DEV Community: Mateusz Piórowski The latest articles on DEV Community by Mateusz Piórowski (@mpiorowski). https://dev.to/mpiorowski https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F1103359%2F4ac94bdc-8ea5-40fd-a80d-faafa98c9ef6.png DEV Community: Mateusz Piórowski https://dev.to/mpiorowski en The Go Workspaces Feature You're Probably Not Using Enough Mateusz Piórowski Tue, 08 Jul 2025 19:33:33 +0000 https://dev.to/mpiorowski/the-go-workspaces-feature-youre-probably-not-using-enough-1ej0 https://dev.to/mpiorowski/the-go-workspaces-feature-youre-probably-not-using-enough-1ej0 <p>So you're building a Go project. It starts simple, as they all do. Then it grows. Now you have a main API service, a separate service for handling background jobs, and you've been a good developer and put all your common code into a shared <code>pkg</code> directory. Things like authentication helpers, database models, all the stuff both services need.</p> <p>This is a great pattern. Until you need to change something in the <code>pkg</code> directory.</p> <p>Now you're stuck. You make a change in <code>pkg</code>, but your API service doesn't see it. Why? Because its <code>go.mod</code> file is pointing to the version on GitHub, not your local version. So you add a <code>replace</code> directive. Then you have to do the same thing for your worker service. And you have to remember to take them out before you commit, otherwise, you'll break the build for everyone else.</p> <p>It's a total mess and super easy to forget.</p> <h2> There Is a Better Way, and It's Called Workspaces </h2> <p>Go workspaces are the official, built-in solution to this exact problem. It's a simple feature that tells the Go compiler, "Hey, when you're building my project, I want you to use these specific modules from my local disk, not the ones from the internet."</p> <p>You do this with a single file in the root of your project called <code>go.work</code>. This file tells Go which local modules are part of your active development "workspace."</p> <p>Let's look at how this works with our example. Imagine you have a project structured like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>/my-cool-project |-- /app |-- go.work |-- /service-core | |-- go.mod |-- /service-admin | |-- go.mod |-- /pkg |-- /auth |-- /str </code></pre> </div> <p>Both <code>service-core</code> and <code>service-admin</code> need code from the <code>pkg</code> directory. Instead of messing with <code>replace</code> directives, your <code>go.work</code> file would just look like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="n">use</span> <span class="p">(</span> <span class="o">./</span><span class="n">service</span><span class="o">-</span><span class="n">core</span> <span class="o">./</span><span class="n">service</span><span class="o">-</span><span class="n">admin</span> <span class="o">./</span><span class="n">pkg</span> <span class="p">)</span> </code></pre> </div> <p>And... that's it. Seriously.</p> <p>Now, whenever you're working inside the <code>/app</code> directory, Go automatically knows that if <code>service-core</code> imports something from <code>pkg</code>, it should use the pkg directory right there on your hard drive. No <code>go.mod</code> changes needed. It's seamless.</p> <h2> Getting Started Is Easy </h2> <p>You can start using this in your projects today.</p> <ol> <li><p>Go to the root of your project where your services live.</p></li> <li><p>Run <code>go work init ./service-one ./service-two ./my-shared-lib</code>. This creates the <code>go.work</code> file.</p></li> <li><p>If you add a new service later, just run <code>go work use ./new-service</code>.</p></li> </ol> <p>It's a small change to your workflow that makes a huge difference.</p> <h2> Don't Forget to Sync Your Work </h2> <p>The <code>go work sync</code> command updates the <code>go.mod</code> files for every module inside your workspace.</p> <p>While the <code>go.work</code> file tells Go to use your local modules for development, your <code>go.mod</code> files are what define the real dependencies for your CI/CD pipelines and for other developers.</p> <p><code>go work sync</code> synchronizes the dependencies from your workspace back to each module's <code>go.mod</code> file. This ensures they are accurate and up-to-date before you commit your changes, preventing broken builds for your team.</p> <p>You should run it from your project root after you've finished your local changes:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>go work <span class="nb">sync</span> </code></pre> </div> <h2> Why You Should Be Using This </h2> <p>To put it simply, workspaces make developing with multiple modules and shared libraries a breeze.</p> <ul> <li>You can finally make changes in a shared library and see them instantly in your other services.</li> <li>Your <code>go.mod</code> files stay clean and only describe your real, committed dependencies.</li> <li>You'll never accidentally commit a <code>replace</code> directive again.</li> </ul> <p>If you want to see a project that's built from the ground up using this philosophy, you should check out my Go CLI builder - <a href="https://gofast.live" rel="noopener noreferrer">GoFast</a>. It uses workspaces to manage its core services and shared packages, making it a great real-world example of how to build scalable, maintainable Go applications. And MUCH more :).</p> <p>Hope you enjoyed it, have a good day!</p> webdev programming go tutorial Fly.io + Turso = Scalable, Multi-Region, Low-Latency App That Will Not Cost You A Kidney. Mateusz Piórowski Thu, 11 Apr 2024 18:01:53 +0000 https://dev.to/mpiorowski/breaking-the-myth-scalable-multi-region-low-latency-app-exists-and-will-not-cost-you-a-kidney-537a https://dev.to/mpiorowski/breaking-the-myth-scalable-multi-region-low-latency-app-exists-and-will-not-cost-you-a-kidney-537a <h1> The problem </h1> <p>In my years of coding experience, I've explored various deployment methods, from simple servers to edge networks to serverless setups, all in search of the right fit.</p> <p>Each option has its pros and cons, and sometimes it comes down to personal preference.</p> <p>However, there's a category of apps that has always given me trouble finding the right solution: </p> <p><strong>Frontend + Backend + Database</strong></p> <p>Mostly CRM or SaaS applications. We all love them. So let's focus on them.</p> <p>After 28 days of discussion, 12 scrum meetings, and 4 Kanban boards, we've finally settled on the tech stack for the project:</p> <ul> <li>Frontend - <strong>React</strong> </li> <li>Backend - <strong>Java</strong> </li> <li>Database - <strong>MySQL</strong> </li> </ul> <p>This stack might not come as a surprise to anyone - it's what you might call an "oldie" stack, reminiscent of what was popular around 5 years ago. Nowadays, you could swap React for <strong>NextJS</strong>, Java for <strong>Rust</strong>, and MySQL for <strong>PostgreSQL</strong>, and you can start a YouTube channel.</p> <p>So it's time to deploy it. </p> <h2> The fancy one </h2> <p>Let's kick things off with the "modern" solution that you've probably heard about many times: <strong>Edge computing</strong>. The core concept here is to bring computing resources as close to the user as possible.</p> <p>For the client-side, we have options like <strong>Vercel</strong>, <strong>Netlify</strong>, or my personal favorite, <strong>Cloudflare Pages</strong>. Very easy to deploy, very fast and very scalable. <strong>WHEN</strong> we are deploying static sites (or JAMstack).</p> <p>But we're not deploying something static, right? We need dynamic data, interactive charts, tables, as well as the ability to save and load data.</p> <p>So let's use edge for the server as well! <strong>AWS Lambda</strong>, or maybe something fancier like the new <strong>Hono</strong> JavaScript framework (because, let's face it, we all love exploring new next JS frameworks).</p> <p>Problem solved! We're fast, we're modern.</p> <p>...but didn't we forget about something? The database.</p> <p>What's the big deal? Let's purchase <strong>AWS RDS</strong>, and we're all set.</p> <p>Take a look at this picture: the top one depicts the full edge solution, while the bottom one has a static server. Which one do you think takes longer?</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fer0cfexdsy3yvknkz9b1.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fer0cfexdsy3yvknkz9b1.png" alt="Edge server vs static server"></a></p> <p>The biggest problem with a full edge solution is that most of the time, your database remains in one location. And the majority of the traffic occurs between the database and your servers, even with multi-region databases.</p> <p><strong>1. Servers must be located as close as possible to the database.</strong></p> <h2> The popular one </h2> <p>Now, let's shift our focus to the most familiar deployment options: <strong>AWS EC2</strong>, <strong>Google Compute Engine</strong>, <strong>Azure Virtual Machines</strong>.</p> <p>But why not go with them? Can't we auto-scale? Make servers multi-regions?</p> <p>We can.</p> <p>The problem? It's <strong>HARD</strong> and not cheap. And it requires expertise. AWS EC2 that can autoscale? With load balancers? Easy deployment via CI/CD? Good luck with that, try not to kill yourselves.</p> <p><strong>2. The infrastructure must be easy to deploy, scale and manage.</strong></p> <h2> The container one </h2> <p>Now, let's enhance the previous solution by incorporating containers into the mix = <strong>serverless container platforms</strong>.</p> <p>The three most popular options in this realm are:</p> <ul> <li><strong>AWS Fargate / App Runner</strong></li> <li><strong>Azure Container Apps</strong></li> <li><strong>Google Cloud Run</strong></li> </ul> <p>With these platforms, you deploy your application using Dockerfiles. Among the big three, I've personally had the most experience with AWS and GCP. While some of Google Cloud's services may be subpar or lacking, <strong>Google Cloud Run</strong> is amazing.</p> <p>It offers default autoscaling, seamless deployment (often just requiring a pointer to your Dockerfile), and the ability to scale down to zero to minimize costs (unlike AWS, god knows why).</p> <h2> Database </h2> <p>So what about the database? </p> <p><strong>AWS RDS</strong>, <strong>Azure SQL</strong> or <strong>Google Cloud SQL</strong> are indeed easy to set up, even with multi-region support.</p> <p>The problem? They'll cost you a kidney, maybe even two. And we don't want that.</p> <p><strong>3. The database must not cost us a kidney.</strong></p> <p>So, let's explore new contenders in the market:</p> <p>For MySQL, we've got <a href="https://planetscale.com/" rel="noopener noreferrer">PlanetScale</a>, and for PostgreSQL, there's <a href="https://neon.tech/" rel="noopener noreferrer">Neon</a>.</p> <p>These are fully managed database platforms that offer autoscaling, database branching, replicas, and more, all within a few clicks.</p> <h1> Solution </h1> <p>Please remember that this is a <strong>PERSONAL OPINION</strong> :)</p> <p>So let's summarize our points:</p> <p><strong>1. Servers must be located as close as possible to the database.</strong><br> <strong>2. The infrastructure must be easy to deploy, scale and manage.</strong><br> <strong>3. The database must not cost us a kidney.</strong></p> <p>Now, who will be the final winner?</p> <p>Amazon EC2 with RDS PostgreSQL?</p> <p>Or perhaps Google Cloud Run with PlanetScale MySQL?</p> <p>.....</p> <p>Drumroll</p> <p>.....</p> <p>None of them (you saw that coming).</p> <p>So, while it's no surprise that I lean towards the <strong>serverless container solution</strong>, the AWS / GCP still require a lot of tweaking and configuration for seamless CI/CD deployments.</p> <p>And as for PlanetScale and Neon, the pricing is indeed great...initially...when we have low traffic. However, as the traffic increases, our wallets begin to empty.</p> <p>So who then?</p> <p>Despite my skepticism towards "new" technologies (we all know that they die like flies these days), here I am choosing them.</p> <p><strong><a href="https://fly.io" rel="noopener noreferrer">Fly.io</a> + <a href="https://turso.tech" rel="noopener noreferrer">Turso</a></strong></p> <p>So what sets them apart from the rest?</p> <p>Let's begin with Fly.io, and I'm not exaggerating when I say that if you have a Dockerfile ready, it provides THE BEST experience among serverless container platforms.</p> <p>With just one command, you can deploy your app and enjoy amazing logging, scaling, insights, and pricing.</p> <p>Now, let's talk about Turso, which utilizes LibSQL, a fork of SQLite.</p> <p>...</p> <p>SQLite. Yes, that SQLite. Yes, for production. Yes, I am tired of telling people that the notion "SQLite is not for production" is a stupid, outdated myth.</p> <p>I will just drop this <a href="https://www.youtube.com/watch?app=desktop&amp;v=yTicYJDT1zE" rel="noopener noreferrer">here</a> and move on.</p> <p>...</p> <p>Turso - The fastest way I've ever created a database with replicas. They are incredibly affordable and lightning-fast.</p> <p>And did I mention that they offer an option to have an embedded database inside your devices? For mobile? That's simply amazing.</p> <p>Furthermore, both of these teams feel like genuine people, admitting to their problems and acknowledging their shortcomings. And this is truly one of the main reasons I am investing in them, even though they are new :)</p> <p>Now all that's left is a client. To be perfectly honest, if your client side application can be deployed on edge, go for it.</p> <p>In our case, we use gRPC, so we cannot.</p> <p>Also, it's important to remember that there might be a very slight performance downgrade, mostly because even though the edge deploys the closest to you, it may still not be the shortest route for the traffic:</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fny8y2h6pt8wbcbpx6yet.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fny8y2h6pt8wbcbpx6yet.png" alt="client on edge vs client closest to server"></a></p> <h2> Code </h2> <p>I'll keep it brief. All the concepts have already been implemented in one of my open-source projects.:</p> <p><a href="https://github.com/mpiorowski/sgsg" rel="noopener noreferrer">SGSG</a></p> <p>It stands for <strong>Svelte + Go + SQLite + gRPC</strong>. If you wonder why these technologies, please refer to the project README :).</p> <p>Let's start:</p> <ol> <li>Create an account on <a href="https://turso.tech" rel="noopener noreferrer">Turso</a>.</li> <li>Create first primary database.</li> <li>Create 2 replicas.</li> <li>Generate authorization token.</li> </ol> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ffu3ue3l2pqyk5bfqilu2.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ffu3ue3l2pqyk5bfqilu2.png" alt="Turso databases"></a></p> <p>This gives us a nice spread for the whole world.</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F1aaylzojk1yd32mou8jx.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F1aaylzojk1yd32mou8jx.png" alt="Turso spread"></a></p> <ol> <li>Create an account on <a href="https://fly.io" rel="noopener noreferrer">Fly.io</a>.</li> <li>Launch Your apps with <code>fly launch --no-deploy</code>. </li> <li>Tweak the environmental variables and set your secrets with <code>fly secrets set</code>. </li> <li>Deploy with <code>fly deploy</code>.</li> <li>Scale fly.io to replicas regions <code>fly scale count 4 --region dfw,hkg</code>.</li> </ol> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fl0dmikren2o6n3vfqayq.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fl0dmikren2o6n3vfqayq.png" alt="Fly machines"></a></p> <p>You may have noticed something here. The region names are the same for Fly.io and Turso.</p> <p>And that's because it's yet another benefit of using these two together: Turso utilizes the Fly.io infrastructure, which means you place your database as close as possible to the server.</p> <p>And with that, we're all set :). Scalable, multi-region, affordable, and easy to maintain and deploy.</p> <p>To back this up, this stack is currently employed for the majority of our clients at <a href="https://solace.digital/" rel="noopener noreferrer">Solace</a>. And it works amazingly.</p> <h2> Things to remember </h2> <p>Here, I'd like to highlight two important points we need to keep in mind.</p> <p>First, Turso replicas, like most other database replicas, are READ replicas. This means you get incredible speed when reading rows, but all writes still go to the primary location.</p> <p>This can be a problem for heavy-write applications, which 99% of apps are <strong>NOT</strong>.</p> <p>Secondly, fly.io offers an option to scale down automatically. However, you can set min_machines_running = 1 to reduce cold starts. The challenge is that this setting is global, meaning it will shut down all your replicas and leave only the primary location running.</p> <p>It would be awesome if they could make it PER REGION. Hello Fly.io, please <a href="https://community.fly.io/t/automatically-starting-stopping-apps-v2-instances/12342/50" rel="noopener noreferrer">make it happen</a> :).</p> <h1> End </h1> <p>Hope you enjoyed it!</p> <p>Like always, a little bit of self-promotion :) </p> <p>Follow me on <a href="https://github.com/mpiorowski" rel="noopener noreferrer">Github</a> and <a href="https://twitter.com/mapiorowski" rel="noopener noreferrer">Twitter</a> to receive new notifications. I'm working on promoting lesser-known technologies, with Svelte, Go and Rust being the main focuses.</p> <p>I am also a creator of <a href="https://gofast.live" rel="noopener noreferrer">GoFast</a>, the ultimate foundation for building modern web apps, which set ups and uses everything I am talking about here for you automatically :)</p> webdev programming devops javascript Svelte + Firebase SSR + OAuth Mateusz Piórowski Thu, 28 Sep 2023 21:23:28 +0000 https://dev.to/mpiorowski/svelte-firebase-ssr-3p3j https://dev.to/mpiorowski/svelte-firebase-ssr-3p3j <p>We are continuing our authorization journey, now diving into <strong>Firebase</strong>, the biggest BaaS out there. As with all the previous steps:</p> <ol> <li>We'll use <a href="https://kit.svelte.dev/" rel="noopener noreferrer">SvelteKit</a> as the main framework, because we all know it's the best.</li> <li>We'll aim to achieve minimal lines of code.</li> <li>We'll implement main authorization check on the server-side to enhance security.</li> <li>Our starting point from which we'll begin counting lines of code, is this <a href="https://tailwindcss.com/docs/guides/sveltekit" rel="noopener noreferrer">Tailwind Setup</a> </li> <li>To make it harder, we'll set the max printWidth to 80 characters, because true coders thrive on it.</li> </ol> <p><a href="https://github.com/mpiorowski/svelte-auth" rel="noopener noreferrer">https://github.com/mpiorowski/svelte-auth</a></p> <p>Why server-side, you might ask? Check out this Google Doc with a very nice explanation:</p> <p><a href="https://firebase.google.com/docs/auth/admin/manage-cookies" rel="noopener noreferrer">https://firebase.google.com/docs/auth/admin/manage-cookies</a> </p> <p>We are also trimming down some descriptions to make it more accessible. For an in-depth explanation, please refer to the first article in this series.</p> <p>So let's start with the hardest part ... which isn't code but setting up Firebase and obtaining all the necessary keys. First, we need to log in to Google Cloud and create a new project:</p> <p><a href="https://console.cloud.google.com/" rel="noopener noreferrer">https://console.cloud.google.com/</a></p> <p>After that, we'll search for the <code>Identity Providers</code> service and enable it. This is the new version of <strong>Firebase Authentication</strong>.</p> <p>On the right side, you'll find the <code>Application setup details</code>:</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fe0sd6l3c0u2vbxwdodqh.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fe0sd6l3c0u2vbxwdodqh.png" alt="Application setup details"></a></p> <p>From there, we need to retrieve and store the <code>apiKey</code> and <code>authDomain</code>.</p> <p>In this section, we will also add all the necessary providers, configure the Consent screen, and fill in the <code>Client Id</code> and <code>Client Secret</code>. Let's use Google as an example because we already have this data generated.</p> <p>To obtain this data, we should navigate to the <code>Apis &amp; Services</code> -&gt; <code>Credentials</code> -&gt; <code>Create credentials</code> -&gt; <code>OAuth client</code>.</p> <p>We fill in all the necessary information, including the <code>Authorized redirect URIs</code>, which in our case will be <code>http://127.0.0.1:3000</code>. Later, when we move to production, we will need to add our domain here.</p> <p>After saving, you'll find our required secrets on the right side: <code>Client Id</code> and <code>Client Secret</code>.</p> <p>As mentioned, it's quite a few steps. The last thing remaining is to generate access for our server-side.</p> <p>We search for <code>IAM &amp; Admin</code> -&gt; <code>Service accounts</code>. Here is also already generated for us <code>Firebase Admin SDK</code> account:</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fhqjzldajjdbw26ef1jr2.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fhqjzldajjdbw26ef1jr2.png" alt="Firebase Admin SDK"></a></p> <p>We enter it, navigate to <code>Keys</code> -&gt; <code>Add key</code> -&gt; <code>Create new key</code> -&gt; <code>JSON</code>. This will generate and download a JSON key.</p> <p>That's it! The most challenging part is finished. Now, let's dive into the coding. First let's save our secrets:</p> <p><strong>.env</strong></p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> <span class="nv">PUBLIC_API_KEY</span><span class="o">=</span><span class="s1">'mock-api-key'</span> <span class="nv">PUBLIC_AUTH_DOMAIN</span><span class="o">=</span><span class="s1">'mock-auth-domain.firebaseapp.com'</span> <span class="nv">SERVICE_ACCOUNT</span><span class="o">=</span><span class="s1">'{ "type": "service_account", "project_id": "mock-project-id", "private_key_id": "mock-private-key-id", "private_key": "-----BEGIN PRIVATE KEY-----\nMockPrivateKey\n-----END PRIVATE KEY-----\n", "client_email": "mock-client-email@mock-project-id.iam.gserviceaccount.com", "client_id": "mock-client-id", "auth_uri": "https://accounts.google.com/o/oauth2/auth", "token_uri": "https://oauth2.googleapis.com/token", "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs", "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/mock-client-email@mock-project-id.iam.gserviceaccount.com", "universe_domain": "mock-universe-domain" }'</span> </code></pre> </div> <p>Now let's set up connections to Firebase, and we'll need two separate connections for <strong>client</strong> and <strong>server</strong>. </p> <p><strong>lib/firebase_client.ts</strong></p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code> <span class="k">import</span> <span class="p">{</span> <span class="nx">PUBLIC_API_KEY</span><span class="p">,</span> <span class="nx">PUBLIC_AUTH_DOMAIN</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">$env/static/public</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">initializeApp</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">firebase/app</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">getAuth</span><span class="p">,</span> <span class="nx">setPersistence</span><span class="p">,</span> <span class="kd">type</span> <span class="nx">Persistence</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">firebase/auth</span><span class="dl">"</span><span class="p">;</span> <span class="k">export</span> <span class="kd">function</span> <span class="nf">getFirebaseClient</span><span class="p">():</span> <span class="o">|</span> <span class="p">{</span> <span class="na">error</span><span class="p">:</span> <span class="kc">false</span><span class="p">;</span> <span class="nl">data</span><span class="p">:</span> <span class="nb">ReturnType</span><span class="o">&lt;</span><span class="k">typeof</span> <span class="nx">getAuth</span><span class="o">&gt;</span> <span class="p">}</span> <span class="o">|</span> <span class="p">{</span> <span class="na">error</span><span class="p">:</span> <span class="kc">true</span><span class="p">;</span> <span class="nl">msg</span><span class="p">:</span> <span class="kr">string</span> <span class="p">}</span> <span class="p">{</span> <span class="k">try</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">firebaseConfig</span> <span class="o">=</span> <span class="p">{</span> <span class="na">apiKey</span><span class="p">:</span> <span class="nx">PUBLIC_API_KEY</span><span class="p">,</span> <span class="na">authDomain</span><span class="p">:</span> <span class="nx">PUBLIC_AUTH_DOMAIN</span><span class="p">,</span> <span class="p">};</span> <span class="kd">const</span> <span class="nx">app</span> <span class="o">=</span> <span class="nf">initializeApp</span><span class="p">(</span><span class="nx">firebaseConfig</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">auth</span> <span class="o">=</span> <span class="nf">getAuth</span><span class="p">(</span><span class="nx">app</span><span class="p">);</span> <span class="kd">const</span> <span class="na">persistance</span><span class="p">:</span> <span class="nx">Persistence</span> <span class="o">=</span> <span class="p">{</span> <span class="na">type</span><span class="p">:</span> <span class="dl">"</span><span class="s2">NONE</span><span class="dl">"</span> <span class="p">};</span> <span class="k">void</span> <span class="nf">setPersistence</span><span class="p">(</span><span class="nx">auth</span><span class="p">,</span> <span class="nx">persistance</span><span class="p">);</span> <span class="k">return</span> <span class="p">{</span> <span class="na">error</span><span class="p">:</span> <span class="kc">false</span><span class="p">,</span> <span class="na">data</span><span class="p">:</span> <span class="nx">auth</span> <span class="p">};</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">error</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">error</span><span class="p">(</span><span class="nx">error</span><span class="p">);</span> <span class="k">return</span> <span class="p">{</span> <span class="na">error</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="na">msg</span><span class="p">:</span> <span class="dl">"</span><span class="s2">Error initializing firebase client</span><span class="dl">"</span> <span class="p">};</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>We are setting persistence to NONE because we don't want it to keep any data. This will be used ONLY once, to authorize and send the token to the server.</p> <p><strong>lib/server/firebase_server.ts</strong></p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code> <span class="k">import</span> <span class="p">{</span> <span class="nx">SERVICE_ACCOUNT</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">$env/static/private</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="nx">admin</span><span class="p">,</span> <span class="p">{</span> <span class="kd">type</span> <span class="nx">ServiceAccount</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">firebase-admin</span><span class="dl">"</span><span class="p">;</span> <span class="k">export</span> <span class="kd">function</span> <span class="nf">getFirebaseServer</span><span class="p">():</span> <span class="o">|</span> <span class="p">{</span> <span class="na">error</span><span class="p">:</span> <span class="kc">false</span><span class="p">;</span> <span class="nl">data</span><span class="p">:</span> <span class="k">typeof</span> <span class="nx">admin</span> <span class="p">}</span> <span class="o">|</span> <span class="p">{</span> <span class="na">error</span><span class="p">:</span> <span class="kc">true</span><span class="p">;</span> <span class="nl">msg</span><span class="p">:</span> <span class="kr">string</span> <span class="p">}</span> <span class="p">{</span> <span class="k">try</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">admin</span><span class="p">.</span><span class="nx">apps</span><span class="p">.</span><span class="nx">length</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">serviceAccount</span> <span class="o">=</span> <span class="nx">JSON</span><span class="p">.</span><span class="nf">parse</span><span class="p">(</span><span class="nx">SERVICE_ACCOUNT</span><span class="p">)</span> <span class="k">as</span> <span class="nx">ServiceAccount</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">cert</span> <span class="o">=</span> <span class="nx">admin</span><span class="p">.</span><span class="nx">credential</span><span class="p">.</span><span class="nf">cert</span><span class="p">(</span><span class="nx">serviceAccount</span><span class="p">);</span> <span class="nx">admin</span><span class="p">.</span><span class="nf">initializeApp</span><span class="p">({</span> <span class="na">credential</span><span class="p">:</span> <span class="nx">cert</span> <span class="p">});</span> <span class="p">}</span> <span class="k">return</span> <span class="p">{</span> <span class="na">error</span><span class="p">:</span> <span class="kc">false</span><span class="p">,</span> <span class="na">data</span><span class="p">:</span> <span class="nx">admin</span> <span class="p">};</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">error</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">error</span><span class="p">(</span><span class="nx">error</span><span class="p">);</span> <span class="k">return</span> <span class="p">{</span> <span class="na">error</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="na">msg</span><span class="p">:</span> <span class="dl">"</span><span class="s2">Error initializing firebase server</span><span class="dl">"</span> <span class="p">};</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>As an additional level of security, we are storing this function in the <code>/server</code> folder, which by default will not allow its use on the client side.</p> <p><strong>routes/auth/+page.svelte</strong></p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code> <span class="o">&lt;</span><span class="nx">script</span> <span class="nx">lang</span><span class="o">=</span><span class="dl">"</span><span class="s2">ts</span><span class="dl">"</span><span class="o">&gt;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">getFirebaseClient</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">$lib/firebase_client</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">signInWithPopup</span><span class="p">,</span> <span class="nx">GoogleAuthProvider</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">firebase/auth</span><span class="dl">"</span><span class="p">;</span> <span class="kd">let</span> <span class="nx">form</span><span class="p">:</span> <span class="nx">HTMLFormElement</span><span class="p">;</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">login</span><span class="p">():</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="k">void</span><span class="o">&gt;</span> <span class="p">{</span> <span class="k">try</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">auth</span> <span class="o">=</span> <span class="nf">getFirebaseClient</span><span class="p">();</span> <span class="k">if </span><span class="p">(</span><span class="nx">auth</span><span class="p">.</span><span class="nx">error</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nf">alert</span><span class="p">(</span><span class="dl">"</span><span class="s2">Error: </span><span class="dl">"</span> <span class="o">+</span> <span class="nx">auth</span><span class="p">.</span><span class="nx">msg</span><span class="p">);</span> <span class="p">}</span> <span class="kd">const</span> <span class="nx">cred</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">signInWithPopup</span><span class="p">(</span><span class="nx">auth</span><span class="p">.</span><span class="nx">data</span><span class="p">,</span> <span class="k">new</span> <span class="nc">GoogleAuthProvider</span><span class="p">());</span> <span class="kd">const</span> <span class="nx">token</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">cred</span><span class="p">.</span><span class="nx">user</span><span class="p">.</span><span class="nf">getIdToken</span><span class="p">();</span> <span class="k">await</span> <span class="nx">auth</span><span class="p">.</span><span class="nx">data</span><span class="p">.</span><span class="nf">signOut</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">input</span> <span class="o">=</span> <span class="nb">document</span><span class="p">.</span><span class="nf">createElement</span><span class="p">(</span><span class="dl">"</span><span class="s2">input</span><span class="dl">"</span><span class="p">);</span> <span class="nx">input</span><span class="p">.</span><span class="kd">type</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">hidden</span><span class="dl">"</span><span class="p">;</span> <span class="nx">input</span><span class="p">.</span><span class="nx">name</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">token</span><span class="dl">"</span><span class="p">;</span> <span class="nx">input</span><span class="p">.</span><span class="nx">value</span> <span class="o">=</span> <span class="nx">token</span><span class="p">;</span> <span class="nx">form</span><span class="p">.</span><span class="nf">appendChild</span><span class="p">(</span><span class="nx">input</span><span class="p">);</span> <span class="nx">form</span><span class="p">.</span><span class="nf">submit</span><span class="p">();</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">err</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">error</span><span class="p">(</span><span class="nx">err</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> <span class="o">&lt;</span><span class="sr">/script</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="nx">form</span> <span class="nx">method</span><span class="o">=</span><span class="dl">"</span><span class="s2">post</span><span class="dl">"</span> <span class="nx">bind</span><span class="p">:</span><span class="k">this</span><span class="o">=</span><span class="p">{</span><span class="nx">form</span><span class="p">}</span> <span class="sr">/</span><span class="err">&gt; </span><span class="o">&lt;</span><span class="nx">button</span> <span class="nx">on</span><span class="p">:</span><span class="nx">click</span><span class="o">=</span><span class="p">{</span><span class="nx">login</span><span class="p">}</span> <span class="kd">class</span><span class="o">=</span><span class="dl">"</span><span class="s2">border rounded p-2 mt-10 bg-gray-800 text-white hover:bg-gray-700</span><span class="dl">"</span><span class="o">&gt;</span> <span class="nx">Login</span> <span class="nx">using</span> <span class="nx">Google</span> <span class="o">&lt;</span><span class="sr">/button</span><span class="err">&gt; </span> </code></pre> </div> <p>We create a Firebase client, authorize it, and retrieve the <code>idToken</code>. Then, we send it to our server using SvelteKit Form Action. You might notice that immediately after authentication, we sign out the client. We don't want it to store any data.</p> <p>Quick information: Google has a second function, <code>signInWithRedirect</code>, if you prefer it. However, it requires a bit more setup.</p> <p><strong>routes/auth/+page.server.ts</strong></p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code> <span class="k">import</span> <span class="p">{</span> <span class="nx">redirect</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">@sveltejs/kit</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="kd">type</span> <span class="p">{</span> <span class="nx">Actions</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">./$types</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">getFirebaseServer</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">$lib/server/firebase_server</span><span class="dl">"</span><span class="p">;</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">actions</span> <span class="o">=</span> <span class="p">{</span> <span class="na">default</span><span class="p">:</span> <span class="k">async </span><span class="p">({</span> <span class="nx">request</span><span class="p">,</span> <span class="nx">cookies</span> <span class="p">})</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">form</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">request</span><span class="p">.</span><span class="nf">formData</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">token</span> <span class="o">=</span> <span class="nx">form</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">"</span><span class="s2">token</span><span class="dl">"</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">token</span> <span class="o">||</span> <span class="k">typeof</span> <span class="nx">token</span> <span class="o">!==</span> <span class="dl">"</span><span class="s2">string</span><span class="dl">"</span><span class="p">)</span> <span class="p">{</span> <span class="k">throw</span> <span class="nf">redirect</span><span class="p">(</span><span class="mi">303</span><span class="p">,</span> <span class="dl">"</span><span class="s2">/auth</span><span class="dl">"</span><span class="p">);</span> <span class="p">}</span> <span class="kd">const</span> <span class="nx">admin</span> <span class="o">=</span> <span class="nf">getFirebaseServer</span><span class="p">();</span> <span class="k">if </span><span class="p">(</span><span class="nx">admin</span><span class="p">.</span><span class="nx">error</span><span class="p">)</span> <span class="p">{</span> <span class="k">throw</span> <span class="nf">redirect</span><span class="p">(</span><span class="mi">303</span><span class="p">,</span> <span class="dl">"</span><span class="s2">/auth</span><span class="dl">"</span><span class="p">);</span> <span class="p">}</span> <span class="c1">// Expires in 5 days</span> <span class="kd">const</span> <span class="nx">expiresIn</span> <span class="o">=</span> <span class="mi">60</span> <span class="o">*</span> <span class="mi">60</span> <span class="o">*</span> <span class="mi">24</span> <span class="o">*</span> <span class="mi">5</span><span class="p">;</span> <span class="kd">let</span> <span class="na">sessionCookie</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="k">try</span> <span class="p">{</span> <span class="nx">sessionCookie</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">admin</span><span class="p">.</span><span class="nx">data</span> <span class="p">.</span><span class="nf">auth</span><span class="p">()</span> <span class="p">.</span><span class="nf">createSessionCookie</span><span class="p">(</span><span class="nx">token</span><span class="p">,</span> <span class="p">{</span> <span class="na">expiresIn</span><span class="p">:</span> <span class="nx">expiresIn</span> <span class="o">*</span> <span class="mi">1000</span> <span class="p">});</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">error</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">error</span><span class="p">(</span><span class="nx">error</span><span class="p">);</span> <span class="k">throw</span> <span class="nf">redirect</span><span class="p">(</span><span class="mi">303</span><span class="p">,</span> <span class="dl">"</span><span class="s2">/auth</span><span class="dl">"</span><span class="p">);</span> <span class="p">}</span> <span class="nx">cookies</span><span class="p">.</span><span class="nf">set</span><span class="p">(</span><span class="dl">"</span><span class="s2">session</span><span class="dl">"</span><span class="p">,</span> <span class="nx">sessionCookie</span><span class="p">,</span> <span class="p">{</span> <span class="na">maxAge</span><span class="p">:</span> <span class="nx">expiresIn</span><span class="p">,</span> <span class="na">path</span><span class="p">:</span> <span class="dl">"</span><span class="s2">/</span><span class="dl">"</span><span class="p">,</span> <span class="na">httpOnly</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="na">secure</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="na">sameSite</span><span class="p">:</span> <span class="dl">"</span><span class="s2">lax</span><span class="dl">"</span><span class="p">,</span> <span class="p">});</span> <span class="k">throw</span> <span class="nf">redirect</span><span class="p">(</span><span class="mi">303</span><span class="p">,</span> <span class="dl">"</span><span class="s2">/</span><span class="dl">"</span><span class="p">);</span> <span class="p">},</span> <span class="p">}</span> <span class="nx">satisfies</span> <span class="nx">Actions</span><span class="p">;</span> </code></pre> </div> <p>So after we log in using the client, we retrieve the token and send it to our server. The server uses it to authorize against Firebase Servers, retrieves the session cookie, and sends it back to the client. This will be our primary token used for all future authentication.</p> <p>Now, let's move to the main gateway of the application, <code>hooks.server.ts</code>. As a quick reminder, this file captures all traffic that passes through the app.</p> <p><strong>hooks.server.ts</strong></p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code> <span class="k">import</span> <span class="p">{</span> <span class="nx">redirect</span><span class="p">,</span> <span class="kd">type</span> <span class="nx">Handle</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">@sveltejs/kit</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">building</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">$app/environment</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">getFirebaseServer</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">$lib/server/firebase_server</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="kd">type</span> <span class="p">{</span> <span class="nx">DecodedIdToken</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">firebase-admin/lib/auth/token-verifier</span><span class="dl">"</span><span class="p">;</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">handle</span><span class="p">:</span> <span class="nx">Handle</span> <span class="o">=</span> <span class="k">async </span><span class="p">({</span> <span class="nx">event</span><span class="p">,</span> <span class="nx">resolve</span> <span class="p">})</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">event</span><span class="p">.</span><span class="nx">locals</span><span class="p">.</span><span class="nx">id</span> <span class="o">=</span> <span class="dl">""</span><span class="p">;</span> <span class="nx">event</span><span class="p">.</span><span class="nx">locals</span><span class="p">.</span><span class="nx">email</span> <span class="o">=</span> <span class="dl">""</span><span class="p">;</span> <span class="kd">const</span> <span class="na">isAuth</span><span class="p">:</span> <span class="nx">boolean</span> <span class="o">=</span> <span class="nx">event</span><span class="p">.</span><span class="nx">url</span><span class="p">.</span><span class="nx">pathname</span> <span class="o">===</span> <span class="dl">"</span><span class="s2">/auth</span><span class="dl">"</span><span class="p">;</span> <span class="k">if </span><span class="p">(</span><span class="nx">isAuth</span> <span class="o">||</span> <span class="nx">building</span><span class="p">)</span> <span class="p">{</span> <span class="nx">event</span><span class="p">.</span><span class="nx">cookies</span><span class="p">.</span><span class="nf">set</span><span class="p">(</span><span class="dl">"</span><span class="s2">session</span><span class="dl">"</span><span class="p">,</span> <span class="dl">""</span><span class="p">);</span> <span class="k">return</span> <span class="k">await</span> <span class="nf">resolve</span><span class="p">(</span><span class="nx">event</span><span class="p">);</span> <span class="p">}</span> <span class="kd">const</span> <span class="nx">session</span> <span class="o">=</span> <span class="nx">event</span><span class="p">.</span><span class="nx">cookies</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">"</span><span class="s2">session</span><span class="dl">"</span><span class="p">)</span> <span class="o">??</span> <span class="dl">""</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">admin</span> <span class="o">=</span> <span class="nf">getFirebaseServer</span><span class="p">();</span> <span class="k">if </span><span class="p">(</span><span class="nx">admin</span><span class="p">.</span><span class="nx">error</span><span class="p">)</span> <span class="p">{</span> <span class="k">throw</span> <span class="nf">redirect</span><span class="p">(</span><span class="mi">303</span><span class="p">,</span> <span class="dl">"</span><span class="s2">/auth</span><span class="dl">"</span><span class="p">);</span> <span class="p">}</span> <span class="kd">let</span> <span class="na">decodedClaims</span><span class="p">:</span> <span class="nx">DecodedIdToken</span><span class="p">;</span> <span class="k">try</span> <span class="p">{</span> <span class="nx">decodedClaims</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">admin</span><span class="p">.</span><span class="nx">data</span><span class="p">.</span><span class="nf">auth</span><span class="p">().</span><span class="nf">verifySessionCookie</span><span class="p">(</span><span class="nx">session</span><span class="p">,</span> <span class="kc">false</span><span class="p">);</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">error</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">error</span><span class="p">(</span><span class="nx">error</span><span class="p">);</span> <span class="k">throw</span> <span class="nf">redirect</span><span class="p">(</span><span class="mi">303</span><span class="p">,</span> <span class="dl">"</span><span class="s2">/auth</span><span class="dl">"</span><span class="p">);</span> <span class="p">}</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">uid</span><span class="p">,</span> <span class="nx">email</span> <span class="p">}</span> <span class="o">=</span> <span class="nx">decodedClaims</span><span class="p">;</span> <span class="nx">event</span><span class="p">.</span><span class="nx">locals</span><span class="p">.</span><span class="nx">id</span> <span class="o">=</span> <span class="nx">uid</span><span class="p">;</span> <span class="nx">event</span><span class="p">.</span><span class="nx">locals</span><span class="p">.</span><span class="nx">email</span> <span class="o">=</span> <span class="nx">email</span> <span class="o">??</span> <span class="dl">""</span><span class="p">;</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">event</span><span class="p">.</span><span class="nx">locals</span><span class="p">.</span><span class="nx">id</span><span class="p">)</span> <span class="p">{</span> <span class="k">throw</span> <span class="nf">redirect</span><span class="p">(</span><span class="mi">303</span><span class="p">,</span> <span class="dl">"</span><span class="s2">/auth</span><span class="dl">"</span><span class="p">);</span> <span class="p">}</span> <span class="k">return</span> <span class="k">await</span> <span class="nf">resolve</span><span class="p">(</span><span class="nx">event</span><span class="p">);</span> <span class="p">};</span> </code></pre> </div> <p>So, with every request or page navigation, we retrieve the <code>session</code> cookie and validate it against Firebase, all performed on the server.</p> <p>Let's make typescript happy:</p> <p><strong>app.d.ts</strong></p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code> <span class="c1">// See https://kit.svelte.dev/docs/types#app</span> <span class="c1">// for information about these interfaces</span> <span class="kr">declare</span> <span class="nb">global</span> <span class="p">{</span> <span class="k">namespace</span> <span class="nx">App</span> <span class="p">{</span> <span class="c1">// interface Error {}</span> <span class="kr">interface</span> <span class="nx">Locals</span> <span class="p">{</span> <span class="nl">id</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">email</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="p">}</span> <span class="c1">// interface PageData {}</span> <span class="c1">// interface Platform {}</span> <span class="p">}</span> <span class="p">}</span> <span class="k">export</span> <span class="p">{};</span> </code></pre> </div> <p>All that is left is to show the user data and allow the user to logout. Let's create a <code>home</code> page:</p> <p><strong>src/routes/+page.server.ts</strong></p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code> <span class="k">import</span> <span class="kd">type</span> <span class="p">{</span> <span class="nx">PageServerLoad</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">./$types</span><span class="dl">'</span><span class="p">;</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">load</span> <span class="o">=</span> <span class="p">(</span><span class="k">async </span><span class="p">({</span> <span class="nx">locals</span> <span class="p">})</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">return</span> <span class="p">{</span> <span class="na">id</span><span class="p">:</span> <span class="nx">locals</span><span class="p">.</span><span class="nx">id</span><span class="p">,</span> <span class="na">email</span><span class="p">:</span> <span class="nx">locals</span><span class="p">.</span><span class="nx">email</span><span class="p">,</span> <span class="p">};</span> <span class="p">})</span> <span class="nx">satisfies</span> <span class="nx">PageServerLoad</span><span class="p">;</span> </code></pre> </div> <p><strong>src/routes/+page.svelte</strong></p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code> <span class="o">&lt;</span><span class="nx">script</span> <span class="nx">lang</span><span class="o">=</span><span class="dl">"</span><span class="s2">ts</span><span class="dl">"</span><span class="o">&gt;</span> <span class="k">import</span> <span class="kd">type</span> <span class="p">{</span> <span class="nx">PageData</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">./$types</span><span class="dl">'</span><span class="p">;</span> <span class="k">export</span> <span class="kd">let</span> <span class="nx">data</span><span class="p">:</span> <span class="nx">PageData</span><span class="p">;</span> <span class="o">&lt;</span><span class="sr">/script</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="nx">h1</span><span class="o">&gt;</span><span class="nx">Welcome</span> <span class="nx">to</span> <span class="nx">SvelteAuth</span><span class="o">&lt;</span><span class="sr">/h1</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="nx">button</span> <span class="kd">class</span><span class="o">=</span><span class="dl">"</span><span class="s2">border rounded p-2 mt-10 mb-10 bg-gray-800 text-white hover:bg-gray-700</span><span class="dl">"</span> <span class="nx">on</span><span class="p">:</span><span class="nx">click</span><span class="o">=</span><span class="p">{()</span> <span class="o">=&gt;</span> <span class="p">(</span><span class="nb">window</span><span class="p">.</span><span class="nx">location</span><span class="p">.</span><span class="nx">href</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">/auth</span><span class="dl">'</span><span class="p">)}</span> <span class="o">&gt;</span> <span class="nx">Logout</span> <span class="o">&lt;</span><span class="sr">/button</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="nx">pre</span><span class="o">&gt;</span> <span class="p">{</span><span class="nx">JSON</span><span class="p">.</span><span class="nf">stringify</span><span class="p">(</span><span class="nx">data</span><span class="p">,</span> <span class="kc">null</span><span class="p">,</span> <span class="mi">2</span><span class="p">)}</span> <span class="o">&lt;</span><span class="sr">/pre</span><span class="err">&gt; </span> </code></pre> </div> <p>Yes, to log out the user, all we need to do is navigate to the <code>/auth</code> URL. It works because on each request, the first thing hooks.server.ts does is clear everything. If it's the <code>/auth</code> page, it also clears out the cookies and redirects the user there. It's a very simple but also easily understandable flow.</p> <p>And that's it! The OAuth flow with Firebase and Svelte is complete, done almost entirely on the server-side using session cookies.</p> <p>As a bonus, when you log in using Firebase, you can check the <strong>Identity Providers</strong> tab in GCP. There, you can see all the users who tried to authorize.</p> <p>Lastly, remember that the technology landscape is dynamic, so periodically revisit your implementation to adapt to changes in Firebase, SvelteKit, or relevant libraries to ensure your project remains secure and up-to-date.</p> <h1> End </h1> <p>Hope you enjoyed it!</p> <p>Like always, a little bit of self-promotion :) </p> <p>Follow me on <a href="https://github.com/mpiorowski" rel="noopener noreferrer">Github</a> and <a href="https://twitter.com/mapiorowski" rel="noopener noreferrer">Twitter</a> to receive new notifications. I'm working on promoting lesser-known technologies, with Svelte, Go and Rust being the main focuses.</p> <p>I am also a creator of <a href="https://gofast.live" rel="noopener noreferrer">GoFast</a>, the ultimate foundation for building modern web apps with the power of Golang and SvelteKit / Next.js. Hop in if you are interested :)</p> Svelte + PocketBase + Nginx = Amazingness Mateusz Piórowski Fri, 18 Aug 2023 10:54:17 +0000 https://dev.to/mpiorowski/bonus-svelte-pocketbase-nginx-amazingness-54l https://dev.to/mpiorowski/bonus-svelte-pocketbase-nginx-amazingness-54l <p>So it's time for the promised bonus, how to setup Svelte with PocketBase on the same server using Nginx as proxy.</p> <p>This stack is perfect for any small to medium sized applications, particularly considering Svelte connecting directly to PocketBase and PocketBase's ability to work without remote SQL due to local SQLite. The performance is incredible. You can do thousands of request, and you won't even notice it.</p> <p>All the code is available here:<br> <a href="https://github.com/mpiorowski/svelte-auth" rel="noopener noreferrer">https://github.com/mpiorowski/svelte-auth</a></p> <p>We will be using <code>example.com</code> as our targeted domain.</p> <p>First let's look at the architecture:</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F7z1gkkf9l2yeuj1j5c0g.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F7z1gkkf9l2yeuj1j5c0g.png" alt="Architecture"></a></p> <p>The general idea is for the Nginx server to act as a proxy. It directs all <code>/pb</code> calls to the PocketBase server, while forwarding the rest to the SvelteKit server.</p> <p><strong>Folder structure</strong></p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code> /app /pb .nginx.config docker-compose.yml </code></pre> </div> <p>Everything is encapsuled using docker, and the easiest way to do it is by using <code>docker-compose</code>.</p> <p><strong>docker-compose.yml</strong></p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code> <span class="na">version</span><span class="pi">:</span> <span class="s2">"</span><span class="s">3"</span> <span class="na">services</span><span class="pi">:</span> <span class="na">app</span><span class="pi">:</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">svelte-auth-application</span> <span class="na">working_dir</span><span class="pi">:</span> <span class="s">/app</span> <span class="na">build</span><span class="pi">:</span> <span class="na">context</span><span class="pi">:</span> <span class="s">./app</span> <span class="na">pb</span><span class="pi">:</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">svelte-auth-pocketbase</span> <span class="na">working_dir</span><span class="pi">:</span> <span class="s">/pb</span> <span class="na">build</span><span class="pi">:</span> <span class="na">context</span><span class="pi">:</span> <span class="s">./pb</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">./pb/pb_data:/pb/pb_data</span> <span class="pi">-</span> <span class="s">./pb/pb_migrations:/pb/pb_migrations</span> <span class="na">nginx</span><span class="pi">:</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">svelte-auth-nginx</span> <span class="na">image</span><span class="pi">:</span> <span class="s">nginx:alpine</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">./nginx.conf:/etc/nginx/nginx.conf</span> <span class="pi">-</span> <span class="s">/etc/letsencrypt:/etc/letsencrypt</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">80:80</span> <span class="pi">-</span> <span class="s">443:443</span> </code></pre> </div> <p>Thanks to the use of docker-compose, the Docker network is automatically created. This is why services can communicate with each other using their respective service names, such as <code>http://pb:8080</code> or <code>http://app:3000</code>.</p> <p>Some key points to highlight:</p> <ul> <li>Only Nginx exposes ports to the external world.</li> <li>Nginx volumes are linked to the configuration file and certificate location.</li> <li>PocketBase volumes are linked to the SQLite database and migration files."</li> </ul> <p>Now, concerning SQLite files, the <code>pb_data</code> folder is typically ignored in the repository, while the <code>pb_migrations</code> are included.</p> <p>Additionally, another useful SQLite feature: need to back up the database? Simply copy the <code>pb_data</code> folder :)</p> <p>Let's dive into Dockerfiles.</p> <p><strong>pb/Dockerfile</strong></p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> FROM alpine:latest ARG <span class="nv">PB_VERSION</span><span class="o">=</span>0.16.5 RUN apk add <span class="nt">--no-cache</span> <span class="se">\</span> unzip <span class="se">\</span> ca-certificates ADD https://github.com/pocketbase/pocketbase/releases/download/v<span class="k">${</span><span class="nv">PB_VERSION</span><span class="k">}</span>/pocketbase_<span class="k">${</span><span class="nv">PB_VERSION</span><span class="k">}</span>_linux_amd64.zip /tmp/pb.zip RUN unzip /tmp/pb.zip <span class="nt">-d</span> /pb/ CMD <span class="o">[</span><span class="s2">"/pb/pocketbase"</span>, <span class="s2">"serve"</span>, <span class="s2">"--http=0.0.0.0:8080"</span><span class="o">]</span> </code></pre> </div> <p><strong>app/Dockerfile</strong></p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> <span class="c"># Development</span> FROM node:19-alpine as dev WORKDIR /app COPY package.json /app/package.json RUN npm <span class="nb">install</span> <span class="nt">-g</span> pnpm COPY pnpm-lock.yaml /app/pnpm-lock.yaml RUN pnpm <span class="nb">install </span>COPY <span class="nb">.</span> <span class="nb">.</span> CMD <span class="o">[</span><span class="s2">"pnpm"</span>, <span class="s2">"dev"</span><span class="o">]</span> <span class="c"># Build</span> FROM node:19-alpine as build WORKDIR /app COPY <span class="nb">.</span> <span class="nb">.</span> RUN npm <span class="nb">install</span> <span class="nt">-g</span> pnpm RUN pnpm <span class="nb">install </span>RUN pnpm build <span class="c"># Production</span> FROM node:19-alpine as prod WORKDIR /app COPY <span class="nt">--from</span><span class="o">=</span>build /app/build /app/build COPY src /app/src COPY package.json /app/package.json COPY pnpm-lock.yaml /app/pnpm-lock.yaml RUN npm <span class="nb">install</span> <span class="nt">-g</span> pnpm RUN pnpm <span class="nb">install</span> <span class="nt">--prod</span> CMD node build </code></pre> </div> <p>For those who are wondering about the <code>Build</code> and <code>Production</code> sections, these utilize a Docker multi-stage feature. This feature enables you to divide the build process and ultimately generate smaller Docker images.</p> <p><a href="https://docs.docker.com/build/building/multi-stage/" rel="noopener noreferrer">https://docs.docker.com/build/building/multi-stage/</a></p> <p>Now there is only one thing left:</p> <p><strong>nginx.conf</strong></p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> worker_processes 1<span class="p">;</span> events <span class="o">{</span> worker_connections 1024<span class="p">;</span> <span class="o">}</span> http <span class="o">{</span> sendfile on<span class="p">;</span> upstream docker-app <span class="o">{</span> server app:3000<span class="p">;</span> <span class="o">}</span> upstream docker-pb <span class="o">{</span> server pb:8080<span class="p">;</span> <span class="o">}</span> server <span class="o">{</span> listen <span class="o">[</span>::]:443 ssl<span class="p">;</span> listen 443 ssl<span class="p">;</span> server_name example.com<span class="p">;</span> ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem<span class="p">;</span> <span class="c"># managed by Certbot</span> ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem<span class="p">;</span> <span class="c"># managed by Certbot</span> include /etc/letsencrypt/options-ssl-nginx.conf<span class="p">;</span> <span class="c"># managed by Certbot</span> ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem<span class="p">;</span> <span class="c"># managed by Certbot</span> location / <span class="o">{</span> proxy_pass http://docker-app<span class="p">;</span> proxy_redirect off<span class="p">;</span> proxy_set_header Host <span class="nv">$host</span><span class="p">;</span> proxy_set_header X-Real-IP <span class="nv">$remote_addr</span><span class="p">;</span> proxy_set_header X-Forwarded-For <span class="nv">$proxy_add_x_forwarded_for</span><span class="p">;</span> proxy_set_header X-Forwarded-Host <span class="nv">$server_name</span><span class="p">;</span> <span class="o">}</span> location /pb/_/ <span class="o">{</span> proxy_pass http://docker-pb/_/<span class="p">;</span> proxy_redirect off<span class="p">;</span> proxy_set_header Host <span class="nv">$host</span><span class="p">;</span> proxy_set_header X-Real-IP <span class="nv">$remote_addr</span><span class="p">;</span> proxy_set_header X-Forwarded-For <span class="nv">$proxy_add_x_forwarded_for</span><span class="p">;</span> proxy_set_header X-Forwarded-Host <span class="nv">$server_name</span><span class="p">;</span> <span class="o">}</span> location /pb/api/ <span class="o">{</span> proxy_pass http://docker-pb/api/<span class="p">;</span> proxy_redirect off<span class="p">;</span> proxy_set_header Host <span class="nv">$host</span><span class="p">;</span> proxy_set_header X-Real-IP <span class="nv">$remote_addr</span><span class="p">;</span> proxy_set_header X-Forwarded-For <span class="nv">$proxy_add_x_forwarded_for</span><span class="p">;</span> proxy_set_header X-Forwarded-Host <span class="nv">$server_name</span><span class="p">;</span> <span class="o">}</span> <span class="o">}</span> server <span class="o">{</span> listen 80<span class="p">;</span> server_name example.com<span class="p">;</span> <span class="k">return </span>301 https://<span class="nv">$host$request_uri</span><span class="p">;</span> <span class="o">}</span> <span class="o">}</span> </code></pre> </div> <p>This one is doing the important work. Firstly, it sets up an upstream to our services (take note of the app and pb service names). Then, it effectively distributes traffic based on the requested URL. Additionally, it redirects all traffic from HTTP to HTTPS.</p> <p>You might notice the <code>managed by Certbot</code> comments. As we are exclusively running SSL, valid certificates are required on the server. The simplest approach to achieving this is by utilizing Certbot.</p> <p>So on the server we need to run:</p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> <span class="nb">sudo </span>certbot certonly <span class="nt">--nginx</span> <span class="nt">-d</span> example.com <span class="nb">sudo </span>systemctl disable nginx </code></pre> </div> <p>This not only generates valid certificates but also creates the appropriate configuration for our Nginx server. We simply need to disable the default server and use the one within the Docker environment.</p> <p>And that's it! One server with both PocketBase and SvelteKit irunning.</p> <p>PocketBase Admin panel: <code>example.com/pb/_/</code><br> PocketBase Api: <code>example.com/pb/api/</code><br> SvelteKit: <code>example.com</code></p> <p>One last thing to remember: when making client-side requests to PocketBase, the target should be <code>https://example.com/pb/api/</code>. However, for server-side connections within the Docker environment, we must keep in mind that the target should be <code>http://pb:8080</code>. This part can be a bit confusing :).</p> <h1> End </h1> <p>Hope you enjoyed it!</p> <p>Like always, a little bit of self-promotion :) </p> <p>Follow me on <a href="https://github.com/mpiorowski" rel="noopener noreferrer">Github</a> and <a href="https://twitter.com/mapiorowski" rel="noopener noreferrer">Twitter</a> to receive new notifications. I'm working on promoting lesser-known technologies, with Svelte, Go and Rust being the main focuses.</p> <p>I am also a creator of <a href="https://gofast.live" rel="noopener noreferrer">GoFast</a>, the ultimate foundation for building modern web apps with the power of Golang and SvelteKit / Next.js. Hop in if you are interested :)</p> webdev svelte typescript pocketbase Svelte + PocketBase + OAuth = 90 lines of code Mateusz Piórowski Thu, 17 Aug 2023 08:21:14 +0000 https://dev.to/mpiorowski/oauth2-is-so-complicated-or-90-lines-of-code-with-svelte-532 https://dev.to/mpiorowski/oauth2-is-so-complicated-or-90-lines-of-code-with-svelte-532 <p>So it's time for my first series. The idea is to show how <strong>easy</strong>, <strong>fast</strong> and <strong>secure</strong> it is to set up a working OAuth2 flow.</p> <p>We will be authorizing against some of the biggest BaaS providers like <strong>Firebase</strong> and <strong>Supabase</strong>, as well as some built-in solutions like <strong>Ory</strong> and <strong>Auth.js</strong>.</p> <p>Here are some rules to make it stand out a little bit:</p> <ol> <li>We'll use <a href="https://kit.svelte.dev/" rel="noopener noreferrer">SvelteKit</a> as the main framework, because we all know it's the best.</li> <li>We'll aim to achieve minimal lines of code.</li> <li>We'll implement main authorization check on the server-side to enhance security.</li> <li>Our starting point from which we'll begin counting lines of code, is this <a href="https://tailwindcss.com/docs/guides/sveltekit" rel="noopener noreferrer">Tailwind Setup</a> </li> <li>To make it harder, we'll set the max printWidth to 80 characters, because true coders thrive on it.</li> </ol> <p>All the code is available here:<br> <a href="https://github.com/mpiorowski/svelte-auth" rel="noopener noreferrer">https://github.com/mpiorowski/svelte-auth</a></p> <p>The first article will also be the longest, as it will involve creating and explaining numerous concepts that will be utilized in the upcoming ones.</p> <p>So, who is the lucky one to be the first one? Who will lay the foundation for all the future examples? We are launching this series with what I believe to be the best choice.</p> <p><strong><a href="https://pocketbase.io/" rel="noopener noreferrer">PocketBase</a></strong></p> <p>What? SQLite? For production? You must be joking, right?</p> <p>Some time ago, I thought exactly the same. The funny thing is, PocketBase was also the thing that changed my mind. I will not dive into it, I'll just drop this video that explains why: <br> <a href="https://www.youtube.com/watch?v=yTicYJDT1zE" rel="noopener noreferrer">https://www.youtube.com/watch?v=yTicYJDT1zE</a></p> <p>Alright, let's start some coding. Just for future reference, I'll be using 'LOC' to indicate 'lines of code,' and 'PB' will stand for 'PocketBase'.</p> <p>First we need to install PB:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>pnpm i pocketbase </code></pre> </div> <p>That count as 0 LOC.</p> <p>Then we need to create a login screen:</p> <p><strong>/src/routes/auth/+page.svelte</strong></p> <p>For those who are new to SvelteKit, the <code>+page.svelte</code> file is used for automatic file-based routing. What we've just created will be displayed at the <code>/auth</code> URL.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="o">&lt;</span><span class="nx">script</span> <span class="nx">lang</span><span class="o">=</span><span class="dl">"</span><span class="s2">ts</span><span class="dl">"</span><span class="o">&gt;</span> <span class="k">import</span> <span class="nx">PocketBase</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">pocketbase</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">pb</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">PocketBase</span><span class="p">(</span><span class="dl">'</span><span class="s1">http://localhost:8080</span><span class="dl">'</span><span class="p">);</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">login</span><span class="p">(</span><span class="nx">form</span><span class="p">:</span> <span class="nx">HTMLFormElement</span><span class="p">)</span> <span class="p">{</span> <span class="k">try</span> <span class="p">{</span> <span class="k">await</span> <span class="nx">pb</span><span class="p">.</span><span class="nf">collection</span><span class="p">(</span><span class="dl">'</span><span class="s1">users</span><span class="dl">'</span><span class="p">).</span><span class="nf">authWithOAuth2</span><span class="p">({</span> <span class="na">provider</span><span class="p">:</span> <span class="dl">'</span><span class="s1">github</span><span class="dl">'</span> <span class="p">});</span> <span class="nx">form</span><span class="p">.</span><span class="nx">token</span><span class="p">.</span><span class="nx">value</span> <span class="o">=</span> <span class="nx">pb</span><span class="p">.</span><span class="nx">authStore</span><span class="p">.</span><span class="nx">token</span><span class="p">;</span> <span class="nx">form</span><span class="p">.</span><span class="nf">submit</span><span class="p">();</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">err</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">error</span><span class="p">(</span><span class="nx">err</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> <span class="o">&lt;</span><span class="sr">/script</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="nx">form</span> <span class="nx">method</span><span class="o">=</span><span class="dl">"</span><span class="s2">post</span><span class="dl">"</span> <span class="nx">on</span><span class="p">:</span><span class="nx">submit</span><span class="o">|</span><span class="nx">preventDefault</span><span class="o">=</span><span class="p">{(</span><span class="nx">e</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="nf">login</span><span class="p">(</span><span class="nx">e</span><span class="p">.</span><span class="nx">currentTarget</span><span class="p">)}</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="nx">input</span> <span class="nx">name</span><span class="o">=</span><span class="dl">"</span><span class="s2">token</span><span class="dl">"</span> <span class="kd">type</span><span class="o">=</span><span class="dl">"</span><span class="s2">hidden</span><span class="dl">"</span> <span class="o">/&gt;</span> <span class="o">&lt;</span><span class="nx">button</span> <span class="kd">class</span><span class="o">=</span><span class="dl">"</span><span class="s2">border rounded p-2 mt-10 bg-gray-800 text-white hover:bg-gray-700</span><span class="dl">"</span> <span class="o">&gt;</span> <span class="nx">Login</span> <span class="nx">using</span> <span class="nx">Github</span> <span class="o">&lt;</span><span class="sr">/button</span><span class="err">&gt; </span><span class="o">&lt;</span><span class="sr">/form</span><span class="err">&gt; </span></code></pre> </div> <p>I am even adding line breaks, so 24 LOC.</p> <p>I believe this part is fairly self-explanatory. We're establishing a connection to PocketBase, and then upon clicking the button, we're initializing the OAuth2 flow. It's important to note that this is the sole location where we'll initiate the client-side PocketBase connection, and we're using it exclusively for getting the token.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">await</span> <span class="nx">pb</span><span class="p">.</span><span class="nf">collection</span><span class="p">(</span><span class="dl">'</span><span class="s1">users</span><span class="dl">'</span><span class="p">).</span><span class="nf">authWithOAuth2</span><span class="p">({</span> <span class="na">provider</span><span class="p">:</span> <span class="dl">'</span><span class="s1">github</span><span class="dl">'</span> <span class="p">});</span> </code></pre> </div> <p>This method initializes a one-off realtime subscription and will open a popup window with the OAuth2 vendor page to authenticate. After success we are retriving the token and submiting it using the form. </p> <p>But submitting it where? </p> <p>Time for the first great SvelteKit feature, <a href="https://kit.svelte.dev/docs/form-actions" rel="noopener noreferrer">Form Actions</a>. It's an amazing, built-in way to handle forms, which forces you to separate logic and view. So we need a server-side file to handle that.</p> <p><strong>/src/routes/auth/+page.server.ts</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">redirect</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@sveltejs/kit</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="kd">type</span> <span class="p">{</span> <span class="nx">Actions</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">./$types</span><span class="dl">'</span><span class="p">;</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">actions</span> <span class="o">=</span> <span class="p">{</span> <span class="na">default</span><span class="p">:</span> <span class="k">async </span><span class="p">({</span> <span class="nx">request</span><span class="p">,</span> <span class="nx">cookies</span> <span class="p">})</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">form</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">request</span><span class="p">.</span><span class="nf">formData</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">token</span> <span class="o">=</span> <span class="nx">form</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">token</span><span class="dl">'</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">token</span> <span class="o">||</span> <span class="k">typeof</span> <span class="nx">token</span> <span class="o">!==</span> <span class="dl">'</span><span class="s1">string</span><span class="dl">'</span><span class="p">)</span> <span class="p">{</span> <span class="k">throw</span> <span class="nf">redirect</span><span class="p">(</span><span class="mi">303</span><span class="p">,</span> <span class="dl">'</span><span class="s1">/auth</span><span class="dl">'</span><span class="p">);</span> <span class="p">}</span> <span class="nx">cookies</span><span class="p">.</span><span class="nf">set</span><span class="p">(</span><span class="dl">'</span><span class="s1">pb_auth</span><span class="dl">'</span><span class="p">,</span> <span class="nx">JSON</span><span class="p">.</span><span class="nf">stringify</span><span class="p">({</span> <span class="na">token</span><span class="p">:</span> <span class="nx">token</span> <span class="p">}));</span> <span class="k">throw</span> <span class="nf">redirect</span><span class="p">(</span><span class="mi">303</span><span class="p">,</span> <span class="dl">'</span><span class="s1">/</span><span class="dl">'</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> <span class="nx">satisfies</span> <span class="nx">Actions</span><span class="p">;</span> </code></pre> </div> <p>14 LOC</p> <p>We are getting the token from request, validating it and setting it as a temporary cookie. After that we are redirecting to the <code>/</code>.</p> <p>...<br> So it's a temporary cookie...<br> ...<br> But we are going to the <code>/</code> page...<br> ...<br> And where the hell is the authorization...<br> ...<br> Something doesn't add up, right? <br> ...</p> <p>It's time for the next great SvelteKit feature (who doubted it's amazingness?), <a href="https://kit.svelte.dev/docs/hooks" rel="noopener noreferrer">Hooks</a>.</p> <p>This is a special place, where ALL REQUEST pass through. Not only api, but also every page navigation.</p> <p>So, what is happening? Let's break it down: </p> <ul> <li>We were previously on the <code>/auth</code> page, completed the OAuth flow, retrieved the token, and send it to server.</li> <li>Server sets it up as cookie and then move to <code>/</code>.</li> <li>Now, BEFORE we proceed to <code>/</code>, we pass through this hook:</li> </ul> <p><strong>src/hooks.server.ts</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">redirect</span><span class="p">,</span> <span class="kd">type</span> <span class="nx">Handle</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@sveltejs/kit</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="nx">PocketBase</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">pocketbase</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">building</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">$app/environment</span><span class="dl">'</span><span class="p">;</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">handle</span><span class="p">:</span> <span class="nx">Handle</span> <span class="o">=</span> <span class="k">async </span><span class="p">({</span> <span class="nx">event</span><span class="p">,</span> <span class="nx">resolve</span> <span class="p">})</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">event</span><span class="p">.</span><span class="nx">locals</span><span class="p">.</span><span class="nx">id</span> <span class="o">=</span> <span class="dl">''</span><span class="p">;</span> <span class="nx">event</span><span class="p">.</span><span class="nx">locals</span><span class="p">.</span><span class="nx">email</span> <span class="o">=</span> <span class="dl">''</span><span class="p">;</span> <span class="nx">event</span><span class="p">.</span><span class="nx">locals</span><span class="p">.</span><span class="nx">pb</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">PocketBase</span><span class="p">(</span><span class="dl">'</span><span class="s1">http://localhost:8080</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="na">isAuth</span><span class="p">:</span> <span class="nx">boolean</span> <span class="o">=</span> <span class="nx">event</span><span class="p">.</span><span class="nx">url</span><span class="p">.</span><span class="nx">pathname</span> <span class="o">===</span> <span class="dl">'</span><span class="s1">/auth</span><span class="dl">'</span><span class="p">;</span> <span class="k">if </span><span class="p">(</span><span class="nx">isAuth</span> <span class="o">||</span> <span class="nx">building</span><span class="p">)</span> <span class="p">{</span> <span class="nx">event</span><span class="p">.</span><span class="nx">cookies</span><span class="p">.</span><span class="nf">set</span><span class="p">(</span><span class="dl">'</span><span class="s1">pb_auth</span><span class="dl">'</span><span class="p">,</span> <span class="dl">''</span><span class="p">);</span> <span class="k">return</span> <span class="k">await</span> <span class="nf">resolve</span><span class="p">(</span><span class="nx">event</span><span class="p">);</span> <span class="p">}</span> <span class="kd">const</span> <span class="nx">pb_auth</span> <span class="o">=</span> <span class="nx">event</span><span class="p">.</span><span class="nx">request</span><span class="p">.</span><span class="nx">headers</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">cookie</span><span class="dl">'</span><span class="p">)</span> <span class="o">??</span> <span class="dl">''</span><span class="p">;</span> <span class="nx">event</span><span class="p">.</span><span class="nx">locals</span><span class="p">.</span><span class="nx">pb</span><span class="p">.</span><span class="nx">authStore</span><span class="p">.</span><span class="nf">loadFromCookie</span><span class="p">(</span><span class="nx">pb_auth</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">event</span><span class="p">.</span><span class="nx">locals</span><span class="p">.</span><span class="nx">pb</span><span class="p">.</span><span class="nx">authStore</span><span class="p">.</span><span class="nx">isValid</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="dl">'</span><span class="s1">Session expired</span><span class="dl">'</span><span class="p">);</span> <span class="k">throw</span> <span class="nf">redirect</span><span class="p">(</span><span class="mi">303</span><span class="p">,</span> <span class="dl">'</span><span class="s1">/auth</span><span class="dl">'</span><span class="p">);</span> <span class="p">}</span> <span class="k">try</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">auth</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">event</span><span class="p">.</span><span class="nx">locals</span><span class="p">.</span><span class="nx">pb</span> <span class="p">.</span><span class="nf">collection</span><span class="p">(</span><span class="dl">'</span><span class="s1">users</span><span class="dl">'</span><span class="p">)</span> <span class="p">.</span><span class="nx">authRefresh</span><span class="o">&lt;</span><span class="p">{</span> <span class="na">id</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">email</span><span class="p">:</span> <span class="kr">string</span> <span class="p">}</span><span class="o">&gt;</span><span class="p">();</span> <span class="nx">event</span><span class="p">.</span><span class="nx">locals</span><span class="p">.</span><span class="nx">id</span> <span class="o">=</span> <span class="nx">auth</span><span class="p">.</span><span class="nx">record</span><span class="p">.</span><span class="nx">id</span><span class="p">;</span> <span class="nx">event</span><span class="p">.</span><span class="nx">locals</span><span class="p">.</span><span class="nx">email</span> <span class="o">=</span> <span class="nx">auth</span><span class="p">.</span><span class="nx">record</span><span class="p">.</span><span class="nx">email</span><span class="p">;</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">_</span><span class="p">)</span> <span class="p">{</span> <span class="k">throw</span> <span class="nf">redirect</span><span class="p">(</span><span class="mi">303</span><span class="p">,</span> <span class="dl">'</span><span class="s1">/auth</span><span class="dl">'</span><span class="p">);</span> <span class="p">}</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">event</span><span class="p">.</span><span class="nx">locals</span><span class="p">.</span><span class="nx">id</span><span class="p">)</span> <span class="p">{</span> <span class="k">throw</span> <span class="nf">redirect</span><span class="p">(</span><span class="mi">303</span><span class="p">,</span> <span class="dl">'</span><span class="s1">/auth</span><span class="dl">'</span><span class="p">);</span> <span class="p">}</span> <span class="kd">const</span> <span class="nx">response</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">resolve</span><span class="p">(</span><span class="nx">event</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">cookie</span> <span class="o">=</span> <span class="nx">event</span><span class="p">.</span><span class="nx">locals</span><span class="p">.</span><span class="nx">pb</span><span class="p">.</span><span class="nx">authStore</span><span class="p">.</span><span class="nf">exportToCookie</span><span class="p">({</span> <span class="na">sameSite</span><span class="p">:</span> <span class="dl">'</span><span class="s1">lax</span><span class="dl">'</span> <span class="p">});</span> <span class="nx">response</span><span class="p">.</span><span class="nx">headers</span><span class="p">.</span><span class="nf">append</span><span class="p">(</span><span class="dl">'</span><span class="s1">set-cookie</span><span class="dl">'</span><span class="p">,</span> <span class="nx">cookie</span><span class="p">);</span> <span class="k">return</span> <span class="nx">response</span><span class="p">;</span> <span class="p">};</span> </code></pre> </div> <p>41 LOC</p> <p>That's our bread and butter, our work horse. Let's split it up:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code> <span class="nx">event</span><span class="p">.</span><span class="nx">locals</span><span class="p">.</span><span class="nx">id</span> <span class="o">=</span> <span class="dl">''</span><span class="p">;</span> <span class="nx">event</span><span class="p">.</span><span class="nx">locals</span><span class="p">.</span><span class="nx">email</span> <span class="o">=</span> <span class="dl">''</span><span class="p">;</span> <span class="nx">event</span><span class="p">.</span><span class="nx">locals</span><span class="p">.</span><span class="nx">pb</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">PocketBase</span><span class="p">(</span><span class="dl">'</span><span class="s1">http://localhost:8080</span><span class="dl">'</span><span class="p">);</span> </code></pre> </div> <p><code>locals</code> act as a global storage for all the server actions.</p> <p>So on EVERY request/navigation, we are clearing the user info and creating new PB connection.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code> <span class="kd">const</span> <span class="nx">isAuth</span><span class="p">:</span> <span class="nx">boolean</span> <span class="o">=</span> <span class="nx">event</span><span class="p">.</span><span class="nx">url</span><span class="p">.</span><span class="nx">pathname</span> <span class="o">===</span> <span class="dl">'</span><span class="s1">/auth</span><span class="dl">'</span><span class="p">;</span> <span class="k">if </span><span class="p">(</span><span class="nx">isAuth</span> <span class="o">||</span> <span class="nx">building</span><span class="p">)</span> <span class="p">{</span> <span class="nx">event</span><span class="p">.</span><span class="nx">cookies</span><span class="p">.</span><span class="nf">set</span><span class="p">(</span><span class="dl">'</span><span class="s1">pb_auth</span><span class="dl">'</span><span class="p">,</span> <span class="dl">''</span><span class="p">);</span> <span class="k">return</span> <span class="k">await</span> <span class="nf">resolve</span><span class="p">(</span><span class="nx">event</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p>And if we are currently going to <code>/auth</code> url, we are clearing the cookie and resolving the hook = going to the page. The <code>building</code> variable is needed for Cloudflare Pages.</p> <p>You might notice that when navigating to the <code>/auth</code> URL, everything is consistently cleared. I can hear people saying that it's a bad practice and that we should check if user is authenticated and then redirect him to <code>/</code>. However, in my view, this approach only adds unnecessary complexity. Let's face it, how often do people manually visit a page with <code>/auth</code>? Who bookmarks a login form? This straightforward flow is justified by its simplicity. Moreover, there's an additional benefit we'll discuss later.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code> <span class="kd">const</span> <span class="nx">pb_auth</span> <span class="o">=</span> <span class="nx">event</span><span class="p">.</span><span class="nx">request</span><span class="p">.</span><span class="nx">headers</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">cookie</span><span class="dl">'</span><span class="p">)</span> <span class="o">??</span> <span class="dl">''</span><span class="p">;</span> <span class="nx">event</span><span class="p">.</span><span class="nx">locals</span><span class="p">.</span><span class="nx">pb</span><span class="p">.</span><span class="nx">authStore</span><span class="p">.</span><span class="nf">loadFromCookie</span><span class="p">(</span><span class="nx">pb_auth</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">event</span><span class="p">.</span><span class="nx">locals</span><span class="p">.</span><span class="nx">pb</span><span class="p">.</span><span class="nx">authStore</span><span class="p">.</span><span class="nx">isValid</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="dl">'</span><span class="s1">Session expired</span><span class="dl">'</span><span class="p">);</span> <span class="k">throw</span> <span class="nf">redirect</span><span class="p">(</span><span class="mi">303</span><span class="p">,</span> <span class="dl">'</span><span class="s1">/auth</span><span class="dl">'</span><span class="p">);</span> <span class="p">}</span> <span class="k">try</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">auth</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">event</span><span class="p">.</span><span class="nx">locals</span><span class="p">.</span><span class="nx">pb</span> <span class="p">.</span><span class="nf">collection</span><span class="p">(</span><span class="dl">'</span><span class="s1">users</span><span class="dl">'</span><span class="p">)</span> <span class="p">.</span><span class="nx">authRefresh</span><span class="o">&lt;</span><span class="p">{</span> <span class="na">id</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">email</span><span class="p">:</span> <span class="kr">string</span> <span class="p">}</span><span class="o">&gt;</span><span class="p">();</span> <span class="nx">event</span><span class="p">.</span><span class="nx">locals</span><span class="p">.</span><span class="nx">id</span> <span class="o">=</span> <span class="nx">auth</span><span class="p">.</span><span class="nx">record</span><span class="p">.</span><span class="nx">id</span><span class="p">;</span> <span class="nx">event</span><span class="p">.</span><span class="nx">locals</span><span class="p">.</span><span class="nx">email</span> <span class="o">=</span> <span class="nx">auth</span><span class="p">.</span><span class="nx">record</span><span class="p">.</span><span class="nx">email</span><span class="p">;</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">e</span><span class="p">)</span> <span class="p">{</span> <span class="k">throw</span> <span class="nf">redirect</span><span class="p">(</span><span class="mi">303</span><span class="p">,</span> <span class="dl">'</span><span class="s1">/auth</span><span class="dl">'</span><span class="p">);</span> <span class="p">}</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">event</span><span class="p">.</span><span class="nx">locals</span><span class="p">.</span><span class="nx">id</span><span class="p">)</span> <span class="p">{</span> <span class="k">throw</span> <span class="nf">redirect</span><span class="p">(</span><span class="mi">303</span><span class="p">,</span> <span class="dl">'</span><span class="s1">/auth</span><span class="dl">'</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p>In this section, we're retrieving the cookie and with it authorizing against PB, refreshing the token, fetching user data, and storing it. Side note, <code>authRefresh</code> generates a new token with each call.</p> <p>Additionaly we're implementing a final verification check, as an added layer of security.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code> <span class="kd">const</span> <span class="nx">response</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">resolve</span><span class="p">(</span><span class="nx">event</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">cookie</span> <span class="o">=</span> <span class="nx">event</span><span class="p">.</span><span class="nx">locals</span><span class="p">.</span><span class="nx">pb</span><span class="p">.</span><span class="nx">authStore</span><span class="p">.</span><span class="nf">exportToCookie</span><span class="p">({</span> <span class="na">sameSite</span><span class="p">:</span> <span class="dl">'</span><span class="s1">lax</span><span class="dl">'</span> <span class="p">});</span> <span class="nx">response</span><span class="p">.</span><span class="nx">headers</span><span class="p">.</span><span class="nf">append</span><span class="p">(</span><span class="dl">'</span><span class="s1">set-cookie</span><span class="dl">'</span><span class="p">,</span> <span class="nx">cookie</span><span class="p">);</span> <span class="k">return</span> <span class="nx">response</span><span class="p">;</span> </code></pre> </div> <p>Arriving at this point indicates that we are now authorized. </p> <p>All that is left is to create THE cookie that will be used in all the subsequent requests for authorization.</p> <p>That's all for the big file.</p> <p>Next we need to make TypeScript happy by typing the global interface:</p> <p><strong>src/app.d.ts</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// See https://kit.svelte.dev/docs/types#app</span> <span class="c1">// for information about these interfaces</span> <span class="k">import</span> <span class="nx">PocketBase</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">pocketbase</span><span class="dl">'</span><span class="p">;</span> <span class="kr">declare</span> <span class="nb">global</span> <span class="p">{</span> <span class="k">namespace</span> <span class="nx">App</span> <span class="p">{</span> <span class="c1">// interface Error {}</span> <span class="kr">interface</span> <span class="nx">Locals</span> <span class="p">{</span> <span class="nl">pb</span><span class="p">:</span> <span class="nx">PocketBase</span><span class="p">;</span> <span class="nl">id</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">email</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="p">}</span> <span class="c1">// interface PageData {}</span> <span class="c1">// interface Platform {}</span> <span class="p">}</span> <span class="p">}</span> <span class="k">export</span> <span class="p">{};</span> </code></pre> </div> <p>We added 5 LOC to the existing file.</p> <p>There is only one thing left, logout. Do you recall when I mentioned that the streamlined flow has an extra advantage?</p> <p><strong>src/routes/+page.svelte</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="o">&lt;</span><span class="nx">button</span> <span class="kd">class</span><span class="o">=</span><span class="dl">"</span><span class="s2">border rounded p-2 mt-10 bg-gray-800 text-white hover:bg-gray-700</span><span class="dl">"</span> <span class="nx">on</span><span class="p">:</span><span class="nx">click</span><span class="o">=</span><span class="p">{()</span> <span class="o">=&gt;</span> <span class="p">(</span><span class="nb">window</span><span class="p">.</span><span class="nx">location</span><span class="p">.</span><span class="nx">href</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">/auth</span><span class="dl">'</span><span class="p">)}</span> <span class="o">&gt;</span> <span class="nx">Logout</span> <span class="o">&lt;</span><span class="sr">/button</span><span class="err">&gt; </span></code></pre> </div> <p>6 LOC</p> <p>Yes, to logout, all we really need is to go to <code>/auth</code>. It's important to note that we can't achieve this using the Svelte <code>goto('/auth')</code> function, as it doesn't effectively clear up the cookies.</p> <p>And we're finished!</p> <p>Quick recap of everything:</p> <ol> <li>On the <code>/auth</code> page, we initiate the OAuth2 flow from the client side, acquire the token, and send it to the server.</li> <li>Server sets it up as temp cookie and redirect to <code>/</code>.</li> <li> <code>hooks.server.ts</code> intercepts this request, extracts the cookie, authorizes it, generates a new cookie, and redirects to the <code>/</code> URL with the updated cookie.</li> <li>Each subsequent request passes through the hooks layer, with the previously established cookie for authentication.</li> </ol> <p>And that's all. 90 LOC.</p> <p>I hope this will be helpful for some of you :)</p> <p>More authentication solutions are coming soon, but before that, I plan to provide a bonus guide on setting up PocketBase with Svelte on the same server using Docker and Nginx as a proxy.</p> <p>This stack, particularly considering PocketBase's ability to work without remote SQL due to SQLite, offers incredible performance. You can do thousands of request, and you won't even notice it. </p> <h1> End </h1> <p>Hope you enjoyed it!</p> <p>Like always, a little bit of self-promotion :) </p> <p>Follow me on <a href="https://github.com/mpiorowski" rel="noopener noreferrer">Github</a> and <a href="https://twitter.com/mapiorowski" rel="noopener noreferrer">Twitter</a> to receive new notifications. I'm working on promoting lesser-known technologies, with Svelte, Go and Rust being the main focuses.</p> <p>I am also a creator of <a href="https://gofast.live" rel="noopener noreferrer">GoFast</a>, the ultimate foundation for building modern web apps with the power of Golang and SvelteKit / Next.js. Hop in if you are interested :)</p> svelte oauth typescript webdev TypeScript with Go/Rust errors? No try/catch? Heresy. Mateusz Piórowski Sun, 23 Jul 2023 19:03:55 +0000 https://dev.to/mpiorowski/typescript-with-gorust-errors-no-trycatch-heresy-49mf https://dev.to/mpiorowski/typescript-with-gorust-errors-no-trycatch-heresy-49mf <p>So, let's start with a little backstory about me. I am a software developer with around 10 years of experience, initially working with PHP and then gradually transitioning to JavaScript. Also, this is my first article ever, so please be understanding :)</p> <p>I started using TypeScript somewhere around 5 years ago, and since then, I have never gone back to JavaScript. The moment I started using it, I thought it was the BEST programming language ever created. Everyone loves it, everyone uses it... it's just the best one, right? Right? RIGHT?</p> <p>Yeah, and then I started playing around with other languages, more modern ones. First was Go, and then I slowly added Rust to my list (thanks Prime). </p> <p>It's hard to miss things when you don't know different things exist.</p> <p>What am I talking about? What common thing that Go and Rust share? ERRORS. The one thing that stood out the most for me. And more specifically, how these languages handle them.</p> <p>JavaScript relies on throwing exceptions to handle errors, whereas Go and Rust treat them as values. You might think this is not such a big deal... but, boy, it may sound like a trivial thing; however, it's a game-changer.</p> <p>Let's walk through these languages. We will not dive deep into each; we just want to know the general approach.</p> <p>Let's start with JavaScript / TypeScript and a little game.</p> <p>Give yourself 5 seconds to look at the code below and answer WHY we need to wrap it in try / catch.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">try</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">request</span> <span class="o">=</span> <span class="p">{</span> <span class="na">name</span><span class="p">:</span> <span class="dl">"</span><span class="s2">test</span><span class="dl">"</span><span class="p">,</span> <span class="na">value</span><span class="p">:</span> <span class="mi">2</span><span class="nx">n</span> <span class="p">};</span> <span class="kd">const</span> <span class="nx">body</span> <span class="o">=</span> <span class="nx">JSON</span><span class="p">.</span><span class="nf">stringify</span><span class="p">(</span><span class="nx">request</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">response</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">fetch</span><span class="p">(</span><span class="dl">"</span><span class="s2">https://example.com</span><span class="dl">"</span><span class="p">,</span> <span class="p">{</span> <span class="na">method</span><span class="p">:</span> <span class="dl">"</span><span class="s2">POST</span><span class="dl">"</span><span class="p">,</span> <span class="nx">body</span><span class="p">,</span> <span class="p">});</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">response</span><span class="p">.</span><span class="nx">ok</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span><span class="p">;</span> <span class="p">}</span> <span class="c1">// handle response</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">e</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// handle error</span> <span class="k">return</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <p>So, I assume most of you guessed that even though we are checking for <code>response.ok</code>, the fetch method can still throw an error. The <code>response.ok</code> "catches" only 4xx and 5xx network errors. But when the network itself fails, it throws an error.</p> <p>But I wonder how many of you guessed that the <code>JSON.stringify</code> will also throw an error. The reason why is that the request object contains the <code>bigint (2n)</code> variable, which <code>JSON</code> doesn't know how to stringify.</p> <p>So the first problem is, and personally, I believe it's the biggest JavaScript problem ever: we DON'T KNOW what can throw an error. From a JavaScript error perspective, it's the same as:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">try</span> <span class="p">{</span> <span class="kd">let</span> <span class="nx">data</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">Hello</span><span class="dl">"</span><span class="p">;</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">err</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">error</span><span class="p">(</span><span class="nx">err</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p>JavaScript doesn't know, JavaScript doesn't care; YOU should know.</p> <p>Second thing, this is a perfectly viable code:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">const</span> <span class="nx">request</span> <span class="o">=</span> <span class="p">{</span> <span class="na">name</span><span class="p">:</span> <span class="dl">"</span><span class="s2">test</span><span class="dl">"</span><span class="p">,</span> <span class="na">value</span><span class="p">:</span> <span class="mi">2</span><span class="nx">n</span> <span class="p">};</span> <span class="kd">const</span> <span class="nx">body</span> <span class="o">=</span> <span class="nx">JSON</span><span class="p">.</span><span class="nf">stringify</span><span class="p">(</span><span class="nx">request</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">response</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">fetch</span><span class="p">(</span><span class="dl">"</span><span class="s2">https://example.com</span><span class="dl">"</span><span class="p">,</span> <span class="p">{</span> <span class="na">method</span><span class="p">:</span> <span class="dl">"</span><span class="s2">POST</span><span class="dl">"</span><span class="p">,</span> <span class="nx">body</span><span class="p">,</span> <span class="p">});</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">response</span><span class="p">.</span><span class="nx">ok</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <p>No errors, no linters, even though this can break your app.</p> <p>Right now in my head, I can hear, "What's the problem, just use try / catch everywhere." Here comes the third problem; we don't know WHICH ONE throw. Of course, we can somehow guess by the error message, but for bigger services / functions, with a lot of places where error can happen? Are You sure You are handling all of them properly by one try / catch?</p> <p>Ok, it's time to stop picking on JS and move to something else. Let's start with Go:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="n">f</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">os</span><span class="o">.</span><span class="n">Open</span><span class="p">(</span><span class="s">"filename.ext"</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">log</span><span class="o">.</span><span class="n">Fatal</span><span class="p">(</span><span class="n">err</span><span class="p">)</span> <span class="p">}</span> <span class="c">// do something with the open *File f</span> </code></pre> </div> <p>We are trying to open a file, which is returning either a file or an error. And you will be seeing this a lot, mostly because we know which functions return errors, always. You never miss one. Here is the first example of treating the error as a value. You specify which function can return them, you return them, you assign them, you check them, you work with them.</p> <p>It's also not so colorful, and it's also one of the things Go gets criticized for, the <code>error-checking code</code>, where <code>if err != nil { ....</code> sometimes takes more lines of code than the rest.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="o">...</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="o">...</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="o">...</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="o">...</span> <span class="p">}</span> <span class="o">...</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="o">...</span> <span class="p">}</span> </code></pre> </div> <p>Still totaly worth the effort, trust me.</p> <p>And finally Rust:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight rust"><code><span class="k">let</span> <span class="n">greeting_file_result</span> <span class="o">=</span> <span class="nn">File</span><span class="p">::</span><span class="nf">open</span><span class="p">(</span><span class="s">"hello.txt"</span><span class="p">);</span> <span class="k">let</span> <span class="n">greeting_file</span> <span class="o">=</span> <span class="k">match</span> <span class="n">greeting_file_result</span> <span class="p">{</span> <span class="nf">Ok</span><span class="p">(</span><span class="n">file</span><span class="p">)</span> <span class="k">=&gt;</span> <span class="n">file</span><span class="p">,</span> <span class="nf">Err</span><span class="p">(</span><span class="n">error</span><span class="p">)</span> <span class="k">=&gt;</span> <span class="nd">panic!</span><span class="p">(</span><span class="s">"Problem opening the file: {:?}"</span><span class="p">,</span> <span class="n">error</span><span class="p">),</span> <span class="p">};</span> </code></pre> </div> <p>The most verbose of the three shown here and ironically the best one. So first of all, Rust handles the errors using its amazing Enums (they are not the same as TypeScript enums!). Without going into details, what is important here is that it uses an Enum called <code>Result</code> with two variants: <code>Ok</code> and <code>Err</code>. As you might guess, <code>Ok</code> holds a value and <code>Err</code> holds...surprise, an error :D.</p> <p>It also has a lot of ways to deal with them in more convenient ways, to mitigate the Go problem. The most well-known one is the <code>?</code> operator.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight rust"><code><span class="k">let</span> <span class="n">greeting_file_result</span> <span class="o">=</span> <span class="nn">File</span><span class="p">::</span><span class="nf">open</span><span class="p">(</span><span class="s">"hello.txt"</span><span class="p">)</span><span class="o">?</span><span class="p">;</span> </code></pre> </div> <p>The summary here is that both Go and Rust know wherever there might be an error, always. And they force you to deal with it right where it appears (mostly). No hidden ones, no guessing, no breaking app with a surprise face.</p> <p>And this approach is JUST BETTER. BY A MILE.</p> <p>Ok, it's time to be honest, I lied a little bit. We cannot make TypeScript errors work like the Go / Rust ones. The limiting factor here is the language itself; it just doesn't have proper tools to do that.</p> <p>But what we can do is try to make it similar. And make it simple.</p> <p>Starting with this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">export</span> <span class="kd">type</span> <span class="nx">Safe</span><span class="o">&lt;</span><span class="nx">T</span><span class="o">&gt;</span> <span class="o">=</span> <span class="o">|</span> <span class="p">{</span> <span class="na">success</span><span class="p">:</span> <span class="kc">true</span><span class="p">;</span> <span class="nl">data</span><span class="p">:</span> <span class="nx">T</span><span class="p">;</span> <span class="p">}</span> <span class="o">|</span> <span class="p">{</span> <span class="na">success</span><span class="p">:</span> <span class="kc">false</span><span class="p">;</span> <span class="nl">error</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="p">};</span> </code></pre> </div> <p>Nothing really fancy here, just a simple generic type. But this little baby can totally change the code. As you might notice, the biggest difference here is we are either returning data or error. Sounds familiar?</p> <p>Also, second lie, we need some try / catch. The good thing is we only need at least two, not 100000.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">export</span> <span class="kd">function</span> <span class="nf">safe</span><span class="o">&lt;</span><span class="nx">T</span><span class="o">&gt;</span><span class="p">(</span><span class="nx">promise</span><span class="p">:</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="nx">T</span><span class="o">&gt;</span><span class="p">):</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="nx">Safe</span><span class="o">&lt;</span><span class="nx">T</span><span class="o">&gt;&gt;</span><span class="p">;</span> <span class="k">export</span> <span class="kd">function</span> <span class="nf">safe</span><span class="o">&lt;</span><span class="nx">T</span><span class="o">&gt;</span><span class="p">(</span><span class="nx">func</span><span class="p">:</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="nx">T</span><span class="p">):</span> <span class="nx">Safe</span><span class="o">&lt;</span><span class="nx">T</span><span class="o">&gt;</span><span class="p">;</span> <span class="k">export</span> <span class="kd">function</span> <span class="nf">safe</span><span class="o">&lt;</span><span class="nx">T</span><span class="o">&gt;</span><span class="p">(</span> <span class="nx">promiseOrFunc</span><span class="p">:</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="nx">T</span><span class="o">&gt;</span> <span class="o">|</span> <span class="p">(()</span> <span class="o">=&gt;</span> <span class="nx">T</span><span class="p">),</span> <span class="p">):</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="nx">Safe</span><span class="o">&lt;</span><span class="nx">T</span><span class="o">&gt;&gt;</span> <span class="o">|</span> <span class="nx">Safe</span><span class="o">&lt;</span><span class="nx">T</span><span class="o">&gt;</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">promiseOrFunc</span> <span class="k">instanceof</span> <span class="nb">Promise</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nf">safeAsync</span><span class="p">(</span><span class="nx">promiseOrFunc</span><span class="p">);</span> <span class="p">}</span> <span class="k">return</span> <span class="nf">safeSync</span><span class="p">(</span><span class="nx">promiseOrFunc</span><span class="p">);</span> <span class="p">}</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">safeAsync</span><span class="o">&lt;</span><span class="nx">T</span><span class="o">&gt;</span><span class="p">(</span><span class="nx">promise</span><span class="p">:</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="nx">T</span><span class="o">&gt;</span><span class="p">):</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="nx">Safe</span><span class="o">&lt;</span><span class="nx">T</span><span class="o">&gt;&gt;</span> <span class="p">{</span> <span class="k">try</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">data</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">promise</span><span class="p">;</span> <span class="k">return</span> <span class="p">{</span> <span class="nx">data</span><span class="p">,</span> <span class="na">success</span><span class="p">:</span> <span class="kc">true</span> <span class="p">};</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">e</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">error</span><span class="p">(</span><span class="nx">e</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="nx">e</span> <span class="k">instanceof</span> <span class="nb">Error</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="p">{</span> <span class="na">success</span><span class="p">:</span> <span class="kc">false</span><span class="p">,</span> <span class="na">error</span><span class="p">:</span> <span class="nx">e</span><span class="p">.</span><span class="nx">message</span> <span class="p">};</span> <span class="p">}</span> <span class="k">return</span> <span class="p">{</span> <span class="na">success</span><span class="p">:</span> <span class="kc">false</span><span class="p">,</span> <span class="na">error</span><span class="p">:</span> <span class="dl">"</span><span class="s2">Something went wrong</span><span class="dl">"</span> <span class="p">};</span> <span class="p">}</span> <span class="p">}</span> <span class="kd">function</span> <span class="nf">safeSync</span><span class="o">&lt;</span><span class="nx">T</span><span class="o">&gt;</span><span class="p">(</span><span class="nx">func</span><span class="p">:</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="nx">T</span><span class="p">):</span> <span class="nx">Safe</span><span class="o">&lt;</span><span class="nx">T</span><span class="o">&gt;</span> <span class="p">{</span> <span class="k">try</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">data</span> <span class="o">=</span> <span class="nf">func</span><span class="p">();</span> <span class="k">return</span> <span class="p">{</span> <span class="nx">data</span><span class="p">,</span> <span class="na">success</span><span class="p">:</span> <span class="kc">true</span> <span class="p">};</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">e</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">error</span><span class="p">(</span><span class="nx">e</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="nx">e</span> <span class="k">instanceof</span> <span class="nb">Error</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="p">{</span> <span class="na">success</span><span class="p">:</span> <span class="kc">false</span><span class="p">,</span> <span class="na">error</span><span class="p">:</span> <span class="nx">e</span><span class="p">.</span><span class="nx">message</span> <span class="p">};</span> <span class="p">}</span> <span class="k">return</span> <span class="p">{</span> <span class="na">success</span><span class="p">:</span> <span class="kc">false</span><span class="p">,</span> <span class="na">error</span><span class="p">:</span> <span class="dl">"</span><span class="s2">Something went wrong</span><span class="dl">"</span> <span class="p">};</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>"Wow, what a genius, he created a wrapper for try / catch." Yes, you are right; this is just a wrapper with our <code>Safe</code> type as the return one. But sometimes simple things are all you need. Let's combine them together with the example from above.</p> <p>Old one (16 lines):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">try</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">request</span> <span class="o">=</span> <span class="p">{</span> <span class="na">name</span><span class="p">:</span> <span class="dl">"</span><span class="s2">test</span><span class="dl">"</span><span class="p">,</span> <span class="na">value</span><span class="p">:</span> <span class="mi">2</span><span class="nx">n</span> <span class="p">};</span> <span class="kd">const</span> <span class="nx">body</span> <span class="o">=</span> <span class="nx">JSON</span><span class="p">.</span><span class="nf">stringify</span><span class="p">(</span><span class="nx">request</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">response</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">fetch</span><span class="p">(</span><span class="dl">"</span><span class="s2">https://example.com</span><span class="dl">"</span><span class="p">,</span> <span class="p">{</span> <span class="na">method</span><span class="p">:</span> <span class="dl">"</span><span class="s2">POST</span><span class="dl">"</span><span class="p">,</span> <span class="nx">body</span><span class="p">,</span> <span class="p">});</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">response</span><span class="p">.</span><span class="nx">ok</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// handle network error</span> <span class="k">return</span><span class="p">;</span> <span class="p">}</span> <span class="c1">// handle response</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">e</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// handle error</span> <span class="k">return</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <p>New one (20 lines):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">const</span> <span class="nx">request</span> <span class="o">=</span> <span class="p">{</span> <span class="na">name</span><span class="p">:</span> <span class="dl">"</span><span class="s2">test</span><span class="dl">"</span><span class="p">,</span> <span class="na">value</span><span class="p">:</span> <span class="mi">2</span><span class="nx">n</span> <span class="p">};</span> <span class="kd">const</span> <span class="nx">body</span> <span class="o">=</span> <span class="nf">safe</span><span class="p">(()</span> <span class="o">=&gt;</span> <span class="nx">JSON</span><span class="p">.</span><span class="nf">stringify</span><span class="p">(</span><span class="nx">request</span><span class="p">));</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">body</span><span class="p">.</span><span class="nx">success</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// handle error (body.error)</span> <span class="k">return</span><span class="p">;</span> <span class="p">}</span> <span class="kd">const</span> <span class="nx">response</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">safe</span><span class="p">(</span> <span class="nf">fetch</span><span class="p">(</span><span class="dl">"</span><span class="s2">https://example.com</span><span class="dl">"</span><span class="p">,</span> <span class="p">{</span> <span class="na">method</span><span class="p">:</span> <span class="dl">"</span><span class="s2">POST</span><span class="dl">"</span><span class="p">,</span> <span class="na">body</span><span class="p">:</span> <span class="nx">body</span><span class="p">.</span><span class="nx">data</span><span class="p">,</span> <span class="p">}),</span> <span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">response</span><span class="p">.</span><span class="nx">success</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// handle error (response.error)</span> <span class="k">return</span><span class="p">;</span> <span class="p">}</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">response</span><span class="p">.</span><span class="nx">data</span><span class="p">.</span><span class="nx">ok</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// handle network error</span> <span class="k">return</span><span class="p">;</span> <span class="p">}</span> <span class="c1">// handle response (body.data)</span> </code></pre> </div> <p>So yes, our new solution is longer, but:</p> <ul> <li>no try-catch</li> <li>we handle each error where it occurs</li> <li>we have a nice top-to-bottom logic, all errors on top, then only the response at the bottom</li> </ul> <p>But now comes the ace. What will happen if we forget to check this one:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">body</span><span class="p">.</span><span class="nx">success</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// handle error (body.error)</span> <span class="k">return</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <p>The thing is... we can't. Yes, we MUST do that check; if we don't, then the <code>body.data</code> will not exist. LSP will remind us of it by throwing a "Property 'data' does not exist on type 'Safe'". And it's all Thanks to the simple <code>Safe</code> type we created. And it also works for error message; we don't have access to <code>body.error</code> until we check for <code>!body.success</code>.</p> <p>Here is a moment we should really appreciate the TypeScript and how it changed the JavaScript world.</p> <p>The same goes for:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">response</span><span class="p">.</span><span class="nx">success</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// handle error (response.error)</span> <span class="k">return</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <p>We cannot remove the <code>!response.success</code> check because otherwise the <code>response.data</code> will not exist.</p> <p>Of course, our solution doesn't come without its problems, the biggest one is that you need to remember to wrap Promises / functions that can throw errors with our <code>safe</code> wrapper. This "we need to know" is a language limitation which we cannot overcome.</p> <p>It may sound hard, but it isn't. You soon start to realize that almost all Promises you have in your code can throw errors, and the synchronous functions that can, you know about them, and there aren't so many of them.</p> <p>Still, you might be asking, is it worth it? We think it is, and it's working perfectly in our team :). When you look at a bigger service file, with no try / catch anywhere, with every error handled where it appeared, with a nice flow of logic... it just looks nice.</p> <p>Here is a real life usage (SvelteKit FormAction):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">export</span> <span class="kd">const</span> <span class="nx">actions</span> <span class="o">=</span> <span class="p">{</span> <span class="na">createEmail</span><span class="p">:</span> <span class="k">async </span><span class="p">({</span> <span class="nx">locals</span><span class="p">,</span> <span class="nx">request</span> <span class="p">})</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">end</span> <span class="o">=</span> <span class="nf">perf</span><span class="p">(</span><span class="dl">"</span><span class="s2">CreateEmail</span><span class="dl">"</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">form</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">safe</span><span class="p">(</span><span class="nx">request</span><span class="p">.</span><span class="nf">formData</span><span class="p">());</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">form</span><span class="p">.</span><span class="nx">success</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nf">fail</span><span class="p">(</span><span class="mi">400</span><span class="p">,</span> <span class="p">{</span> <span class="na">error</span><span class="p">:</span> <span class="nx">form</span><span class="p">.</span><span class="nx">error</span> <span class="p">});</span> <span class="p">}</span> <span class="kd">const</span> <span class="nx">schema</span> <span class="o">=</span> <span class="nx">z</span> <span class="p">.</span><span class="nf">object</span><span class="p">({</span> <span class="na">emailTo</span><span class="p">:</span> <span class="nx">z</span><span class="p">.</span><span class="nf">string</span><span class="p">().</span><span class="nf">email</span><span class="p">(),</span> <span class="na">emailName</span><span class="p">:</span> <span class="nx">z</span><span class="p">.</span><span class="nf">string</span><span class="p">().</span><span class="nf">min</span><span class="p">(</span><span class="mi">1</span><span class="p">),</span> <span class="na">emailSubject</span><span class="p">:</span> <span class="nx">z</span><span class="p">.</span><span class="nf">string</span><span class="p">().</span><span class="nf">min</span><span class="p">(</span><span class="mi">1</span><span class="p">),</span> <span class="na">emailHtml</span><span class="p">:</span> <span class="nx">z</span><span class="p">.</span><span class="nf">string</span><span class="p">().</span><span class="nf">min</span><span class="p">(</span><span class="mi">1</span><span class="p">),</span> <span class="p">})</span> <span class="p">.</span><span class="nf">safeParse</span><span class="p">({</span> <span class="na">emailTo</span><span class="p">:</span> <span class="nx">form</span><span class="p">.</span><span class="nx">data</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">"</span><span class="s2">emailTo</span><span class="dl">"</span><span class="p">),</span> <span class="na">emailName</span><span class="p">:</span> <span class="nx">form</span><span class="p">.</span><span class="nx">data</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">"</span><span class="s2">emailName</span><span class="dl">"</span><span class="p">),</span> <span class="na">emailSubject</span><span class="p">:</span> <span class="nx">form</span><span class="p">.</span><span class="nx">data</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">"</span><span class="s2">emailSubject</span><span class="dl">"</span><span class="p">),</span> <span class="na">emailHtml</span><span class="p">:</span> <span class="nx">form</span><span class="p">.</span><span class="nx">data</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">"</span><span class="s2">emailHtml</span><span class="dl">"</span><span class="p">),</span> <span class="p">});</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">schema</span><span class="p">.</span><span class="nx">success</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">error</span><span class="p">(</span><span class="nx">schema</span><span class="p">.</span><span class="nx">error</span><span class="p">.</span><span class="nf">flatten</span><span class="p">());</span> <span class="k">return</span> <span class="nf">fail</span><span class="p">(</span><span class="mi">400</span><span class="p">,</span> <span class="p">{</span> <span class="na">form</span><span class="p">:</span> <span class="nx">schema</span><span class="p">.</span><span class="nx">error</span><span class="p">.</span><span class="nf">flatten</span><span class="p">().</span><span class="nx">fieldErrors</span> <span class="p">});</span> <span class="p">}</span> <span class="kd">const</span> <span class="nx">metadata</span> <span class="o">=</span> <span class="nf">createMetadata</span><span class="p">(</span><span class="nx">URI_GRPC</span><span class="p">,</span> <span class="nx">locals</span><span class="p">.</span><span class="nx">user</span><span class="p">.</span><span class="nx">key</span><span class="p">)</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">metadata</span><span class="p">.</span><span class="nx">success</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nf">fail</span><span class="p">(</span><span class="mi">400</span><span class="p">,</span> <span class="p">{</span> <span class="na">error</span><span class="p">:</span> <span class="nx">metadata</span><span class="p">.</span><span class="nx">error</span> <span class="p">});</span> <span class="p">}</span> <span class="kd">const</span> <span class="nx">response</span> <span class="o">=</span> <span class="k">await</span> <span class="k">new</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="nx">Safe</span><span class="o">&lt;</span><span class="nx">Email__Output</span><span class="o">&gt;&gt;</span><span class="p">((</span><span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">usersClient</span><span class="p">.</span><span class="nf">createEmail</span><span class="p">(</span><span class="nx">schema</span><span class="p">.</span><span class="nx">data</span><span class="p">,</span> <span class="nx">metadata</span><span class="p">.</span><span class="nx">data</span><span class="p">,</span> <span class="nf">grpcSafe</span><span class="p">(</span><span class="nx">res</span><span class="p">));</span> <span class="p">});</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">response</span><span class="p">.</span><span class="nx">success</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nf">fail</span><span class="p">(</span><span class="mi">400</span><span class="p">,</span> <span class="p">{</span> <span class="na">error</span><span class="p">:</span> <span class="nx">response</span><span class="p">.</span><span class="nx">error</span> <span class="p">});</span> <span class="p">}</span> <span class="nf">end</span><span class="p">();</span> <span class="k">return</span> <span class="p">{</span> <span class="na">email</span><span class="p">:</span> <span class="nx">response</span><span class="p">.</span><span class="nx">data</span><span class="p">,</span> <span class="p">};</span> <span class="p">},</span> <span class="p">}</span> <span class="nx">satisfies</span> <span class="nx">Actions</span><span class="p">;</span> </code></pre> </div> <p>Few things to point out:</p> <ul> <li>our custom function <code>grpcSafe</code> to help us with grpc callback</li> <li>createMetadata return <code>Safe</code> inside, so we don't need to wrap it.</li> <li> <code>zod</code> library is using the same pattern :) If we don't do <code>schema.success</code> check, we don't have access to <code>schema.data</code>.</li> </ul> <p>Doesn't it look clean? So try it out! Maybe it will be great fit for you too :)</p> <p>Also, I hope this article was interesting for you. I hope to create more of them to share my thoughts and ideas.</p> <p>P.S. Looks similar?<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="n">f</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">os</span><span class="o">.</span><span class="n">Open</span><span class="p">(</span><span class="s">"filename.ext"</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">log</span><span class="o">.</span><span class="n">Fatal</span><span class="p">(</span><span class="n">err</span><span class="p">)</span> <span class="p">}</span> <span class="c">// do something with the open *File f</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">const</span> <span class="nx">response</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">safe</span><span class="p">(</span><span class="nf">fetch</span><span class="p">(</span><span class="dl">"</span><span class="s2">https://example.com</span><span class="dl">"</span><span class="p">));</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">response</span><span class="p">.</span><span class="nx">success</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">error</span><span class="p">(</span><span class="nx">response</span><span class="p">.</span><span class="nx">error</span><span class="p">);</span> <span class="k">return</span><span class="p">;</span> <span class="p">}</span> <span class="c1">// do something with the response.data</span> </code></pre> </div> <h1> End </h1> <p>Hope you enjoyed it!</p> <p>Like always, a little bit of self-promotion :) </p> <p>Follow me on <a href="https://github.com/mpiorowski" rel="noopener noreferrer">Github</a> and <a href="https://twitter.com/mapiorowski" rel="noopener noreferrer">Twitter</a> to receive new notifications. I'm working on promoting lesser-known technologies, with Svelte, Go and Rust being the main focuses.</p> <p>I am also a creator of <a href="https://gofast.live" rel="noopener noreferrer">GoFast</a>, the ultimate foundation for building modern applications with the power of Golang and SvelteKit / Next.js. It also heavily utilizes everything described here. Hop in if you are interested :)</p> typescript rust go javascript