><span class="s">"color-scheme"</span> <span class="na">content=</span><span class="s">"light dark"</span><span class="nt">&gt;</span> <span class="nt">&lt;title&gt;</span>Get Time App<span class="nt">&lt;/title&gt;</span> <span class="nt">&lt;link</span> <span class="na">rel=</span><span class="s">"stylesheet"</span> <span class="na">href=</span><span class="s">"/src/global.css"</span><span class="nt">&gt;</span> <span class="nt">&lt;/head&gt;</span> <span class="nt">&lt;body&gt;</span> <span class="nt">&lt;app-root&gt;&lt;/app-root&gt;</span> <span class="nt">&lt;script </span><span class="na">type=</span><span class="s">"module"</span> <span class="na">src=</span><span class="s">"/src/main.ts"</span><span class="nt">&gt;&lt;/script&gt;</span> <span class="nt">&lt;/body&gt;</span> <span class="nt">&lt;/html&gt;</span> </code></pre> </div> <h2> Step 3: The Angular App </h2> <p>The bootstrap is minimal — Angular 19+ with zoneless change detection:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// src/main.ts</span> <span class="k">import</span> <span class="dl">"</span><span class="s2">@angular/compiler</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">bootstrapApplication</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">@angular/platform-browser</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">provideZonelessChangeDetection</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">@angular/core</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">AppComponent</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">./app.component</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="dl">"</span><span class="s2">./global.css</span><span class="dl">"</span><span class="p">;</span> <span class="nf">bootstrapApplication</span><span class="p">(</span><span class="nx">AppComponent</span><span class="p">,</span> <span class="p">{</span> <span class="na">providers</span><span class="p">:</span> <span class="p">[</span><span class="nf">provideZonelessChangeDetection</span><span class="p">()],</span> <span class="p">}).</span><span class="k">catch</span><span class="p">((</span><span class="nx">err</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="nx">console</span><span class="p">.</span><span class="nf">error</span><span class="p">(</span><span class="nx">err</span><span class="p">));</span> </code></pre> </div> <p>Now the component itself. The <code>App</code> class from <code>@modelcontextprotocol/ext-apps</code> is the bridge between your Angular code and the host:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// src/app.component.ts</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">Component</span><span class="p">,</span> <span class="kd">type</span> <span class="nx">OnInit</span><span class="p">,</span> <span class="nx">signal</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">@angular/core</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">App</span><span class="p">,</span> <span class="nx">applyDocumentTheme</span><span class="p">,</span> <span class="nx">applyHostStyleVariables</span><span class="p">,</span> <span class="nx">applyHostFonts</span><span class="p">,</span> <span class="kd">type</span> <span class="nx">McpUiHostContext</span><span class="p">,</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">@modelcontextprotocol/ext-apps</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="kd">type</span> <span class="p">{</span> <span class="nx">CallToolResult</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">@modelcontextprotocol/sdk/types.js</span><span class="dl">"</span><span class="p">;</span> <span class="kd">function</span> <span class="nf">extractText</span><span class="p">(</span><span class="nx">result</span><span class="p">:</span> <span class="nx">CallToolResult</span><span class="p">):</span> <span class="kr">string</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">result</span><span class="p">.</span><span class="nx">content</span><span class="p">?.</span><span class="nf">find</span><span class="p">((</span><span class="nx">c</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="nx">c</span><span class="p">.</span><span class="kd">type</span> <span class="o">===</span> <span class="dl">"</span><span class="s2">text</span><span class="dl">"</span><span class="p">)</span><span class="o">!</span><span class="p">.</span><span class="nx">text</span><span class="p">;</span> <span class="p">}</span> <span class="p">@</span><span class="nd">Component</span><span class="p">({</span> <span class="na">selector</span><span class="p">:</span> <span class="dl">"</span><span class="s2">app-root</span><span class="dl">"</span><span class="p">,</span> <span class="na">template</span><span class="p">:</span> <span class="s2">` &lt;main [style.padding-top.px]="hostContext()?.safeAreaInsets?.top" [style.padding-right.px]="hostContext()?.safeAreaInsets?.right" [style.padding-bottom.px]="hostContext()?.safeAreaInsets?.bottom" [style.padding-left.px]="hostContext()?.safeAreaInsets?.left" &gt; &lt;p&gt;&lt;strong&gt;Server Time:&lt;/strong&gt; &lt;code&gt;{{ serverTime() }}&lt;/code&gt;&lt;/p&gt; &lt;button (click)="handleGetTime()"&gt;Get Server Time&lt;/button&gt; &lt;/main&gt; `</span><span class="p">,</span> <span class="p">})</span> <span class="k">export</span> <span class="kd">class</span> <span class="nc">AppComponent</span> <span class="k">implements</span> <span class="nx">OnInit</span> <span class="p">{</span> <span class="k">private</span> <span class="nx">app</span><span class="p">:</span> <span class="nx">App</span> <span class="o">|</span> <span class="kc">null</span> <span class="o">=</span> <span class="kc">null</span><span class="p">;</span> <span class="nx">hostContext</span> <span class="o">=</span> <span class="nx">signal</span><span class="o">&lt;</span><span class="nx">McpUiHostContext</span> <span class="o">|</span> <span class="kc">undefined</span><span class="o">&gt;</span><span class="p">(</span><span class="kc">undefined</span><span class="p">);</span> <span class="nx">serverTime</span> <span class="o">=</span> <span class="nf">signal</span><span class="p">(</span><span class="dl">"</span><span class="s2">Loading...</span><span class="dl">"</span><span class="p">);</span> <span class="k">async</span> <span class="nf">ngOnInit</span><span class="p">()</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">instance</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">App</span><span class="p">({</span> <span class="na">name</span><span class="p">:</span> <span class="dl">"</span><span class="s2">Get Time App</span><span class="dl">"</span><span class="p">,</span> <span class="na">version</span><span class="p">:</span> <span class="dl">"</span><span class="s2">1.0.0</span><span class="dl">"</span> <span class="p">});</span> <span class="nx">instance</span><span class="p">.</span><span class="nx">ontoolresult</span> <span class="o">=</span> <span class="p">(</span><span class="nx">result</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">this</span><span class="p">.</span><span class="nx">serverTime</span><span class="p">.</span><span class="nf">set</span><span class="p">(</span><span class="nf">extractText</span><span class="p">(</span><span class="nx">result</span><span class="p">));</span> <span class="p">};</span> <span class="nx">instance</span><span class="p">.</span><span class="nx">onhostcontextchanged</span> <span class="o">=</span> <span class="p">(</span><span class="nx">params</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">ctx</span> <span class="o">=</span> <span class="p">{</span> <span class="p">...</span><span class="k">this</span><span class="p">.</span><span class="nf">hostContext</span><span class="p">(),</span> <span class="p">...</span><span class="nx">params</span> <span class="p">};</span> <span class="k">this</span><span class="p">.</span><span class="nx">hostContext</span><span class="p">.</span><span class="nf">set</span><span class="p">(</span><span class="nx">ctx</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="nx">ctx</span><span class="p">.</span><span class="nx">theme</span><span class="p">)</span> <span class="nf">applyDocumentTheme</span><span class="p">(</span><span class="nx">ctx</span><span class="p">.</span><span class="nx">theme</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="nx">ctx</span><span class="p">.</span><span class="nx">styles</span><span class="p">?.</span><span class="nx">variables</span><span class="p">)</span> <span class="nf">applyHostStyleVariables</span><span class="p">(</span><span class="nx">ctx</span><span class="p">.</span><span class="nx">styles</span><span class="p">.</span><span class="nx">variables</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="nx">ctx</span><span class="p">.</span><span class="nx">styles</span><span class="p">?.</span><span class="nx">css</span><span class="p">?.</span><span class="nx">fonts</span><span class="p">)</span> <span class="nf">applyHostFonts</span><span class="p">(</span><span class="nx">ctx</span><span class="p">.</span><span class="nx">styles</span><span class="p">.</span><span class="nx">css</span><span class="p">.</span><span class="nx">fonts</span><span class="p">);</span> <span class="p">};</span> <span class="k">await</span> <span class="nx">instance</span><span class="p">.</span><span class="nf">connect</span><span class="p">();</span> <span class="k">this</span><span class="p">.</span><span class="nx">app</span> <span class="o">=</span> <span class="nx">instance</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">ctx</span> <span class="o">=</span> <span class="nx">instance</span><span class="p">.</span><span class="nf">getHostContext</span><span class="p">();</span> <span class="k">this</span><span class="p">.</span><span class="nx">hostContext</span><span class="p">.</span><span class="nf">set</span><span class="p">(</span><span class="nx">ctx</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="nx">ctx</span><span class="p">?.</span><span class="nx">theme</span><span class="p">)</span> <span class="nf">applyDocumentTheme</span><span class="p">(</span><span class="nx">ctx</span><span class="p">.</span><span class="nx">theme</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="nx">ctx</span><span class="p">?.</span><span class="nx">styles</span><span class="p">?.</span><span class="nx">variables</span><span class="p">)</span> <span class="nf">applyHostStyleVariables</span><span class="p">(</span><span class="nx">ctx</span><span class="p">.</span><span class="nx">styles</span><span class="p">.</span><span class="nx">variables</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="nx">ctx</span><span class="p">?.</span><span class="nx">styles</span><span class="p">?.</span><span class="nx">css</span><span class="p">?.</span><span class="nx">fonts</span><span class="p">)</span> <span class="nf">applyHostFonts</span><span class="p">(</span><span class="nx">ctx</span><span class="p">.</span><span class="nx">styles</span><span class="p">.</span><span class="nx">css</span><span class="p">.</span><span class="nx">fonts</span><span class="p">);</span> <span class="p">}</span> <span class="k">async</span> <span class="nf">handleGetTime</span><span class="p">()</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="k">this</span><span class="p">.</span><span class="nx">app</span><span class="p">)</span> <span class="k">return</span><span class="p">;</span> <span class="k">try</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">result</span> <span class="o">=</span> <span class="k">await</span> <span class="k">this</span><span class="p">.</span><span class="nx">app</span><span class="p">.</span><span class="nf">callServerTool</span><span class="p">({</span> <span class="na">name</span><span class="p">:</span> <span class="dl">"</span><span class="s2">get-time</span><span class="dl">"</span><span class="p">,</span> <span class="na">arguments</span><span class="p">:</span> <span class="p">{},</span> <span class="p">});</span> <span class="k">this</span><span class="p">.</span><span class="nx">serverTime</span><span class="p">.</span><span class="nf">set</span><span class="p">(</span><span class="nf">extractText</span><span class="p">(</span><span class="nx">result</span><span class="p">));</span> <span class="p">}</span> <span class="k">catch</span> <span class="p">{</span> <span class="k">this</span><span class="p">.</span><span class="nx">serverTime</span><span class="p">.</span><span class="nf">set</span><span class="p">(</span><span class="dl">"</span><span class="s2">[ERROR]</span><span class="dl">"</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>A few things to note:</p> <ul> <li> <strong><code>App</code> class</strong> — this is the SDK's main entry point. You create one, wire up callbacks, and call <code>connect()</code>. That's it.</li> <li> <strong><code>ontoolresult</code></strong> — fires when the host sends a tool result. This is how data flows from the server to your UI.</li> <li> <strong><code>callServerTool()</code></strong> — lets the UI call tools on the server. The host proxies this through the MCP client.</li> <li> <strong><code>onhostcontextchanged</code></strong> — the host pushes theme and style updates. The helper functions (<code>applyDocumentTheme</code>, etc.) apply them as CSS variables on <code>document</code>, so your component styles just work.</li> <li> <strong><code>safeAreaInsets</code></strong> — the host tells you how much padding to leave for its chrome. Use it on your root container.</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fomue11jkh4i33mvankds.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fomue11jkh4i33mvankds.png" alt="Get Time MCP App running inside Claude Desktop" width="800" height="703"></a></p> <h2> Step 4: Adding a Second UI </h2> <p>Here's where it gets interesting. Say you want a "Greet" tool with its own UI. Each tool gets its own HTML entry point, its own Angular app, and its own resource registration.</p> <h3> Server: Register Both Tools </h3> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// server.ts — inside createServer()</span> <span class="c1">// Tool #1: Get Time</span> <span class="kd">const</span> <span class="nx">timeResourceUri</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">ui://get-time/mcp-app.html</span><span class="dl">"</span><span class="p">;</span> <span class="nf">registerAppTool</span><span class="p">(</span><span class="nx">server</span><span class="p">,</span> <span class="dl">"</span><span class="s2">get-time</span><span class="dl">"</span><span class="p">,</span> <span class="p">{</span> <span class="na">title</span><span class="p">:</span> <span class="dl">"</span><span class="s2">Get Time</span><span class="dl">"</span><span class="p">,</span> <span class="na">description</span><span class="p">:</span> <span class="dl">"</span><span class="s2">Returns the current server time.</span><span class="dl">"</span><span class="p">,</span> <span class="na">inputSchema</span><span class="p">:</span> <span class="p">{},</span> <span class="na">_meta</span><span class="p">:</span> <span class="p">{</span> <span class="na">ui</span><span class="p">:</span> <span class="p">{</span> <span class="na">resourceUri</span><span class="p">:</span> <span class="nx">timeResourceUri</span> <span class="p">}</span> <span class="p">},</span> <span class="p">},</span> <span class="k">async </span><span class="p">():</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="nx">CallToolResult</span><span class="o">&gt;</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">return</span> <span class="p">{</span> <span class="na">content</span><span class="p">:</span> <span class="p">[{</span> <span class="na">type</span><span class="p">:</span> <span class="dl">"</span><span class="s2">text</span><span class="dl">"</span><span class="p">,</span> <span class="na">text</span><span class="p">:</span> <span class="k">new</span> <span class="nc">Date</span><span class="p">().</span><span class="nf">toISOString</span><span class="p">()</span> <span class="p">}]</span> <span class="p">};</span> <span class="p">});</span> <span class="nf">registerAppResource</span><span class="p">(</span><span class="nx">server</span><span class="p">,</span> <span class="nx">timeResourceUri</span><span class="p">,</span> <span class="nx">timeResourceUri</span><span class="p">,</span> <span class="p">{</span> <span class="na">mimeType</span><span class="p">:</span> <span class="nx">RESOURCE_MIME_TYPE</span><span class="p">,</span> <span class="p">},</span> <span class="k">async </span><span class="p">():</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="nx">ReadResourceResult</span><span class="o">&gt;</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">html</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">fs</span><span class="p">.</span><span class="nf">readFile</span><span class="p">(</span><span class="nx">path</span><span class="p">.</span><span class="nf">join</span><span class="p">(</span><span class="nx">DIST_DIR</span><span class="p">,</span> <span class="dl">"</span><span class="s2">mcp-app.html</span><span class="dl">"</span><span class="p">),</span> <span class="dl">"</span><span class="s2">utf-8</span><span class="dl">"</span><span class="p">);</span> <span class="k">return</span> <span class="p">{</span> <span class="na">contents</span><span class="p">:</span> <span class="p">[{</span> <span class="na">uri</span><span class="p">:</span> <span class="nx">timeResourceUri</span><span class="p">,</span> <span class="na">mimeType</span><span class="p">:</span> <span class="nx">RESOURCE_MIME_TYPE</span><span class="p">,</span> <span class="na">text</span><span class="p">:</span> <span class="nx">html</span> <span class="p">}]</span> <span class="p">};</span> <span class="p">});</span> <span class="c1">// Tool #2: Greet</span> <span class="kd">const</span> <span class="nx">greetResourceUri</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">ui://greet/greeting-app.html</span><span class="dl">"</span><span class="p">;</span> <span class="nf">registerAppTool</span><span class="p">(</span><span class="nx">server</span><span class="p">,</span> <span class="dl">"</span><span class="s2">greet</span><span class="dl">"</span><span class="p">,</span> <span class="p">{</span> <span class="na">title</span><span class="p">:</span> <span class="dl">"</span><span class="s2">Greet</span><span class="dl">"</span><span class="p">,</span> <span class="na">description</span><span class="p">:</span> <span class="dl">"</span><span class="s2">Returns a personalised greeting.</span><span class="dl">"</span><span class="p">,</span> <span class="na">inputSchema</span><span class="p">:</span> <span class="p">{</span> <span class="na">name</span><span class="p">:</span> <span class="nx">z</span><span class="p">.</span><span class="nf">string</span><span class="p">().</span><span class="nf">optional</span><span class="p">().</span><span class="k">default</span><span class="p">(</span><span class="dl">"</span><span class="s2">World</span><span class="dl">"</span><span class="p">).</span><span class="nf">describe</span><span class="p">(</span><span class="dl">"</span><span class="s2">Name to greet</span><span class="dl">"</span><span class="p">),</span> <span class="p">},</span> <span class="na">_meta</span><span class="p">:</span> <span class="p">{</span> <span class="na">ui</span><span class="p">:</span> <span class="p">{</span> <span class="na">resourceUri</span><span class="p">:</span> <span class="nx">greetResourceUri</span> <span class="p">}</span> <span class="p">},</span> <span class="p">},</span> <span class="k">async </span><span class="p">({</span> <span class="nx">name</span> <span class="p">}:</span> <span class="p">{</span> <span class="nl">name</span><span class="p">?:</span> <span class="kr">string</span> <span class="p">}):</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="nx">CallToolResult</span><span class="o">&gt;</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">greeting</span> <span class="o">=</span> <span class="s2">`Hello, </span><span class="p">${</span><span class="nx">name</span> <span class="o">||</span> <span class="dl">"</span><span class="s2">World</span><span class="dl">"</span><span class="p">}</span><span class="s2">! Welcome to the MCP Apps SDK.`</span><span class="p">;</span> <span class="k">return</span> <span class="p">{</span> <span class="na">content</span><span class="p">:</span> <span class="p">[{</span> <span class="na">type</span><span class="p">:</span> <span class="dl">"</span><span class="s2">text</span><span class="dl">"</span><span class="p">,</span> <span class="na">text</span><span class="p">:</span> <span class="nx">greeting</span> <span class="p">}]</span> <span class="p">};</span> <span class="p">});</span> <span class="nf">registerAppResource</span><span class="p">(</span><span class="nx">server</span><span class="p">,</span> <span class="nx">greetResourceUri</span><span class="p">,</span> <span class="nx">greetResourceUri</span><span class="p">,</span> <span class="p">{</span> <span class="na">mimeType</span><span class="p">:</span> <span class="nx">RESOURCE_MIME_TYPE</span><span class="p">,</span> <span class="p">},</span> <span class="k">async </span><span class="p">():</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="nx">ReadResourceResult</span><span class="o">&gt;</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">html</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">fs</span><span class="p">.</span><span class="nf">readFile</span><span class="p">(</span><span class="nx">path</span><span class="p">.</span><span class="nf">join</span><span class="p">(</span><span class="nx">DIST_DIR</span><span class="p">,</span> <span class="dl">"</span><span class="s2">greeting-app.html</span><span class="dl">"</span><span class="p">),</span> <span class="dl">"</span><span class="s2">utf-8</span><span class="dl">"</span><span class="p">);</span> <span class="k">return</span> <span class="p">{</span> <span class="na">contents</span><span class="p">:</span> <span class="p">[{</span> <span class="na">uri</span><span class="p">:</span> <span class="nx">greetResourceUri</span><span class="p">,</span> <span class="na">mimeType</span><span class="p">:</span> <span class="nx">RESOURCE_MIME_TYPE</span><span class="p">,</span> <span class="na">text</span><span class="p">:</span> <span class="nx">html</span> <span class="p">}]</span> <span class="p">};</span> <span class="p">});</span> </code></pre> </div> <h3> Greeting Component </h3> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// src/greeting.component.ts</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">Component</span><span class="p">,</span> <span class="kd">type</span> <span class="nx">OnInit</span><span class="p">,</span> <span class="nx">signal</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">@angular/core</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">FormsModule</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">@angular/forms</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">App</span><span class="p">,</span> <span class="nx">applyDocumentTheme</span><span class="p">,</span> <span class="nx">applyHostStyleVariables</span><span class="p">,</span> <span class="nx">applyHostFonts</span><span class="p">,</span> <span class="kd">type</span> <span class="nx">McpUiHostContext</span><span class="p">,</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">@modelcontextprotocol/ext-apps</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="kd">type</span> <span class="p">{</span> <span class="nx">CallToolResult</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">@modelcontextprotocol/sdk/types.js</span><span class="dl">"</span><span class="p">;</span> <span class="p">@</span><span class="nd">Component</span><span class="p">({</span> <span class="na">selector</span><span class="p">:</span> <span class="dl">"</span><span class="s2">greeting-root</span><span class="dl">"</span><span class="p">,</span> <span class="na">imports</span><span class="p">:</span> <span class="p">[</span><span class="nx">FormsModule</span><span class="p">],</span> <span class="na">template</span><span class="p">:</span> <span class="s2">` &lt;main [style.padding-top.px]="hostContext()?.safeAreaInsets?.top" [style.padding-right.px]="hostContext()?.safeAreaInsets?.right" [style.padding-bottom.px]="hostContext()?.safeAreaInsets?.bottom" [style.padding-left.px]="hostContext()?.safeAreaInsets?.left" &gt; &lt;div&gt; &lt;label&gt;&lt;strong&gt;Your name:&lt;/strong&gt;&lt;/label&gt; &lt;input type="text" [(ngModel)]="nameText" placeholder="Enter your name"&gt; &lt;button (click)="handleGreet()"&gt;Get Greeting&lt;/button&gt; &lt;/div&gt; @if (greeting()) { &lt;div class="greeting-display"&gt;{{ greeting() }}&lt;/div&gt; } &lt;/main&gt; `</span><span class="p">,</span> <span class="p">})</span> <span class="k">export</span> <span class="kd">class</span> <span class="nc">GreetingComponent</span> <span class="k">implements</span> <span class="nx">OnInit</span> <span class="p">{</span> <span class="k">private</span> <span class="nx">app</span><span class="p">:</span> <span class="nx">App</span> <span class="o">|</span> <span class="kc">null</span> <span class="o">=</span> <span class="kc">null</span><span class="p">;</span> <span class="nx">hostContext</span> <span class="o">=</span> <span class="nx">signal</span><span class="o">&lt;</span><span class="nx">McpUiHostContext</span> <span class="o">|</span> <span class="kc">undefined</span><span class="o">&gt;</span><span class="p">(</span><span class="kc">undefined</span><span class="p">);</span> <span class="nx">greeting</span> <span class="o">=</span> <span class="nf">signal</span><span class="p">(</span><span class="dl">""</span><span class="p">);</span> <span class="nx">nameText</span> <span class="o">=</span> <span class="dl">""</span><span class="p">;</span> <span class="k">async</span> <span class="nf">ngOnInit</span><span class="p">()</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">instance</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">App</span><span class="p">({</span> <span class="na">name</span><span class="p">:</span> <span class="dl">"</span><span class="s2">Greeting App</span><span class="dl">"</span><span class="p">,</span> <span class="na">version</span><span class="p">:</span> <span class="dl">"</span><span class="s2">1.0.0</span><span class="dl">"</span> <span class="p">});</span> <span class="nx">instance</span><span class="p">.</span><span class="nx">ontoolresult</span> <span class="o">=</span> <span class="p">(</span><span class="nx">result</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">this</span><span class="p">.</span><span class="nx">greeting</span><span class="p">.</span><span class="nf">set</span><span class="p">(</span><span class="nx">result</span><span class="p">.</span><span class="nx">content</span><span class="p">?.</span><span class="nf">find</span><span class="p">((</span><span class="nx">c</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="nx">c</span><span class="p">.</span><span class="kd">type</span> <span class="o">===</span> <span class="dl">"</span><span class="s2">text</span><span class="dl">"</span><span class="p">)</span><span class="o">!</span><span class="p">.</span><span class="nx">text</span><span class="p">);</span> <span class="p">};</span> <span class="nx">instance</span><span class="p">.</span><span class="nx">onhostcontextchanged</span> <span class="o">=</span> <span class="p">(</span><span class="nx">params</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">ctx</span> <span class="o">=</span> <span class="p">{</span> <span class="p">...</span><span class="k">this</span><span class="p">.</span><span class="nf">hostContext</span><span class="p">(),</span> <span class="p">...</span><span class="nx">params</span> <span class="p">};</span> <span class="k">this</span><span class="p">.</span><span class="nx">hostContext</span><span class="p">.</span><span class="nf">set</span><span class="p">(</span><span class="nx">ctx</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="nx">ctx</span><span class="p">.</span><span class="nx">theme</span><span class="p">)</span> <span class="nf">applyDocumentTheme</span><span class="p">(</span><span class="nx">ctx</span><span class="p">.</span><span class="nx">theme</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="nx">ctx</span><span class="p">.</span><span class="nx">styles</span><span class="p">?.</span><span class="nx">variables</span><span class="p">)</span> <span class="nf">applyHostStyleVariables</span><span class="p">(</span><span class="nx">ctx</span><span class="p">.</span><span class="nx">styles</span><span class="p">.</span><span class="nx">variables</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="nx">ctx</span><span class="p">.</span><span class="nx">styles</span><span class="p">?.</span><span class="nx">css</span><span class="p">?.</span><span class="nx">fonts</span><span class="p">)</span> <span class="nf">applyHostFonts</span><span class="p">(</span><span class="nx">ctx</span><span class="p">.</span><span class="nx">styles</span><span class="p">.</span><span class="nx">css</span><span class="p">.</span><span class="nx">fonts</span><span class="p">);</span> <span class="p">};</span> <span class="k">await</span> <span class="nx">instance</span><span class="p">.</span><span class="nf">connect</span><span class="p">();</span> <span class="k">this</span><span class="p">.</span><span class="nx">app</span> <span class="o">=</span> <span class="nx">instance</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">ctx</span> <span class="o">=</span> <span class="nx">instance</span><span class="p">.</span><span class="nf">getHostContext</span><span class="p">();</span> <span class="k">this</span><span class="p">.</span><span class="nx">hostContext</span><span class="p">.</span><span class="nf">set</span><span class="p">(</span><span class="nx">ctx</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="nx">ctx</span><span class="p">?.</span><span class="nx">theme</span><span class="p">)</span> <span class="nf">applyDocumentTheme</span><span class="p">(</span><span class="nx">ctx</span><span class="p">.</span><span class="nx">theme</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="nx">ctx</span><span class="p">?.</span><span class="nx">styles</span><span class="p">?.</span><span class="nx">variables</span><span class="p">)</span> <span class="nf">applyHostStyleVariables</span><span class="p">(</span><span class="nx">ctx</span><span class="p">.</span><span class="nx">styles</span><span class="p">.</span><span class="nx">variables</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="nx">ctx</span><span class="p">?.</span><span class="nx">styles</span><span class="p">?.</span><span class="nx">css</span><span class="p">?.</span><span class="nx">fonts</span><span class="p">)</span> <span class="nf">applyHostFonts</span><span class="p">(</span><span class="nx">ctx</span><span class="p">.</span><span class="nx">styles</span><span class="p">.</span><span class="nx">css</span><span class="p">.</span><span class="nx">fonts</span><span class="p">);</span> <span class="p">}</span> <span class="k">async</span> <span class="nf">handleGreet</span><span class="p">()</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="k">this</span><span class="p">.</span><span class="nx">app</span><span class="p">)</span> <span class="k">return</span><span class="p">;</span> <span class="k">try</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">name</span> <span class="o">=</span> <span class="k">this</span><span class="p">.</span><span class="nx">nameText</span><span class="p">.</span><span class="nf">trim</span><span class="p">()</span> <span class="o">||</span> <span class="dl">"</span><span class="s2">World</span><span class="dl">"</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">result</span> <span class="o">=</span> <span class="k">await</span> <span class="k">this</span><span class="p">.</span><span class="nx">app</span><span class="p">.</span><span class="nf">callServerTool</span><span class="p">({</span> <span class="na">name</span><span class="p">:</span> <span class="dl">"</span><span class="s2">greet</span><span class="dl">"</span><span class="p">,</span> <span class="na">arguments</span><span class="p">:</span> <span class="p">{</span> <span class="nx">name</span> <span class="p">}</span> <span class="p">});</span> <span class="k">this</span><span class="p">.</span><span class="nx">greeting</span><span class="p">.</span><span class="nf">set</span><span class="p">(</span><span class="nx">result</span><span class="p">.</span><span class="nx">content</span><span class="p">?.</span><span class="nf">find</span><span class="p">((</span><span class="nx">c</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="nx">c</span><span class="p">.</span><span class="kd">type</span> <span class="o">===</span> <span class="dl">"</span><span class="s2">text</span><span class="dl">"</span><span class="p">)</span><span class="o">!</span><span class="p">.</span><span class="nx">text</span><span class="p">);</span> <span class="p">}</span> <span class="k">catch</span> <span class="p">{</span> <span class="k">this</span><span class="p">.</span><span class="nx">greeting</span><span class="p">.</span><span class="nf">set</span><span class="p">(</span><span class="dl">"</span><span class="s2">[ERROR]</span><span class="dl">"</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F0zy41cpsen4zza2pyvoc.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F0zy41cpsen4zza2pyvoc.png" alt="Greeting MCP App running inside Claude Desktop" width="800" height="687"></a></p> <h2> Step 5: Sharing Code Between UIs </h2> <p>You probably noticed that both components have identical <code>App</code> setup and theming boilerplate. That's a great candidate for extraction — and since each HTML is a separate Vite entry point, <strong>Vite's tree-shaking ensures each bundle only includes what it actually imports</strong>.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// src/shared/mcp-app-setup.ts</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">App</span><span class="p">,</span> <span class="nx">applyDocumentTheme</span><span class="p">,</span> <span class="nx">applyHostStyleVariables</span><span class="p">,</span> <span class="nx">applyHostFonts</span><span class="p">,</span> <span class="kd">type</span> <span class="nx">McpUiHostContext</span><span class="p">,</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">@modelcontextprotocol/ext-apps</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="kd">type</span> <span class="p">{</span> <span class="nx">WritableSignal</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">@angular/core</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="kd">type</span> <span class="p">{</span> <span class="nx">CallToolResult</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">@modelcontextprotocol/sdk/types.js</span><span class="dl">"</span><span class="p">;</span> <span class="k">export</span> <span class="kd">function</span> <span class="nf">extractText</span><span class="p">(</span><span class="nx">result</span><span class="p">:</span> <span class="nx">CallToolResult</span><span class="p">):</span> <span class="kr">string</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">result</span><span class="p">.</span><span class="nx">content</span><span class="p">?.</span><span class="nf">find</span><span class="p">((</span><span class="nx">c</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="nx">c</span><span class="p">.</span><span class="kd">type</span> <span class="o">===</span> <span class="dl">"</span><span class="s2">text</span><span class="dl">"</span><span class="p">)</span><span class="o">!</span><span class="p">.</span><span class="nx">text</span><span class="p">;</span> <span class="p">}</span> <span class="kd">function</span> <span class="nf">applyContext</span><span class="p">(</span><span class="nx">ctx</span><span class="p">:</span> <span class="nx">McpUiHostContext</span><span class="p">):</span> <span class="k">void</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">ctx</span><span class="p">.</span><span class="nx">theme</span><span class="p">)</span> <span class="nf">applyDocumentTheme</span><span class="p">(</span><span class="nx">ctx</span><span class="p">.</span><span class="nx">theme</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="nx">ctx</span><span class="p">.</span><span class="nx">styles</span><span class="p">?.</span><span class="nx">variables</span><span class="p">)</span> <span class="nf">applyHostStyleVariables</span><span class="p">(</span><span class="nx">ctx</span><span class="p">.</span><span class="nx">styles</span><span class="p">.</span><span class="nx">variables</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="nx">ctx</span><span class="p">.</span><span class="nx">styles</span><span class="p">?.</span><span class="nx">css</span><span class="p">?.</span><span class="nx">fonts</span><span class="p">)</span> <span class="nf">applyHostFonts</span><span class="p">(</span><span class="nx">ctx</span><span class="p">.</span><span class="nx">styles</span><span class="p">.</span><span class="nx">css</span><span class="p">.</span><span class="nx">fonts</span><span class="p">);</span> <span class="p">}</span> <span class="k">export</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">createMcpApp</span><span class="p">(</span> <span class="nx">name</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">hostContext</span><span class="p">:</span> <span class="nx">WritableSignal</span><span class="o">&lt;</span><span class="nx">McpUiHostContext</span> <span class="o">|</span> <span class="kc">undefined</span><span class="o">&gt;</span><span class="p">,</span> <span class="nx">onToolResult</span><span class="p">?:</span> <span class="p">(</span><span class="nx">result</span><span class="p">:</span> <span class="nx">CallToolResult</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="k">void</span><span class="p">,</span> <span class="p">):</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="nx">App</span><span class="o">&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">app</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">App</span><span class="p">({</span> <span class="nx">name</span><span class="p">,</span> <span class="na">version</span><span class="p">:</span> <span class="dl">"</span><span class="s2">1.0.0</span><span class="dl">"</span> <span class="p">});</span> <span class="k">if </span><span class="p">(</span><span class="nx">onToolResult</span><span class="p">)</span> <span class="nx">app</span><span class="p">.</span><span class="nx">ontoolresult</span> <span class="o">=</span> <span class="nx">onToolResult</span><span class="p">;</span> <span class="nx">app</span><span class="p">.</span><span class="nx">onhostcontextchanged</span> <span class="o">=</span> <span class="p">(</span><span class="nx">params</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">ctx</span> <span class="o">=</span> <span class="p">{</span> <span class="p">...</span><span class="nf">hostContext</span><span class="p">(),</span> <span class="p">...</span><span class="nx">params</span> <span class="p">}</span> <span class="k">as</span> <span class="nx">McpUiHostContext</span><span class="p">;</span> <span class="nx">hostContext</span><span class="p">.</span><span class="nf">set</span><span class="p">(</span><span class="nx">ctx</span><span class="p">);</span> <span class="nf">applyContext</span><span class="p">(</span><span class="nx">ctx</span><span class="p">);</span> <span class="p">};</span> <span class="k">await</span> <span class="nx">app</span><span class="p">.</span><span class="nf">connect</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">ctx</span> <span class="o">=</span> <span class="nx">app</span><span class="p">.</span><span class="nf">getHostContext</span><span class="p">();</span> <span class="nx">hostContext</span><span class="p">.</span><span class="nf">set</span><span class="p">(</span><span class="nx">ctx</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="nx">ctx</span><span class="p">)</span> <span class="nf">applyContext</span><span class="p">(</span><span class="nx">ctx</span><span class="p">);</span> <span class="k">return</span> <span class="nx">app</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <p>Both components import <code>createMcpApp</code> and <code>extractText</code> from the shared module. Since they're in separate Vite builds, tree-shaking still applies — each bundle only pulls in what it calls.</p> <h2> Step 6: The Build </h2> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// vite.config.ts</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">defineConfig</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">vite</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">viteSingleFile</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">vite-plugin-singlefile</span><span class="dl">"</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">INPUT</span> <span class="o">=</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">INPUT</span><span class="p">;</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">INPUT</span><span class="p">)</span> <span class="k">throw</span> <span class="k">new</span> <span class="nc">Error</span><span class="p">(</span><span class="dl">"</span><span class="s2">INPUT environment variable is not set</span><span class="dl">"</span><span class="p">);</span> <span class="k">export</span> <span class="k">default</span> <span class="nf">defineConfig</span><span class="p">({</span> <span class="na">plugins</span><span class="p">:</span> <span class="p">[</span><span class="nf">viteSingleFile</span><span class="p">()],</span> <span class="na">build</span><span class="p">:</span> <span class="p">{</span> <span class="na">rollupOptions</span><span class="p">:</span> <span class="p">{</span> <span class="na">input</span><span class="p">:</span> <span class="nx">INPUT</span> <span class="p">},</span> <span class="na">outDir</span><span class="p">:</span> <span class="dl">"</span><span class="s2">dist</span><span class="dl">"</span><span class="p">,</span> <span class="na">emptyOutDir</span><span class="p">:</span> <span class="kc">false</span><span class="p">,</span> <span class="c1">// Key: don't wipe previous builds</span> <span class="p">},</span> <span class="p">});</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"scripts"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"build"</span><span class="p">:</span><span class="w"> </span><span class="s2">"tsc --noEmit &amp;&amp; cross-env INPUT=mcp-app.html vite build &amp;&amp; cross-env INPUT=greeting-app.html vite build &amp;&amp; tsc -p tsconfig.server.json &amp;&amp; bun build server.ts --outdir dist --target node"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>Each HTML file produces a fully self-contained output (all JS, CSS, and Angular runtime inlined). The two bundles are completely independent.</p> <h2> Theming: Looking Native in Any Host </h2> <div class="highlight js-code-highlight"> <pre class="highlight css"><code><span class="nd">:root</span> <span class="p">{</span> <span class="py">color-scheme</span><span class="p">:</span> <span class="n">light</span> <span class="n">dark</span><span class="p">;</span> <span class="py">--color-text-primary</span><span class="p">:</span> <span class="n">light-dark</span><span class="p">(</span><span class="m">#1f2937</span><span class="p">,</span> <span class="m">#f3f4f6</span><span class="p">);</span> <span class="py">--color-background-primary</span><span class="p">:</span> <span class="n">light-dark</span><span class="p">(</span><span class="m">#ffffff</span><span class="p">,</span> <span class="m">#1a1a1a</span><span class="p">);</span> <span class="py">--color-accent</span><span class="p">:</span> <span class="m">#2563eb</span><span class="p">;</span> <span class="py">--border-radius-md</span><span class="p">:</span> <span class="m">6px</span><span class="p">;</span> <span class="py">--spacing-unit</span><span class="p">:</span> <span class="n">var</span><span class="p">(</span><span class="n">--font-text-md-size</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p>When the host sends style updates via <code>onhostcontextchanged</code>, the helper functions overwrite these variables on the document root. Your Angular component styles reference the variables (<code>var(--color-accent)</code>, <code>var(--spacing-md)</code>), so they adapt automatically — no theme prop drilling needed.</p> <h2> Recap </h2> <ol> <li> <strong>Server</strong>: register a tool + resource pair per UI, linked by a resource URI</li> <li> <strong>HTML</strong>: one entry point per UI, each bootstrapping its own Angular app</li> <li> <strong>Component</strong>: create an <code>App</code> instance, wire up callbacks, call <code>connect()</code> </li> <li> <strong>Shared code</strong>: extract common setup into a shared module — Vite tree-shakes per entry point</li> <li> <strong>Build</strong>: run Vite once per HTML file into the same <code>dist/</code> directory</li> <li> <strong>Theming</strong>: use host CSS variables with fallbacks, apply updates via <code>onhostcontextchanged</code> </li> </ol> <p>The full source is available in the <a href="https://github.com/dalenguyen/ext-apps/tree/main/examples/basic-server-angular" rel="noopener noreferrer">ext-apps examples</a>.</p> angular mcp typescript vite How I Almost Got Pwned - A Tale of Supply Chain Attacks and GitHub Actions Gone Wrong Dale Nguyen Fri, 12 Sep 2025 02:35:15 +0000 https://dev.to/dalenguyen/how-i-almost-got-pwned-a-tale-of-supply-chain-attacks-and-github-actions-gone-wrong-56oh https://dev.to/dalenguyen/how-i-almost-got-pwned-a-tale-of-supply-chain-attacks-and-github-actions-gone-wrong-56oh <p><em>Or: "That time someone tried to turn my innocent Node.js repo into a credential-harvesting machine"</em></p> <p>So there I was, minding my own business with my trusty old Node.js REST API project, when I noticed something weird in the <code>package-lock.json</code> file from one of a <a href="https://github.com/dalenguyen/rest-api-node-typescript/pull/22" rel="noopener noreferrer">PR</a> from a random contributor - and another contributor actually approved the PR right after that. What started as a routine dependency check turned into a rabbit hole that led me straight into the middle of a supply chain attack campaign that was actively targeting developers like us.</p> <p>Buckle up, because this is a story about how modern software development can go sideways fast, and why that "helpful" pull request might not be so helpful after all.</p> <h2> What Even Is a Supply Chain Attack? </h2> <p>It’s when hackers sneak bad stuff (malware, credential stealers, you name it) into your dependencies, build scripts, or CI/CD pipelines—any link where code, secrets, and environments touch. Think: “If I can poison upstream, why bother attacking thousands of repos individually?” Welcome to modern risk!</p> <p>It's insidious because these are the tools we trust implicitly. When <code>lodash</code> releases an update, we don't usually audit every line of code, right? We just <code>npm update</code> and move on with our lives.</p> <h2> The Smoking Gun: The Lockfile Had Been Tampered With </h2> <p>It all started when I was reviewing the <code>package-lock.json</code> from the pull request. I noticed something that made my developer spidey-senses tingle - together with the <a href="https://blog.gitguardian.com/ghostaction-campaign-3-325-secrets-stolen/" rel="noopener noreferrer">recent NPM hack news on Sep 2025</a>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="err">//</span><span class="w"> </span><span class="err">BEFORE</span><span class="w"> </span><span class="err">(Normal,</span><span class="w"> </span><span class="err">secure)</span><span class="w"> </span><span class="nl">"@types/body-parser"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"version"</span><span class="p">:</span><span class="w"> </span><span class="s2">"1.17.0"</span><span class="p">,</span><span class="w"> </span><span class="nl">"requires"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"@types/connect"</span><span class="p">:</span><span class="w"> </span><span class="s2">"3.4.32"</span><span class="p">,</span><span class="w"> </span><span class="nl">"@types/node"</span><span class="p">:</span><span class="w"> </span><span class="s2">"10.12.18"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="err">//</span><span class="w"> </span><span class="err">AFTER</span><span class="w"> </span><span class="err">(Sus</span><span class="w"> </span><span class="err">as</span><span class="w"> </span><span class="err">hell)</span><span class="w"> </span><span class="nl">"@types/body-parser"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"version"</span><span class="p">:</span><span class="w"> </span><span class="s2">"1.17.0"</span><span class="p">,</span><span class="w"> </span><span class="nl">"dependencies"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"@types/connect"</span><span class="p">:</span><span class="w"> </span><span class="s2">"*"</span><span class="p">,</span><span class="w"> </span><span class="nl">"@types/node"</span><span class="p">:</span><span class="w"> </span><span class="s2">"*"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>Those little asterisks? Those are wildcards that basically tell npm "give me whatever version you feel like." It's like ordering food and telling the waiter "surprise me" – except the surprise might be malware.</p> <p>This change completely bypasses version pinning, which is one of our main defenses against supply chain attacks. With wildcards, if any of those packages gets compromised later, you'll automatically pull the malicious version on your next install.</p> <h2> Enter the "Helpful" Contributor </h2> <p>Then I found the smoking gun: a pull request from September 5, 2025, submitted by a user called <code>harshitcodez19</code>. The PR looked innocent enough – just adding some CI/CD with GitHub Actions. How thoughtful!<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">name</span><span class="pi">:</span> <span class="s">Build on PR</span> <span class="c1"># Heello this is a ymk file made up for cICD</span> <span class="na">on</span><span class="pi">:</span> <span class="na">push</span><span class="pi">:</span> <span class="na">branches</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">main</span> <span class="c1"># ← Wait, my repo uses 'master'</span> <span class="na">pull_request</span><span class="pi">:</span> <span class="na">branches</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">main</span> <span class="c1"># ← This is wrong too...</span> <span class="na">jobs</span><span class="pi">:</span> <span class="na">build</span><span class="pi">:</span> <span class="na">runs-on</span><span class="pi">:</span> <span class="s">ubuntu-latest</span> <span class="na">steps</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">actions/checkout@v3</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Use Node.js</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">actions/setup-node@v3</span> <span class="na">with</span><span class="pi">:</span> <span class="na">node-version</span><span class="pi">:</span> <span class="s1">'</span><span class="s">20'</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Install Dependencies</span> <span class="na">run</span><span class="pi">:</span> <span class="s">npm install</span> <span class="c1"># ← Should be 'npm ci' for security</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Run Build</span> <span class="na">run</span><span class="pi">:</span> <span class="s">npm run build</span> </code></pre> </div> <p>At first glance, this looks like a newbie trying to be helpful. The typos in the comment ("Heello", "ymk", "cICD") make it seem like someone who's just learning. The branch configuration is wrong, so it wouldn't even run.</p> <p>But here's the thing – this is <strong>exactly</strong> how the GhostAction campaign operates.</p> <h2> The GhostAction Campaign: When GitHub Actions Turn Evil </h2> <p>The timing of this PR wasn't coincidental. <strong>September 5, 2025</strong> was when security researchers first detected the <strong>GhostAction campaign</strong> – a sophisticated supply chain attack targeting GitHub repositories.</p> <p>Here's how GhostAction works:</p> <ol> <li> <strong>Reconnaissance</strong>: Attackers identify repositories with outdated dependencies</li> <li> <strong>Social Engineering</strong>: Submit "helpful" PRs adding CI/CD workflows</li> <li> <strong>Intentional Sabotage</strong>: Include obvious mistakes to avoid immediate execution</li> <li> <strong>Patience</strong>: Wait for maintainers to "fix" the obvious issues</li> <li> <strong>Exploitation</strong>: When the workflow runs, it harvests secrets and credentials</li> </ol> <p>The genius is in the plausible deniability. The PR looks like a well-meaning but inexperienced contributor. The "mistakes" make it seem harmless. But once those workflows run with the right permissions, game over.</p> <h3> The Attack Vector Breakdown </h3> <p>Let's dissect what would have happened if I'd merged this PR:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="c1"># The branch misconfiguration prevents immediate execution</span> <span class="na">on</span><span class="pi">:</span> <span class="na">push</span><span class="pi">:</span> <span class="na">branches</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">main</span> <span class="c1"># My repo uses 'master', so this won't trigger</span> </code></pre> </div> <p>This gives the attacker time. If I had "fixed" the obvious branch issue and merged it, the workflow would then:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Install Dependencies</span> <span class="na">run</span><span class="pi">:</span> <span class="s">npm install</span> <span class="c1"># Pulls wildcarded dependencies</span> </code></pre> </div> <p>With those wildcards in my lockfile, <code>npm install</code> would fetch the latest versions of <code>@types/node</code> and <code>@types/connect</code>. If those packages had been compromised (which is exactly what the broader npm hack was doing), my CI environment would install malware with full access to:</p> <ul> <li>GitHub secrets</li> <li>AWS credentials</li> <li>Database connection strings</li> <li>API keys</li> <li>Deploy tokens</li> </ul> <p>Basically, everything you need to completely own my infrastructure.</p> <h2> The Broader Context: The Great NPM Hack of 2025 </h2> <p>This attack was part of a much larger campaign according to <a href="https://www.ox.security/blog/npm-packages-compromised/" rel="noopener noreferrer">OX Security's research</a>.</p> <p>The attackers were:</p> <ul> <li>Compromising legitimate package maintainer accounts</li> <li>Injecting malicious code into trusted packages</li> <li>Specifically targeting CI/CD environments</li> <li>Using GitHub Actions to exfiltrate credentials</li> </ul> <p>My old lockfile, with packages from 2018-2019, was the perfect target. Outdated dependencies are like old locks – they work until someone with the right tools shows up.</p> <h2> Red Flags I Should Have Caught Earlier </h2> <p>Looking back, there were several warning signs:</p> <h3> 1. The Contributor Profile </h3> <ul> <li> <code>harshitcodez19</code> had minimal contribution history</li> <li>Random username pattern typical of throwaway accounts</li> <li>No established relationship with my project</li> </ul> <h3> 2. The "Mistakes" Were Too Convenient </h3> <ul> <li>Wrong branch names that prevent immediate execution</li> <li>Typos that create plausible deniability</li> <li>Using <code>npm install</code> instead of the more secure <code>npm ci</code> </li> </ul> <h3> 3. The Timing </h3> <ul> <li>Submitted on September 5, 2025 (exact GhostAction detection date)</li> <li>My lockfile wildcards appeared around the same timeframe</li> <li>Coincided with broader npm supply chain compromises</li> </ul> <h2> What Could Have Gone Wrong </h2> <p>If this attack had succeeded, here's what the attacker could have done:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># In my compromised CI environment:</span> <span class="nb">echo</span> <span class="nv">$AWS_SECRET_ACCESS_KEY</span> <span class="c"># Exfiltrate cloud credentials</span> <span class="nb">echo</span> <span class="nv">$DATABASE_URL</span> <span class="c"># Steal database access</span> <span class="nb">echo</span> <span class="nv">$DEPLOY_TOKEN</span> <span class="c"># Compromise deployment pipeline</span> <span class="c"># Then pivot to:</span> <span class="c"># - Deploy backdoors to production</span> <span class="c"># - Access customer data</span> <span class="c"># - Crypto mining on my infrastructure</span> <span class="c"># - Lateral movement to other systems</span> </code></pre> </div> <p>The blast radius from a successful CI compromise is enormous because CI environments typically have elevated permissions to deploy, test, and integrate with other services.</p> <h2> Best Practices: How to Not Get Pwned </h2> <p>Here's what I learned and what you should do to protect yourself:</p> <h3> 1. Lockfile Hygiene </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Always use npm ci in production/CI</span> npm ci <span class="c"># Uses exact lockfile versions</span> <span class="c"># Never use npm install in CI</span> npm <span class="nb">install</span> <span class="c"># Can update versions unexpectedly</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="err">//</span><span class="w"> </span><span class="err">Keep</span><span class="w"> </span><span class="err">your</span><span class="w"> </span><span class="err">lockfile</span><span class="w"> </span><span class="err">pinned</span><span class="w"> </span><span class="nl">"dependencies"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"@types/node"</span><span class="p">:</span><span class="w"> </span><span class="s2">"10.12.18"</span><span class="p">,</span><span class="w"> </span><span class="err">//</span><span class="w"> </span><span class="err">✅</span><span class="w"> </span><span class="err">Exact</span><span class="w"> </span><span class="err">version</span><span class="w"> </span><span class="nl">"@types/connect"</span><span class="p">:</span><span class="w"> </span><span class="s2">"*"</span><span class="w"> </span><span class="err">//</span><span class="w"> </span><span class="err">❌</span><span class="w"> </span><span class="err">Wildcard</span><span class="w"> </span><span class="err">=</span><span class="w"> </span><span class="err">danger</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <h3> 2. CI/CD Security </h3> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="c1"># Secure GitHub Actions workflow</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Secure Build</span> <span class="na">on</span><span class="pi">:</span> <span class="na">pull_request</span><span class="pi">:</span> <span class="na">branches</span><span class="pi">:</span> <span class="pi">[</span><span class="nv">master</span><span class="pi">]</span> <span class="c1"># Correct branch names</span> <span class="na">jobs</span><span class="pi">:</span> <span class="na">build</span><span class="pi">:</span> <span class="na">runs-on</span><span class="pi">:</span> <span class="s">ubuntu-latest</span> <span class="na">steps</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">actions/checkout@v4</span> <span class="c1"># Latest version</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Setup Node.js</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">actions/setup-node@v4</span> <span class="na">with</span><span class="pi">:</span> <span class="na">node-version</span><span class="pi">:</span> <span class="s1">'</span><span class="s">20'</span> <span class="na">cache</span><span class="pi">:</span> <span class="s1">'</span><span class="s">npm'</span> <span class="c1"># Cache for performance</span> <span class="c1"># Use npm ci for reproducible builds</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Install dependencies</span> <span class="na">run</span><span class="pi">:</span> <span class="s">npm ci</span> <span class="c1"># Audit before building</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Security audit</span> <span class="na">run</span><span class="pi">:</span> <span class="s">npm audit --audit-level=critical</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Build</span> <span class="na">run</span><span class="pi">:</span> <span class="s">npm run build</span> </code></pre> </div> <h3> 3. Dependency Management </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Regular maintenance</span> npm outdated <span class="c"># Check for updates</span> npm audit <span class="c"># Security vulnerabilities</span> npm audit fix <span class="c"># Auto-fix where possible</span> <span class="c"># Keep dependencies current</span> npm update <span class="c"># Update within semver ranges</span> </code></pre> </div> <h3> 4. PR Review Guidelines </h3> <p>When reviewing PRs that touch CI/CD or dependencies:</p> <ul> <li> <strong>Who is the contributor?</strong> Do they have a history with your project?</li> <li> <strong>Why are they making this change?</strong> Unsolicited CI/CD PRs are suspicious</li> <li> <strong>What permissions would this grant?</strong> Review secrets and environment access</li> <li> <strong>Are there obvious "mistakes"?</strong> Sometimes bugs are features for attackers</li> </ul> <h3> 5. Repository Protection </h3> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="c1"># .github/dependabot.yml</span> <span class="na">version</span><span class="pi">:</span> <span class="m">2</span> <span class="na">updates</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">package-ecosystem</span><span class="pi">:</span> <span class="s1">'</span><span class="s">npm'</span> <span class="na">directory</span><span class="pi">:</span> <span class="s1">'</span><span class="s">/'</span> <span class="na">schedule</span><span class="pi">:</span> <span class="na">interval</span><span class="pi">:</span> <span class="s1">'</span><span class="s">weekly'</span> <span class="na">reviewers</span><span class="pi">:</span> <span class="pi">-</span> <span class="s1">'</span><span class="s">your-username'</span> </code></pre> </div> <p>Enable branch protection rules:</p> <ul> <li>Require PR reviews for CI/CD changes</li> <li>Require status checks to pass</li> <li>Restrict who can modify workflows</li> </ul> <h2> The Human Element </h2> <p>The scariest part of supply chain attacks isn't the technical sophistication – it's how they exploit our human nature. We want to be helpful to contributors. We want to trust the tools we use daily. We want to merge that PR that "fixes" an obvious mistake.</p> <p>But in the age of automated attacks and compromised packages, a little paranoia goes a long way. That friendly contributor might be a bot. That helpful PR might be reconnaissance. That simple typo fix might be setting up a backdoor.</p> <h2> Lessons Learned </h2> <ol> <li> <strong>Trust but verify</strong>: Even helpful PRs need scrutiny</li> <li> <strong>Keep dependencies updated</strong>: Old packages are attractive targets</li> <li> <strong>Use lockfiles properly</strong>: Pin versions and use <code>npm ci</code> </li> <li> <strong>Secure your CI/CD</strong>: It's the crown jewel attackers want</li> <li> <strong>Stay informed</strong>: Follow security researchers and vulnerability databases</li> </ol> <h2> The Silver Lining </h2> <p>While getting targeted by a supply chain attack was unsettling, it was also educational. It reminded me that security isn't just about writing secure code – it's about securing the entire development pipeline.</p> <p>The npm ecosystem is incredibly powerful, but that power comes with responsibility. Every <code>npm install</code> is a vote of trust in hundreds of package maintainers. Every GitHub Action workflow is a potential attack vector.</p> <p>But don't let this scare you away from open source. The community is what makes JavaScript development amazing. Just be smart about it. Audit your dependencies. Review your workflows. Trust but verify.</p> <p>And maybe, just maybe, be a little suspicious when <code>harshitcodez19</code> offers to help with your CI/CD pipeline.</p> <p><em>Stay safe out there, fellow developers. The supply chain attackers are getting creative, but so are we.</em></p> <h2> References </h2> <ul> <li><a href="https://www.ox.security/blog/npm-packages-compromised/" rel="noopener noreferrer">OX Security: NPM Packages Compromised</a></li> <li><a href="https://github.com/advisories" rel="noopener noreferrer">GitHub Security Advisory Database</a></li> <li><a href="https://docs.npmjs.com/cli/v11/commands/npm-audit" rel="noopener noreferrer">npm Audit Documentation</a></li> <li><a href="https://docs.github.com/en/actions/security-guides" rel="noopener noreferrer">Securing GitHub Actions</a></li> </ul> github security node devops Mastering Email Rate Limits — A Deep Dive into Resend API and Cloud Run Debugging Dale Nguyen Sun, 07 Sep 2025 14:11:09 +0000 https://dev.to/dalenguyen/mastering-email-rate-limits-a-deep-dive-into-resend-api-and-cloud-run-debugging-3973 https://dev.to/dalenguyen/mastering-email-rate-limits-a-deep-dive-into-resend-api-and-cloud-run-debugging-3973 <p><em>How we solved persistent rate limiting issues and implemented robust batch email functionality for our AI-powered learning platform</em></p> <h2> The Challenge: When Emails Start Failing </h2> <p>Picture this: You've built a beautiful lesson scheduling system that sends personalized daily lessons to your users. Everything works perfectly in development, but in production, you start seeing mysterious email failures:</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fx8toh7r8orcaryl8qp6l.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fx8toh7r8orcaryl8qp6l.png" alt="Email rate limit error" width="800" height="267"></a></p> <p>This was exactly the situation we faced with <a href="https://dailymastery.io" rel="noopener noreferrer">DailyMastery</a>, our AI-powered learning platform. Despite having a solid architecture built with Nx monorepo, Fastify microservices, and deployed on Google Cloud Run, our email delivery system was hitting Resend's rate limits consistently.</p> <h2> Understanding the Problem </h2> <h3> The Initial Architecture </h3> <p>Our system had a straightforward approach:</p> <ul> <li>Lesson scheduler triggered by Cloud Scheduler (3x daily)</li> <li>Individual API calls to Resend for each lesson email</li> <li>No rate limiting protection</li> <li>Basic error handling </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// The problematic approach</span> <span class="k">for </span><span class="p">(</span><span class="kd">const</span> <span class="nx">lesson</span> <span class="k">of</span> <span class="nx">lessons</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">emailResult</span> <span class="o">=</span> <span class="k">await</span> <span class="k">this</span><span class="p">.</span><span class="nx">emailService</span><span class="p">.</span><span class="nf">sendEmail</span><span class="p">({</span> <span class="na">to</span><span class="p">:</span> <span class="nx">user</span><span class="p">.</span><span class="nx">email</span><span class="p">,</span> <span class="na">subject</span><span class="p">:</span> <span class="nx">lesson</span><span class="p">.</span><span class="nx">title</span><span class="p">,</span> <span class="na">html</span><span class="p">:</span> <span class="nx">lessonContent</span><span class="p">,</span> <span class="p">})</span> <span class="c1">// Rate limits hit here when processing multiple users rapidly</span> <span class="p">}</span> </code></pre> </div> <h3> The Root Cause </h3> <p>Resend enforces a <strong>2 requests per second</strong> rate limit across all endpoints. When our scheduler processed multiple users with multiple lessons each, we quickly exceeded this limit, causing cascading failures.</p> <h2> The Investigation: Debugging Cloud Run Like a Pro </h2> <h3> Step 1: Enhanced Logging Strategy </h3> <p>The first step was implementing comprehensive logging to understand exactly what was happening:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">async</span> <span class="nf">sendEmail</span><span class="p">(</span><span class="nx">options</span><span class="p">:</span> <span class="nx">EmailOptions</span><span class="p">):</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="p">{</span> <span class="na">success</span><span class="p">:</span> <span class="nx">boolean</span><span class="p">;</span> <span class="nl">error</span><span class="p">?:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">messageId</span><span class="p">?:</span> <span class="kr">string</span> <span class="p">}</span><span class="o">&gt;</span> <span class="p">{</span> <span class="k">try</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="dl">'</span><span class="s1">Attempting to send email via Resend:</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">to</span><span class="p">:</span> <span class="nx">options</span><span class="p">.</span><span class="nx">to</span><span class="p">,</span> <span class="na">subject</span><span class="p">:</span> <span class="nx">options</span><span class="p">.</span><span class="nx">subject</span><span class="p">,</span> <span class="na">htmlLength</span><span class="p">:</span> <span class="nx">options</span><span class="p">.</span><span class="nx">html</span><span class="p">?.</span><span class="nx">length</span> <span class="o">||</span> <span class="mi">0</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">result</span> <span class="o">=</span> <span class="k">await</span> <span class="k">this</span><span class="p">.</span><span class="nx">resend</span><span class="p">.</span><span class="nx">emails</span><span class="p">.</span><span class="nf">send</span><span class="p">(</span><span class="nx">emailData</span><span class="p">);</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="dl">'</span><span class="s1">Resend API response:</span><span class="dl">'</span><span class="p">,</span> <span class="nx">result</span><span class="p">);</span> <span class="c1">// Critical: Check if Resend returned an error (they don't throw exceptions!)</span> <span class="k">if </span><span class="p">(</span><span class="nx">result</span><span class="p">.</span><span class="nx">error</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">error</span><span class="p">(</span><span class="dl">'</span><span class="s1">Resend API returned error:</span><span class="dl">'</span><span class="p">,</span> <span class="nx">result</span><span class="p">.</span><span class="nx">error</span><span class="p">);</span> <span class="k">return</span> <span class="p">{</span> <span class="na">success</span><span class="p">:</span> <span class="kc">false</span><span class="p">,</span> <span class="na">error</span><span class="p">:</span> <span class="nx">result</span><span class="p">.</span><span class="nx">error</span><span class="p">.</span><span class="nx">message</span> <span class="o">||</span> <span class="nx">JSON</span><span class="p">.</span><span class="nf">stringify</span><span class="p">(</span><span class="nx">result</span><span class="p">.</span><span class="nx">error</span><span class="p">),</span> <span class="p">};</span> <span class="p">}</span> <span class="k">return</span> <span class="p">{</span> <span class="na">success</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="na">messageId</span><span class="p">:</span> <span class="nx">result</span><span class="p">.</span><span class="nx">data</span><span class="p">?.</span><span class="nx">id</span> <span class="p">};</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">error</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">error</span><span class="p">(</span><span class="dl">'</span><span class="s1">Failed to send email via Resend:</span><span class="dl">'</span><span class="p">,</span> <span class="nx">error</span><span class="p">);</span> <span class="k">return</span> <span class="p">{</span> <span class="na">success</span><span class="p">:</span> <span class="kc">false</span><span class="p">,</span> <span class="na">error</span><span class="p">:</span> <span class="nx">error</span> <span class="k">instanceof</span> <span class="nb">Error</span> <span class="p">?</span> <span class="nx">error</span><span class="p">.</span><span class="nx">message</span> <span class="p">:</span> <span class="dl">'</span><span class="s1">Unknown error</span><span class="dl">'</span><span class="p">,</span> <span class="p">};</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h3> Step 2: Cloud Run Log Analysis Techniques </h3> <p>You can view logs in the Google Cloud console, but if you like the terminal approach, then here are the essential Cloud Run debugging commands we used:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Real-time log monitoring during issues</span> gcloud logging <span class="nb">read</span> <span class="s2">"resource.type=cloud_run_revision AND resource.labels.service_name=lesson-scheduler"</span> <span class="se">\</span> <span class="nt">--limit</span><span class="o">=</span>50 <span class="nt">--format</span><span class="o">=</span><span class="s2">"value(timestamp,textPayload)"</span> | <span class="nb">head</span> <span class="nt">-20</span> <span class="c"># Filter for specific errors</span> gcloud logging <span class="nb">read</span> <span class="s2">"resource.type=cloud_run_revision AND resource.labels.service_name=lesson-scheduler"</span> <span class="se">\</span> <span class="nt">--limit</span><span class="o">=</span>100 | <span class="nb">grep</span> <span class="nt">-E</span> <span class="s2">"(rate_limit|429|Failed)"</span> <span class="c"># Check logs from specific time range</span> gcloud logging <span class="nb">read</span> <span class="s2">"resource.type=cloud_run_revision AND resource.labels.service_name=lesson-scheduler AND timestamp&gt;=</span><span class="se">\"</span><span class="s2">2025-09-03T16:00:00Z</span><span class="se">\"</span><span class="s2">"</span> <span class="se">\</span> <span class="nt">--limit</span><span class="o">=</span>50 </code></pre> </div> <h2> The Solution: Multi-Layer Rate Limiting Strategy </h2> <h3> Layer 1: Proper Error Detection </h3> <p>The first critical insight: <strong>Resend doesn't throw exceptions for rate limits</strong>. They return error objects:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// Before: Missing rate limit detection</span> <span class="kd">const</span> <span class="nx">result</span> <span class="o">=</span> <span class="k">await</span> <span class="k">this</span><span class="p">.</span><span class="nx">resend</span><span class="p">.</span><span class="nx">emails</span><span class="p">.</span><span class="nf">send</span><span class="p">(</span><span class="nx">emailData</span><span class="p">)</span> <span class="k">return</span> <span class="p">{</span> <span class="na">success</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="na">messageId</span><span class="p">:</span> <span class="nx">result</span><span class="p">.</span><span class="nx">data</span><span class="p">?.</span><span class="nx">id</span> <span class="p">}</span> <span class="c1">// Wrong!</span> <span class="c1">// After: Comprehensive error checking</span> <span class="kd">const</span> <span class="nx">result</span> <span class="o">=</span> <span class="k">await</span> <span class="k">this</span><span class="p">.</span><span class="nx">resend</span><span class="p">.</span><span class="nx">emails</span><span class="p">.</span><span class="nf">send</span><span class="p">(</span><span class="nx">emailData</span><span class="p">)</span> <span class="k">if </span><span class="p">(</span><span class="nx">result</span><span class="p">.</span><span class="nx">error</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">error</span><span class="p">(</span><span class="dl">'</span><span class="s1">Resend API returned error:</span><span class="dl">'</span><span class="p">,</span> <span class="nx">result</span><span class="p">.</span><span class="nx">error</span><span class="p">)</span> <span class="k">return</span> <span class="p">{</span> <span class="na">success</span><span class="p">:</span> <span class="kc">false</span><span class="p">,</span> <span class="na">error</span><span class="p">:</span> <span class="nx">result</span><span class="p">.</span><span class="nx">error</span><span class="p">.</span><span class="nx">message</span> <span class="o">||</span> <span class="nx">JSON</span><span class="p">.</span><span class="nf">stringify</span><span class="p">(</span><span class="nx">result</span><span class="p">.</span><span class="nx">error</span><span class="p">),</span> <span class="p">}</span> <span class="p">}</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">result</span><span class="p">.</span><span class="nx">data</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="p">{</span> <span class="na">success</span><span class="p">:</span> <span class="kc">false</span><span class="p">,</span> <span class="na">error</span><span class="p">:</span> <span class="dl">'</span><span class="s1">No data returned from Resend API</span><span class="dl">'</span><span class="p">,</span> <span class="p">}</span> <span class="p">}</span> <span class="k">return</span> <span class="p">{</span> <span class="na">success</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="na">messageId</span><span class="p">:</span> <span class="nx">result</span><span class="p">.</span><span class="nx">data</span><span class="p">.</span><span class="nx">id</span><span class="p">,</span> <span class="p">}</span> </code></pre> </div> <h3> Layer 2: Intelligent Batch Email Implementation with Auto-Chunking </h3> <p>Resend offers a batch API that can send up to 100 emails in a single request. Here's our implementation with smart fallback and automatic chunking for larger batches:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">async</span> <span class="nf">sendBatchLessonEmails</span><span class="p">(</span> <span class="nx">emails</span><span class="p">:</span> <span class="nx">BatchEmailOptions</span><span class="p">[]</span> <span class="p">):</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="p">{</span> <span class="na">success</span><span class="p">:</span> <span class="nx">boolean</span><span class="p">;</span> <span class="nl">error</span><span class="p">?:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">messageIds</span><span class="p">?:</span> <span class="kr">string</span><span class="p">[];</span> <span class="nl">sentCount</span><span class="p">?:</span> <span class="kr">number</span><span class="p">;</span> <span class="nl">failedCount</span><span class="p">?:</span> <span class="kr">number</span> <span class="p">}</span><span class="o">&gt;</span> <span class="p">{</span> <span class="k">try</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">emails</span><span class="p">.</span><span class="nx">length</span> <span class="o">===</span> <span class="mi">0</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="p">{</span> <span class="na">success</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="na">messageIds</span><span class="p">:</span> <span class="p">[],</span> <span class="na">sentCount</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span> <span class="na">failedCount</span><span class="p">:</span> <span class="mi">0</span> <span class="p">};</span> <span class="p">}</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="s2">`Sending batch of </span><span class="p">${</span><span class="nx">emails</span><span class="p">.</span><span class="nx">length</span><span class="p">}</span><span class="s2"> lesson emails`</span><span class="p">);</span> <span class="c1">// Automatic chunking: Split into batches of 100 (Resend limit)</span> <span class="kd">const</span> <span class="nx">batchSize</span> <span class="o">=</span> <span class="mi">100</span><span class="p">;</span> <span class="kd">const</span> <span class="na">batches</span><span class="p">:</span> <span class="nx">BatchEmailOptions</span><span class="p">[][]</span> <span class="o">=</span> <span class="p">[];</span> <span class="k">for </span><span class="p">(</span><span class="kd">let</span> <span class="nx">i</span> <span class="o">=</span> <span class="mi">0</span><span class="p">;</span> <span class="nx">i</span> <span class="o">&lt;</span> <span class="nx">emails</span><span class="p">.</span><span class="nx">length</span><span class="p">;</span> <span class="nx">i</span> <span class="o">+=</span> <span class="nx">batchSize</span><span class="p">)</span> <span class="p">{</span> <span class="nx">batches</span><span class="p">.</span><span class="nf">push</span><span class="p">(</span><span class="nx">emails</span><span class="p">.</span><span class="nf">slice</span><span class="p">(</span><span class="nx">i</span><span class="p">,</span> <span class="nx">i</span> <span class="o">+</span> <span class="nx">batchSize</span><span class="p">));</span> <span class="p">}</span> <span class="kd">let</span> <span class="nx">totalSent</span> <span class="o">=</span> <span class="mi">0</span><span class="p">;</span> <span class="kd">let</span> <span class="nx">totalFailed</span> <span class="o">=</span> <span class="mi">0</span><span class="p">;</span> <span class="kd">const</span> <span class="na">allMessageIds</span><span class="p">:</span> <span class="kr">string</span><span class="p">[]</span> <span class="o">=</span> <span class="p">[];</span> <span class="kd">const</span> <span class="na">errors</span><span class="p">:</span> <span class="kr">string</span><span class="p">[]</span> <span class="o">=</span> <span class="p">[];</span> <span class="c1">// Process each chunk sequentially with rate limiting</span> <span class="k">for </span><span class="p">(</span><span class="kd">let</span> <span class="nx">i</span> <span class="o">=</span> <span class="mi">0</span><span class="p">;</span> <span class="nx">i</span> <span class="o">&lt;</span> <span class="nx">batches</span><span class="p">.</span><span class="nx">length</span><span class="p">;</span> <span class="nx">i</span><span class="o">++</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">batch</span> <span class="o">=</span> <span class="nx">batches</span><span class="p">[</span><span class="nx">i</span><span class="p">];</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="s2">`Sending batch </span><span class="p">${</span><span class="nx">i</span> <span class="o">+</span> <span class="mi">1</span><span class="p">}</span><span class="s2">/</span><span class="p">${</span><span class="nx">batches</span><span class="p">.</span><span class="nx">length</span><span class="p">}</span><span class="s2"> with </span><span class="p">${</span><span class="nx">batch</span><span class="p">.</span><span class="nx">length</span><span class="p">}</span><span class="s2"> emails`</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">result</span> <span class="o">=</span> <span class="k">await</span> <span class="k">this</span><span class="p">.</span><span class="nx">emailService</span><span class="p">.</span><span class="nf">sendBatchEmails</span><span class="p">(</span><span class="nx">batch</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="nx">result</span><span class="p">.</span><span class="nx">success</span><span class="p">)</span> <span class="p">{</span> <span class="nx">totalSent</span> <span class="o">+=</span> <span class="nx">batch</span><span class="p">.</span><span class="nx">length</span><span class="p">;</span> <span class="k">if </span><span class="p">(</span><span class="nx">result</span><span class="p">.</span><span class="nx">messageIds</span><span class="p">)</span> <span class="p">{</span> <span class="nx">allMessageIds</span><span class="p">.</span><span class="nf">push</span><span class="p">(...</span><span class="nx">result</span><span class="p">.</span><span class="nx">messageIds</span><span class="p">);</span> <span class="p">}</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="s2">`✅ Batch </span><span class="p">${</span><span class="nx">i</span> <span class="o">+</span> <span class="mi">1</span><span class="p">}</span><span class="s2"> sent successfully (</span><span class="p">${</span><span class="nx">batch</span><span class="p">.</span><span class="nx">length</span><span class="p">}</span><span class="s2"> emails)`</span><span class="p">);</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="nx">totalFailed</span> <span class="o">+=</span> <span class="nx">batch</span><span class="p">.</span><span class="nx">length</span><span class="p">;</span> <span class="nx">errors</span><span class="p">.</span><span class="nf">push</span><span class="p">(</span><span class="s2">`Batch </span><span class="p">${</span><span class="nx">i</span> <span class="o">+</span> <span class="mi">1</span><span class="p">}</span><span class="s2"> failed: </span><span class="p">${</span><span class="nx">result</span><span class="p">.</span><span class="nx">error</span> <span class="o">||</span> <span class="dl">'</span><span class="s1">Unknown error</span><span class="dl">'</span><span class="p">}</span><span class="s2">`</span><span class="p">);</span> <span class="nx">console</span><span class="p">.</span><span class="nf">error</span><span class="p">(</span><span class="s2">`❌ Batch </span><span class="p">${</span><span class="nx">i</span> <span class="o">+</span> <span class="mi">1</span><span class="p">}</span><span class="s2"> failed: </span><span class="p">${</span><span class="nx">result</span><span class="p">.</span><span class="nx">error</span><span class="p">}</span><span class="s2">`</span><span class="p">);</span> <span class="p">}</span> <span class="c1">// Add delay between batches to avoid rate limiting</span> <span class="k">if </span><span class="p">(</span><span class="nx">i</span> <span class="o">&lt;</span> <span class="nx">batches</span><span class="p">.</span><span class="nx">length</span> <span class="o">-</span> <span class="mi">1</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="dl">'</span><span class="s1">⏳ Waiting 1 second between batches to avoid rate limiting...</span><span class="dl">'</span><span class="p">);</span> <span class="k">await</span> <span class="k">new</span> <span class="nc">Promise</span><span class="p">(</span><span class="nx">resolve</span> <span class="o">=&gt;</span> <span class="nf">setTimeout</span><span class="p">(</span><span class="nx">resolve</span><span class="p">,</span> <span class="mi">1000</span><span class="p">));</span> <span class="p">}</span> <span class="p">}</span> <span class="kd">const</span> <span class="nx">overallSuccess</span> <span class="o">=</span> <span class="nx">totalFailed</span> <span class="o">===</span> <span class="mi">0</span><span class="p">;</span> <span class="k">return</span> <span class="p">{</span> <span class="na">success</span><span class="p">:</span> <span class="nx">overallSuccess</span><span class="p">,</span> <span class="na">messageIds</span><span class="p">:</span> <span class="nx">allMessageIds</span><span class="p">,</span> <span class="na">sentCount</span><span class="p">:</span> <span class="nx">totalSent</span><span class="p">,</span> <span class="na">failedCount</span><span class="p">:</span> <span class="nx">totalFailed</span><span class="p">,</span> <span class="na">error</span><span class="p">:</span> <span class="nx">errors</span><span class="p">.</span><span class="nx">length</span> <span class="o">&gt;</span> <span class="mi">0</span> <span class="p">?</span> <span class="nx">errors</span><span class="p">.</span><span class="nf">join</span><span class="p">(</span><span class="dl">'</span><span class="s1">; </span><span class="dl">'</span><span class="p">)</span> <span class="p">:</span> <span class="kc">undefined</span><span class="p">,</span> <span class="p">};</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">error</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">error</span><span class="p">(</span><span class="dl">'</span><span class="s1">Error sending batch lesson emails:</span><span class="dl">'</span><span class="p">,</span> <span class="nx">error</span><span class="p">);</span> <span class="k">return</span> <span class="p">{</span> <span class="na">success</span><span class="p">:</span> <span class="kc">false</span><span class="p">,</span> <span class="na">error</span><span class="p">:</span> <span class="nx">error</span> <span class="k">instanceof</span> <span class="nb">Error</span> <span class="p">?</span> <span class="nx">error</span><span class="p">.</span><span class="nx">message</span> <span class="p">:</span> <span class="dl">'</span><span class="s1">Unknown error</span><span class="dl">'</span><span class="p">,</span> <span class="na">sentCount</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span> <span class="na">failedCount</span><span class="p">:</span> <span class="nx">emails</span><span class="p">.</span><span class="nx">length</span><span class="p">,</span> <span class="p">};</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h3> Layer 3: Architectural Refactoring </h3> <p>We completely restructured our email sending flow:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// Old approach: Send emails immediately during processing</span> <span class="k">for </span><span class="p">(</span><span class="kd">const</span> <span class="nx">user</span> <span class="k">of</span> <span class="nx">users</span><span class="p">)</span> <span class="p">{</span> <span class="k">for </span><span class="p">(</span><span class="kd">const</span> <span class="nx">lesson</span> <span class="k">of</span> <span class="nx">lessons</span><span class="p">)</span> <span class="p">{</span> <span class="k">await</span> <span class="nf">sendEmail</span><span class="p">(</span><span class="nx">user</span><span class="p">,</span> <span class="nx">lesson</span><span class="p">)</span> <span class="c1">// Rate limit hit here</span> <span class="p">}</span> <span class="p">}</span> <span class="c1">// New approach: Prepare first, then batch send</span> <span class="kd">const</span> <span class="nx">allPreparedEmails</span><span class="p">:</span> <span class="nx">PreparedEmail</span><span class="p">[]</span> <span class="o">=</span> <span class="p">[]</span> <span class="c1">// Phase 1: Prepare all emails</span> <span class="k">for </span><span class="p">(</span><span class="kd">const</span> <span class="nx">user</span> <span class="k">of</span> <span class="nx">users</span><span class="p">)</span> <span class="p">{</span> <span class="k">for </span><span class="p">(</span><span class="kd">const</span> <span class="nx">lesson</span> <span class="k">of</span> <span class="nx">lessons</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">preparedEmail</span> <span class="o">=</span> <span class="k">await</span> <span class="k">this</span><span class="p">.</span><span class="nf">prepareLessonEmail</span><span class="p">(</span><span class="nx">user</span><span class="p">,</span> <span class="nx">lesson</span><span class="p">)</span> <span class="k">if </span><span class="p">(</span><span class="nx">preparedEmail</span><span class="p">)</span> <span class="p">{</span> <span class="nx">allPreparedEmails</span><span class="p">.</span><span class="nf">push</span><span class="p">({</span> <span class="na">email</span><span class="p">:</span> <span class="nx">preparedEmail</span><span class="p">,</span> <span class="nx">user</span><span class="p">,</span> <span class="nx">lesson</span> <span class="p">})</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> <span class="c1">// Phase 2: Batch send with intelligent chunking and accurate tracking</span> <span class="k">if </span><span class="p">(</span><span class="nx">allPreparedEmails</span><span class="p">.</span><span class="nx">length</span> <span class="o">&gt;</span> <span class="mi">0</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="s2">`🚀 Sending </span><span class="p">${</span><span class="nx">allPreparedEmails</span><span class="p">.</span><span class="nx">length</span><span class="p">}</span><span class="s2"> emails in optimized batches`</span><span class="p">)</span> <span class="kd">const</span> <span class="nx">emailsToSend</span> <span class="o">=</span> <span class="nx">allPreparedEmails</span><span class="p">.</span><span class="nf">map</span><span class="p">((</span><span class="nx">pe</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="nx">pe</span><span class="p">.</span><span class="nx">email</span><span class="p">)</span> <span class="c1">// The EmailCoordinator handles chunking internally for 100+ email limits</span> <span class="kd">const</span> <span class="nx">batchResult</span> <span class="o">=</span> <span class="k">await</span> <span class="k">this</span><span class="p">.</span><span class="nx">emailCoordinator</span><span class="p">.</span><span class="nf">sendBatchLessonEmails</span><span class="p">(</span><span class="nx">emailsToSend</span><span class="p">)</span> <span class="k">if </span><span class="p">(</span><span class="nx">batchResult</span><span class="p">.</span><span class="nx">success</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// Only mark lessons as sent based on actual successful send count</span> <span class="kd">const</span> <span class="nx">successfulEmails</span> <span class="o">=</span> <span class="nx">allPreparedEmails</span><span class="p">.</span><span class="nf">slice</span><span class="p">(</span><span class="mi">0</span><span class="p">,</span> <span class="nx">batchResult</span><span class="p">.</span><span class="nx">sentCount</span><span class="p">)</span> <span class="k">await</span> <span class="k">this</span><span class="p">.</span><span class="nf">markLessonsAsSent</span><span class="p">(</span><span class="nx">successfulEmails</span><span class="p">)</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h3> Layer 4: Smart Retry Logic </h3> <p>For critical emails like admin reports, we implemented retry logic:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">async</span> <span class="nf">sendSummaryReport</span><span class="p">(</span><span class="nx">result</span><span class="p">:</span> <span class="nx">SchedulerResult</span><span class="p">):</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="k">void</span><span class="o">&gt;</span> <span class="p">{</span> <span class="c1">// Add delay to avoid rate limiting after lesson emails</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="dl">'</span><span class="s1">⏳ Waiting 3 seconds to avoid rate limiting...</span><span class="dl">'</span><span class="p">);</span> <span class="k">await</span> <span class="k">new</span> <span class="nc">Promise</span><span class="p">(</span><span class="nx">resolve</span> <span class="o">=&gt;</span> <span class="nf">setTimeout</span><span class="p">(</span><span class="nx">resolve</span><span class="p">,</span> <span class="mi">3000</span><span class="p">));</span> <span class="kd">const</span> <span class="nx">emailResult</span> <span class="o">=</span> <span class="k">await</span> <span class="k">this</span><span class="p">.</span><span class="nx">emailService</span><span class="p">.</span><span class="nf">sendEmail</span><span class="p">({</span> <span class="na">to</span><span class="p">:</span> <span class="k">this</span><span class="p">.</span><span class="nx">reportingEmail</span><span class="p">,</span> <span class="na">subject</span><span class="p">:</span> <span class="s2">`📊 Lesson Scheduler Report - </span><span class="p">${</span><span class="nx">result</span><span class="p">.</span><span class="nx">timeSlot</span><span class="p">}</span><span class="s2">`</span><span class="p">,</span> <span class="na">html</span><span class="p">:</span> <span class="nx">htmlContent</span><span class="p">,</span> <span class="p">});</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">emailResult</span><span class="p">.</span><span class="nx">success</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// Retry logic for rate limits</span> <span class="k">if </span><span class="p">(</span><span class="nx">emailResult</span><span class="p">.</span><span class="nx">error</span><span class="p">?.</span><span class="nf">includes</span><span class="p">(</span><span class="dl">'</span><span class="s1">rate_limit_exceeded</span><span class="dl">'</span><span class="p">)</span> <span class="o">||</span> <span class="nx">emailResult</span><span class="p">.</span><span class="nx">error</span><span class="p">?.</span><span class="nf">includes</span><span class="p">(</span><span class="dl">'</span><span class="s1">Too many requests</span><span class="dl">'</span><span class="p">))</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="dl">'</span><span class="s1">⏳ Rate limited - waiting 10 seconds and retrying...</span><span class="dl">'</span><span class="p">);</span> <span class="k">await</span> <span class="k">new</span> <span class="nc">Promise</span><span class="p">(</span><span class="nx">resolve</span> <span class="o">=&gt;</span> <span class="nf">setTimeout</span><span class="p">(</span><span class="nx">resolve</span><span class="p">,</span> <span class="mi">10000</span><span class="p">));</span> <span class="kd">const</span> <span class="nx">retryResult</span> <span class="o">=</span> <span class="k">await</span> <span class="k">this</span><span class="p">.</span><span class="nx">emailService</span><span class="p">.</span><span class="nf">sendEmail</span><span class="p">({</span> <span class="na">to</span><span class="p">:</span> <span class="k">this</span><span class="p">.</span><span class="nx">reportingEmail</span><span class="p">,</span> <span class="na">subject</span><span class="p">:</span> <span class="s2">`📊 Lesson Scheduler Report - </span><span class="p">${</span><span class="nx">result</span><span class="p">.</span><span class="nx">timeSlot</span><span class="p">}</span><span class="s2"> (Retry)`</span><span class="p">,</span> <span class="na">html</span><span class="p">:</span> <span class="nx">htmlContent</span><span class="p">,</span> <span class="p">});</span> <span class="k">if </span><span class="p">(</span><span class="nx">retryResult</span><span class="p">.</span><span class="nx">success</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="dl">'</span><span class="s1">✅ Summary report sent successfully on retry</span><span class="dl">'</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h2> Key Debugging Techniques for Cloud Run </h2> <h3> 1. Structured Logging </h3> <p>Use consistent emoji prefixes and structured data:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// Good logging practices</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="dl">'</span><span class="s1">🚀 BATCH EMAIL MODE: Sending emails</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">count</span><span class="p">:</span> <span class="nx">emails</span><span class="p">.</span><span class="nx">length</span> <span class="p">})</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="dl">'</span><span class="s1">✅ Email sent successfully</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="nx">messageId</span><span class="p">,</span> <span class="nx">recipient</span> <span class="p">})</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="dl">'</span><span class="s1">❌ Email failed</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">error</span><span class="p">:</span> <span class="nx">error</span><span class="p">.</span><span class="nx">message</span><span class="p">,</span> <span class="nx">recipient</span> <span class="p">})</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="dl">'</span><span class="s1">⏳ Rate limiting delay</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">delayMs</span><span class="p">:</span> <span class="mi">600</span> <span class="p">})</span> </code></pre> </div> <h3> 2. Revision Tracking </h3> <p>Always verify your code is actually deployed:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Check current revision</span> gcloud run services describe lesson-scheduler <span class="se">\</span> <span class="nt">--region</span><span class="o">=</span>us-central1 <span class="se">\</span> <span class="nt">--format</span><span class="o">=</span><span class="s2">"value(status.latestReadyRevisionName)"</span> <span class="c"># List recent revisions with images</span> gcloud run revisions list <span class="nt">--service</span><span class="o">=</span>lesson-scheduler <span class="se">\</span> <span class="nt">--format</span><span class="o">=</span><span class="s2">"table(metadata.name,status.conditions[0].status,spec.containers[0].image)"</span> </code></pre> </div> <h3> 3. Real-time Monitoring </h3> <p>Set up log streaming during debugging:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Stream logs in real-time</span> gcloud beta logging <span class="nb">tail</span> <span class="s2">"resource.type=cloud_run_revision AND resource.labels.service_name=lesson-scheduler"</span> <span class="c"># Filter for errors only</span> gcloud beta logging <span class="nb">tail</span> <span class="s2">"resource.type=cloud_run_revision AND resource.labels.service_name=lesson-scheduler"</span> <span class="se">\</span> <span class="nt">--filter</span><span class="o">=</span><span class="s2">"severity&gt;=ERROR"</span> </code></pre> </div> <h2> Results and Performance Impact </h2> <h3> Before Optimization </h3> <ul> <li>❌ Cascading failures due to rate limits</li> <li>❌ Poor user experience with missed lessons</li> <li>❌ Manual intervention required daily</li> </ul> <h3> After Optimization </h3> <ul> <li>✅ <strong>0% email failure rate</strong> </li> <li>✅ Automatic handling of up to 100 emails per batch</li> <li>✅ <strong>Zero manual intervention</strong> required</li> </ul> <h3> Performance Metrics </h3> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Final Test Results: - totalUsers: 1 - emailsSent: 3 - emailsFailed: 0 - errorCount: 0 - processingTime: 7.048s - batchEmailsUsed: true </code></pre> </div> <h2> Best Practices Learned </h2> <h3> 1. Email Service Design Patterns </h3> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kr">interface</span> <span class="nx">EmailService</span> <span class="p">{</span> <span class="c1">// Always return structured results</span> <span class="nf">sendEmail</span><span class="p">(</span><span class="nx">options</span><span class="p">:</span> <span class="nx">EmailOptions</span><span class="p">):</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="p">{</span> <span class="na">success</span><span class="p">:</span> <span class="nx">boolean</span> <span class="nx">error</span><span class="p">?:</span> <span class="kr">string</span> <span class="nx">messageId</span><span class="p">?:</span> <span class="kr">string</span> <span class="p">}</span><span class="o">&gt;</span> <span class="c1">// Batch operations with fallback</span> <span class="nf">sendBatchEmails</span><span class="p">(</span><span class="nx">emails</span><span class="p">:</span> <span class="nx">BatchEmailOptions</span><span class="p">[]):</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="p">{</span> <span class="na">success</span><span class="p">:</span> <span class="nx">boolean</span> <span class="nx">error</span><span class="p">?:</span> <span class="kr">string</span> <span class="nx">messageIds</span><span class="p">?:</span> <span class="kr">string</span><span class="p">[]</span> <span class="nx">sentCount</span><span class="p">?:</span> <span class="kr">number</span> <span class="nx">failedCount</span><span class="p">?:</span> <span class="kr">number</span> <span class="p">}</span><span class="o">&gt;</span> <span class="p">}</span> </code></pre> </div> <h3> 2. Rate Limiting Strategies </h3> <ol> <li> <strong>Batch First</strong>: Use batch APIs when available</li> <li> <strong>Automatic Chunking</strong>: Split large batches into 100-email chunks automatically</li> <li> <strong>Intelligent Delays</strong>: 600ms between individual requests (&lt; 2 req/sec) and 1s between batch chunks</li> <li> <strong>Accurate Tracking</strong>: Only mark operations as successful based on actual send counts</li> <li> <strong>Exponential Backoff</strong>: Longer delays for retries</li> <li> <strong>Circuit Breaker</strong>: Fail fast on repeated rate limits</li> </ol> <h2> Conclusion </h2> <p>Building a robust email delivery system requires understanding both your email provider's limitations and your cloud platform's deployment mechanics. Our journey from 30% failure rates to 0% taught us that:</p> <ol> <li> <strong>Rate limiting is real</strong> - Plan for it from day one</li> <li> <strong>Batch APIs are game-changers</strong> - Use them when available</li> <li> <strong>Docker caching can bite you</strong> - Structure your builds carefully</li> <li> <strong>Comprehensive logging saves time</strong> - Invest in good observability</li> <li> <strong>Fallback strategies are essential</strong> - Always have a Plan B</li> </ol> <p>The combination of Resend's batch API, intelligent fallback logic, proper rate limiting, and robust Cloud Run debugging techniques transformed our email delivery from a daily headache into a reliable, scalable system.</p> <p>Remember: In production systems, it's not just about making it work—it's about making it work reliably, even when things go wrong.</p> <p><em>This blog post is based on our real-world experience building <a href="https://dailymastery.io" rel="noopener noreferrer">DailyMastery</a>, an AI-powered learning platform. The techniques described here are battle-tested in production and have been processing thousands of lesson emails daily without issues.</em></p> <h2> Further Reading </h2> <ul> <li><a href="https://resend.com/docs/api-reference/emails/send-batch-emails" rel="noopener noreferrer">Resend Batch API Documentation</a></li> <li><a href="https://cloud.google.com/run/docs/tips/general" rel="noopener noreferrer">Google Cloud Run Best Practices</a></li> </ul> resend googlecloud webdev javascript SupaWP Storage Filter Hooks - Seamless Supabase Storage Integration for WordPress Dale Nguyen Sat, 06 Sep 2025 04:05:16 +0000 https://dev.to/dalenguyen/supawp-storage-filter-hooks-seamless-supabase-storage-integration-for-wordpress-1ana https://dev.to/dalenguyen/supawp-storage-filter-hooks-seamless-supabase-storage-integration-for-wordpress-1ana <p>Building modern WordPress applications often requires robust file storage solutions that scale beyond traditional media library limitations. Today, we're excited to introduce <strong>SupaWP Storage Filter Hooks</strong> – a powerful new feature that brings seamless Supabase Storage integration directly to your WordPress plugins and themes.</p> <h2> What Are SupaWP Storage Filter Hooks? </h2> <p>SupaWP Storage Filter Hooks are a set of WordPress filter hooks that provide a standardized, developer-friendly way to integrate Supabase Storage into any WordPress application. Instead of writing custom storage code for each project, you can now leverage these hooks to upload, delete, and manage files in Supabase Storage with just a few lines of code.</p> <h2> Prerequisites </h2> <p>Before diving into the implementation, ensure you have:</p> <ul> <li>WordPress site with <a href="https://techcater.com/shop/products/SUPA_WP" rel="noopener noreferrer">SupaWP</a> plugin v1.3.4 or higher installed and configured</li> <li>Supabase project with Storage enabled</li> <li>Basic knowledge of WordPress filters and PHP</li> <li>Supabase Storage bucket configured</li> </ul> <h2> The Three Essential Hooks </h2> <h3> 1. <code>supawp_upload_image_to_supabase</code> </h3> <p>Upload images directly to Supabase Storage with automatic validation and security:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="c1">// Upload a user profile image</span> <span class="nv">$image_url</span> <span class="o">=</span> <span class="nf">apply_filters</span><span class="p">(</span><span class="s1">'supawp_upload_image_to_supabase'</span><span class="p">,</span> <span class="nv">$file</span><span class="p">,</span> <span class="nv">$fileName</span><span class="p">,</span> <span class="s1">'user-images'</span><span class="p">);</span> <span class="k">if</span> <span class="p">(</span><span class="o">!</span><span class="k">empty</span><span class="p">(</span><span class="nv">$image_url</span><span class="p">))</span> <span class="p">{</span> <span class="c1">// Success! Save the URL to your database</span> <span class="nf">update_user_meta</span><span class="p">(</span><span class="nv">$user_id</span><span class="p">,</span> <span class="s1">'profile_image_url'</span><span class="p">,</span> <span class="nv">$image_url</span><span class="p">);</span> <span class="k">return</span> <span class="k">array</span><span class="p">(</span><span class="s1">'success'</span> <span class="o">=&gt;</span> <span class="kc">true</span><span class="p">,</span> <span class="s1">'url'</span> <span class="o">=&gt;</span> <span class="nv">$image_url</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <h3> 2. <code>supawp_delete_image_from_supabase</code> </h3> <p>Remove files from Supabase Storage with proper cleanup:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="c1">// Delete a user's profile image</span> <span class="nv">$success</span> <span class="o">=</span> <span class="nf">apply_filters</span><span class="p">(</span><span class="s1">'supawp_delete_image_from_supabase'</span><span class="p">,</span> <span class="nv">$image_url</span><span class="p">,</span> <span class="s1">'user-images'</span><span class="p">);</span> <span class="k">if</span> <span class="p">(</span><span class="nv">$success</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// File deleted successfully</span> <span class="nf">delete_user_meta</span><span class="p">(</span><span class="nv">$user_id</span><span class="p">,</span> <span class="s1">'profile_image_url'</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <h3> 3. <code>supawp_get_storage_config</code> </h3> <p>Access Supabase Storage configuration and verify setup:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="c1">// Check if storage is properly configured</span> <span class="nv">$config</span> <span class="o">=</span> <span class="nf">apply_filters</span><span class="p">(</span><span class="s1">'supawp_get_storage_config'</span><span class="p">);</span> <span class="k">if</span> <span class="p">(</span><span class="o">!</span><span class="k">empty</span><span class="p">(</span><span class="nv">$config</span><span class="p">))</span> <span class="p">{</span> <span class="k">echo</span> <span class="s2">"Storage URL: "</span> <span class="mf">.</span> <span class="nv">$config</span><span class="p">[</span><span class="s1">'url'</span><span class="p">];</span> <span class="k">echo</span> <span class="s2">"Authentication: Configured ✓"</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <h2> Simple File Upload Implementation </h2> <p>Here's a basic implementation using the SupaWP Storage Filter Hooks:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="cp">&lt;?php</span> <span class="cd">/** * Simple File Upload with SupaWP Storage */</span> <span class="kd">class</span> <span class="nc">Simple_SupaWP_Upload</span> <span class="p">{</span> <span class="k">public</span> <span class="k">static</span> <span class="k">function</span> <span class="n">init</span><span class="p">()</span> <span class="p">{</span> <span class="nf">add_shortcode</span><span class="p">(</span><span class="s1">'simple_file_upload'</span><span class="p">,</span> <span class="k">array</span><span class="p">(</span><span class="s1">'Simple_SupaWP_Upload'</span><span class="p">,</span> <span class="s1">'upload_shortcode'</span><span class="p">));</span> <span class="nf">add_action</span><span class="p">(</span><span class="s1">'wp_ajax_upload_to_supabase'</span><span class="p">,</span> <span class="k">array</span><span class="p">(</span><span class="s1">'Simple_SupaWP_Upload'</span><span class="p">,</span> <span class="s1">'handle_upload'</span><span class="p">));</span> <span class="p">}</span> <span class="k">public</span> <span class="k">static</span> <span class="k">function</span> <span class="n">upload_shortcode</span><span class="p">()</span> <span class="p">{</span> <span class="nv">$current_user</span> <span class="o">=</span> <span class="nf">wp_get_current_user</span><span class="p">();</span> <span class="k">if</span> <span class="p">(</span><span class="o">!</span><span class="nv">$current_user</span><span class="o">-&gt;</span><span class="no">ID</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="s1">'&lt;p&gt;Please log in to upload files.&lt;/p&gt;'</span><span class="p">;</span> <span class="p">}</span> <span class="nb">ob_start</span><span class="p">();</span> <span class="cp">?&gt;</span> <span class="nt">&lt;form</span> <span class="na">id=</span><span class="s">"upload-form"</span> <span class="na">enctype=</span><span class="s">"multipart/form-data"</span><span class="nt">&gt;</span> <span class="nt">&lt;input</span> <span class="na">type=</span><span class="s">"file"</span> <span class="na">name=</span><span class="s">"user_file"</span> <span class="na">accept=</span><span class="s">".jpg,.jpeg,.png,.webp"</span> <span class="na">required</span><span class="nt">&gt;</span> <span class="nt">&lt;button</span> <span class="na">type=</span><span class="s">"submit"</span><span class="nt">&gt;</span>Upload File<span class="nt">&lt;/button&gt;</span> <span class="nt">&lt;/form&gt;</span> <span class="nt">&lt;div</span> <span class="na">id=</span><span class="s">"upload-result"</span><span class="nt">&gt;&lt;/div&gt;</span> <span class="nt">&lt;script&gt;</span> <span class="nb">document</span><span class="p">.</span><span class="nf">getElementById</span><span class="p">(</span><span class="dl">'</span><span class="s1">upload-form</span><span class="dl">'</span><span class="p">).</span><span class="nf">addEventListener</span><span class="p">(</span><span class="dl">'</span><span class="s1">submit</span><span class="dl">'</span><span class="p">,</span> <span class="kd">function</span><span class="p">(</span><span class="nx">e</span><span class="p">)</span> <span class="p">{</span> <span class="nx">e</span><span class="p">.</span><span class="nf">preventDefault</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">formData</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">FormData</span><span class="p">(</span><span class="k">this</span><span class="p">);</span> <span class="nx">formData</span><span class="p">.</span><span class="nf">append</span><span class="p">(</span><span class="dl">'</span><span class="s1">action</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">upload_to_supabase</span><span class="dl">'</span><span class="p">);</span> <span class="nx">formData</span><span class="p">.</span><span class="nx">append</span><span class="p">(</span><span class="dl">'</span><span class="s1">nonce</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="cp">&lt;?php</span> <span class="k">echo</span> <span class="nf">wp_create_nonce</span><span class="p">(</span><span class="s1">'upload_nonce'</span><span class="p">);</span> <span class="cp">?&gt;</span><span class="dl">'</span><span class="p">);</span> <span class="nx">fetch</span><span class="p">(</span><span class="dl">'</span><span class="cp">&lt;?php</span> <span class="k">echo</span> <span class="nf">admin_url</span><span class="p">(</span><span class="s1">'admin-ajax.php'</span><span class="p">);</span> <span class="cp">?&gt;</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">method</span><span class="p">:</span> <span class="dl">'</span><span class="s1">POST</span><span class="dl">'</span><span class="p">,</span> <span class="na">body</span><span class="p">:</span> <span class="nx">formData</span> <span class="p">})</span> <span class="p">.</span><span class="nf">then</span><span class="p">(</span><span class="nx">response</span> <span class="o">=&gt;</span> <span class="nx">response</span><span class="p">.</span><span class="nf">json</span><span class="p">())</span> <span class="p">.</span><span class="nf">then</span><span class="p">(</span><span class="nx">data</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nb">document</span><span class="p">.</span><span class="nf">getElementById</span><span class="p">(</span><span class="dl">'</span><span class="s1">upload-result</span><span class="dl">'</span><span class="p">).</span><span class="nx">innerHTML</span> <span class="o">=</span> <span class="nx">data</span><span class="p">.</span><span class="nx">success</span> <span class="p">?</span> <span class="dl">'</span><span class="s1">Upload successful!</span><span class="dl">'</span> <span class="p">:</span> <span class="dl">'</span><span class="s1">Upload failed: </span><span class="dl">'</span> <span class="o">+</span> <span class="nx">data</span><span class="p">.</span><span class="nx">data</span><span class="p">;</span> <span class="p">});</span> <span class="p">});</span> <span class="nt">&lt;/script&gt;</span> <span class="cp">&lt;?php</span> <span class="k">return</span> <span class="nb">ob_get_clean</span><span class="p">();</span> <span class="p">}</span> <span class="k">public</span> <span class="k">static</span> <span class="k">function</span> <span class="n">handle_upload</span><span class="p">()</span> <span class="p">{</span> <span class="nf">check_ajax_referer</span><span class="p">(</span><span class="s1">'upload_nonce'</span><span class="p">,</span> <span class="s1">'nonce'</span><span class="p">);</span> <span class="k">if</span> <span class="p">(</span><span class="o">!</span><span class="k">isset</span><span class="p">(</span><span class="nv">$_FILES</span><span class="p">[</span><span class="s1">'user_file'</span><span class="p">]))</span> <span class="p">{</span> <span class="nf">wp_send_json_error</span><span class="p">(</span><span class="s1">'No file provided'</span><span class="p">);</span> <span class="p">}</span> <span class="nv">$file</span> <span class="o">=</span> <span class="nv">$_FILES</span><span class="p">[</span><span class="s1">'user_file'</span><span class="p">];</span> <span class="nv">$user_id</span> <span class="o">=</span> <span class="nf">get_current_user_id</span><span class="p">();</span> <span class="c1">// Generate file path</span> <span class="nv">$extension</span> <span class="o">=</span> <span class="nb">pathinfo</span><span class="p">(</span><span class="nv">$file</span><span class="p">[</span><span class="s1">'name'</span><span class="p">],</span> <span class="no">PATHINFO_EXTENSION</span><span class="p">);</span> <span class="nv">$fileName</span> <span class="o">=</span> <span class="s2">"users/</span><span class="si">{</span><span class="nv">$user_id</span><span class="si">}</span><span class="s2">/"</span> <span class="mf">.</span> <span class="nb">time</span><span class="p">()</span> <span class="mf">.</span> <span class="s2">".</span><span class="si">{</span><span class="nv">$extension</span><span class="si">}</span><span class="s2">"</span><span class="p">;</span> <span class="c1">// Upload using SupaWP hook</span> <span class="nv">$url</span> <span class="o">=</span> <span class="nf">apply_filters</span><span class="p">(</span><span class="s1">'supawp_upload_image_to_supabase'</span><span class="p">,</span> <span class="nv">$file</span><span class="p">,</span> <span class="nv">$fileName</span><span class="p">,</span> <span class="s1">'user-content'</span><span class="p">);</span> <span class="k">if</span> <span class="p">(</span><span class="nv">$url</span><span class="p">)</span> <span class="p">{</span> <span class="nf">wp_send_json_success</span><span class="p">(</span><span class="k">array</span><span class="p">(</span><span class="s1">'url'</span> <span class="o">=&gt;</span> <span class="nv">$url</span><span class="p">));</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="nf">wp_send_json_error</span><span class="p">(</span><span class="s1">'Upload failed'</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> <span class="nf">add_action</span><span class="p">(</span><span class="s1">'supawp_init'</span><span class="p">,</span> <span class="k">array</span><span class="p">(</span><span class="s1">'Simple_SupaWP_Upload'</span><span class="p">,</span> <span class="s1">'init'</span><span class="p">));</span> </code></pre> </div> <h2> Advanced Implementation Examples </h2> <h3> E-commerce Product Gallery </h3> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="k">function</span> <span class="n">upload_product_images</span><span class="p">(</span><span class="nv">$product_id</span><span class="p">,</span> <span class="nv">$files</span><span class="p">)</span> <span class="p">{</span> <span class="nv">$uploaded_urls</span> <span class="o">=</span> <span class="k">array</span><span class="p">();</span> <span class="k">foreach</span> <span class="p">(</span><span class="nv">$files</span> <span class="k">as</span> <span class="nv">$file</span><span class="p">)</span> <span class="p">{</span> <span class="nv">$fileName</span> <span class="o">=</span> <span class="s2">"products/</span><span class="si">{</span><span class="nv">$product_id</span><span class="si">}</span><span class="s2">/"</span> <span class="mf">.</span> <span class="nb">time</span><span class="p">()</span> <span class="mf">.</span> <span class="s2">".jpg"</span><span class="p">;</span> <span class="nv">$url</span> <span class="o">=</span> <span class="nf">apply_filters</span><span class="p">(</span><span class="s1">'supawp_upload_image_to_supabase'</span><span class="p">,</span> <span class="nv">$file</span><span class="p">,</span> <span class="nv">$fileName</span><span class="p">,</span> <span class="s1">'products'</span><span class="p">);</span> <span class="k">if</span> <span class="p">(</span><span class="nv">$url</span><span class="p">)</span> <span class="p">{</span> <span class="nv">$uploaded_urls</span><span class="p">[]</span> <span class="o">=</span> <span class="nv">$url</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> <span class="nf">update_post_meta</span><span class="p">(</span><span class="nv">$product_id</span><span class="p">,</span> <span class="s1">'_gallery_urls'</span><span class="p">,</span> <span class="nv">$uploaded_urls</span><span class="p">);</span> <span class="k">return</span> <span class="nv">$uploaded_urls</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <h3> User Document Management </h3> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="k">function</span> <span class="n">upload_user_document</span><span class="p">(</span><span class="nv">$user_id</span><span class="p">,</span> <span class="nv">$file</span><span class="p">)</span> <span class="p">{</span> <span class="k">if</span> <span class="p">(</span><span class="o">!</span><span class="nf">current_user_can</span><span class="p">(</span><span class="s1">'upload_files'</span><span class="p">))</span> <span class="p">{</span> <span class="k">return</span> <span class="kc">false</span><span class="p">;</span> <span class="p">}</span> <span class="nv">$fileName</span> <span class="o">=</span> <span class="s2">"documents/</span><span class="si">{</span><span class="nv">$user_id</span><span class="si">}</span><span class="s2">/"</span> <span class="mf">.</span> <span class="nb">time</span><span class="p">()</span> <span class="mf">.</span> <span class="s2">".pdf"</span><span class="p">;</span> <span class="nv">$url</span> <span class="o">=</span> <span class="nf">apply_filters</span><span class="p">(</span><span class="s1">'supawp_upload_image_to_supabase'</span><span class="p">,</span> <span class="nv">$file</span><span class="p">,</span> <span class="nv">$fileName</span><span class="p">,</span> <span class="s1">'documents'</span><span class="p">);</span> <span class="k">if</span> <span class="p">(</span><span class="nv">$url</span><span class="p">)</span> <span class="p">{</span> <span class="nf">update_user_meta</span><span class="p">(</span><span class="nv">$user_id</span><span class="p">,</span> <span class="s1">'document_url'</span><span class="p">,</span> <span class="nv">$url</span><span class="p">);</span> <span class="k">return</span> <span class="nv">$url</span><span class="p">;</span> <span class="p">}</span> <span class="k">return</span> <span class="kc">false</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <h2> Integration with Popular Plugins </h2> <h3> Contact Form 7 Integration </h3> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="k">function</span> <span class="n">handle_contact_form_upload</span><span class="p">(</span><span class="nv">$contact_form</span><span class="p">)</span> <span class="p">{</span> <span class="nv">$submission</span> <span class="o">=</span> <span class="n">WPCF7_Submission</span><span class="o">::</span><span class="nf">get_instance</span><span class="p">();</span> <span class="nv">$files</span> <span class="o">=</span> <span class="nv">$submission</span><span class="o">-&gt;</span><span class="nf">uploaded_files</span><span class="p">();</span> <span class="k">if</span> <span class="p">(</span><span class="k">isset</span><span class="p">(</span><span class="nv">$files</span><span class="p">[</span><span class="s1">'resume'</span><span class="p">]))</span> <span class="p">{</span> <span class="nv">$fileName</span> <span class="o">=</span> <span class="s2">"resumes/"</span> <span class="mf">.</span> <span class="nb">time</span><span class="p">()</span> <span class="mf">.</span> <span class="s2">"_resume.pdf"</span><span class="p">;</span> <span class="nv">$url</span> <span class="o">=</span> <span class="nf">apply_filters</span><span class="p">(</span><span class="s1">'supawp_upload_image_to_supabase'</span><span class="p">,</span> <span class="nv">$files</span><span class="p">[</span><span class="s1">'resume'</span><span class="p">],</span> <span class="nv">$fileName</span><span class="p">,</span> <span class="s1">'resumes'</span><span class="p">);</span> <span class="k">if</span> <span class="p">(</span><span class="nv">$url</span><span class="p">)</span> <span class="p">{</span> <span class="nf">update_option</span><span class="p">(</span><span class="s1">'latest_resume'</span><span class="p">,</span> <span class="nv">$url</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> <span class="nf">add_action</span><span class="p">(</span><span class="s1">'wpcf7_mail_sent'</span><span class="p">,</span> <span class="s1">'handle_contact_form_upload'</span><span class="p">);</span> </code></pre> </div> <h3> WooCommerce Integration </h3> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="k">function</span> <span class="n">sync_product_to_supabase</span><span class="p">(</span><span class="nv">$product_id</span><span class="p">)</span> <span class="p">{</span> <span class="nv">$product</span> <span class="o">=</span> <span class="nf">wc_get_product</span><span class="p">(</span><span class="nv">$product_id</span><span class="p">);</span> <span class="nv">$image_id</span> <span class="o">=</span> <span class="nv">$product</span><span class="o">-&gt;</span><span class="nf">get_image_id</span><span class="p">();</span> <span class="k">if</span> <span class="p">(</span><span class="nv">$image_id</span><span class="p">)</span> <span class="p">{</span> <span class="nv">$image_path</span> <span class="o">=</span> <span class="nf">get_attached_file</span><span class="p">(</span><span class="nv">$image_id</span><span class="p">);</span> <span class="nv">$file</span> <span class="o">=</span> <span class="k">array</span><span class="p">(</span> <span class="s1">'tmp_name'</span> <span class="o">=&gt;</span> <span class="nv">$image_path</span><span class="p">,</span> <span class="s1">'name'</span> <span class="o">=&gt;</span> <span class="nb">basename</span><span class="p">(</span><span class="nv">$image_path</span><span class="p">),</span> <span class="s1">'size'</span> <span class="o">=&gt;</span> <span class="nb">filesize</span><span class="p">(</span><span class="nv">$image_path</span><span class="p">)</span> <span class="p">);</span> <span class="nv">$fileName</span> <span class="o">=</span> <span class="s2">"products/</span><span class="si">{</span><span class="nv">$product_id</span><span class="si">}</span><span class="s2">.jpg"</span><span class="p">;</span> <span class="nv">$url</span> <span class="o">=</span> <span class="nf">apply_filters</span><span class="p">(</span><span class="s1">'supawp_upload_image_to_supabase'</span><span class="p">,</span> <span class="nv">$file</span><span class="p">,</span> <span class="nv">$fileName</span><span class="p">,</span> <span class="s1">'products'</span><span class="p">);</span> <span class="k">if</span> <span class="p">(</span><span class="nv">$url</span><span class="p">)</span> <span class="p">{</span> <span class="nf">update_post_meta</span><span class="p">(</span><span class="nv">$product_id</span><span class="p">,</span> <span class="s1">'_supabase_image'</span><span class="p">,</span> <span class="nv">$url</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> <span class="nf">add_action</span><span class="p">(</span><span class="s1">'woocommerce_process_product_meta'</span><span class="p">,</span> <span class="s1">'sync_product_to_supabase'</span><span class="p">);</span> </code></pre> </div> <h2> Security Best Practices </h2> <h3> Row Level Security (RLS) Policies </h3> <p>Set up proper RLS policies in your Supabase dashboard:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="c1">-- Users can only upload to their own folders</span> <span class="k">CREATE</span> <span class="n">POLICY</span> <span class="nv">"Users upload own files"</span> <span class="k">ON</span> <span class="k">storage</span><span class="p">.</span><span class="n">objects</span> <span class="k">FOR</span> <span class="k">INSERT</span> <span class="k">WITH</span> <span class="k">CHECK</span> <span class="p">(</span> <span class="n">bucket_id</span> <span class="o">=</span> <span class="s1">'user-content'</span> <span class="k">AND</span> <span class="p">(</span><span class="k">storage</span><span class="p">.</span><span class="n">foldername</span><span class="p">(</span><span class="n">name</span><span class="p">))[</span><span class="mi">1</span><span class="p">]</span> <span class="o">=</span> <span class="n">auth</span><span class="p">.</span><span class="n">uid</span><span class="p">()::</span><span class="nb">text</span> <span class="p">);</span> <span class="c1">-- Users can only view their own files</span> <span class="k">CREATE</span> <span class="n">POLICY</span> <span class="nv">"Users view own files"</span> <span class="k">ON</span> <span class="k">storage</span><span class="p">.</span><span class="n">objects</span> <span class="k">FOR</span> <span class="k">SELECT</span> <span class="k">USING</span> <span class="p">(</span> <span class="n">bucket_id</span> <span class="o">=</span> <span class="s1">'user-content'</span> <span class="k">AND</span> <span class="p">(</span><span class="k">storage</span><span class="p">.</span><span class="n">foldername</span><span class="p">(</span><span class="n">name</span><span class="p">))[</span><span class="mi">1</span><span class="p">]</span> <span class="o">=</span> <span class="n">auth</span><span class="p">.</span><span class="n">uid</span><span class="p">()::</span><span class="nb">text</span> <span class="p">);</span> <span class="c1">-- Users can only delete their own files</span> <span class="k">CREATE</span> <span class="n">POLICY</span> <span class="nv">"Users delete own files"</span> <span class="k">ON</span> <span class="k">storage</span><span class="p">.</span><span class="n">objects</span> <span class="k">FOR</span> <span class="k">DELETE</span> <span class="k">USING</span> <span class="p">(</span> <span class="n">bucket_id</span> <span class="o">=</span> <span class="s1">'user-content'</span> <span class="k">AND</span> <span class="p">(</span><span class="k">storage</span><span class="p">.</span><span class="n">foldername</span><span class="p">(</span><span class="n">name</span><span class="p">))[</span><span class="mi">1</span><span class="p">]</span> <span class="o">=</span> <span class="n">auth</span><span class="p">.</span><span class="n">uid</span><span class="p">()::</span><span class="nb">text</span> <span class="p">);</span> </code></pre> </div> <h3> Simple File Validation </h3> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="k">function</span> <span class="n">validate_file</span><span class="p">(</span><span class="nv">$file</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// Check file size (5MB limit)</span> <span class="k">if</span> <span class="p">(</span><span class="nv">$file</span><span class="p">[</span><span class="s1">'size'</span><span class="p">]</span> <span class="o">&gt;</span> <span class="mi">5242880</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="kc">false</span><span class="p">;</span> <span class="p">}</span> <span class="c1">// Check file type</span> <span class="nv">$allowed_types</span> <span class="o">=</span> <span class="k">array</span><span class="p">(</span><span class="s1">'jpg'</span><span class="p">,</span> <span class="s1">'png'</span><span class="p">,</span> <span class="s1">'pdf'</span><span class="p">);</span> <span class="nv">$extension</span> <span class="o">=</span> <span class="nb">pathinfo</span><span class="p">(</span><span class="nv">$file</span><span class="p">[</span><span class="s1">'name'</span><span class="p">],</span> <span class="no">PATHINFO_EXTENSION</span><span class="p">);</span> <span class="k">return</span> <span class="nb">in_array</span><span class="p">(</span><span class="nv">$extension</span><span class="p">,</span> <span class="nv">$allowed_types</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <h2> Performance Optimization </h2> <h3> Batch Upload </h3> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="k">function</span> <span class="n">batch_upload</span><span class="p">(</span><span class="nv">$files</span><span class="p">,</span> <span class="nv">$user_id</span><span class="p">)</span> <span class="p">{</span> <span class="nv">$results</span> <span class="o">=</span> <span class="k">array</span><span class="p">();</span> <span class="k">foreach</span> <span class="p">(</span><span class="nv">$files</span> <span class="k">as</span> <span class="nv">$file</span><span class="p">)</span> <span class="p">{</span> <span class="nv">$fileName</span> <span class="o">=</span> <span class="s2">"users/</span><span class="si">{</span><span class="nv">$user_id</span><span class="si">}</span><span class="s2">/"</span> <span class="mf">.</span> <span class="nb">time</span><span class="p">()</span> <span class="mf">.</span> <span class="s2">".jpg"</span><span class="p">;</span> <span class="nv">$url</span> <span class="o">=</span> <span class="nf">apply_filters</span><span class="p">(</span><span class="s1">'supawp_upload_image_to_supabase'</span><span class="p">,</span> <span class="nv">$file</span><span class="p">,</span> <span class="nv">$fileName</span><span class="p">,</span> <span class="s1">'user-content'</span><span class="p">);</span> <span class="nv">$results</span><span class="p">[]</span> <span class="o">=</span> <span class="k">array</span><span class="p">(</span> <span class="s1">'name'</span> <span class="o">=&gt;</span> <span class="nv">$file</span><span class="p">[</span><span class="s1">'name'</span><span class="p">],</span> <span class="s1">'url'</span> <span class="o">=&gt;</span> <span class="nv">$url</span><span class="p">,</span> <span class="s1">'success'</span> <span class="o">=&gt;</span> <span class="o">!</span><span class="k">empty</span><span class="p">(</span><span class="nv">$url</span><span class="p">)</span> <span class="p">);</span> <span class="p">}</span> <span class="k">return</span> <span class="nv">$results</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <h2> Using Your File Upload System </h2> <p>Once your code is in place:</p> <ol> <li> <strong>Add the shortcode to any page or post</strong>: <code>[simple_file_upload]</code> </li> <li> <strong>Ensure users are logged in</strong> for security</li> <li> <strong>Configure your Supabase Storage</strong> with appropriate buckets</li> </ol> <p>Example usage:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight html"><code>[simple_file_upload] </code></pre> </div> <h2> Common Supabase Storage Query Filters </h2> <p>When working with uploaded files, you can query them using various filters:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="c1">// Get user's files from database</span> <span class="nv">$user_files</span> <span class="o">=</span> <span class="nf">apply_filters</span><span class="p">(</span><span class="s1">'supawp_get_data_from_supabase'</span><span class="p">,</span> <span class="s1">'files'</span><span class="p">,</span> <span class="k">array</span><span class="p">(</span> <span class="s1">'user_id'</span> <span class="o">=&gt;</span> <span class="s1">'eq.'</span> <span class="mf">.</span> <span class="nv">$user_id</span><span class="p">,</span> <span class="s1">'order'</span> <span class="o">=&gt;</span> <span class="s1">'created_at.desc'</span> <span class="p">));</span> <span class="c1">// Filter by file size</span> <span class="nv">$large_files</span> <span class="o">=</span> <span class="nf">apply_filters</span><span class="p">(</span><span class="s1">'supawp_get_data_from_supabase'</span><span class="p">,</span> <span class="s1">'files'</span><span class="p">,</span> <span class="k">array</span><span class="p">(</span> <span class="s1">'file_size'</span> <span class="o">=&gt;</span> <span class="s1">'gt.1000000'</span> <span class="p">));</span> </code></pre> </div> <h2> Troubleshooting Common Issues </h2> <h3> Troubleshooting </h3> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="c1">// Check if storage is configured</span> <span class="nv">$config</span> <span class="o">=</span> <span class="nf">apply_filters</span><span class="p">(</span><span class="s1">'supawp_get_storage_config'</span><span class="p">);</span> <span class="k">if</span> <span class="p">(</span><span class="k">empty</span><span class="p">(</span><span class="nv">$config</span><span class="p">))</span> <span class="p">{</span> <span class="k">echo</span> <span class="s2">"Storage not configured"</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <h3> Common Issues </h3> <ol> <li> <strong>Storage not configured</strong> - Check SupaWP settings</li> <li> <strong>Upload fails</strong> - Verify file size and type limits</li> <li> <strong>Permission denied</strong> - Check Supabase RLS policies</li> <li> <strong>Files not showing</strong> - Ensure bucket is public</li> </ol> <h2> Conclusion </h2> <p>SupaWP Storage Filter Hooks revolutionize file management in WordPress by providing seamless integration with Supabase's powerful storage infrastructure. With enterprise-grade security, global CDN distribution, and a developer-friendly API, you can build sophisticated file management systems with minimal code.</p> <p>Key benefits of this integration:</p> <ul> <li> <strong>Zero Configuration Complexity</strong> - SupaWP handles authentication and API communication</li> <li> <strong>Enterprise Security</strong> - Automatic RLS integration and secure file handling</li> <li> <strong>Global Performance</strong> - Leverage Supabase's worldwide CDN network</li> <li> <strong>WordPress Native</strong> - Uses familiar WordPress filter patterns</li> <li> <strong>Scalable Architecture</strong> - No server storage limitations</li> </ul> <p>Whether you're building a simple profile system, complex document management, or e-commerce product galleries, SupaWP Storage Filter Hooks provide the foundation for modern, scalable WordPress applications.</p> <h2> Resources </h2> <ul> <li><a href="https://techcater.com/shop/products/SUPA_WP" rel="noopener noreferrer">SupaWP Plugin</a></li> <li><a href="https://supabase.com/docs/guides/storage" rel="noopener noreferrer">Supabase Storage Documentation</a></li> <li><a href="https://developer.wordpress.org/reference/functions/apply_filters/" rel="noopener noreferrer">WordPress Filter Reference</a></li> <li><a href="https://supabase.com/docs/guides/auth/row-level-security" rel="noopener noreferrer">Supabase Row Level Security</a></li> </ul> <p>Ready to transform your WordPress file management? Download SupaWP v1.3.4+ and start building with Supabase Storage today!</p> supabase wordpress webdev php Learn with Daily Mastery - From AI Generation to Email Delivery Dale Nguyen Thu, 04 Sep 2025 04:00:42 +0000 https://dev.to/dalenguyen/learn-with-daily-mastery-from-ai-generation-to-email-delivery-1jk1 https://dev.to/dalenguyen/learn-with-daily-mastery-from-ai-generation-to-email-delivery-1jk1 <p>One of the biggest challenges in online education isn't creating content—it's delivering the right content to the right person at the right time. When building <a href="https://dailymastery.io" rel="noopener noreferrer">DailyMastery</a>, we needed to solve a complex scheduling problem: how do you deliver personalized, AI-generated lessons to users across different time zones, preferences, and learning schedules?</p> <p>Our solution is a high-performance lesson scheduling system that processes thousands of users daily, generates personalized content on-the-fly, and delivers beautiful email lessons at precisely the right moment. Here's how we built it.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F5mrdcrrjklmensnn7jup.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F5mrdcrrjklmensnn7jup.png" alt="DailyMastery email" width="800" height="541"></a></p> <h2> The Challenge: Personalization at Scale </h2> <p>Traditional learning platforms send the same content to everyone. But true personalization requires:</p> <ul> <li> <strong>Individual content generation</strong>: Each lesson tailored to specific goals and progress</li> <li> <strong>Time-based delivery</strong>: Respecting user preferences for morning, afternoon, or evening learning</li> <li> <strong>Scalable processing</strong>: Handling growing user bases without performance degradation</li> <li> <strong>Reliability</strong>: Ensuring lessons are delivered consistently, even when individual components fail</li> </ul> <h2> Architecture Overview: From User Preferences to Inbox </h2> <p>Our lesson scheduling system consists of several coordinated services:</p> <h3> 1. User Selection Engine </h3> <p>The system starts by identifying which users should receive lessons for each time slot:</p> <p><strong>Selection Criteria</strong>:</p> <ul> <li>Users must have <code>preferences.studyTime</code> matching the time slot ('morning', 'afternoon', 'evening')</li> <li>Users must have <code>preferences.notifications.dailyReminders</code> enabled</li> <li>Users must have active study plans with lessons scheduled for today</li> </ul> <p><strong>Time Slots</strong>:</p> <ul> <li>06:00 UTC (Morning): Targets users who prefer early learning</li> <li>12:00 UTC (Afternoon): Catches lunch-break learners</li> <li>18:00 UTC (Evening): Reaches after-work studiers</li> </ul> <h3> 2. AI Content Generation Pipeline </h3> <p>Once we identify users, each lesson goes through our AI enhancement process:</p> <p><strong>Process Flow</strong>:</p> <ol> <li> <strong>Lesson Retrieval</strong>: Get scheduled lesson from database with original template content</li> <li> <strong>AI Enhancement</strong>: Use Google Cloud Vertex AI with Gemini to expand and personalize the content</li> <li> <strong>Quality Validation</strong>: Ensure AI-generated content meets quality standards</li> <li> <strong>Fallback Strategy</strong>: Use original template if AI generation fails</li> </ol> <p><strong>Content Personalization</strong>:<br> The AI considers user context including:</p> <ul> <li>Learning objectives and goals</li> <li>Current progress and difficulty level</li> <li>Preferred learning style and time commitment</li> <li>Previous lesson feedback and engagement</li> </ul> <h3> 3. Batch Processing for Scale </h3> <p>To handle thousands of users efficiently, we use sophisticated batch processing:</p> <p><strong>Concurrency Control</strong>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">const</span> <span class="nx">pLimit</span> <span class="o">=</span> <span class="p">(</span><span class="k">await</span> <span class="k">import</span><span class="p">(</span><span class="dl">'</span><span class="s1">p-limit</span><span class="dl">'</span><span class="p">)).</span><span class="k">default</span> <span class="kd">const</span> <span class="nx">limit</span> <span class="o">=</span> <span class="nf">pLimit</span><span class="p">(</span><span class="mi">10</span><span class="p">)</span> <span class="c1">// Process up to 10 users concurrently</span> <span class="kd">const</span> <span class="nx">promises</span> <span class="o">=</span> <span class="nx">userGroups</span><span class="p">.</span><span class="nf">map</span><span class="p">((</span><span class="nx">userGroup</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="nf">limit</span><span class="p">(()</span> <span class="o">=&gt;</span> <span class="k">this</span><span class="p">.</span><span class="nf">processUserGroup</span><span class="p">(</span><span class="nx">userGroup</span><span class="p">)))</span> <span class="k">await</span> <span class="nb">Promise</span><span class="p">.</span><span class="nf">allSettled</span><span class="p">(</span><span class="nx">promises</span><span class="p">)</span> </code></pre> </div> <p><strong>Error Resilience</strong>:<br> Individual user failures don't stop the entire batch. Each user's processing is isolated, logged, and reported separately.</p> <h2> The Lesson Processor: Heart of the System </h2> <p>Our <code>LessonProcessorService</code> handles the complex task of managing lesson content:</p> <h3> Active Plan Discovery </h3> <p>The system performs comprehensive scans to find all active study plans:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">async</span> <span class="nf">getActivePlans</span><span class="p">():</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="nx">UserPlanGroup</span><span class="p">[]</span><span class="o">&gt;</span> <span class="p">{</span> <span class="c1">// Scan all users with active plans</span> <span class="c1">// Find today's scheduled lessons</span> <span class="c1">// Group by user for efficient processing</span> <span class="p">}</span> </code></pre> </div> <h3> AI Content Generation </h3> <p>Each lesson is enhanced with AI-generated content:</p> <p><strong>Quality Metrics</strong>:</p> <ul> <li>Content length and depth analysis</li> <li>Learning objective alignment</li> <li>Engagement potential scoring</li> <li>Readability assessment</li> </ul> <p><strong>Performance Tracking</strong>:</p> <ul> <li>AI generation time per lesson</li> <li>Success/failure rates</li> <li>Content quality improvement over time</li> <li>User engagement correlation</li> </ul> <h3> Database Integration </h3> <p>Seamless integration with Firestore for lesson management:</p> <ul> <li>Atomic updates for lesson content</li> <li>Timestamp tracking for delivery status</li> <li>Progress tracking for user analytics</li> <li>Batch operations for efficiency</li> </ul> <h2> Email Delivery: The Final Mile </h2> <p>Our <code>EmailCoordinatorService</code> handles the critical task of email delivery:</p> <h3> Personalized Templates </h3> <p>Each email is personalized based on:</p> <ul> <li> <strong>Time-based greetings</strong>: 🌅 "Good morning" vs ☀️ "Good afternoon" vs 🌙 "Good evening"</li> <li> <strong>Study plan context</strong>: Extracted plan names and goals</li> <li> <strong>Progress indicators</strong>: Current lesson number and completion status</li> <li> <strong>Engagement elements</strong>: Interactive exercises and progress tracking</li> </ul> <h3> Responsive Design </h3> <p>Our <code>TemplateEngineService</code> creates mobile-friendly emails with:</p> <ul> <li>Maximum width of 600px for optimal display</li> <li>Modern gradient designs and professional styling with CSS animations</li> <li>Clear call-to-action buttons for lesson engagement</li> <li>Progress visualization and success metrics</li> <li>Time-based personalized greetings and content adaptation</li> <li>Professional email templates with comprehensive fallback support</li> </ul> <h3> Delivery Reliability </h3> <p>Email delivery includes comprehensive error handling:</p> <ul> <li>Detailed error logging for failed deliveries</li> <li>Retry mechanisms for transient failures</li> <li>Admin alerting for critical delivery issues</li> <li>Success rate monitoring and reporting</li> <li>Batch email API with intelligent fallback to individual sends</li> <li>Rate limiting protection (2 requests per second compliance)</li> </ul> <h2> Real-Time Processing Flow </h2> <p>Here's what happens when our scheduler processes the morning time slot:</p> <h3> 1. Trigger Processing (06:00 UTC) </h3> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="nx">POST</span> <span class="o">/</span><span class="nx">schedule</span><span class="o">/</span><span class="mi">06</span><span class="p">:</span><span class="mi">00</span> </code></pre> </div> <h3> 2. User Discovery </h3> <ul> <li>Query database for morning-preference users</li> <li>Filter for active daily reminders</li> <li>Identify today's scheduled lessons</li> </ul> <h3> 3. Batch Processing </h3> <ul> <li>Group users for efficient processing</li> <li>Apply concurrency limits (10 concurrent users)</li> <li>Process each user's lessons independently</li> </ul> <h3> 4. Content Generation </h3> <p>For each user:</p> <ul> <li>Retrieve scheduled lessons from database</li> <li>Generate AI-enhanced content</li> <li>Update lesson records with new content</li> <li>Mark lessons as processed</li> </ul> <h3> 5. Email Delivery </h3> <ul> <li>Render personalized HTML templates</li> <li>Send via Resend email service</li> <li>Track delivery status and metrics</li> <li>Update lesson records with sent timestamps</li> </ul> <h3> 6. Reporting and Monitoring </h3> <ul> <li>Generate processing summary</li> <li>Send admin reports via email</li> <li>Log performance metrics</li> <li>Alert on critical errors</li> </ul> <h2> Performance Metrics and Monitoring </h2> <p>Our system tracks comprehensive metrics:</p> <h3> Processing Performance </h3> <ul> <li><strong>Total processing time per time slot</strong></li> <li><strong>Average time per user</strong></li> <li><strong>Concurrency efficiency metrics</strong></li> <li><strong>Database operation latency</strong></li> </ul> <h3> Content Quality </h3> <ul> <li> <strong>AI generation success rates</strong> (target: &gt;95%)</li> <li><strong>Content length and complexity metrics</strong></li> <li><strong>User engagement correlation with AI content</strong></li> <li><strong>Fallback usage rates</strong></li> </ul> <h3> Email Delivery </h3> <ul> <li> <strong>Email send success rates</strong> (target: &gt;99%)</li> <li><strong>Template rendering performance</strong></li> <li> <strong>User engagement rates</strong> (opens, clicks, completions)</li> <li><strong>Bounce and complaint rates</strong></li> </ul> <h2> Future Enhancements </h2> <p>We're continuously improving the scheduling system:</p> <h3> Advanced Personalization </h3> <ul> <li> <strong>Learning pattern analysis</strong>: Adapt timing based on user engagement patterns</li> <li> <strong>Content difficulty adjustment</strong>: Dynamic complexity scaling based on progress</li> <li> <strong>Multi-modal delivery</strong>: Support for SMS, push notifications, and in-app delivery</li> </ul> <h3> Performance Optimization </h3> <ul> <li> <strong>Predictive scaling</strong>: Auto-scaling based on user growth patterns</li> <li> <strong>Content pre-generation</strong>: Cache frequently used AI-generated content</li> <li> <strong>Global distribution</strong>: Multi-region deployment for reduced latency</li> </ul> <h3> Analytics and Insights </h3> <ul> <li> <strong>Learning effectiveness metrics</strong>: Correlation between delivery timing and retention</li> <li> <strong>Content performance analysis</strong>: A/B testing for AI-generated vs template content</li> <li> <strong>User journey optimization</strong>: Personalized scheduling based on individual success patterns</li> </ul> <h2> Lessons Learned </h2> <p>Building a personalized lesson scheduling system taught us:</p> <h3> Technical Insights </h3> <ol> <li> <strong>Batch processing with concurrency limits</strong> provides the best balance of speed and reliability</li> <li> <strong>Comprehensive error handling</strong> at every level is essential for user trust</li> <li> <strong>AI content generation requires robust fallback strategies</strong> for reliability</li> <li> <strong>Email delivery is more complex than it appears</strong> - template rendering, personalization, and deliverability all matter</li> </ol> <h3> Product Insights </h3> <ol> <li> <strong>Time-based personalization significantly improves engagement</strong> compared to generic scheduling</li> <li> <strong>AI-enhanced content shows measurably higher completion rates</strong> than template-based lessons</li> <li> <strong>Processing transparency builds user confidence</strong> - users appreciate knowing when their lessons are being prepared</li> <li> <strong>Reliable delivery is table stakes</strong> - users expect lessons to arrive consistently</li> </ol> <h2> Getting Started </h2> <p>If you're building your own personalized delivery system, consider:</p> <ol> <li> <strong>Start with reliable basics</strong>: Get consistent delivery working before adding AI enhancement</li> <li> <strong>Design for failure</strong>: Assume every external service will fail and plan accordingly</li> <li> <strong>Monitor everything</strong>: Comprehensive logging and metrics are essential for debugging and optimization</li> <li> <strong>Test with real load</strong>: Batch processing behaves differently at scale</li> </ol> <p>Our lesson scheduling system demonstrates that personalized, AI-powered education delivery is not only possible but can be built reliably and efficiently with the right architecture and attention to detail.</p> nextjs ai gcp fastify Fixing Next.js Authentication Redirects - Preserving Deep Links After Login Dale Nguyen Fri, 29 Aug 2025 14:34:06 +0000 https://dev.to/dalenguyen/fixing-nextjs-authentication-redirects-preserving-deep-links-after-login-pkk https://dev.to/dalenguyen/fixing-nextjs-authentication-redirects-preserving-deep-links-after-login-pkk <h2> The Problem </h2> <p>In our learning platform <a href="https://dailymastery.io" rel="noopener noreferrer">DailyMastery</a>, we send personalized lesson emails to users with direct links to specific lessons, like:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight markdown"><code>https://dailymastery.io/dashboard/lessons/sample-lesson-detail </code></pre> </div> <p>However, we discovered a frustrating user experience issue: when users clicked these lesson links from their emails, they would be redirected to login (which is correct for unauthenticated users), but after successful authentication, instead of landing on the specific lesson page, they would end up on the generic dashboard.</p> <p>This broke the seamless experience we wanted to provide - users had to manually navigate to find their intended lesson after logging in.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F4ww4113aqgubli68ai69.gif" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F4ww4113aqgubli68ai69.gif" alt="DailyMastery correct redirect example" width="560" height="342"></a></p> <h2> Understanding the Authentication Flow </h2> <p>Let's break down what was happening:</p> <h3> The Original (Broken) Flow: </h3> <ol> <li> <strong>User clicks lesson link</strong>: <code>https://dailymastery.io/dashboard/lessons/sample-lesson-detail</code> </li> <li> <strong>Middleware intercepts</strong>: Detects no authentication token</li> <li> <strong>Redirect to login</strong>: <code>https://dailymastery.io/login</code> (❌ <strong>Original URL lost!</strong>)</li> <li> <strong>User authenticates</strong>: Successfully logs in with Google</li> <li> <strong>Post-login redirect</strong>: Goes to default <code>/dashboard</code> (❌ <strong>Not the intended lesson</strong>)</li> </ol> <h3> The Root Cause </h3> <p>Our Next.js middleware was correctly protecting routes but wasn't preserving the original destination URL when redirecting unauthenticated users to the login page.</p> <p>Here's the problematic middleware code:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// ❌ BEFORE: Lost the original URL</span> <span class="k">export</span> <span class="kd">function</span> <span class="nf">middleware</span><span class="p">(</span><span class="nx">request</span><span class="p">:</span> <span class="nx">NextRequest</span><span class="p">)</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">request</span><span class="p">.</span><span class="nx">nextUrl</span><span class="p">.</span><span class="nx">pathname</span><span class="p">.</span><span class="nf">startsWith</span><span class="p">(</span><span class="dl">'</span><span class="s1">/dashboard</span><span class="dl">'</span><span class="p">))</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">token</span> <span class="o">=</span> <span class="nx">request</span><span class="p">.</span><span class="nx">cookies</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">firebase-token</span><span class="dl">'</span><span class="p">)?.</span><span class="nx">value</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">token</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// This loses the original URL!</span> <span class="k">return</span> <span class="nx">NextResponse</span><span class="p">.</span><span class="nf">redirect</span><span class="p">(</span><span class="k">new</span> <span class="nc">URL</span><span class="p">(</span><span class="dl">'</span><span class="s1">/login</span><span class="dl">'</span><span class="p">,</span> <span class="nx">request</span><span class="p">.</span><span class="nx">url</span><span class="p">))</span> <span class="p">}</span> <span class="p">}</span> <span class="k">return</span> <span class="nx">NextResponse</span><span class="p">.</span><span class="nf">next</span><span class="p">()</span> <span class="p">}</span> </code></pre> </div> <h2> The Solution: Preserving Deep Links </h2> <p>The fix required two components working together:</p> <h3> 1. Enhanced Middleware (Capturing the Original URL) </h3> <p>We modified the middleware to capture the full original URL and pass it as a query parameter:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// ✅ AFTER: Preserves the original URL</span> <span class="k">export</span> <span class="kd">function</span> <span class="nf">middleware</span><span class="p">(</span><span class="nx">request</span><span class="p">:</span> <span class="nx">NextRequest</span><span class="p">)</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">request</span><span class="p">.</span><span class="nx">nextUrl</span><span class="p">.</span><span class="nx">pathname</span><span class="p">.</span><span class="nf">startsWith</span><span class="p">(</span><span class="dl">'</span><span class="s1">/dashboard</span><span class="dl">'</span><span class="p">))</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">cookieToken</span> <span class="o">=</span> <span class="nx">request</span><span class="p">.</span><span class="nx">cookies</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">firebase-token</span><span class="dl">'</span><span class="p">)?.</span><span class="nx">value</span> <span class="kd">const</span> <span class="nx">headerToken</span> <span class="o">=</span> <span class="nx">request</span><span class="p">.</span><span class="nx">headers</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">authorization</span><span class="dl">'</span><span class="p">)?.</span><span class="nf">replace</span><span class="p">(</span><span class="dl">'</span><span class="s1">Bearer </span><span class="dl">'</span><span class="p">,</span> <span class="dl">''</span><span class="p">)</span> <span class="kd">const</span> <span class="nx">token</span> <span class="o">=</span> <span class="nx">cookieToken</span> <span class="o">||</span> <span class="nx">headerToken</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">token</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// 🎯 Key fix: Preserve original URL with query params</span> <span class="kd">const</span> <span class="nx">loginUrl</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">URL</span><span class="p">(</span><span class="dl">'</span><span class="s1">/login</span><span class="dl">'</span><span class="p">,</span> <span class="nx">request</span><span class="p">.</span><span class="nx">url</span><span class="p">)</span> <span class="nx">loginUrl</span><span class="p">.</span><span class="nx">searchParams</span><span class="p">.</span><span class="nf">set</span><span class="p">(</span><span class="dl">'</span><span class="s1">redirect</span><span class="dl">'</span><span class="p">,</span> <span class="nx">request</span><span class="p">.</span><span class="nx">nextUrl</span><span class="p">.</span><span class="nx">pathname</span> <span class="o">+</span> <span class="nx">request</span><span class="p">.</span><span class="nx">nextUrl</span><span class="p">.</span><span class="nx">search</span><span class="p">)</span> <span class="k">return</span> <span class="nx">NextResponse</span><span class="p">.</span><span class="nf">redirect</span><span class="p">(</span><span class="nx">loginUrl</span><span class="p">)</span> <span class="p">}</span> <span class="p">}</span> <span class="k">return</span> <span class="nx">NextResponse</span><span class="p">.</span><span class="nf">next</span><span class="p">()</span> <span class="p">}</span> </code></pre> </div> <p><strong>Key improvements:</strong></p> <ul> <li> <code>request.nextUrl.pathname</code> captures the path (<code>/dashboard/lessons/sample-lesson-detail</code>)</li> <li> <code>request.nextUrl.search</code> captures any query parameters</li> <li>Combined as <code>redirect</code> parameter in the login URL</li> </ul> <h3> 2. Smart Login Page (Reading and Using the Redirect) </h3> <p>Our login page was already set up to handle redirects, but let's look at the key parts:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// login/page.tsx</span> <span class="kd">function</span> <span class="nf">LoginForm</span><span class="p">()</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">router</span> <span class="o">=</span> <span class="nf">useRouter</span><span class="p">()</span> <span class="kd">const</span> <span class="nx">searchParams</span> <span class="o">=</span> <span class="nf">useSearchParams</span><span class="p">()</span> <span class="nf">useEffect</span><span class="p">(()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">loading</span> <span class="o">&amp;&amp;</span> <span class="nx">user</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// 🎯 Check for redirect parameter first, fallback to dashboard</span> <span class="kd">const</span> <span class="nx">redirectUrl</span> <span class="o">=</span> <span class="nx">searchParams</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">redirect</span><span class="dl">'</span><span class="p">)</span> <span class="nx">router</span><span class="p">.</span><span class="nf">push</span><span class="p">(</span><span class="nx">redirectUrl</span> <span class="o">||</span> <span class="dl">'</span><span class="s1">/dashboard</span><span class="dl">'</span><span class="p">)</span> <span class="p">}</span> <span class="p">},</span> <span class="p">[</span><span class="nx">user</span><span class="p">,</span> <span class="nx">loading</span><span class="p">,</span> <span class="nx">router</span><span class="p">,</span> <span class="nx">searchParams</span><span class="p">])</span> <span class="kd">const</span> <span class="nx">signInWithGoogle</span> <span class="o">=</span> <span class="k">async </span><span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">try</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">result</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">signInWithPopup</span><span class="p">(</span><span class="nx">auth</span><span class="p">,</span> <span class="nx">provider</span><span class="p">)</span> <span class="kd">const</span> <span class="nx">idToken</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">result</span><span class="p">.</span><span class="nx">user</span><span class="p">.</span><span class="nf">getIdToken</span><span class="p">()</span> <span class="c1">// Store auth token</span> <span class="nb">document</span><span class="p">.</span><span class="nx">cookie</span> <span class="o">=</span> <span class="s2">`firebase-token=</span><span class="p">${</span><span class="nx">idToken</span><span class="p">}</span><span class="s2">; path=/; max-age=86400; secure; samesite=strict`</span> <span class="c1">// 🎯 Redirect to original destination after login</span> <span class="kd">const</span> <span class="nx">redirectUrl</span> <span class="o">=</span> <span class="nx">searchParams</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">redirect</span><span class="dl">'</span><span class="p">)</span> <span class="nx">router</span><span class="p">.</span><span class="nf">push</span><span class="p">(</span><span class="nx">redirectUrl</span> <span class="o">||</span> <span class="dl">'</span><span class="s1">/dashboard</span><span class="dl">'</span><span class="p">)</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">error</span><span class="p">)</span> <span class="p">{</span> <span class="nf">setError</span><span class="p">(</span><span class="nx">error</span><span class="p">.</span><span class="nx">message</span><span class="p">)</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h2> The Fixed Flow </h2> <p>Now the authentication flow works perfectly:</p> <h3> The New (Working) Flow: </h3> <ol> <li> <strong>User clicks lesson link</strong>: <code>https://dailymastery.io/dashboard/lessons/sample-lesson-detail</code> </li> <li> <strong>Middleware intercepts</strong>: Detects no authentication token</li> <li> <strong>Smart redirect</strong>: <code>https://dailymastery.io/login?redirect=/dashboard/lessons/sample-lesson-detail</code> (✅ <strong>URL preserved!</strong>)</li> <li> <strong>User authenticates</strong>: Successfully logs in with Google</li> <li> <strong>Post-login redirect</strong>: Goes to the original lesson URL (✅ <strong>Perfect user experience!</strong>)</li> </ol> <h2> Testing the Fix </h2> <p>To test this, you can:</p> <ol> <li> <strong>Create a protected route</strong>: Any URL under <code>/dashboard/*</code> </li> <li> <strong>Visit while logged out</strong>: The middleware will redirect you</li> <li> <strong>Check the URL</strong>: Should be <code>/login?redirect=/dashboard/your-original-path</code> </li> <li> <strong>Complete authentication</strong>: Should redirect back to your original destination</li> </ol> <h2> Key Takeaways </h2> <h3> 1. Middleware Should Preserve Context </h3> <p>When redirecting users for authentication, always preserve where they were trying to go:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// Bad: Loses context</span> <span class="k">return</span> <span class="nx">NextResponse</span><span class="p">.</span><span class="nf">redirect</span><span class="p">(</span><span class="k">new</span> <span class="nc">URL</span><span class="p">(</span><span class="dl">'</span><span class="s1">/login</span><span class="dl">'</span><span class="p">,</span> <span class="nx">request</span><span class="p">.</span><span class="nx">url</span><span class="p">))</span> <span class="c1">// Good: Preserves user intent</span> <span class="kd">const</span> <span class="nx">loginUrl</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">URL</span><span class="p">(</span><span class="dl">'</span><span class="s1">/login</span><span class="dl">'</span><span class="p">,</span> <span class="nx">request</span><span class="p">.</span><span class="nx">url</span><span class="p">)</span> <span class="nx">loginUrl</span><span class="p">.</span><span class="nx">searchParams</span><span class="p">.</span><span class="nf">set</span><span class="p">(</span><span class="dl">'</span><span class="s1">redirect</span><span class="dl">'</span><span class="p">,</span> <span class="nx">request</span><span class="p">.</span><span class="nx">nextUrl</span><span class="p">.</span><span class="nx">pathname</span> <span class="o">+</span> <span class="nx">request</span><span class="p">.</span><span class="nx">nextUrl</span><span class="p">.</span><span class="nx">search</span><span class="p">)</span> <span class="k">return</span> <span class="nx">NextResponse</span><span class="p">.</span><span class="nf">redirect</span><span class="p">(</span><span class="nx">loginUrl</span><span class="p">)</span> </code></pre> </div> <h3> 2. Login Pages Should Check for Redirects </h3> <p>Your authentication success handler should always check for intended destinations:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// Bad: Always goes to same place</span> <span class="nx">router</span><span class="p">.</span><span class="nf">push</span><span class="p">(</span><span class="dl">'</span><span class="s1">/dashboard</span><span class="dl">'</span><span class="p">)</span> <span class="c1">// Good: Respects user's original intent</span> <span class="kd">const</span> <span class="nx">redirectUrl</span> <span class="o">=</span> <span class="nx">searchParams</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">redirect</span><span class="dl">'</span><span class="p">)</span> <span class="nx">router</span><span class="p">.</span><span class="nf">push</span><span class="p">(</span><span class="nx">redirectUrl</span> <span class="o">||</span> <span class="dl">'</span><span class="s1">/dashboard</span><span class="dl">'</span><span class="p">)</span> </code></pre> </div> <h3> 3. Handle Edge Cases </h3> <p>Consider various scenarios:</p> <ul> <li>Query parameters in original URLs</li> <li>Relative vs absolute URLs</li> <li>Security validation of redirect URLs (prevent open redirects)</li> <li>Fallback behaviors when redirects fail</li> </ul> <h2> Security Considerations </h2> <p>When implementing redirect preservation, be mindful of <strong>open redirect vulnerabilities</strong>. In our case, we're safe because:</p> <ol> <li>We only redirect within our own domain</li> <li>The middleware controls what URLs get set as redirects</li> <li>We validate that redirects start with <code>/dashboard</code> (our protected routes)</li> </ol> <p>For additional security, you could add validation:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">const</span> <span class="nx">validateRedirectUrl</span> <span class="o">=</span> <span class="p">(</span><span class="nx">url</span><span class="p">:</span> <span class="kr">string</span><span class="p">):</span> <span class="nx">boolean</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="c1">// Only allow internal redirects to specific paths</span> <span class="k">return</span> <span class="nx">url</span><span class="p">.</span><span class="nf">startsWith</span><span class="p">(</span><span class="dl">'</span><span class="s1">/dashboard</span><span class="dl">'</span><span class="p">)</span> <span class="o">||</span> <span class="nx">url</span><span class="p">.</span><span class="nf">startsWith</span><span class="p">(</span><span class="dl">'</span><span class="s1">/profile</span><span class="dl">'</span><span class="p">)</span> <span class="p">}</span> <span class="c1">// In login handler:</span> <span class="kd">const</span> <span class="nx">redirectUrl</span> <span class="o">=</span> <span class="nx">searchParams</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">redirect</span><span class="dl">'</span><span class="p">)</span> <span class="kd">const</span> <span class="nx">safeRedirectUrl</span> <span class="o">=</span> <span class="nx">redirectUrl</span> <span class="o">&amp;&amp;</span> <span class="nf">validateRedirectUrl</span><span class="p">(</span><span class="nx">redirectUrl</span><span class="p">)</span> <span class="p">?</span> <span class="nx">redirectUrl</span> <span class="p">:</span> <span class="dl">'</span><span class="s1">/dashboard</span><span class="dl">'</span> <span class="nx">router</span><span class="p">.</span><span class="nf">push</span><span class="p">(</span><span class="nx">safeRedirectUrl</span><span class="p">)</span> </code></pre> </div> <h2> Conclusion </h2> <p>This seemingly small fix dramatically improved our user experience. Users clicking lesson links in emails now seamlessly land on their intended lessons after authentication, rather than getting lost on a generic dashboard.</p> <p>The solution demonstrates how proper state preservation in authentication flows is crucial for maintaining user intent and creating smooth, professional web applications.</p> <p><strong>Technologies used</strong>: Next.js 15, TypeScript, Firebase Auth, Next.js Middleware</p> nextjs webdev learning tutorial Building a Next.js Landing Page with Google Sheets Integration and Google Cloud Run Deployment Dale Nguyen Wed, 20 Aug 2025 15:55:31 +0000 https://dev.to/dalenguyen/building-a-nextjs-landing-page-with-google-sheets-integration-and-google-cloud-run-deployment-1j07 https://dev.to/dalenguyen/building-a-nextjs-landing-page-with-google-sheets-integration-and-google-cloud-run-deployment-1j07 <p>Building a modern landing page that captures potential user emails is essential for any startup or product launch. In this comprehensive guide, I'll walk you through creating a Next.js 15 landing page that collects emails in Google Sheets and deploys seamlessly to Google Cloud Run.</p> <h2> What We'll Build </h2> <p>By the end of this tutorial, you'll have:</p> <ul> <li>A responsive Next.js 15 landing page with TypeScript</li> <li>Email signup form with validation and loading states</li> <li>Google Sheets integration to store collected emails</li> <li>Dockerized application ready for production</li> <li>Automated deployment to Google Cloud Run</li> <li>Cost-effective, scalable infrastructure</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F2phuemk9r27xfmibo4kn.gif" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F2phuemk9r27xfmibo4kn.gif" alt="Landing page example" width="760" height="454"></a></p> <h2> Prerequisites </h2> <ul> <li>Node.js 20+ and pnpm installed</li> <li>Google Cloud Platform account</li> <li>Basic knowledge of React and TypeScript</li> <li>Docker installed (for local testing)</li> </ul> <h2> Project Setup </h2> <h3> 1. Initialize the Next.js Project </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Create Next.js project with TypeScript</span> npx create-next-app@latest landing <span class="nt">--typescript</span> <span class="nt">--tailwind</span> <span class="nt">--app</span> <span class="nb">cd </span>landing </code></pre> </div> <h3> 2. Install Dependencies </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Install Google APIs client</span> pnpm add googleapis <span class="c"># Install development dependencies</span> pnpm add <span class="nt">-D</span> @types/node </code></pre> </div> <h2> Building the Email Signup Component </h2> <h3> 1. Create the Email Signup Component </h3> <p>Create <code>src/app/components/email-signup/email-signup.tsx</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight tsx"><code><span class="dl">'</span><span class="s1">use client</span><span class="dl">'</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">useState</span><span class="p">,</span> <span class="nx">useEffect</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">react</span><span class="dl">'</span> <span class="kd">const</span> <span class="nx">EmailSignup</span> <span class="o">=</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="p">[</span><span class="nx">email</span><span class="p">,</span> <span class="nx">setEmail</span><span class="p">]</span> <span class="o">=</span> <span class="nf">useState</span><span class="p">(</span><span class="dl">''</span><span class="p">)</span> <span class="kd">const</span> <span class="p">[</span><span class="nx">status</span><span class="p">,</span> <span class="nx">setStatus</span><span class="p">]</span> <span class="o">=</span> <span class="nx">useState</span><span class="o">&lt;</span><span class="dl">'</span><span class="s1">idle</span><span class="dl">'</span> <span class="o">|</span> <span class="dl">'</span><span class="s1">loading</span><span class="dl">'</span> <span class="o">|</span> <span class="dl">'</span><span class="s1">success</span><span class="dl">'</span> <span class="o">|</span> <span class="dl">'</span><span class="s1">error</span><span class="dl">'</span><span class="o">&gt;</span><span class="p">(</span><span class="dl">'</span><span class="s1">idle</span><span class="dl">'</span><span class="p">)</span> <span class="kd">const</span> <span class="p">[</span><span class="nx">message</span><span class="p">,</span> <span class="nx">setMessage</span><span class="p">]</span> <span class="o">=</span> <span class="nf">useState</span><span class="p">(</span><span class="dl">''</span><span class="p">)</span> <span class="kd">const</span> <span class="nx">validateEmail</span> <span class="o">=</span> <span class="p">(</span><span class="na">email</span><span class="p">:</span> <span class="kr">string</span><span class="p">):</span> <span class="nx">boolean</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">emailRegex</span> <span class="o">=</span> <span class="sr">/^</span><span class="se">[^\s</span><span class="sr">@</span><span class="se">]</span><span class="sr">+@</span><span class="se">[^\s</span><span class="sr">@</span><span class="se">]</span><span class="sr">+</span><span class="se">\.[^\s</span><span class="sr">@</span><span class="se">]</span><span class="sr">+$/</span> <span class="k">return</span> <span class="nx">emailRegex</span><span class="p">.</span><span class="nf">test</span><span class="p">(</span><span class="nx">email</span><span class="p">)</span> <span class="p">}</span> <span class="kd">const</span> <span class="nx">handleSubmit</span> <span class="o">=</span> <span class="k">async </span><span class="p">(</span><span class="na">e</span><span class="p">:</span> <span class="nx">React</span><span class="p">.</span><span class="nx">FormEvent</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">e</span><span class="p">.</span><span class="nf">preventDefault</span><span class="p">()</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nf">validateEmail</span><span class="p">(</span><span class="nx">email</span><span class="p">))</span> <span class="p">{</span> <span class="nf">setStatus</span><span class="p">(</span><span class="dl">'</span><span class="s1">error</span><span class="dl">'</span><span class="p">)</span> <span class="nf">setMessage</span><span class="p">(</span><span class="dl">'</span><span class="s1">Please enter a valid email address</span><span class="dl">'</span><span class="p">)</span> <span class="k">return</span> <span class="p">}</span> <span class="nf">setStatus</span><span class="p">(</span><span class="dl">'</span><span class="s1">loading</span><span class="dl">'</span><span class="p">)</span> <span class="nf">setMessage</span><span class="p">(</span><span class="dl">''</span><span class="p">)</span> <span class="k">try</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">response</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">fetch</span><span class="p">(</span><span class="dl">'</span><span class="s1">/api/v1/email-signup</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">method</span><span class="p">:</span> <span class="dl">'</span><span class="s1">POST</span><span class="dl">'</span><span class="p">,</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="dl">'</span><span class="s1">Content-Type</span><span class="dl">'</span><span class="p">:</span> <span class="dl">'</span><span class="s1">application/json</span><span class="dl">'</span><span class="p">,</span> <span class="p">},</span> <span class="na">body</span><span class="p">:</span> <span class="nx">JSON</span><span class="p">.</span><span class="nf">stringify</span><span class="p">({</span> <span class="nx">email</span> <span class="p">}),</span> <span class="p">})</span> <span class="k">if </span><span class="p">(</span><span class="nx">response</span><span class="p">.</span><span class="nx">ok</span><span class="p">)</span> <span class="p">{</span> <span class="nf">setStatus</span><span class="p">(</span><span class="dl">'</span><span class="s1">success</span><span class="dl">'</span><span class="p">)</span> <span class="nf">setMessage</span><span class="p">(</span><span class="dl">'</span><span class="s1">Thank you for subscribing!</span><span class="dl">'</span><span class="p">)</span> <span class="nf">setEmail</span><span class="p">(</span><span class="dl">''</span><span class="p">)</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="k">throw</span> <span class="k">new</span> <span class="nc">Error</span><span class="p">(</span><span class="dl">'</span><span class="s1">Subscription failed</span><span class="dl">'</span><span class="p">)</span> <span class="p">}</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">error</span><span class="p">)</span> <span class="p">{</span> <span class="nf">setStatus</span><span class="p">(</span><span class="dl">'</span><span class="s1">error</span><span class="dl">'</span><span class="p">)</span> <span class="nf">setMessage</span><span class="p">(</span><span class="dl">'</span><span class="s1">Something went wrong. Please try again.</span><span class="dl">'</span><span class="p">)</span> <span class="p">}</span> <span class="p">}</span> <span class="k">return </span><span class="p">(</span> <span class="p">&lt;</span><span class="nt">section</span> <span class="na">className</span><span class="p">=</span><span class="s">"relative py-24 bg-gradient-to-br from-blue-600 via-purple-600 to-indigo-700"</span><span class="p">&gt;</span> <span class="p">&lt;</span><span class="nt">div</span> <span class="na">className</span><span class="p">=</span><span class="s">"container relative z-10"</span><span class="p">&gt;</span> <span class="p">&lt;</span><span class="nt">div</span> <span class="na">className</span><span class="p">=</span><span class="s">"text-center max-w-2xl mx-auto"</span><span class="p">&gt;</span> <span class="p">&lt;</span><span class="nt">h2</span> <span class="na">className</span><span class="p">=</span><span class="s">"mb-6 text-3xl md:text-4xl font-bold text-white"</span><span class="p">&gt;</span>Stay updated with the latest<span class="p">&lt;/</span><span class="nt">h2</span><span class="p">&gt;</span> <span class="p">&lt;</span><span class="nt">p</span> <span class="na">className</span><span class="p">=</span><span class="s">"mb-10 text-xl text-blue-100"</span><span class="p">&gt;</span>Get the latest updates delivered to your inbox.<span class="p">&lt;/</span><span class="nt">p</span><span class="p">&gt;</span> <span class="p">&lt;</span><span class="nt">form</span> <span class="na">onSubmit</span><span class="p">=</span><span class="si">{</span><span class="nx">handleSubmit</span><span class="si">}</span> <span class="na">className</span><span class="p">=</span><span class="s">"flex flex-col sm:flex-row gap-4 max-w-md mx-auto mb-8"</span><span class="p">&gt;</span> <span class="p">&lt;</span><span class="nt">input</span> <span class="na">type</span><span class="p">=</span><span class="s">"email"</span> <span class="na">required</span> <span class="na">className</span><span class="p">=</span><span class="s">"flex-1 px-6 py-4 text-lg bg-white/10 backdrop-blur-sm border border-white/20 rounded-2xl text-white placeholder:text-blue-200 focus:outline-none focus:ring-2 focus:ring-white/50"</span> <span class="na">placeholder</span><span class="p">=</span><span class="s">"Enter your email"</span> <span class="na">value</span><span class="p">=</span><span class="si">{</span><span class="nx">email</span><span class="si">}</span> <span class="na">onChange</span><span class="p">=</span><span class="si">{</span><span class="p">(</span><span class="nx">e</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="nf">setEmail</span><span class="p">(</span><span class="nx">e</span><span class="p">.</span><span class="nx">target</span><span class="p">.</span><span class="nx">value</span><span class="p">)</span><span class="si">}</span> <span class="na">disabled</span><span class="p">=</span><span class="si">{</span><span class="nx">status</span> <span class="o">===</span> <span class="dl">'</span><span class="s1">loading</span><span class="dl">'</span><span class="si">}</span> <span class="p">/&gt;</span> <span class="p">&lt;</span><span class="nt">button</span> <span class="na">type</span><span class="p">=</span><span class="s">"submit"</span> <span class="na">disabled</span><span class="p">=</span><span class="si">{</span><span class="nx">status</span> <span class="o">===</span> <span class="dl">'</span><span class="s1">loading</span><span class="dl">'</span><span class="si">}</span> <span class="na">className</span><span class="p">=</span><span class="s">"px-8 py-4 bg-white text-blue-600 rounded-2xl font-semibold hover:bg-blue-50 disabled:opacity-50 transition-all"</span> <span class="p">&gt;</span> <span class="si">{</span><span class="nx">status</span> <span class="o">===</span> <span class="dl">'</span><span class="s1">loading</span><span class="dl">'</span> <span class="p">?</span> <span class="dl">'</span><span class="s1">Subscribing...</span><span class="dl">'</span> <span class="p">:</span> <span class="dl">'</span><span class="s1">Subscribe</span><span class="dl">'</span><span class="si">}</span> <span class="p">&lt;/</span><span class="nt">button</span><span class="p">&gt;</span> <span class="p">&lt;/</span><span class="nt">form</span><span class="p">&gt;</span> <span class="si">{</span><span class="nx">message</span> <span class="o">&amp;&amp;</span> <span class="p">(</span> <span class="p">&lt;</span><span class="nt">p</span> <span class="na">className</span><span class="p">=</span><span class="si">{</span><span class="s2">`mb-6 text-lg font-medium </span><span class="p">${</span><span class="nx">status</span> <span class="o">===</span> <span class="dl">'</span><span class="s1">success</span><span class="dl">'</span> <span class="p">?</span> <span class="dl">'</span><span class="s1">text-green-400</span><span class="dl">'</span> <span class="p">:</span> <span class="dl">'</span><span class="s1">text-red-400</span><span class="dl">'</span><span class="p">}</span><span class="s2">`</span><span class="si">}</span><span class="p">&gt;</span> <span class="si">{</span><span class="nx">message</span><span class="si">}</span> <span class="p">&lt;/</span><span class="nt">p</span><span class="p">&gt;</span> <span class="p">)</span><span class="si">}</span> <span class="p">&lt;/</span><span class="nt">div</span><span class="p">&gt;</span> <span class="p">&lt;/</span><span class="nt">div</span><span class="p">&gt;</span> <span class="p">&lt;/</span><span class="nt">section</span><span class="p">&gt;</span> <span class="p">)</span> <span class="p">}</span> <span class="k">export</span> <span class="k">default</span> <span class="nx">EmailSignup</span> </code></pre> </div> <h2> Google Sheets Integration </h2> <h3> 1. Create Google Sheets Service </h3> <p>Create <code>src/lib/google-sheets.ts</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">google</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">googleapis</span><span class="dl">'</span> <span class="k">export</span> <span class="kr">interface</span> <span class="nx">EmailSignupData</span> <span class="p">{</span> <span class="nl">email</span><span class="p">:</span> <span class="kr">string</span> <span class="nx">timestamp</span><span class="p">:</span> <span class="kr">string</span> <span class="nx">source</span><span class="p">?:</span> <span class="kr">string</span> <span class="p">}</span> <span class="kd">class</span> <span class="nc">GoogleSheetsService</span> <span class="p">{</span> <span class="k">private</span> <span class="nx">auth</span> <span class="k">private</span> <span class="nx">sheets</span> <span class="nf">constructor</span><span class="p">()</span> <span class="p">{</span> <span class="c1">// Use Application Default Credentials (Cloud Run provides this automatically)</span> <span class="k">this</span><span class="p">.</span><span class="nx">auth</span> <span class="o">=</span> <span class="k">new</span> <span class="nx">google</span><span class="p">.</span><span class="nx">auth</span><span class="p">.</span><span class="nc">GoogleAuth</span><span class="p">({</span> <span class="na">scopes</span><span class="p">:</span> <span class="p">[</span><span class="dl">'</span><span class="s1">https://www.googleapis.com/auth/spreadsheets</span><span class="dl">'</span><span class="p">],</span> <span class="p">})</span> <span class="k">this</span><span class="p">.</span><span class="nx">sheets</span> <span class="o">=</span> <span class="nx">google</span><span class="p">.</span><span class="nf">sheets</span><span class="p">({</span> <span class="na">version</span><span class="p">:</span> <span class="dl">'</span><span class="s1">v4</span><span class="dl">'</span><span class="p">,</span> <span class="na">auth</span><span class="p">:</span> <span class="k">this</span><span class="p">.</span><span class="nx">auth</span> <span class="p">})</span> <span class="p">}</span> <span class="k">async</span> <span class="nf">saveEmailSignup</span><span class="p">(</span><span class="nx">data</span><span class="p">:</span> <span class="nx">EmailSignupData</span><span class="p">):</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="k">void</span><span class="o">&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">spreadsheetId</span> <span class="o">=</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">GOOGLE_SHEETS_ID</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">spreadsheetId</span><span class="p">)</span> <span class="p">{</span> <span class="k">throw</span> <span class="k">new</span> <span class="nc">Error</span><span class="p">(</span><span class="dl">'</span><span class="s1">Google Sheets ID not configured</span><span class="dl">'</span><span class="p">)</span> <span class="p">}</span> <span class="kd">const</span> <span class="nx">values</span> <span class="o">=</span> <span class="p">[[</span><span class="nx">data</span><span class="p">.</span><span class="nx">email</span><span class="p">,</span> <span class="nx">data</span><span class="p">.</span><span class="nx">timestamp</span><span class="p">,</span> <span class="nx">data</span><span class="p">.</span><span class="nx">source</span> <span class="o">||</span> <span class="dl">'</span><span class="s1">landing-page</span><span class="dl">'</span><span class="p">]]</span> <span class="k">try</span> <span class="p">{</span> <span class="k">await</span> <span class="k">this</span><span class="p">.</span><span class="nx">sheets</span><span class="p">.</span><span class="nx">spreadsheets</span><span class="p">.</span><span class="nx">values</span><span class="p">.</span><span class="nf">append</span><span class="p">({</span> <span class="nx">spreadsheetId</span><span class="p">,</span> <span class="na">range</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Sheet1!A:C</span><span class="dl">'</span><span class="p">,</span> <span class="na">valueInputOption</span><span class="p">:</span> <span class="dl">'</span><span class="s1">USER_ENTERED</span><span class="dl">'</span><span class="p">,</span> <span class="na">requestBody</span><span class="p">:</span> <span class="p">{</span> <span class="nx">values</span><span class="p">,</span> <span class="p">},</span> <span class="p">})</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">error</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">error</span><span class="p">(</span><span class="dl">'</span><span class="s1">Error saving to Google Sheets:</span><span class="dl">'</span><span class="p">,</span> <span class="nx">error</span><span class="p">)</span> <span class="k">throw</span> <span class="nx">error</span> <span class="p">}</span> <span class="p">}</span> <span class="k">async</span> <span class="nf">setupSheet</span><span class="p">():</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="k">void</span><span class="o">&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">spreadsheetId</span> <span class="o">=</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">GOOGLE_SHEETS_ID</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">spreadsheetId</span><span class="p">)</span> <span class="p">{</span> <span class="k">throw</span> <span class="k">new</span> <span class="nc">Error</span><span class="p">(</span><span class="dl">'</span><span class="s1">Google Sheets ID not configured</span><span class="dl">'</span><span class="p">)</span> <span class="p">}</span> <span class="k">try</span> <span class="p">{</span> <span class="c1">// Add headers if sheet is empty</span> <span class="kd">const</span> <span class="nx">response</span> <span class="o">=</span> <span class="k">await</span> <span class="k">this</span><span class="p">.</span><span class="nx">sheets</span><span class="p">.</span><span class="nx">spreadsheets</span><span class="p">.</span><span class="nx">values</span><span class="p">.</span><span class="nf">get</span><span class="p">({</span> <span class="nx">spreadsheetId</span><span class="p">,</span> <span class="na">range</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Sheet1!A1:C1</span><span class="dl">'</span><span class="p">,</span> <span class="p">})</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">response</span><span class="p">.</span><span class="nx">data</span><span class="p">.</span><span class="nx">values</span> <span class="o">||</span> <span class="nx">response</span><span class="p">.</span><span class="nx">data</span><span class="p">.</span><span class="nx">values</span><span class="p">.</span><span class="nx">length</span> <span class="o">===</span> <span class="mi">0</span><span class="p">)</span> <span class="p">{</span> <span class="k">await</span> <span class="k">this</span><span class="p">.</span><span class="nx">sheets</span><span class="p">.</span><span class="nx">spreadsheets</span><span class="p">.</span><span class="nx">values</span><span class="p">.</span><span class="nf">update</span><span class="p">({</span> <span class="nx">spreadsheetId</span><span class="p">,</span> <span class="na">range</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Sheet1!A1:C1</span><span class="dl">'</span><span class="p">,</span> <span class="na">valueInputOption</span><span class="p">:</span> <span class="dl">'</span><span class="s1">USER_ENTERED</span><span class="dl">'</span><span class="p">,</span> <span class="na">requestBody</span><span class="p">:</span> <span class="p">{</span> <span class="na">values</span><span class="p">:</span> <span class="p">[[</span><span class="dl">'</span><span class="s1">Email</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">Timestamp</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">Source</span><span class="dl">'</span><span class="p">]],</span> <span class="p">},</span> <span class="p">})</span> <span class="p">}</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">error</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">error</span><span class="p">(</span><span class="dl">'</span><span class="s1">Error setting up Google Sheets:</span><span class="dl">'</span><span class="p">,</span> <span class="nx">error</span><span class="p">)</span> <span class="k">throw</span> <span class="nx">error</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">googleSheetsService</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">GoogleSheetsService</span><span class="p">()</span> </code></pre> </div> <h3> 2. Create API Route </h3> <p>Create <code>src/app/api/v1/email-signup/route.ts</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">NextRequest</span><span class="p">,</span> <span class="nx">NextResponse</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">next/server</span><span class="dl">'</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">googleSheetsService</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">../../../../lib/google-sheets</span><span class="dl">'</span> <span class="k">export</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">POST</span><span class="p">(</span><span class="nx">request</span><span class="p">:</span> <span class="nx">NextRequest</span><span class="p">)</span> <span class="p">{</span> <span class="k">try</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">body</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">request</span><span class="p">.</span><span class="nf">json</span><span class="p">()</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">email</span> <span class="p">}</span> <span class="o">=</span> <span class="nx">body</span> <span class="c1">// Validate email</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">email</span> <span class="o">||</span> <span class="k">typeof</span> <span class="nx">email</span> <span class="o">!==</span> <span class="dl">'</span><span class="s1">string</span><span class="dl">'</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">NextResponse</span><span class="p">.</span><span class="nf">json</span><span class="p">({</span> <span class="na">error</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Email is required</span><span class="dl">'</span> <span class="p">},</span> <span class="p">{</span> <span class="na">status</span><span class="p">:</span> <span class="mi">400</span> <span class="p">})</span> <span class="p">}</span> <span class="kd">const</span> <span class="nx">emailRegex</span> <span class="o">=</span> <span class="sr">/^</span><span class="se">[^\s</span><span class="sr">@</span><span class="se">]</span><span class="sr">+@</span><span class="se">[^\s</span><span class="sr">@</span><span class="se">]</span><span class="sr">+</span><span class="se">\.[^\s</span><span class="sr">@</span><span class="se">]</span><span class="sr">+$/</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">emailRegex</span><span class="p">.</span><span class="nf">test</span><span class="p">(</span><span class="nx">email</span><span class="p">))</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">NextResponse</span><span class="p">.</span><span class="nf">json</span><span class="p">({</span> <span class="na">error</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Invalid email format</span><span class="dl">'</span> <span class="p">},</span> <span class="p">{</span> <span class="na">status</span><span class="p">:</span> <span class="mi">400</span> <span class="p">})</span> <span class="p">}</span> <span class="c1">// Save to Google Sheets</span> <span class="k">try</span> <span class="p">{</span> <span class="k">await</span> <span class="nx">googleSheetsService</span><span class="p">.</span><span class="nf">saveEmailSignup</span><span class="p">({</span> <span class="nx">email</span><span class="p">,</span> <span class="na">timestamp</span><span class="p">:</span> <span class="k">new</span> <span class="nc">Date</span><span class="p">().</span><span class="nf">toISOString</span><span class="p">(),</span> <span class="na">source</span><span class="p">:</span> <span class="dl">'</span><span class="s1">landing-waitlist</span><span class="dl">'</span><span class="p">,</span> <span class="p">})</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="dl">'</span><span class="s1">Email saved to Google Sheets:</span><span class="dl">'</span><span class="p">,</span> <span class="nx">email</span><span class="p">)</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">sheetsError</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">error</span><span class="p">(</span><span class="dl">'</span><span class="s1">Failed to save to Google Sheets:</span><span class="dl">'</span><span class="p">,</span> <span class="nx">sheetsError</span><span class="p">)</span> <span class="c1">// Continue with success response even if sheets fails</span> <span class="p">}</span> <span class="k">return</span> <span class="nx">NextResponse</span><span class="p">.</span><span class="nf">json</span><span class="p">({</span> <span class="na">message</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Email subscribed successfully</span><span class="dl">'</span> <span class="p">},</span> <span class="p">{</span> <span class="na">status</span><span class="p">:</span> <span class="mi">200</span> <span class="p">})</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">error</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">error</span><span class="p">(</span><span class="dl">'</span><span class="s1">Email signup error:</span><span class="dl">'</span><span class="p">,</span> <span class="nx">error</span><span class="p">)</span> <span class="k">return</span> <span class="nx">NextResponse</span><span class="p">.</span><span class="nf">json</span><span class="p">({</span> <span class="na">error</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Internal server error</span><span class="dl">'</span> <span class="p">},</span> <span class="p">{</span> <span class="na">status</span><span class="p">:</span> <span class="mi">500</span> <span class="p">})</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h2> Dockerization for Production </h2> <h3> 1. Configure Next.js for Standalone Output </h3> <p>Update <code>next.config.js</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="cm">/** @type {import('next').NextConfig} */</span> <span class="kd">const</span> <span class="nx">nextConfig</span> <span class="o">=</span> <span class="p">{</span> <span class="c1">// Enable standalone output for Docker</span> <span class="na">output</span><span class="p">:</span> <span class="dl">'</span><span class="s1">standalone</span><span class="dl">'</span><span class="p">,</span> <span class="c1">// Enable compression in production</span> <span class="na">compress</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="c1">// Optimize for production</span> <span class="na">experimental</span><span class="p">:</span> <span class="p">{</span> <span class="na">optimizePackageImports</span><span class="p">:</span> <span class="p">[</span><span class="dl">'</span><span class="s1">lucide-react</span><span class="dl">'</span><span class="p">],</span> <span class="p">},</span> <span class="p">}</span> <span class="nx">module</span><span class="p">.</span><span class="nx">exports</span> <span class="o">=</span> <span class="nx">nextConfig</span> </code></pre> </div> <h3> 2. Create Dockerfile </h3> <p>Create <code>Dockerfile</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight docker"><code><span class="c"># Minimal production image for built Next.js app</span> <span class="k">FROM</span><span class="w"> </span><span class="s">node:20-alpine</span><span class="w"> </span><span class="k">AS</span><span class="w"> </span><span class="s">production</span> <span class="k">WORKDIR</span><span class="s"> /app</span> <span class="c"># Copy the standalone build (includes dependencies, server, and app)</span> <span class="k">COPY</span><span class="s"> .next/standalone/ ./</span> <span class="c"># Copy static files</span> <span class="k">COPY</span><span class="s"> public ./public</span> <span class="k">COPY</span><span class="s"> .next/static ./.next/static</span> <span class="c"># Set environment</span> <span class="k">ENV</span><span class="s"> NODE_ENV=production</span> <span class="k">ENV</span><span class="s"> PORT=3000</span> <span class="c"># Create a non-root user</span> <span class="k">RUN </span>addgroup <span class="nt">-g</span> 1001 <span class="nt">-S</span> nodejs <span class="o">&amp;&amp;</span> <span class="se">\ </span> adduser <span class="nt">-S</span> nextjs <span class="nt">-u</span> 1001 <span class="c"># Change ownership of the application files</span> <span class="k">RUN </span><span class="nb">chown</span> <span class="nt">-R</span> nextjs:nodejs /app <span class="k">USER</span><span class="s"> nextjs</span> <span class="c"># Expose port</span> <span class="k">EXPOSE</span><span class="s"> 3000</span> <span class="c"># Start the standalone server</span> <span class="k">CMD</span><span class="s"> ["node", "server.js"]</span> </code></pre> </div> <h3> 3. Build and Test Locally </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Build the Next.js application</span> npm run build <span class="c"># Build Docker image</span> docker build <span class="nt">-t</span> landing-page <span class="nb">.</span> <span class="c"># Test locally</span> docker run <span class="nt">-p</span> 3000:3000 <span class="nt">-e</span> <span class="nv">GOOGLE_SHEETS_ID</span><span class="o">=</span>your-sheet-id landing-page </code></pre> </div> <h2> Google Cloud Setup </h2> <h3> 1. Create Google Cloud Resources </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Login to Google Cloud</span> gcloud auth login <span class="c"># Set your project</span> gcloud config <span class="nb">set </span>project YOUR-PROJECT-ID <span class="c"># Enable required APIs</span> gcloud services <span class="nb">enable </span>run.googleapis.com gcloud services <span class="nb">enable </span>sheets.googleapis.com <span class="c"># Create a service account</span> gcloud iam service-accounts create workwrite-sheets <span class="se">\</span> <span class="nt">--display-name</span><span class="o">=</span><span class="s2">"WorkWrite Sheets Service Account"</span> <span class="c"># Grant Google Sheets access</span> gcloud projects add-iam-policy-binding YOUR-PROJECT-ID <span class="se">\</span> <span class="nt">--member</span><span class="o">=</span><span class="s2">"serviceAccount:workwrite-sheets@YOUR-PROJECT-ID.iam.gserviceaccount.com"</span> <span class="se">\</span> <span class="nt">--role</span><span class="o">=</span><span class="s2">"roles/editor"</span> </code></pre> </div> <h3> 2. Create Google Sheet </h3> <ol> <li>Go to <a href="https://sheets.google.com" rel="noopener noreferrer">Google Sheets</a> </li> <li>Create a new spreadsheet</li> <li>Copy the spreadsheet ID from the URL</li> <li>Share the sheet with your service account email</li> </ol> <h3> 3. Build and Push to Google Cloud Registry </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Configure Docker to use gcloud</span> gcloud auth configure-docker us-central1-docker.pkg.dev <span class="c"># Create Artifact Registry repository</span> gcloud artifacts repositories create workwrite-repo <span class="se">\</span> <span class="nt">--repository-format</span><span class="o">=</span>docker <span class="se">\</span> <span class="nt">--location</span><span class="o">=</span>us-central1 <span class="c"># Build and tag image</span> docker build <span class="nt">--platform</span> linux/amd64 <span class="nt">-t</span> us-central1-docker.pkg.dev/YOUR-PROJECT-ID/workwrite-repo/workwrite-landing <span class="nb">.</span> <span class="c"># Push to registry</span> docker push us-central1-docker.pkg.dev/YOUR-PROJECT-ID/workwrite-repo/workwrite-landing </code></pre> </div> <h2> Deployment to Google Cloud Run </h2> <h3> 1. Deploy with Cloud Run </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>gcloud run deploy workwrite-landing <span class="se">\</span> <span class="nt">--image</span> us-central1-docker.pkg.dev/YOUR-PROJECT-ID/workwrite-repo/workwrite-landing <span class="se">\</span> <span class="nt">--region</span> us-central1 <span class="se">\</span> <span class="nt">--platform</span> managed <span class="se">\</span> <span class="nt">--allow-unauthenticated</span> <span class="se">\</span> <span class="nt">--service-account</span> workwrite-sheets@YOUR-PROJECT-ID.iam.gserviceaccount.com <span class="se">\</span> <span class="nt">--set-env-vars</span> <span class="nv">GOOGLE_SHEETS_ID</span><span class="o">=</span>YOUR-SHEET-ID <span class="se">\</span> <span class="nt">--port</span> 3000 <span class="se">\</span> <span class="nt">--memory</span> 1Gi <span class="se">\</span> <span class="nt">--cpu</span> 1 <span class="se">\</span> <span class="nt">--max-instances</span> 10 <span class="se">\</span> <span class="nt">--timeout</span> 300 </code></pre> </div> <h3> 2. Automated Deployment with Scripts </h3> <p>Create deployment scripts in your <code>package.json</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"scripts"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"docker:build"</span><span class="p">:</span><span class="w"> </span><span class="s2">"docker build --platform linux/amd64 -t us-central1-docker.pkg.dev/YOUR-PROJECT-ID/workwrite-repo/workwrite-landing ."</span><span class="p">,</span><span class="w"> </span><span class="nl">"docker:push"</span><span class="p">:</span><span class="w"> </span><span class="s2">"docker push us-central1-docker.pkg.dev/YOUR-PROJECT-ID/workwrite-repo/workwrite-landing"</span><span class="p">,</span><span class="w"> </span><span class="nl">"deploy"</span><span class="p">:</span><span class="w"> </span><span class="s2">"npm run build &amp;&amp; npm run docker:build &amp;&amp; npm run docker:push &amp;&amp; gcloud run deploy workwrite-landing --image us-central1-docker.pkg.dev/YOUR-PROJECT-ID/workwrite-repo/workwrite-landing --region us-central1"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <h2> Advanced Features </h2> <h3> 1. Environment Variables </h3> <p>Create <code>.env.local</code> for development:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">GOOGLE_SHEETS_ID</span><span class="o">=</span>your-development-sheet-id </code></pre> </div> <h3> 2. Error Handling and Monitoring </h3> <p>Add comprehensive error handling in your API routes:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">export</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">POST</span><span class="p">(</span><span class="nx">request</span><span class="p">:</span> <span class="nx">NextRequest</span><span class="p">)</span> <span class="p">{</span> <span class="k">try</span> <span class="p">{</span> <span class="c1">// ... your existing code</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">error</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// Log error for monitoring</span> <span class="nx">console</span><span class="p">.</span><span class="nf">error</span><span class="p">(</span><span class="dl">'</span><span class="s1">Email signup error:</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">error</span><span class="p">:</span> <span class="nx">error</span><span class="p">.</span><span class="nx">message</span><span class="p">,</span> <span class="na">timestamp</span><span class="p">:</span> <span class="k">new</span> <span class="nc">Date</span><span class="p">().</span><span class="nf">toISOString</span><span class="p">(),</span> <span class="na">userAgent</span><span class="p">:</span> <span class="nx">request</span><span class="p">.</span><span class="nx">headers</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">user-agent</span><span class="dl">'</span><span class="p">),</span> <span class="p">})</span> <span class="k">return</span> <span class="nx">NextResponse</span><span class="p">.</span><span class="nf">json</span><span class="p">({</span> <span class="na">error</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Internal server error</span><span class="dl">'</span> <span class="p">},</span> <span class="p">{</span> <span class="na">status</span><span class="p">:</span> <span class="mi">500</span> <span class="p">})</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h3> 3. Rate Limiting </h3> <p>Implement rate limiting to prevent abuse:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">NextRequest</span><span class="p">,</span> <span class="nx">NextResponse</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">next/server</span><span class="dl">'</span> <span class="kd">const</span> <span class="nx">rateLimitMap</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Map</span><span class="p">()</span> <span class="k">export</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">POST</span><span class="p">(</span><span class="nx">request</span><span class="p">:</span> <span class="nx">NextRequest</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">ip</span> <span class="o">=</span> <span class="nx">request</span><span class="p">.</span><span class="nx">ip</span> <span class="o">||</span> <span class="dl">'</span><span class="s1">unknown</span><span class="dl">'</span> <span class="kd">const</span> <span class="nx">limit</span> <span class="o">=</span> <span class="mi">5</span> <span class="c1">// 5 requests per minute</span> <span class="kd">const</span> <span class="nx">windowMs</span> <span class="o">=</span> <span class="mi">60</span> <span class="o">*</span> <span class="mi">1000</span> <span class="c1">// 1 minute</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">rateLimitMap</span><span class="p">.</span><span class="nf">has</span><span class="p">(</span><span class="nx">ip</span><span class="p">))</span> <span class="p">{</span> <span class="nx">rateLimitMap</span><span class="p">.</span><span class="nf">set</span><span class="p">(</span><span class="nx">ip</span><span class="p">,</span> <span class="p">{</span> <span class="na">count</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span> <span class="na">lastReset</span><span class="p">:</span> <span class="nb">Date</span><span class="p">.</span><span class="nf">now</span><span class="p">(),</span> <span class="p">})</span> <span class="p">}</span> <span class="kd">const</span> <span class="nx">user</span> <span class="o">=</span> <span class="nx">rateLimitMap</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="nx">ip</span><span class="p">)</span> <span class="k">if </span><span class="p">(</span><span class="nb">Date</span><span class="p">.</span><span class="nf">now</span><span class="p">()</span> <span class="o">-</span> <span class="nx">user</span><span class="p">.</span><span class="nx">lastReset</span> <span class="o">&gt;</span> <span class="nx">windowMs</span><span class="p">)</span> <span class="p">{</span> <span class="nx">user</span><span class="p">.</span><span class="nx">count</span> <span class="o">=</span> <span class="mi">0</span> <span class="nx">user</span><span class="p">.</span><span class="nx">lastReset</span> <span class="o">=</span> <span class="nb">Date</span><span class="p">.</span><span class="nf">now</span><span class="p">()</span> <span class="p">}</span> <span class="k">if </span><span class="p">(</span><span class="nx">user</span><span class="p">.</span><span class="nx">count</span> <span class="o">&gt;=</span> <span class="nx">limit</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">NextResponse</span><span class="p">.</span><span class="nf">json</span><span class="p">({</span> <span class="na">error</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Too many requests</span><span class="dl">'</span> <span class="p">},</span> <span class="p">{</span> <span class="na">status</span><span class="p">:</span> <span class="mi">429</span> <span class="p">})</span> <span class="p">}</span> <span class="nx">user</span><span class="p">.</span><span class="nx">count</span> <span class="o">+=</span> <span class="mi">1</span> <span class="c1">// ... rest of your code</span> <span class="p">}</span> </code></pre> </div> <h2> Performance Optimizations </h2> <h3> 1. Image Optimization </h3> <p>Add optimized images with Next.js Image component:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight tsx"><code><span class="k">import</span> <span class="nx">Image</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">next/image</span><span class="dl">'</span> <span class="kd">const</span> <span class="nx">Hero</span> <span class="o">=</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">(</span> <span class="p">&lt;</span><span class="nt">section</span> <span class="na">className</span><span class="p">=</span><span class="s">"hero"</span><span class="p">&gt;</span> <span class="p">&lt;</span><span class="nc">Image</span> <span class="na">src</span><span class="p">=</span><span class="s">"/hero-image.jpg"</span> <span class="na">alt</span><span class="p">=</span><span class="s">"Hero"</span> <span class="na">width</span><span class="p">=</span><span class="si">{</span><span class="mi">800</span><span class="si">}</span> <span class="na">height</span><span class="p">=</span><span class="si">{</span><span class="mi">600</span><span class="si">}</span> <span class="na">priority</span> <span class="na">className</span><span class="p">=</span><span class="s">"rounded-lg"</span> <span class="p">/&gt;</span> <span class="p">&lt;/</span><span class="nt">section</span><span class="p">&gt;</span> <span class="p">)</span> </code></pre> </div> <h3> 2. SEO Optimization </h3> <p>Update <code>src/app/layout.tsx</code> with comprehensive metadata:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight tsx"><code><span class="k">import</span> <span class="kd">type</span> <span class="p">{</span> <span class="nx">Metadata</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">next</span><span class="dl">'</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">metadata</span><span class="p">:</span> <span class="nx">Metadata</span> <span class="o">=</span> <span class="p">{</span> <span class="na">title</span><span class="p">:</span> <span class="dl">'</span><span class="s1">WorkWrite - AI-Powered Writing Platform</span><span class="dl">'</span><span class="p">,</span> <span class="na">description</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Transform your writing workflow with AI.</span><span class="dl">'</span><span class="p">,</span> <span class="na">keywords</span><span class="p">:</span> <span class="p">[</span><span class="dl">'</span><span class="s1">writing</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">AI</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">productivity</span><span class="dl">'</span><span class="p">],</span> <span class="na">openGraph</span><span class="p">:</span> <span class="p">{</span> <span class="na">type</span><span class="p">:</span> <span class="dl">'</span><span class="s1">website</span><span class="dl">'</span><span class="p">,</span> <span class="na">locale</span><span class="p">:</span> <span class="dl">'</span><span class="s1">en_US</span><span class="dl">'</span><span class="p">,</span> <span class="na">url</span><span class="p">:</span> <span class="dl">'</span><span class="s1">https://workwrite.com</span><span class="dl">'</span><span class="p">,</span> <span class="na">title</span><span class="p">:</span> <span class="dl">'</span><span class="s1">WorkWrite - AI-Powered Writing Platform</span><span class="dl">'</span><span class="p">,</span> <span class="na">description</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Transform your writing workflow with AI.</span><span class="dl">'</span><span class="p">,</span> <span class="na">images</span><span class="p">:</span> <span class="p">[</span> <span class="p">{</span> <span class="na">url</span><span class="p">:</span> <span class="dl">'</span><span class="s1">/og-image.jpg</span><span class="dl">'</span><span class="p">,</span> <span class="na">width</span><span class="p">:</span> <span class="mi">1200</span><span class="p">,</span> <span class="na">height</span><span class="p">:</span> <span class="mi">630</span><span class="p">,</span> <span class="na">alt</span><span class="p">:</span> <span class="dl">'</span><span class="s1">WorkWrite</span><span class="dl">'</span><span class="p">,</span> <span class="p">},</span> <span class="p">],</span> <span class="p">},</span> <span class="p">}</span> </code></pre> </div> <h2> Cost Optimization </h2> <h3> 1. Cloud Run Pricing </h3> <p>Google Cloud Run pricing is based on:</p> <ul> <li> <strong>CPU and Memory</strong>: Pay per 100ms of usage</li> <li> <strong>Requests</strong>: $0.40 per million requests</li> <li> <strong>Networking</strong>: Egress charges apply</li> </ul> <p>For a typical landing page:</p> <ul> <li> <strong>Low traffic</strong> (1K visitors/month): ~$1-2/month</li> <li> <strong>Medium traffic</strong> (10K visitors/month): ~$5-10/month</li> <li> <strong>High traffic</strong> (100K visitors/month): ~$20-40/month</li> </ul> <h3> 2. Optimization Tips </h3> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// next.config.js</span> <span class="kd">const</span> <span class="nx">nextConfig</span> <span class="o">=</span> <span class="p">{</span> <span class="c1">// Compress responses</span> <span class="na">compress</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="c1">// Optimize bundle</span> <span class="na">experimental</span><span class="p">:</span> <span class="p">{</span> <span class="na">optimizePackageImports</span><span class="p">:</span> <span class="p">[</span><span class="dl">'</span><span class="s1">lucide-react</span><span class="dl">'</span><span class="p">],</span> <span class="p">},</span> <span class="c1">// Cache static assets</span> <span class="na">headers</span><span class="p">:</span> <span class="k">async </span><span class="p">()</span> <span class="o">=&gt;</span> <span class="p">[</span> <span class="p">{</span> <span class="na">source</span><span class="p">:</span> <span class="dl">'</span><span class="s1">/(.*)</span><span class="se">\\</span><span class="s1">.(js|css|png|jpg|jpeg|gif|ico|svg)</span><span class="dl">'</span><span class="p">,</span> <span class="na">headers</span><span class="p">:</span> <span class="p">[</span> <span class="p">{</span> <span class="na">key</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Cache-Control</span><span class="dl">'</span><span class="p">,</span> <span class="na">value</span><span class="p">:</span> <span class="dl">'</span><span class="s1">public, max-age=31536000, immutable</span><span class="dl">'</span><span class="p">,</span> <span class="p">},</span> <span class="p">],</span> <span class="p">},</span> <span class="p">],</span> <span class="p">}</span> </code></pre> </div> <h2> Monitoring and Analytics </h2> <h3> 1. Google Analytics </h3> <p>Add Google Analytics to track conversions:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight tsx"><code><span class="c1">// src/app/layout.tsx</span> <span class="k">import</span> <span class="nx">Script</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">next/script</span><span class="dl">'</span> <span class="k">export</span> <span class="k">default</span> <span class="kd">function</span> <span class="nf">RootLayout</span><span class="p">({</span> <span class="nx">children</span> <span class="p">})</span> <span class="p">{</span> <span class="k">return </span><span class="p">(</span> <span class="p">&lt;</span><span class="nt">html</span><span class="p">&gt;</span> <span class="p">&lt;</span><span class="nt">head</span><span class="p">&gt;</span> <span class="p">&lt;</span><span class="nc">Script</span> <span class="na">src</span><span class="p">=</span><span class="s">"https://www.googletagmanager.com/gtag/js?id=GA_MEASUREMENT_ID"</span> <span class="na">strategy</span><span class="p">=</span><span class="s">"afterInteractive"</span> <span class="p">/&gt;</span> <span class="p">&lt;</span><span class="nc">Script</span> <span class="na">id</span><span class="p">=</span><span class="s">"google-analytics"</span> <span class="na">strategy</span><span class="p">=</span><span class="s">"afterInteractive"</span><span class="p">&gt;</span> <span class="si">{</span><span class="s2">` window.dataLayer = window.dataLayer || []; function gtag(){dataLayer.push(arguments);} gtag('js', new Date()); gtag('config', 'GA_MEASUREMENT_ID'); `</span><span class="si">}</span> <span class="p">&lt;/</span><span class="nc">Script</span><span class="p">&gt;</span> <span class="p">&lt;/</span><span class="nt">head</span><span class="p">&gt;</span> <span class="p">&lt;</span><span class="nt">body</span><span class="p">&gt;</span><span class="si">{</span><span class="nx">children</span><span class="si">}</span><span class="p">&lt;/</span><span class="nt">body</span><span class="p">&gt;</span> <span class="p">&lt;/</span><span class="nt">html</span><span class="p">&gt;</span> <span class="p">)</span> <span class="p">}</span> </code></pre> </div> <h3> 2. Conversion Tracking </h3> <p>Track email signups:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// Declare gtag as a global function for TypeScript</span> <span class="kr">declare</span> <span class="nb">global</span> <span class="p">{</span> <span class="kr">interface</span> <span class="nx">Window</span> <span class="p">{</span> <span class="nl">gtag</span><span class="p">:</span> <span class="p">(</span> <span class="nx">command</span><span class="p">:</span> <span class="dl">'</span><span class="s1">config</span><span class="dl">'</span> <span class="o">|</span> <span class="dl">'</span><span class="s1">event</span><span class="dl">'</span> <span class="o">|</span> <span class="dl">'</span><span class="s1">js</span><span class="dl">'</span><span class="p">,</span> <span class="nx">targetId</span><span class="p">:</span> <span class="kr">string</span> <span class="o">|</span> <span class="nb">Date</span><span class="p">,</span> <span class="nx">config</span><span class="p">?:</span> <span class="p">{</span> <span class="nx">event_category</span><span class="p">?:</span> <span class="kr">string</span> <span class="nx">event_label</span><span class="p">?:</span> <span class="kr">string</span> <span class="nx">value</span><span class="p">?:</span> <span class="kr">number</span> <span class="p">[</span><span class="na">key</span><span class="p">:</span> <span class="kr">string</span><span class="p">]:</span> <span class="kr">any</span> <span class="p">},</span> <span class="p">)</span> <span class="o">=&gt;</span> <span class="k">void</span> <span class="p">}</span> <span class="p">}</span> <span class="c1">// In your email signup component</span> <span class="kd">const</span> <span class="nx">trackConversion</span> <span class="o">=</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="k">typeof</span> <span class="nx">gtag</span> <span class="o">!==</span> <span class="dl">'</span><span class="s1">undefined</span><span class="dl">'</span><span class="p">)</span> <span class="p">{</span> <span class="nf">gtag</span><span class="p">(</span><span class="dl">'</span><span class="s1">event</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">sign_up</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">event_category</span><span class="p">:</span> <span class="dl">'</span><span class="s1">engagement</span><span class="dl">'</span><span class="p">,</span> <span class="na">event_label</span><span class="p">:</span> <span class="dl">'</span><span class="s1">email_signup</span><span class="dl">'</span><span class="p">,</span> <span class="p">})</span> <span class="p">}</span> <span class="p">}</span> <span class="kd">const</span> <span class="nx">handleSubmit</span> <span class="o">=</span> <span class="k">async </span><span class="p">(</span><span class="nx">e</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="c1">// ... existing code</span> <span class="k">if </span><span class="p">(</span><span class="nx">response</span><span class="p">.</span><span class="nx">ok</span><span class="p">)</span> <span class="p">{</span> <span class="nf">trackConversion</span><span class="p">()</span> <span class="c1">// ... rest of success handling</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h2> Security Best Practices </h2> <h3> 1. Environment Variables </h3> <p>Never commit sensitive data:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># .env.local (never commit)</span> <span class="nv">GOOGLE_SHEETS_ID</span><span class="o">=</span>your-actual-sheet-id <span class="c"># For production, set in Cloud Run</span> gcloud run services update workwrite-landing <span class="se">\</span> <span class="nt">--set-env-vars</span> <span class="nv">GOOGLE_SHEETS_ID</span><span class="o">=</span>your-production-sheet-id </code></pre> </div> <h3> 2. Input Validation </h3> <p>Always validate user inputs:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">z</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">zod</span><span class="dl">'</span> <span class="kd">const</span> <span class="nx">emailSchema</span> <span class="o">=</span> <span class="nx">z</span><span class="p">.</span><span class="nf">object</span><span class="p">({</span> <span class="na">email</span><span class="p">:</span> <span class="nx">z</span><span class="p">.</span><span class="nf">string</span><span class="p">().</span><span class="nf">email</span><span class="p">(</span><span class="dl">'</span><span class="s1">Invalid email format</span><span class="dl">'</span><span class="p">),</span> <span class="p">})</span> <span class="k">export</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">POST</span><span class="p">(</span><span class="nx">request</span><span class="p">:</span> <span class="nx">NextRequest</span><span class="p">)</span> <span class="p">{</span> <span class="k">try</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">body</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">request</span><span class="p">.</span><span class="nf">json</span><span class="p">()</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">email</span> <span class="p">}</span> <span class="o">=</span> <span class="nx">emailSchema</span><span class="p">.</span><span class="nf">parse</span><span class="p">(</span><span class="nx">body</span><span class="p">)</span> <span class="c1">// ... rest of your code</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">error</span><span class="p">)</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">error</span> <span class="k">instanceof</span> <span class="nx">z</span><span class="p">.</span><span class="nx">ZodError</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">NextResponse</span><span class="p">.</span><span class="nf">json</span><span class="p">({</span> <span class="na">error</span><span class="p">:</span> <span class="nx">error</span><span class="p">.</span><span class="nx">errors</span><span class="p">[</span><span class="mi">0</span><span class="p">].</span><span class="nx">message</span> <span class="p">},</span> <span class="p">{</span> <span class="na">status</span><span class="p">:</span> <span class="mi">400</span> <span class="p">})</span> <span class="p">}</span> <span class="c1">// ... handle other errors</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h2> Testing </h2> <h3> 1. Component Testing </h3> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// __tests__/email-signup.test.tsx</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">render</span><span class="p">,</span> <span class="nx">screen</span><span class="p">,</span> <span class="nx">fireEvent</span><span class="p">,</span> <span class="nx">waitFor</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@testing-library/react</span><span class="dl">'</span> <span class="k">import</span> <span class="nx">EmailSignup</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">../src/app/components/email-signup/email-signup</span><span class="dl">'</span> <span class="nf">describe</span><span class="p">(</span><span class="dl">'</span><span class="s1">EmailSignup</span><span class="dl">'</span><span class="p">,</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nf">test</span><span class="p">(</span><span class="dl">'</span><span class="s1">submits email successfully</span><span class="dl">'</span><span class="p">,</span> <span class="k">async </span><span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nb">global</span><span class="p">.</span><span class="nx">fetch</span> <span class="o">=</span> <span class="nx">jest</span><span class="p">.</span><span class="nf">fn</span><span class="p">(()</span> <span class="o">=&gt;</span> <span class="nb">Promise</span><span class="p">.</span><span class="nf">resolve</span><span class="p">({</span> <span class="na">ok</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="na">json</span><span class="p">:</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="nb">Promise</span><span class="p">.</span><span class="nf">resolve</span><span class="p">({</span> <span class="na">message</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Success</span><span class="dl">'</span> <span class="p">}),</span> <span class="p">}),</span> <span class="p">)</span> <span class="nf">render</span><span class="p">(</span><span class="o">&lt;</span><span class="nx">EmailSignup</span> <span class="o">/&gt;</span><span class="p">)</span> <span class="kd">const</span> <span class="nx">input</span> <span class="o">=</span> <span class="nx">screen</span><span class="p">.</span><span class="nf">getByPlaceholderText</span><span class="p">(</span><span class="dl">'</span><span class="s1">Enter your email</span><span class="dl">'</span><span class="p">)</span> <span class="kd">const</span> <span class="nx">button</span> <span class="o">=</span> <span class="nx">screen</span><span class="p">.</span><span class="nf">getByRole</span><span class="p">(</span><span class="dl">'</span><span class="s1">button</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">name</span><span class="p">:</span> <span class="sr">/subscribe/i</span> <span class="p">})</span> <span class="nx">fireEvent</span><span class="p">.</span><span class="nf">change</span><span class="p">(</span><span class="nx">input</span><span class="p">,</span> <span class="p">{</span> <span class="na">target</span><span class="p">:</span> <span class="p">{</span> <span class="na">value</span><span class="p">:</span> <span class="dl">'</span><span class="s1">test@example.com</span><span class="dl">'</span> <span class="p">}</span> <span class="p">})</span> <span class="nx">fireEvent</span><span class="p">.</span><span class="nf">click</span><span class="p">(</span><span class="nx">button</span><span class="p">)</span> <span class="k">await</span> <span class="nf">waitFor</span><span class="p">(()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nf">expect</span><span class="p">(</span><span class="nx">screen</span><span class="p">.</span><span class="nf">getByText</span><span class="p">(</span><span class="dl">'</span><span class="s1">Thank you for subscribing!</span><span class="dl">'</span><span class="p">)).</span><span class="nf">toBeInTheDocument</span><span class="p">()</span> <span class="p">})</span> <span class="p">})</span> <span class="p">})</span> </code></pre> </div> <h3> 2. API Testing </h3> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// __tests__/api/email-signup.test.ts</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">POST</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">../../src/app/api/v1/email-signup/route</span><span class="dl">'</span> <span class="nf">describe</span><span class="p">(</span><span class="dl">'</span><span class="s1">/api/v1/email-signup</span><span class="dl">'</span><span class="p">,</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nf">test</span><span class="p">(</span><span class="dl">'</span><span class="s1">validates email format</span><span class="dl">'</span><span class="p">,</span> <span class="k">async </span><span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">request</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Request</span><span class="p">(</span><span class="dl">'</span><span class="s1">http://localhost</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">method</span><span class="p">:</span> <span class="dl">'</span><span class="s1">POST</span><span class="dl">'</span><span class="p">,</span> <span class="na">body</span><span class="p">:</span> <span class="nx">JSON</span><span class="p">.</span><span class="nf">stringify</span><span class="p">({</span> <span class="na">email</span><span class="p">:</span> <span class="dl">'</span><span class="s1">invalid-email</span><span class="dl">'</span> <span class="p">}),</span> <span class="p">})</span> <span class="kd">const</span> <span class="nx">response</span> <span class="o">=</span> <span class="k">await</span> <span class="nc">POST</span><span class="p">(</span><span class="nx">request</span><span class="p">)</span> <span class="kd">const</span> <span class="nx">data</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">response</span><span class="p">.</span><span class="nf">json</span><span class="p">()</span> <span class="nf">expect</span><span class="p">(</span><span class="nx">response</span><span class="p">.</span><span class="nx">status</span><span class="p">).</span><span class="nf">toBe</span><span class="p">(</span><span class="mi">400</span><span class="p">)</span> <span class="nf">expect</span><span class="p">(</span><span class="nx">data</span><span class="p">.</span><span class="nx">error</span><span class="p">).</span><span class="nf">toBe</span><span class="p">(</span><span class="dl">'</span><span class="s1">Invalid email format</span><span class="dl">'</span><span class="p">)</span> <span class="p">})</span> <span class="p">})</span> </code></pre> </div> <h2> Conclusion </h2> <p>You now have a complete, production-ready Next.js landing page that:</p> <ul> <li> <strong>Collects emails</strong> efficiently with a beautiful UI</li> <li> <strong>Stores data</strong> in Google Sheets automatically</li> <li> <strong>Scales automatically</strong> with Google Cloud Run</li> <li> <strong>Costs minimal</strong> for low to medium traffic</li> <li> <strong>Performs excellently</strong> with optimized builds</li> <li> <strong>Monitors effectively</strong> with built-in analytics</li> </ul> <p>This setup provides a solid foundation for any product launch or marketing campaign. The combination of Next.js 15, Google Sheets, and Cloud Run offers excellent developer experience with enterprise-grade scalability and reliability.</p> <h3> Next Steps </h3> <ol> <li> <strong>Add A/B testing</strong> for different signup copy</li> <li> <strong>Implement email automation</strong> with services like SendGrid</li> <li> <strong>Add more landing page sections</strong> (testimonials, features, pricing)</li> <li> <strong>Set up CI/CD</strong> with GitHub Actions</li> <li> <strong>Add real-time analytics</strong> dashboard</li> </ol> <p>The architecture we've built is flexible and can grow with your product needs while maintaining excellent performance and cost efficiency.</p> nextjs googlecloud googlesheet webdev Supabase WordPress Integration - Sync WordPress Posts and Pages to Supabase Dale Nguyen Wed, 20 Aug 2025 03:56:00 +0000 https://dev.to/dalenguyen/supabase-wordpress-integration-sync-wordpress-posts-and-pages-to-supabase-28f7 https://dev.to/dalenguyen/supabase-wordpress-integration-sync-wordpress-posts-and-pages-to-supabase-28f7 <p>Are you looking to create a modern, scalable architecture for your WordPress site? Syncing your WordPress content to Supabase opens up powerful possibilities for headless websites, mobile apps, and real-time applications. In this comprehensive guide, we'll walk you through setting up automatic post and page synchronization from WordPress to Supabase using the SupaWP plugin.</p> <h2> Why Sync WordPress to Supabase? </h2> <p>Before diving into the setup, let's understand the benefits:</p> <ul> <li> <strong>🚀 Performance</strong>: Lightning-fast content delivery through Supabase's edge network</li> <li> <strong>📱 Multi-platform</strong>: Build mobile apps, SPAs, and JAMstack sites using the same content</li> <li> <strong>🔄 Real-time</strong>: Instant content updates across all your applications</li> <li> <strong>🔒 Security</strong>: Robust Row Level Security (RLS) policies protect your data</li> <li> <strong>💰 Cost-effective</strong>: Pay only for what you use with Supabase's pricing model</li> </ul> <h2> Prerequisites </h2> <p>Before getting started, make sure you have:</p> <ul> <li>WordPress site with admin access</li> <li>Supabase account and project</li> <li>SupaWP plugin installed (v1.3.2 or later)</li> <li>Basic understanding of SQL for table setup</li> </ul> <h2> Step 1: Install and Configure SupaWP </h2> <h3> Install the Plugin </h3> <ol> <li>Download the SupaWP plugin</li> <li>Upload to your WordPress site via <strong>Plugins → Add New → Upload</strong> </li> <li>Activate the plugin</li> </ol> <h3> Configure Basic Settings </h3> <p>Navigate to <strong>WordPress Admin → SupaWP</strong> and configure:</p> <p><strong>General Settings:</strong></p> <ul> <li> <strong>Supabase URL</strong>: Your project URL (e.g., <code>https://your-project.supabase.co</code>)</li> <li> <strong>Supabase Anon Key</strong>: Your public API key</li> </ul> <p><strong>Security Settings (Critical):</strong></p> <ul> <li> <strong>Supabase Service Role Key</strong>: Your service role key for server-side operations</li> <li>This key bypasses Row Level Security and should never be exposed to the frontend</li> </ul> <p>⚠️ <strong>Security Note</strong>: Always configure the Service Role Key for production use. This ensures secure write operations from WordPress while maintaining public read access.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fks4ketolmrw2rr8tfcy4.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fks4ketolmrw2rr8tfcy4.png" alt="Service role key" width="800" height="500"></a></p> <h2> Step 2: Set Up Supabase Tables </h2> <h3> Create the Posts Table </h3> <p>In your Supabase SQL editor, run this command to create the posts table:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">CREATE</span> <span class="k">TABLE</span> <span class="k">public</span><span class="p">.</span><span class="n">wp_posts</span> <span class="p">(</span> <span class="n">id</span> <span class="nb">integer</span> <span class="k">PRIMARY</span> <span class="k">KEY</span><span class="p">,</span> <span class="n">post_title</span> <span class="nb">text</span><span class="p">,</span> <span class="n">post_content</span> <span class="nb">text</span><span class="p">,</span> <span class="n">post_excerpt</span> <span class="nb">text</span><span class="p">,</span> <span class="n">post_status</span> <span class="nb">text</span><span class="p">,</span> <span class="n">post_type</span> <span class="nb">text</span><span class="p">,</span> <span class="n">post_date</span> <span class="n">timestamptz</span><span class="p">,</span> <span class="n">post_modified</span> <span class="n">timestamptz</span><span class="p">,</span> <span class="n">permalink</span> <span class="nb">text</span><span class="p">,</span> <span class="n">post_thumbnail</span> <span class="nb">text</span><span class="p">,</span> <span class="n">author</span> <span class="n">jsonb</span><span class="p">,</span> <span class="n">taxonomies</span> <span class="n">jsonb</span><span class="p">,</span> <span class="n">custom_fields</span> <span class="n">jsonb</span><span class="p">,</span> <span class="n">synced_at</span> <span class="n">timestamptz</span> <span class="k">DEFAULT</span> <span class="n">now</span><span class="p">()</span> <span class="p">);</span> </code></pre> </div> <h3> Create the Pages Table </h3> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">CREATE</span> <span class="k">TABLE</span> <span class="k">public</span><span class="p">.</span><span class="n">wp_pages</span> <span class="p">(</span> <span class="n">id</span> <span class="nb">integer</span> <span class="k">PRIMARY</span> <span class="k">KEY</span><span class="p">,</span> <span class="n">post_title</span> <span class="nb">text</span><span class="p">,</span> <span class="n">post_content</span> <span class="nb">text</span><span class="p">,</span> <span class="n">post_excerpt</span> <span class="nb">text</span><span class="p">,</span> <span class="n">post_status</span> <span class="nb">text</span><span class="p">,</span> <span class="n">post_type</span> <span class="nb">text</span><span class="p">,</span> <span class="n">post_date</span> <span class="n">timestamptz</span><span class="p">,</span> <span class="n">post_modified</span> <span class="n">timestamptz</span><span class="p">,</span> <span class="n">permalink</span> <span class="nb">text</span><span class="p">,</span> <span class="n">post_thumbnail</span> <span class="nb">text</span><span class="p">,</span> <span class="n">author</span> <span class="n">jsonb</span><span class="p">,</span> <span class="n">taxonomies</span> <span class="n">jsonb</span><span class="p">,</span> <span class="n">custom_fields</span> <span class="n">jsonb</span><span class="p">,</span> <span class="n">synced_at</span> <span class="n">timestamptz</span> <span class="k">DEFAULT</span> <span class="n">now</span><span class="p">()</span> <span class="p">);</span> </code></pre> </div> <h2> Step 3: Implement Row Level Security </h2> <p>Security is paramount when exposing your content through an API. Let's set up RLS policies that allow public read access while restricting write operations to WordPress only.</p> <h3> Enable RLS on Posts Table </h3> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="c1">-- Enable Row Level Security</span> <span class="k">ALTER</span> <span class="k">TABLE</span> <span class="k">public</span><span class="p">.</span><span class="n">wp_posts</span> <span class="n">ENABLE</span> <span class="k">ROW</span> <span class="k">LEVEL</span> <span class="k">SECURITY</span><span class="p">;</span> <span class="c1">-- Allow public read access (anonymous users can read published posts)</span> <span class="k">CREATE</span> <span class="n">POLICY</span> <span class="nv">"Allow public read access"</span> <span class="k">ON</span> <span class="k">public</span><span class="p">.</span><span class="n">wp_posts</span> <span class="k">FOR</span> <span class="k">SELECT</span> <span class="k">TO</span> <span class="n">anon</span> <span class="k">USING</span> <span class="p">(</span><span class="n">post_status</span> <span class="o">=</span> <span class="s1">'publish'</span><span class="p">);</span> <span class="c1">-- Allow authenticated users to read all posts</span> <span class="k">CREATE</span> <span class="n">POLICY</span> <span class="nv">"Allow authenticated read access"</span> <span class="k">ON</span> <span class="k">public</span><span class="p">.</span><span class="n">wp_posts</span> <span class="k">FOR</span> <span class="k">SELECT</span> <span class="k">TO</span> <span class="n">authenticated</span> <span class="k">USING</span> <span class="p">(</span><span class="k">true</span><span class="p">);</span> <span class="c1">-- Only service role can insert/update/delete (WordPress backend only)</span> <span class="k">CREATE</span> <span class="n">POLICY</span> <span class="nv">"Service role can manage posts"</span> <span class="k">ON</span> <span class="k">public</span><span class="p">.</span><span class="n">wp_posts</span> <span class="k">FOR</span> <span class="k">ALL</span> <span class="k">TO</span> <span class="n">service_role</span> <span class="k">USING</span> <span class="p">(</span><span class="k">true</span><span class="p">)</span> <span class="k">WITH</span> <span class="k">CHECK</span> <span class="p">(</span><span class="k">true</span><span class="p">);</span> <span class="c1">-- Deny all write operations for anonymous and authenticated users</span> <span class="k">CREATE</span> <span class="n">POLICY</span> <span class="nv">"Deny public writes"</span> <span class="k">ON</span> <span class="k">public</span><span class="p">.</span><span class="n">wp_posts</span> <span class="k">FOR</span> <span class="k">INSERT</span> <span class="k">TO</span> <span class="n">anon</span><span class="p">,</span> <span class="n">authenticated</span> <span class="k">WITH</span> <span class="k">CHECK</span> <span class="p">(</span><span class="k">false</span><span class="p">);</span> <span class="k">CREATE</span> <span class="n">POLICY</span> <span class="nv">"Deny public updates"</span> <span class="k">ON</span> <span class="k">public</span><span class="p">.</span><span class="n">wp_posts</span> <span class="k">FOR</span> <span class="k">UPDATE</span> <span class="k">TO</span> <span class="n">anon</span><span class="p">,</span> <span class="n">authenticated</span> <span class="k">USING</span> <span class="p">(</span><span class="k">false</span><span class="p">);</span> <span class="k">CREATE</span> <span class="n">POLICY</span> <span class="nv">"Deny public deletes"</span> <span class="k">ON</span> <span class="k">public</span><span class="p">.</span><span class="n">wp_posts</span> <span class="k">FOR</span> <span class="k">DELETE</span> <span class="k">TO</span> <span class="n">anon</span><span class="p">,</span> <span class="n">authenticated</span> <span class="k">USING</span> <span class="p">(</span><span class="k">false</span><span class="p">);</span> </code></pre> </div> <h3> Apply the Same Security to Pages </h3> <p>Repeat the same RLS setup for the <code>wp_pages</code> table, replacing table references accordingly.</p> <h2> Step 4: Configure WordPress Sync Settings </h2> <p>Now let's configure which content types to sync:</p> <ol> <li>Go to <strong>WordPress Admin → SupaWP → Sync Data tab</strong> </li> <li> <strong>Select Post Types</strong>: Check "Posts" and "Pages"</li> <li> <strong>Custom Post Types</strong>: Add any custom post types (comma-separated, e.g., <code>product, event</code>)</li> <li>Click <strong>Save Settings</strong> </li> </ol> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ftbr1g69snxa08qhprip3.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ftbr1g69snxa08qhprip3.png" alt="Select WordPress post type" width="800" height="456"></a></p> <h2> Step 5: Understanding the Sync Process </h2> <p>Once configured, SupaWP automatically handles synchronization:</p> <h3> What Gets Synced </h3> <p>The plugin captures comprehensive post data:</p> <ul> <li> <strong>Basic Info</strong>: Title, content, excerpt, status, type</li> <li> <strong>Metadata</strong>: Publish date, modified date, permalink</li> <li> <strong>Media</strong>: Featured image URL (with retry mechanism for processing delays)</li> <li> <strong>Author Data</strong>: Author information as JSON</li> <li> <strong>Taxonomies</strong>: Categories, tags, and custom taxonomies</li> <li> <strong>Custom Fields</strong>: All non-private custom fields</li> </ul> <h3> When Sync Happens </h3> <p>Automatic synchronization triggers on:</p> <ol> <li> <strong>Creating a new post</strong> → Immediately synced to Supabase</li> <li> <strong>Updating existing content</strong> → Updates the Supabase record</li> <li> <strong>Moving to trash</strong> → Removes from Supabase</li> <li> <strong>Permanent deletion</strong> → Removes from Supabase</li> </ol> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ff68i0orezsu20l7lqmss.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ff68i0orezsu20l7lqmss.png" alt="wp_posts table in supabase" width="800" height="259"></a></p> <h2> Step 6: Using Your Synced Data </h2> <h3> Frontend API Access </h3> <p>With your content synced, you can now access it from any frontend application:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">createClient</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@supabase/supabase-js</span><span class="dl">'</span> <span class="kd">const</span> <span class="nx">supabase</span> <span class="o">=</span> <span class="nf">createClient</span><span class="p">(</span><span class="dl">'</span><span class="s1">https://your-project.supabase.co</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">your-anon-key</span><span class="dl">'</span><span class="p">)</span> <span class="c1">// Get all published posts</span> <span class="kd">const</span> <span class="p">{</span> <span class="na">data</span><span class="p">:</span> <span class="nx">posts</span> <span class="p">}</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">supabase</span> <span class="p">.</span><span class="k">from</span><span class="p">(</span><span class="dl">'</span><span class="s1">wp_posts</span><span class="dl">'</span><span class="p">)</span> <span class="p">.</span><span class="nf">select</span><span class="p">(</span><span class="dl">'</span><span class="s1">*</span><span class="dl">'</span><span class="p">)</span> <span class="p">.</span><span class="nf">eq</span><span class="p">(</span><span class="dl">'</span><span class="s1">post_status</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">publish</span><span class="dl">'</span><span class="p">)</span> <span class="p">.</span><span class="nf">order</span><span class="p">(</span><span class="dl">'</span><span class="s1">post_date</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">ascending</span><span class="p">:</span> <span class="kc">false</span> <span class="p">})</span> <span class="c1">// Get a specific post by ID</span> <span class="kd">const</span> <span class="p">{</span> <span class="na">data</span><span class="p">:</span> <span class="nx">post</span> <span class="p">}</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">supabase</span><span class="p">.</span><span class="k">from</span><span class="p">(</span><span class="dl">'</span><span class="s1">wp_posts</span><span class="dl">'</span><span class="p">).</span><span class="nf">select</span><span class="p">(</span><span class="dl">'</span><span class="s1">*</span><span class="dl">'</span><span class="p">).</span><span class="nf">eq</span><span class="p">(</span><span class="dl">'</span><span class="s1">id</span><span class="dl">'</span><span class="p">,</span> <span class="mi">123</span><span class="p">).</span><span class="nf">single</span><span class="p">()</span> <span class="c1">// Search posts by title</span> <span class="kd">const</span> <span class="p">{</span> <span class="na">data</span><span class="p">:</span> <span class="nx">searchResults</span> <span class="p">}</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">supabase</span> <span class="p">.</span><span class="k">from</span><span class="p">(</span><span class="dl">'</span><span class="s1">wp_posts</span><span class="dl">'</span><span class="p">)</span> <span class="p">.</span><span class="nf">select</span><span class="p">(</span><span class="dl">'</span><span class="s1">*</span><span class="dl">'</span><span class="p">)</span> <span class="p">.</span><span class="nf">textSearch</span><span class="p">(</span><span class="dl">'</span><span class="s1">post_title</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">search term</span><span class="dl">'</span><span class="p">)</span> <span class="p">.</span><span class="nf">eq</span><span class="p">(</span><span class="dl">'</span><span class="s1">post_status</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">publish</span><span class="dl">'</span><span class="p">)</span> </code></pre> </div> <h3> Real-time Subscriptions </h3> <p>Take advantage of Supabase's real-time capabilities:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// Subscribe to new posts</span> <span class="kd">const</span> <span class="nx">subscription</span> <span class="o">=</span> <span class="nx">supabase</span> <span class="p">.</span><span class="nf">channel</span><span class="p">(</span><span class="dl">'</span><span class="s1">wp_posts</span><span class="dl">'</span><span class="p">)</span> <span class="p">.</span><span class="nf">on</span><span class="p">(</span><span class="dl">'</span><span class="s1">postgres_changes</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">event</span><span class="p">:</span> <span class="dl">'</span><span class="s1">INSERT</span><span class="dl">'</span><span class="p">,</span> <span class="na">schema</span><span class="p">:</span> <span class="dl">'</span><span class="s1">public</span><span class="dl">'</span><span class="p">,</span> <span class="na">table</span><span class="p">:</span> <span class="dl">'</span><span class="s1">wp_posts</span><span class="dl">'</span> <span class="p">},</span> <span class="p">(</span><span class="nx">payload</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="dl">'</span><span class="s1">New post published:</span><span class="dl">'</span><span class="p">,</span> <span class="nx">payload</span><span class="p">.</span><span class="k">new</span><span class="p">)</span> <span class="c1">// Update your UI in real-time</span> <span class="p">})</span> <span class="p">.</span><span class="nf">subscribe</span><span class="p">()</span> </code></pre> </div> <h2> Step 7: Advanced Customization </h2> <h3> Custom Data Modification </h3> <p>You can modify data before it's saved to Supabase:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="c1">// In your theme's functions.php</span> <span class="nf">add_filter</span><span class="p">(</span><span class="s1">'supawp_before_saving_to_supabase'</span><span class="p">,</span> <span class="k">function</span><span class="p">(</span><span class="nv">$data</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// Add site information</span> <span class="nv">$data</span><span class="p">[</span><span class="s1">'site_url'</span><span class="p">]</span> <span class="o">=</span> <span class="nf">get_site_url</span><span class="p">();</span> <span class="c1">// Add custom SEO data</span> <span class="nv">$data</span><span class="p">[</span><span class="s1">'seo_title'</span><span class="p">]</span> <span class="o">=</span> <span class="nf">get_post_meta</span><span class="p">(</span><span class="nv">$data</span><span class="p">[</span><span class="s1">'id'</span><span class="p">],</span> <span class="s1">'_yoast_wpseo_title'</span><span class="p">,</span> <span class="kc">true</span><span class="p">);</span> <span class="c1">// Sanitize content for API consumption</span> <span class="k">if</span> <span class="p">(</span><span class="k">isset</span><span class="p">(</span><span class="nv">$data</span><span class="p">[</span><span class="s1">'post_content'</span><span class="p">]))</span> <span class="p">{</span> <span class="nv">$data</span><span class="p">[</span><span class="s1">'post_content'</span><span class="p">]</span> <span class="o">=</span> <span class="nf">wp_strip_all_tags</span><span class="p">(</span><span class="nv">$data</span><span class="p">[</span><span class="s1">'post_content'</span><span class="p">]);</span> <span class="p">}</span> <span class="k">return</span> <span class="nv">$data</span><span class="p">;</span> <span class="p">});</span> </code></pre> </div> <h3> Sync Event Hooks </h3> <p>Monitor sync operations:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="c1">// Log successful syncs</span> <span class="nf">add_action</span><span class="p">(</span><span class="s1">'supawp_after_saving_to_supabase'</span><span class="p">,</span> <span class="k">function</span><span class="p">(</span><span class="nv">$response_data</span><span class="p">,</span> <span class="nv">$original_data</span><span class="p">)</span> <span class="p">{</span> <span class="nb">error_log</span><span class="p">(</span><span class="s1">'Post synced: '</span> <span class="mf">.</span> <span class="nv">$original_data</span><span class="p">[</span><span class="s1">'post_title'</span><span class="p">]);</span> <span class="p">},</span> <span class="mi">10</span><span class="p">,</span> <span class="mi">2</span><span class="p">);</span> <span class="c1">// Handle sync failures</span> <span class="nf">add_action</span><span class="p">(</span><span class="s1">'supawp_sync_error'</span><span class="p">,</span> <span class="k">function</span><span class="p">(</span><span class="nv">$error</span><span class="p">,</span> <span class="nv">$post_data</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// Send notification to admin</span> <span class="nf">wp_mail</span><span class="p">(</span><span class="nf">get_option</span><span class="p">(</span><span class="s1">'admin_email'</span><span class="p">),</span> <span class="s1">'Sync Error'</span><span class="p">,</span> <span class="nv">$error</span><span class="p">);</span> <span class="p">},</span> <span class="mi">10</span><span class="p">,</span> <span class="mi">2</span><span class="p">);</span> </code></pre> </div> <h3> Manual Sync Operations </h3> <p>Use SupaWP's filter system for custom operations:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="c1">// Manually sync specific post</span> <span class="nv">$post_data</span> <span class="o">=</span> <span class="k">array</span><span class="p">(</span> <span class="s1">'id'</span> <span class="o">=&gt;</span> <span class="mi">123</span><span class="p">,</span> <span class="s1">'post_title'</span> <span class="o">=&gt;</span> <span class="s1">'Custom Post'</span><span class="p">,</span> <span class="s1">'custom_field'</span> <span class="o">=&gt;</span> <span class="s1">'Additional data'</span> <span class="p">);</span> <span class="nf">apply_filters</span><span class="p">(</span><span class="s1">'supawp_save_data_to_supabase'</span><span class="p">,</span> <span class="nv">$post_data</span><span class="p">);</span> <span class="c1">// Get data from Supabase</span> <span class="nv">$posts</span> <span class="o">=</span> <span class="nf">apply_filters</span><span class="p">(</span><span class="s1">'supawp_get_data_from_supabase'</span><span class="p">,</span> <span class="s1">'wp_posts'</span><span class="p">,</span> <span class="k">array</span><span class="p">(</span> <span class="s1">'post_status'</span> <span class="o">=&gt;</span> <span class="s1">'eq.publish'</span><span class="p">,</span> <span class="s1">'limit'</span> <span class="o">=&gt;</span> <span class="s1">'10'</span> <span class="p">));</span> </code></pre> </div> <h2> Troubleshooting Common Issues </h2> <h3> Posts Not Syncing </h3> <ol> <li> <strong>Check post type selection</strong> in SupaWP settings</li> <li> <strong>Verify Service Role Key</strong> is configured (not just anon key)</li> <li> <strong>Ensure tables exist</strong> in Supabase with correct naming convention</li> </ol> <h3> Permission Errors </h3> <ol> <li> <strong>Verify RLS policies</strong> allow service_role to write</li> <li> <strong>Check service role key</strong> is correct and has proper permissions</li> <li> <strong>Test connection</strong> from WordPress admin</li> </ol> <h3> Image Sync Issues </h3> <ol> <li> <strong>Enable WordPress debugging</strong> to see detailed error logs</li> <li> <strong>Check featured image processing</strong> - some themes delay image processing</li> <li> <strong>Verify image URLs</strong> are publicly accessible</li> </ol> <h3> Debug Logging </h3> <p>Enable WordPress debug logging:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="c1">// In wp-config.php</span> <span class="nb">define</span><span class="p">(</span><span class="s1">'WP_DEBUG'</span><span class="p">,</span> <span class="kc">true</span><span class="p">);</span> <span class="nb">define</span><span class="p">(</span><span class="s1">'WP_DEBUG_LOG'</span><span class="p">,</span> <span class="kc">true</span><span class="p">);</span> </code></pre> </div> <p>Check <code>/wp-content/debug.log</code> for SupaWP error messages.</p> <h2> Best Practices for Production </h2> <h3> Performance Optimization </h3> <ol> <li> <strong>Index your tables</strong> for common query patterns: </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code> <span class="k">CREATE</span> <span class="k">INDEX</span> <span class="n">idx_wp_posts_status_date</span> <span class="k">ON</span> <span class="n">wp_posts</span><span class="p">(</span><span class="n">post_status</span><span class="p">,</span> <span class="n">post_date</span> <span class="k">DESC</span><span class="p">);</span> </code></pre> </div> <ol> <li> <strong>Use selective querying</strong> - only fetch fields you need</li> <li> <strong>Implement caching</strong> in your frontend application</li> </ol> <h3> Security Considerations </h3> <ol> <li> <strong>Never expose service role key</strong> to frontend</li> <li><strong>Regularly rotate API keys</strong></li> <li> <strong>Monitor database access</strong> through Supabase dashboard</li> <li> <strong>Use RLS policies</strong> to restrict data access appropriately</li> </ol> <h3> Monitoring and Maintenance </h3> <ol> <li> <strong>Set up monitoring</strong> for sync operations</li> <li> <strong>Regular backups</strong> of Supabase data</li> <li> <strong>Monitor API usage</strong> and costs</li> <li> <strong>Keep SupaWP updated</strong> for latest features and security fixes</li> </ol> <h2> Use Cases and Examples </h2> <h3> JAMstack Blog </h3> <p>Create a lightning-fast blog using Supabase as your content API:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// Next.js example</span> <span class="k">export</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">getStaticProps</span><span class="p">()</span> <span class="p">{</span> <span class="kd">const</span> <span class="p">{</span> <span class="na">data</span><span class="p">:</span> <span class="nx">posts</span> <span class="p">}</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">supabase</span> <span class="p">.</span><span class="k">from</span><span class="p">(</span><span class="dl">'</span><span class="s1">wp_posts</span><span class="dl">'</span><span class="p">)</span> <span class="p">.</span><span class="nf">select</span><span class="p">(</span><span class="dl">'</span><span class="s1">id, post_title, post_excerpt, post_date, permalink</span><span class="dl">'</span><span class="p">)</span> <span class="p">.</span><span class="nf">eq</span><span class="p">(</span><span class="dl">'</span><span class="s1">post_status</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">publish</span><span class="dl">'</span><span class="p">)</span> <span class="p">.</span><span class="nf">order</span><span class="p">(</span><span class="dl">'</span><span class="s1">post_date</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">ascending</span><span class="p">:</span> <span class="kc">false</span> <span class="p">})</span> <span class="p">.</span><span class="nf">limit</span><span class="p">(</span><span class="mi">10</span><span class="p">)</span> <span class="k">return</span> <span class="p">{</span> <span class="na">props</span><span class="p">:</span> <span class="p">{</span> <span class="nx">posts</span> <span class="p">},</span> <span class="na">revalidate</span><span class="p">:</span> <span class="mi">60</span><span class="p">,</span> <span class="c1">// Revalidate every minute</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h3> Mobile App Integration </h3> <p>Use the same content in your React Native app:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="p">[</span><span class="nx">posts</span><span class="p">,</span> <span class="nx">setPosts</span><span class="p">]</span> <span class="o">=</span> <span class="nf">useState</span><span class="p">([])</span> <span class="nf">useEffect</span><span class="p">(()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">fetchPosts</span> <span class="o">=</span> <span class="k">async </span><span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">data</span> <span class="p">}</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">supabase</span><span class="p">.</span><span class="k">from</span><span class="p">(</span><span class="dl">'</span><span class="s1">wp_posts</span><span class="dl">'</span><span class="p">).</span><span class="nf">select</span><span class="p">(</span><span class="dl">'</span><span class="s1">*</span><span class="dl">'</span><span class="p">).</span><span class="nf">eq</span><span class="p">(</span><span class="dl">'</span><span class="s1">post_status</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">publish</span><span class="dl">'</span><span class="p">)</span> <span class="nf">setPosts</span><span class="p">(</span><span class="nx">data</span><span class="p">)</span> <span class="p">}</span> <span class="nf">fetchPosts</span><span class="p">()</span> <span class="p">},</span> <span class="p">[])</span> </code></pre> </div> <h3> Multi-site Content Distribution </h3> <p>Sync content from one WordPress site to multiple frontend applications, each with different presentation layers but the same content source.</p> <h2> Conclusion </h2> <p>Syncing WordPress to Supabase with SupaWP opens up a world of possibilities for modern web development. You get the familiar WordPress editing experience combined with the power and flexibility of Supabase's modern database and real-time capabilities.</p> <p>The automatic synchronization ensures your content is always up-to-date across all platforms, while the robust security model keeps your data safe. Whether you're building a headless website, mobile app, or multi-platform content distribution system, this setup provides a solid foundation for scalable, modern applications.</p> <p>Start with the basic setup outlined in this guide, then gradually explore the advanced customization options as your needs grow. The combination of WordPress's content management capabilities and Supabase's modern infrastructure creates a powerful platform for any content-driven application.</p> <h2> Resources </h2> <ul> <li><a href="https://techcater.com/shop/products/SUPA_WP" rel="noopener noreferrer">SupaWP Plugin</a></li> <li><a href="https://supabase.com/docs" rel="noopener noreferrer">Supabase Documentation</a></li> <li><a href="https://developer.wordpress.org" rel="noopener noreferrer">WordPress Developer Resources</a></li> <li><a href="https://supabase.com/docs/guides/auth/row-level-security" rel="noopener noreferrer">Row Level Security Guide</a></li> </ul> <p><em>This guide covers SupaWP v1.3.2 and later. Features and configuration may vary in different versions.</em></p> supabase wordpress webdev I Built a Leadership Simulator for Aspiring Tech Leads (And Why The Soft Skills Matter Most) Dale Nguyen Sat, 09 Aug 2025 15:01:20 +0000 https://dev.to/dalenguyen/i-built-a-leadership-simulator-for-aspiring-tech-leads-and-why-the-soft-skills-matter-most-4ngo https://dev.to/dalenguyen/i-built-a-leadership-simulator-for-aspiring-tech-leads-and-why-the-soft-skills-matter-most-4ngo <p>Let's be honest - I'm good at code, but the thought of managing people terrifies me.</p> <p>I've been a senior developer for a while now, and everyone keeps asking when I'm going to "take the next step" to Tech Lead or Staff Engineer. The problem? While I'm confident about system design and code reviews, I have no idea how to handle stakeholder politics or motivate struggling team members.</p> <p>So instead of continuing to put off the inevitable, I built something to help me (and hopefully others) practice.</p> <h2> What is it? </h2> <p>TechLeadPilot is a leadership simulator that puts you in realistic Tech Lead scenarios before you actually have to face them. Think "choose your own adventure" but for workplace situations that'll actually happen to you.</p> <p>You might face scenarios like:</p> <p>🔥 Your PM wants to ship without proper testing to hit a deadline<br> 🤝 Two senior engineers can't agree on system architecture<br> 📊 You need to explain why refactoring is worth 2 sprints to your director<br> 😤 A team member keeps missing deadlines but won't admit they're struggling</p> <h2> How it works </h2> <ol> <li>Pick a scenario from the library</li> <li>Read the situation and make your choice or write your response</li> <li>Get AI feedback on your leadership approach</li> <li>Learn what you did well and where you can improve</li> </ol> <h2> Why I built this </h2> <p>The idea of going from "senior engineer who codes in peace" to "tech lead who spends most of their time in meetings" is honestly pretty scary.</p> <p>I know I'll need to:</p> <ul> <li>Navigate office politics (ugh)</li> <li>Influence people who don't report to me</li> <li>Communicate complex technical stuff to non-technical people</li> <li>Actually motivate and mentor team members</li> <li>Make decisions when I don't have all the information</li> </ul> <p>These seem like learnable skills, but I'd rather practice them in a simulator than figure them out by potentially screwing up with real people.</p> <h2> The tech stack </h2> <p>Since this is dev.to:</p> <ul> <li>Frontend: Angular with Analog.js for SSR</li> <li>Backend: Node.js API routes</li> <li>Database: Firestore for user data and simulation results</li> <li>AI: Google Vertex AI for generating personalized feedback</li> <li>Hosting: Firebase (because it just works)</li> </ul> <h2> What's next? </h2> <p>I'm working on:</p> <ul> <li>More scenario types (performance reviews sound terrifying)</li> <li>Roleplay mode where the AI plays different characters</li> <li>Progress tracking so I can see if I'm actually getting better at this</li> </ul> <p>Try it out: <a href="https://techleadpilot.com/simulations" rel="noopener noreferrer">https://techleadpilot.com/simulations</a></p> <p>Fellow aspiring Tech Leads - what scenarios scare you the most? Always looking for new ideas to add!</p> leadership career management webdev