DEV Community: yutak23 The latest articles on DEV Community by yutak23 (@yutak23). https://dev.to/yutak23 https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F1219823%2Fa7d60fd7-d84f-46cd-9801-30a00d9a5032.png DEV Community: yutak23 https://dev.to/yutak23 en Session Management in SvelteKit Using Stores with svelte-kit-sessions yutak23 Thu, 11 Jan 2024 01:38:00 +0000 https://dev.to/yutak23/session-management-in-sveltekit-using-stores-with-svelte-kit-sessions-24df https://dev.to/yutak23/session-management-in-sveltekit-using-stores-with-svelte-kit-sessions-24df <h2> Introduction </h2> <p>When looking for session management libraries in SvelteKit, it seemed that there were only ones that store session information in cookies or have their stores fixed to Redis (although, maybe I just didn't search well enough).</p> <p>Personally, having experience with development in <a href="https://expressjs.com/ja/">Express</a>, I found the <a href="https://www.npmjs.com/package/express-session">express-session</a> approach quite flexible, where one could freely choose the store, and session information was saved in the store. I thought it would be desirable to have a session management module for SvelteKit that could do something similar.</p> <p>Thus, I developed and published a session management module for SvelteKit, named <code>svelte-kit-sessions</code>, which presupposes the use of a store. In this article, I’d like to discuss how one can implement session management in SvelteKit using this module.</p> <p><a href="https://www.npmjs.com/package/svelte-kit-sessions">https://www.npmjs.com/package/svelte-kit-sessions</a></p> <h2> Overview of <a href="https://www.npmjs.com/package/svelte-kit-sessions">svelte-kit-sessions</a> </h2> <p><a href="https://www.npmjs.com/package/svelte-kit-sessions">svelte-kit-sessions</a> is a module that stores the session ID (+signature) in a cookie. It uses this cookie's session ID as the key in the store to save session information. If a session exists, it retrieves the stored session information from the store, making it usable in SvelteKit's <a href="https://kit.svelte.jp/docs/form-actions">Actions</a>, <a href="https://kit.svelte.jp/docs/routing#server">API routes</a>, and <a href="https://kit.svelte.jp/docs/hooks#server-hooks">Server hooks(handle)</a>.</p> <p>The specific usage method is described in the README's <a href="https://www.npmjs.com/package/svelte-kit-sessions#usage">Usage</a> section, and it feels like the following in use:</p> <h3> Actions </h3> <p>Authenticate the user and create a session.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// src/routes/login/+page.server.ts</span> <span class="k">import</span> <span class="kd">type</span> <span class="p">{</span> <span class="nx">ServerLoad</span><span class="p">,</span> <span class="nx">Actions</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@sveltejs/kit</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="nx">db</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">$lib/server/db.ts</span><span class="dl">'</span><span class="p">;</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">load</span><span class="p">:</span> <span class="nx">ServerLoad</span> <span class="o">=</span> <span class="k">async </span><span class="p">({</span> <span class="nx">locals</span> <span class="p">})</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">session</span> <span class="p">}</span> <span class="o">=</span> <span class="nx">locals</span><span class="p">;</span> <span class="c1">// you can access `locals.session`</span> <span class="kd">const</span> <span class="nx">user</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">db</span><span class="p">.</span><span class="nf">getUserFromId</span><span class="p">(</span><span class="nx">session</span><span class="p">.</span><span class="nx">data</span><span class="p">.</span><span class="nx">userId</span><span class="p">);</span> <span class="k">return</span> <span class="p">{</span> <span class="nx">user</span> <span class="p">};</span> <span class="p">};</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">actions</span><span class="p">:</span> <span class="nx">Actions</span> <span class="o">=</span> <span class="p">{</span> <span class="na">login</span><span class="p">:</span> <span class="k">async </span><span class="p">({</span> <span class="nx">request</span><span class="p">,</span> <span class="nx">locals</span> <span class="p">})</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">session</span> <span class="p">}</span> <span class="o">=</span> <span class="nx">locals</span><span class="p">;</span> <span class="c1">// you can access `locals.session`</span> <span class="kd">const</span> <span class="nx">data</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">request</span><span class="p">.</span><span class="nf">formData</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">email</span> <span class="o">=</span> <span class="nx">data</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">email</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">password</span> <span class="o">=</span> <span class="nx">data</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">password</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">user</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">db</span><span class="p">.</span><span class="nf">getUser</span><span class="p">(</span><span class="nx">email</span><span class="p">,</span> <span class="nx">password</span><span class="p">);</span> <span class="k">await</span> <span class="nx">session</span><span class="p">.</span><span class="nf">setData</span><span class="p">({</span> <span class="na">userId</span><span class="p">:</span> <span class="nx">user</span><span class="p">.</span><span class="nx">id</span><span class="p">,</span> <span class="na">name</span><span class="p">:</span> <span class="nx">user</span><span class="p">.</span><span class="nx">name</span> <span class="p">});</span> <span class="c1">// set data to session</span> <span class="k">await</span> <span class="nx">session</span><span class="p">.</span><span class="nf">save</span><span class="p">();</span> <span class="c1">// session save and session create (session data is stored and set-cookie)</span> <span class="k">return</span> <span class="p">{</span> <span class="na">success</span><span class="p">:</span> <span class="kc">true</span> <span class="p">};</span> <span class="p">},</span> <span class="p">...</span> <span class="p">};</span> </code></pre> </div> <h3> API route </h3> <p>When creating a TODO for a user with a session, set the creator of the TODO to the <code>userId</code> from the session.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// src/routes/api/todo/+server.ts</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">json</span><span class="p">,</span> <span class="kd">type</span> <span class="nx">RequestEvent</span><span class="p">,</span> <span class="kd">type</span> <span class="nx">RequestHandler</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@sveltejs/kit</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="nx">db</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">$lib/server/db.ts</span><span class="dl">'</span><span class="p">;</span> <span class="kr">interface</span> <span class="nx">TodoBody</span> <span class="p">{</span> <span class="nl">title</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">memo</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="p">}</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">POST</span><span class="p">:</span> <span class="nx">RequestHandler</span> <span class="o">=</span> <span class="k">async </span><span class="p">(</span><span class="nx">event</span><span class="p">:</span> <span class="nx">RequestEvent</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">session</span> <span class="p">}</span> <span class="o">=</span> <span class="nx">event</span><span class="p">.</span><span class="nx">locals</span><span class="p">;</span> <span class="c1">// you can access `event.locals.session`</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">title</span><span class="p">,</span> <span class="nx">memo</span> <span class="p">}</span> <span class="o">=</span> <span class="p">(</span><span class="k">await</span> <span class="nx">event</span><span class="p">.</span><span class="nx">request</span><span class="p">.</span><span class="nf">json</span><span class="p">())</span> <span class="k">as</span> <span class="nx">TodoBody</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">todoId</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">db</span><span class="p">.</span><span class="nf">createTodo</span><span class="p">({</span> <span class="nx">title</span><span class="p">,</span> <span class="nx">memo</span><span class="p">,</span> <span class="na">userId</span><span class="p">:</span> <span class="nx">session</span><span class="p">.</span><span class="nx">data</span><span class="p">.</span><span class="nx">userId</span> <span class="p">});</span> <span class="k">return</span> <span class="nf">json</span><span class="p">({</span> <span class="na">id</span><span class="p">:</span> <span class="nx">todoId</span> <span class="p">},</span> <span class="p">{</span> <span class="na">status</span><span class="p">:</span> <span class="mi">200</span> <span class="p">});</span> <span class="p">};</span> </code></pre> </div> <h3> Server hooks(handle) </h3> <p>Redirect to the login screen in cases of access without an authenticated session.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// src/hooks.server.ts</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">redirect</span><span class="p">,</span> <span class="kd">type</span> <span class="nx">Handle</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@sveltejs/kit</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">sequence</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@sveltejs/kit/hooks</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">sveltekitSessionHandle</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">svelte-kit-sessions</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="nx">RedisStore</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">svelte-kit-connect-redis</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">Redis</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">ioredis</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">client</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Redis</span><span class="p">({</span> <span class="na">host</span><span class="p">:</span> <span class="dl">'</span><span class="s1">{your redis host}</span><span class="dl">'</span><span class="p">,</span> <span class="na">port</span><span class="p">:</span> <span class="mi">6379</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">checkAuthorizationHandle</span><span class="p">:</span> <span class="nx">Handle</span> <span class="o">=</span> <span class="k">async </span><span class="p">({</span> <span class="nx">event</span><span class="p">,</span> <span class="nx">resolve</span> <span class="p">})</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="c1">// `event.locals.session` is available</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">event</span><span class="p">.</span><span class="nx">locals</span><span class="p">.</span><span class="nx">session</span><span class="p">.</span><span class="nx">data</span><span class="p">.</span><span class="nx">userId</span><span class="p">)</span> <span class="nf">redirect</span><span class="p">(</span><span class="mi">302</span><span class="p">,</span> <span class="dl">'</span><span class="s1">/login</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">result</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">resolve</span><span class="p">(</span><span class="nx">event</span><span class="p">);</span> <span class="k">return</span> <span class="nx">result</span><span class="p">;</span> <span class="p">};</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">handle</span><span class="p">:</span> <span class="nx">Handle</span> <span class="o">=</span> <span class="nf">sequence</span><span class="p">(</span> <span class="nf">sveltekitSessionHandle</span><span class="p">({</span> <span class="na">secret</span><span class="p">:</span> <span class="dl">'</span><span class="s1">secret</span><span class="dl">'</span><span class="p">,</span> <span class="na">store</span><span class="p">:</span> <span class="k">new</span> <span class="nc">RedisStore</span><span class="p">({</span> <span class="nx">client</span> <span class="p">})</span> <span class="p">}),</span> <span class="nx">checkAuthorizationHandle</span> <span class="p">);</span> </code></pre> </div> <ul> <li>Reference: <a href="https://kit.svelte.dev/docs/load#redirects">https://kit.svelte.dev/docs/load#redirects</a> </li> </ul> <h2> Features and Highlights of <a href="https://www.npmjs.com/package/svelte-kit-sessions">svelte-kit-sessions</a> </h2> <p><a href="https://www.npmjs.com/package/svelte-kit-sessions">svelte-kit-sessions</a> has the following features and highlights (which might seem obvious, but are essential nonetheless):</p> <ul> <li>Ability to freely choose the store</li> <li>Flexible session configuration <ul> <li>Ability to create sessions without initialization</li> <li>Automatic updating of session expiry (expire)</li> <li>Regeneration of sessions to prevent session hijacking</li> <li>Support for multiple cookie signing secrets and secret rotation </li> </ul> </li> </ul> <h3> Ability to Freely Choose the Store </h3> <p>As listed in the <a href="https://www.npmjs.com/package/svelte-kit-sessions#compatible-session-stores">Compatible Session Stores</a> section, the session store can be freely chosen.</p> <p>Even stores not listed in <a href="https://www.npmjs.com/package/svelte-kit-sessions#compatible-session-stores">Compatible Session Stores</a> can be used by implementing a class that satisfies the interface described in the <a href="https://www.npmjs.com/package/svelte-kit-sessions#session-store-implementation">Session Store Implementation</a> section.</p> <h3> Flexible Session Configuration </h3> <h4> Ability to Create Sessions Without Initialization </h4> <p>Setting the <a href="https://www.npmjs.com/package/svelte-kit-sessions#saveuninitialized">saveUninitialized</a> option to <code>true</code> allows svelte-kit-sessions to automatically create sessions.</p> <p>This option should be set to <code>false</code> in scenarios like login where a session is issued for the first time, but it's a convenient option for scenarios where sessions are issued immediately upon access.</p> <h4> Automatic Updating of Session Expiry </h4> <p>Setting the <a href="https://www.npmjs.com/package/svelte-kit-sessions#rolling">rolling</a> option to <code>true</code> configures the sessions to automatically extend the validity period by the time specified in the <code>maxAge</code> cookie option.</p> <h4> Regeneration of Sessions to Prevent Session Hijacking </h4> <p>To prevent session hijacking, it is necessary to have different sessions before and after login. This can be easily implemented using the <a href="https://www.npmjs.com/package/svelte-kit-sessions#sessionregenerate">session.regenerate()</a> method.</p> <p>For example, during authentication via OpenID Connect, the session that stores the <code>state</code> or <code>codeVerifier</code>, and the session after the callback (post-login) should be different. In such cases, the following implementation could be applicable (assuming an OpenID Connect flow, specifically the Authorization Code Flow, where scopes like <code>openid</code>, <code>profile</code>, etc., are specified to receive an ID token and user information).<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// src/hooks.server.ts</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">redirect</span><span class="p">,</span> <span class="kd">type</span> <span class="nx">Handle</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@sveltejs/kit</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">sequence</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@sveltejs/kit/hooks</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">sveltekitSessionHandle</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">svelte-kit-sessions</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="nx">RedisStore</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">svelte-kit-connect-redis</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">Redis</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">ioredis</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="nx">oauthClient</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">$lib/server/oauth-client.js</span><span class="dl">'</span><span class="p">;</span> <span class="c1">// Be a library for OpenID Connect (OAuth2.0)</span> <span class="kd">const</span> <span class="nx">client</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Redis</span><span class="p">({</span> <span class="na">host</span><span class="p">:</span> <span class="dl">'</span><span class="s1">{your redis host}</span><span class="dl">'</span><span class="p">,</span> <span class="na">port</span><span class="p">:</span> <span class="mi">6379</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">checkAuthHandle</span><span class="p">:</span> <span class="nx">Handle</span> <span class="o">=</span> <span class="k">async </span><span class="p">({</span> <span class="nx">event</span><span class="p">,</span> <span class="nx">resolve</span> <span class="p">})</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="c1">// Callback endpoints, use temporary tokens to get ID tokens, etc.</span> <span class="k">if </span><span class="p">(</span><span class="nx">event</span><span class="p">.</span><span class="nx">url</span><span class="p">.</span><span class="nx">pathname</span> <span class="o">===</span> <span class="dl">'</span><span class="s1">/oauth/callback</span><span class="dl">'</span> <span class="o">&amp;&amp;</span> <span class="nx">event</span><span class="p">.</span><span class="nx">request</span><span class="p">.</span><span class="nx">method</span> <span class="o">===</span> <span class="dl">'</span><span class="s1">GET</span><span class="dl">'</span><span class="p">)</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">event</span><span class="p">.</span><span class="nx">locals</span><span class="p">.</span><span class="nx">session</span><span class="p">.</span><span class="nx">data</span><span class="p">.</span><span class="nx">state</span> <span class="o">!==</span> <span class="nx">event</span><span class="p">.</span><span class="nx">params</span><span class="p">.</span><span class="nx">state</span><span class="p">)</span> <span class="k">throw</span> <span class="k">new</span> <span class="nc">Error</span><span class="p">(</span><span class="dl">'</span><span class="s1">Invalid state.</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">data</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">oauthClient</span><span class="p">.</span><span class="nf">callback</span><span class="p">({</span> <span class="na">request</span><span class="p">:</span> <span class="nx">event</span><span class="p">.</span><span class="nx">request</span><span class="p">,</span> <span class="na">state</span><span class="p">:</span> <span class="nx">event</span><span class="p">.</span><span class="nx">locals</span><span class="p">.</span><span class="nx">session</span><span class="p">.</span><span class="nx">data</span><span class="p">.</span><span class="nx">state</span><span class="p">,</span> <span class="na">codeVerifier</span><span class="p">:</span> <span class="nx">event</span><span class="p">.</span><span class="nx">locals</span><span class="p">.</span><span class="nx">session</span><span class="p">.</span><span class="nx">data</span><span class="p">.</span><span class="nx">codeVerifier</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">newSession</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">session</span><span class="p">.</span><span class="nf">regenerate</span><span class="p">();</span> <span class="k">await</span> <span class="nx">newSession</span><span class="p">.</span><span class="nf">setData</span><span class="p">({</span> <span class="na">userId</span><span class="p">:</span> <span class="nx">data</span><span class="p">.</span><span class="nx">sub</span><span class="p">,</span> <span class="na">email</span><span class="p">:</span> <span class="nx">data</span><span class="p">.</span><span class="nx">email</span><span class="p">,</span> <span class="na">name</span><span class="p">:</span> <span class="nx">data</span><span class="p">.</span><span class="nx">name</span> <span class="p">});</span> <span class="k">await</span> <span class="nx">newSession</span><span class="p">.</span><span class="nf">save</span><span class="p">();</span> <span class="k">throw</span> <span class="nf">redirect</span><span class="p">(</span><span class="mi">302</span><span class="p">,</span> <span class="dl">'</span><span class="s1">/</span><span class="dl">'</span><span class="p">);</span> <span class="p">}</span> <span class="c1">// Start Authorization Code Flow with no session</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">event</span><span class="p">.</span><span class="nx">locals</span><span class="p">.</span><span class="nx">session</span><span class="p">.</span><span class="nx">data</span><span class="p">.</span><span class="nx">userId</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">authUri</span><span class="p">,</span> <span class="nx">state</span><span class="p">,</span> <span class="nx">codeVerifier</span> <span class="p">}</span> <span class="o">=</span> <span class="nx">oauthClient</span><span class="p">.</span><span class="nf">start</span><span class="p">();</span> <span class="k">await</span> <span class="nx">event</span><span class="p">.</span><span class="nx">locals</span><span class="p">.</span><span class="nx">session</span><span class="p">.</span><span class="nf">setData</span><span class="p">({</span> <span class="nx">state</span><span class="p">,</span> <span class="nx">codeVerifier</span> <span class="p">});</span> <span class="k">await</span> <span class="nx">event</span><span class="p">.</span><span class="nx">locals</span><span class="p">.</span><span class="nx">session</span><span class="p">.</span><span class="nf">save</span><span class="p">();</span> <span class="k">throw</span> <span class="nf">redirect</span><span class="p">(</span><span class="mi">302</span><span class="p">,</span> <span class="nx">authUri</span><span class="p">);</span> <span class="p">}</span> <span class="kd">const</span> <span class="nx">result</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">resolve</span><span class="p">(</span><span class="nx">event</span><span class="p">);</span> <span class="k">return</span> <span class="nx">result</span><span class="p">;</span> <span class="p">};</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">handle</span><span class="p">:</span> <span class="nx">Handle</span> <span class="o">=</span> <span class="nf">sequence</span><span class="p">(</span> <span class="nf">sveltekitSessionHandle</span><span class="p">({</span> <span class="na">secret</span><span class="p">:</span> <span class="dl">'</span><span class="s1">secret</span><span class="dl">'</span><span class="p">,</span> <span class="na">store</span><span class="p">:</span> <span class="k">new</span> <span class="nc">RedisStore</span><span class="p">({</span> <span class="nx">client</span> <span class="p">})</span> <span class="p">}),</span> <span class="nx">checkAuthHandle</span> <span class="p">);</span> </code></pre> </div> <p><strong>Note</strong> The above is implemented as a sample code in <code>hooks.server.ts</code> for the Authorization Code Flow, but in reality, it should probably be properly abstracted into API Routes or similar.</p> <h4> Ability to Specify Multiple Cookie Signing Secrets and Perform Secret Rotation </h4> <p>The <a href="https://www.npmjs.com/package/svelte-kit-sessions#secret">secret</a> option allows for not only a string but also an array of strings. This enables the periodic update of the cookie signing secret while ensuring that existing cookies do not become invalid.</p> <p>Specifically, by setting the secret to something like <code>["secret2", "secret1"]</code>, you can add a new secret, <code>"secret2"</code>, without invalidating the originally used <code>"secret1"</code>. When multiple secrets are set, the secret used for signing cookies will be the first one in the array.</p> <h2> Conclusion </h2> <p>This article summarized the features and highlights of <code>svelte-kit-sessions</code>, a session management module for SvelteKit that presupposes the use of a store.</p> <p>I hope <code>svelte-kit-sessions</code> (<a href="https://www.npmjs.com/package/svelte-kit-sessions">https://www.npmjs.com/package/svelte-kit-sessions</a>) proves to be useful for those who want to incorporate session management into their SvelteKit development. It would be great if it helps someone out there.</p> svelte sveltekit javascript typescript Creating Serverless MySQL HTTP (SMH) as an Emulation Service for PlanetScale yutak23 Mon, 27 Nov 2023 11:25:24 +0000 https://dev.to/yutak23/creating-serverless-mysql-http-smh-as-an-emulation-service-for-planetscale-176j https://dev.to/yutak23/creating-serverless-mysql-http-smh-as-an-emulation-service-for-planetscale-176j <h2> Introduction </h2> <p>I decided to try out a serverless MySQL service called <a href="https://planetscale.com/">PlanetScale</a>. However, it seemed that PlanetScale didn't have a local development environment emulation service, similar to AWS's <a href="https://www.localstack.cloud/">LocalStack</a> or Firebase's <a href="https://firebase.google.com/docs/emulator-suite">Firebase Local Emulator Suite</a>.</p> <p>So, I thought, if it doesn't exist, why not create it? In this article, I'd like to share about Serverless MySQL HTTP (SMH), which I developed for this purpose.</p> <p><a href="https://github.com/yutak23/serverless-mysql-http">https://github.com/yutak23/serverless-mysql-http</a></p> <h2> What is PlanetScale? </h2> <p><a href="https://planetscale.com/">https://planetscale.com/</a></p> <blockquote> <p>PlanetScale is a MySQL-compatible serverless database that brings you scale, performance, and reliability — without sacrificing developer experience. With PlanetScale, you get the power of horizontal sharding, non-blocking schema changes, and many more powerful database features without the pain of implementing them.</p> </blockquote> <h2> About Serverless MySQL HTTP (SMH) Created This Time </h2> <p>With PlanetScale, you can send requests and manage the database via HTTP using the <a href="https://github.com/planetscale/database-js">@planetscale/database</a> library. </p> <p>Using the @planetscale/database library allows for the use of PlanetScale even in edge environments. However, this approach has a downside: it doesn't support the usual development methods used with MySQL. Typically, for apps using MySQL, development is done locally with a MySQL server set up, say, in Docker, without connecting to the production MySQL environment<sup id="fnref1">1</sup>. However, when using <a href="https://github.com/planetscale/database-js">@planetscale/database</a>, requests sent over HTTP to PlanetScale do not work with a local MySQL environment due to protocol differences (as shown in the image below).<br> <a href="https://res.cloudinary.com/practicaldev/image/fetch/s--x9Merxxr--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/0wy9wuc36np6xvmtjqvt.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--x9Merxxr--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/0wy9wuc36np6xvmtjqvt.png" alt="Image description" width="800" height="484"></a></p> <p>Hence, a service is needed that can translate (or proxy) HTTP requests into MySQL protocol. This is where Serverless MySQL HTTP (SMH) comes into play.</p> <p>Using this service, as shown in the following image, HTTP requests to PlanetScale are received by SMH, which then converts them into MySQL protocol. This allows for development using a local MySQL environment even when using <a href="https://github.com/planetscale/database-js">@planetscale/database</a>.</p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--gDzhZFvh--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://storage.googleapis.com/zenn-user-upload/ee6f8caf88dd-20231127.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--gDzhZFvh--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://storage.googleapis.com/zenn-user-upload/ee6f8caf88dd-20231127.png" alt="Image showing how SMH works" width="800" height="255"></a></p> <p>Serverless MySQL HTTP (SMH) is available as a Docker image.</p> <p><a href="https://hub.docker.com/r/yutak23/serverless-mysql-http">https://hub.docker.com/r/yutak23/serverless-mysql-http</a></p> <p><em>Note: As mentioned above, SMH is specifically designed for use with the <a href="https://planetscale.com/docs/tutorials/planetscale-serverless-driver">PlanetScale serverless driver for JavaScript</a>.</em></p> <h2> Mechanism and Key Points </h2> <h3> Mechanism </h3> <p>The mechanism is quite simple: SMH is implemented as a Node.js Express server that receives HTTP requests. It uses <a href="https://github.com/sidorares/node-mysql2">node-mysql2</a> to query MySQL. The HTTP response needs to be converted into a format required by <a href="https://github.com/planetscale/database-js">@planetscale/database</a>, which was a key point in the implementation.</p> <h3> Key Points </h3> <p>PlanetScale is not a complete MySQL<sup id="fnref2">2</sup>, and the types differ slightly. I implemented a process to convert MySQL types to Vitess types for this.<br> Also, in <a href="https://github.com/planetscale/database-js">@planetscale/database</a>, the HTTP request and response bodies appear to be Base64 encoded, so handling this was another key point.</p> <h2> Conclusion </h2> <p>I introduced the development of Serverless MySQL HTTP (SMH), a service that allows for development in a local environment without connecting to the production service when using PlanetScale. I believe there's a need to develop without connecting to production services (otherwise, LocalStack and Firebase Local Emulator Suite wouldn't have been developed), so I hope that Serverless MySQL HTTP (SMH) will be helpful to someone.</p> <ol> <li id="fn1"> <p>For example, AWS RDS or Aurora, Azure's Azure Database for MySQL, GCP's Cloud SQL for MySQL, etc. ↩</p> </li> <li id="fn2"> <p>Vitess (<a href="https://planetscale.com/vitess">PlanetScale Vitess page</a>) ↩</p> </li> </ol> database mysql serverless opensource