How to keep client credentials for a third party platform safe
The users of my SaaS are using a third party platform to sell goods, now this platform offers an API to which we as software can connect to using the clients credentials. It consists of a client-id and client-secret, which both can be found in the users account.
Question:
How do I keep these safe and also stored optimally, such that the Software can easily use the credentials per user and doesn't accidentally use the credentials of another user?
48 Replies
Hi @Sven. I'm kapa.ai, your friendly support bot. I will try to answer your question by searching through the knowledge base. :wave:
Wohooo @Sven, you just became a Waspeteer level 6!
----------------------
To keep client credentials safe and optimally stored, you can consider using a managed client storage solution. Wasp is considering providing a helper for storing data locally on the clients, which abstracts away the storage implementation. This would wrap
localStorage or sessionStorage and expose it to the user.
Here's a proposed API for this feature:
For storing user sensitive data, Wasp could provide an API which could then automatically clear on log out. Something like:
This way, you can store the client-id and client-secret for each user in a secure and isolated manner, ensuring that the software doesn't accidentally use the credentials of another user.
Please note that this feature is still under consideration and not yet implemented in Wasp. You can follow the progress on this Github issue (https://github.com/wasp-lang/wasp/issues/1082).
In the meantime, you might want to consider using a similar approach with your own implementation or using a third-party library that provides similar functionality.
----------------------
Note: you can ask me a follow up question by @ mentioning me again :speech_balloon:
----------------------
Sorry @Sven, I seem to be having a bit of trouble. Don't worry though, I've pinged my support and they will try to fix me up! :technologist:
Perhaps try again in 15mins?IS this a good option?
I think it is not, as this would likely cause issues when deleting cache etc and having them put in the credentials again
Kapa gave a bad answer IMHO.
I guess the best way is to store the credentials in the database, but encrypt the values first.
How'll implement the encryption part is up to you, but quick Google search gives me this: https://habtesoft.medium.com/encrypt-data-on-nodejs-e0a45c67c772
Medium
Encrypt data on Nodejs
Encrypting data is an essential security aspect, especially when working with sensitive data. Node.js provides a built-in crypto module…
i have an env var with an encryption key, however i think i can't acces it on the webpage/frontend how would i acces it using process.env the same as how it is used here and encrypt the users filled in data.
@kapa.ai
I have this piece of code in encryption.ts which encrypts my data. Both functions are imported into a .tsx file to make a certain string encrypted on a button click. Now it doesn't use the encryption key in my .env.server it just uses the 'your-default-key', how do i acces the encryption key securely?
Let me check the knowledge base for you. One moment! :books:
----------------------
In Wasp, you can use environment variables to securely store and access sensitive data like encryption keys. However, you should not use
import.meta.env to access environment variables in Wasp. Instead, you should use process.env.
Here's how you can modify your code to use process.env:
You can then define your REACT_APP_ENCRYPTION_KEY in a .env file in your project root. This file should not be committed to your version control system. Instead, you should have a .env.example file that lists all the required environment variables without the actual values.
Please note that environment variables that start with REACT_APP_ are injected into your application at build time. This means that anyone who can see your built application can see these values. Therefore, you should not use REACT_APP_ prefixed environment variables to store sensitive data like encryption keys. Instead, you should use environment variables that are only accessible on the server-side.
In Wasp, there was an issue where the JWT secret was hardcoded in the back-end code. This was done for simplicity and to test how Wasp works, but it was recognized that this must be changed going forward. The JWT secret (and other secret values) should come from some config/env file in an encrypted way. The best way to implement this was yet to be determined at the time of the issue (https://github.com/wasp-lang/wasp/issues/129).
Please ensure that you are following the best practices for managing sensitive data in your application.
----------------------
Note: you can ask me a follow up question by @ mentioning me again :speech_balloon:
----------------------
Sorry @Sven, I seem to be having a bit of trouble. Don't worry though, I've pinged my support and they will try to fix me up! :technologist:
Perhaps try again in 15mins?@kapa.ai
i get:
Let me check the knowledge base for you. One moment! :books:
----------------------
The error
Uncaught ReferenceError: process is not defined typically occurs when you're trying to access Node.js specific variables (like process.env) in the client-side code (React).
In Wasp, environment variables are handled differently for the client and the server. For the client-side, environment variables are embedded into the client code during the build and shipping process, making them public and readable by anyone. Therefore, you should never store secrets in them (such as secret API keys). To enable Wasp to pick them up, client environment variables must be prefixed with REACT_APP_, for example: REACT_APP_SOME_VAR_NAME=.... You can read them from the client code like this:
On the other hand, server environment variables can store secret values (e.g. secret API keys) since they are not publicly readable. You can define them without any special prefix, such as SOME_VAR_NAME=.... You can read them in the server code like this:
In your case, if you're trying to access the encryption key in the client-side code, you should use import.meta.env.REACT_APP_ENCRYPTION_KEY. If you're accessing it in the server-side code, you should use process.env.REACT_APP_ENCRYPTION_KEY.
Please refer to the Wasp documentation on environment variables (https://wasp-lang.dev/docs/project/env-vars) for more information.
----------------------
Note: you can ask me a follow up question by @ mentioning me again :speech_balloon:
----------------------
Sorry @Sven, I seem to be having a bit of trouble. Don't worry though, I've pinged my support and they will try to fix me up! :technologist:
Perhaps try again in 15mins?@kapa.ai how would i do this then on the server side? could you provide me some code to set this up? I dont know in what file i would do this then...
Let me check the knowledge base for you. One moment! :books:
----------------------
In Wasp, server-side code is typically written in
server/ directory in your project root. You can create a new file in this directory, say encryption.js, and write your encryption and decryption functions there. Here's how you can do it:
Then, you can import these functions in your server-side code where you need to use them.
Remember to add your ENCRYPTION_KEY to your .env.server file:
This file should be at the root of your project and should not be committed to your version control system. Instead, you should have a .env.server.example file that lists all the required environment variables without the actual values.
Please note that this is a general guide and you might need to adjust the code according to your specific use case and the structure of your Wasp project.
----------------------
Note: you can ask me a follow up question by @ mentioning me again :speech_balloon:
----------------------
Sorry @Sven, I seem to be having a bit of trouble. Don't worry though, I've pinged my support and they will try to fix me up! :technologist:
Perhaps try again in 15mins?But how would i use this to encrypt the strings in the input fields on my page @kapa.ai
Let me check the knowledge base for you. One moment! :books:
----------------------
To encrypt the strings in the input fields on your page, you would need to make a request to the server-side function that performs the encryption. This is because the encryption key is stored on the server and should not be exposed to the client.
Here's a general idea of how you can do it:
1. Create a Wasp action that calls the encryption function. You can define this in your
main.wasp file:
2. In your React component, when the form is submitted, make a request to this action with the input string as a parameter. You can use the useMutation hook provided by Wasp to do this:
Please note that this is a general guide and you might need to adjust the code according to your specific use case and the structure of your Wasp project. Also, remember to handle errors and edge cases as needed.
----------------------
Note: you can ask me a follow up question by @ mentioning me again :speech_balloon:
----------------------
Sorry @Sven, I seem to be having a bit of trouble. Don't worry though, I've pinged my support and they will try to fix me up! :technologist:
Perhaps try again in 15mins?Clearer as it can get, crazy thanks! you made me understand it really well!
@kapa.ai Cannot find module '@wasp/actions' or its corresponding type declarations.ts(2307)
Let me check the knowledge base for you. One moment! :books:
----------------------
The error
Cannot find module '@wasp/actions' or its corresponding type declarations.ts(2307) typically occurs when TypeScript cannot find the module you're trying to import. This could be due to several reasons:
1. The module does not exist: Make sure that the module you're trying to import actually exists. In this case, @wasp/actions should be automatically available in a Wasp project.
2. The module is not correctly compiled: Wasp compiles your project and generates the wasp/* packages. Make sure you have run the Wasp compiler by running wasp start.
3. The project is in a broken state: Sometimes, the project can get into a broken state due to various reasons. You can try to clean the project by running wasp clean and then start it again with wasp start.
If you're still facing the issue, it would be helpful to know more about your project setup and the exact scenario when this error occurs. You can also check the Wasp Discord community (https://discord.com/channels/686873244791210014/1215750573278629958) for similar issues and solutions.
----------------------
Note: you can ask me a follow up question by @ mentioning me again :speech_balloon:
----------------------
Sorry @Sven, I seem to be having a bit of trouble. Don't worry though, I've pinged my support and they will try to fix me up! :technologist:
Perhaps try again in 15mins?Just another question @kapa.ai I store those encrypted client-id and client-secret in a table. How an i make sure only the user that the clients belong to can "retrieve". And they cant for example use the endpoint to retrieve these from others?
Let me check the knowledge base for you. One moment! :books:
----------------------
To ensure that only the user that the clients belong to can retrieve the client-id and client-secret, you can implement access control in your Wasp application. This involves checking the user's identity and their permissions before executing a query or action.
Here's a general idea of how you can do it:
1. Add a
userId field to the table where you store the client-id and client-secret. This field should store the ID of the user that the clients belong to.
2. In your queries or actions that retrieve the client-id and client-secret, check if the userId matches the ID of the currently logged-in user. You can access the currently logged-in user through the context.user object.
Here's an example of how you can do this in a query:
In this example, ClientCredentials is the entity that represents the table where you store the client-id and client-secret. The getClientCredentials query retrieves the client credentials with the specified ID. It first checks if the user is logged in. If not, it throws a 401 error. Then, it checks if the userId of the client credentials matches the ID of the currently logged-in user. If not, it throws a 403 error.
Please note that this is a general guide and you might need to adjust the code according to your specific use case and the structure of your Wasp project. Also, remember to handle errors and edge cases as needed.
For more information on how to implement access control in Wasp, you can refer to the Wasp documentation (https://wasp-lang.dev/docs/tutorial/auth#updating-operations-to-check-authentication) and the Wasp Discord community (https://discord.com/channels/686873244791210014/1211733266235916358).
----------------------
Note: you can ask me a follow up question by @ mentioning me again :speech_balloon:
----------------------
Sorry @Sven, I seem to be having a bit of trouble. Don't worry though, I've pinged my support and they will try to fix me up! :technologist:
Perhaps try again in 15mins?@kapa.ai could i implement something like an auth that first checks id the authentication of the user is correct before giving the deceypted client creds. In the background?
I want this to ensure people cant get other peoples credentials through sending a request themselves
Let me check the knowledge base for you. One moment! :books:
----------------------
Yes, you can definitely add an authentication check before returning the decrypted client credentials. This is a good practice to ensure that only authenticated users can access sensitive data.
In Wasp, you can use the
context.user object to check if a user is authenticated. If context.user is null, it means the user is not authenticated. You can throw an error in this case to prevent further execution of the query or action.
Here's how you can modify the getClientCredentials query to add an authentication check:
In this example, decrypt is a function that decrypts the client credentials. You would need to import this function from where you have defined it.
Please note that this is a general guide and you might need to adjust the code according to your specific use case and the structure of your Wasp project. Also, remember to handle errors and edge cases as needed.
For more information on how to implement authentication and access control in Wasp, you can refer to the Wasp documentation (https://wasp-lang.dev/docs/tutorial/auth#updating-operations-to-check-authentication) and the Wasp Discord community (https://discord.com/channels/686873244791210014/1211733266235916358).
----------------------
Note: you can ask me a follow up question by @ mentioning me again :speech_balloon:
----------------------
Sorry @Sven, I seem to be having a bit of trouble. Don't worry though, I've pinged my support and they will try to fix me up! :technologist:
Perhaps try again in 15mins?But does this prevent other paying users of accessing someone elses clients creds.? Like if they read the sourcecode and view the network tab would there be a way for them to fetch other peoples client creds? @kapa.ai
Let me check the knowledge base for you. One moment! :books:
----------------------
Yes, the method described above should prevent other users, even if they are authenticated, from accessing someone else's client credentials. This is because the
getClientCredentials query checks if the userId of the client credentials matches the ID of the currently logged-in user. If they don't match, it throws a 403 error, preventing the user from accessing the client credentials of another user.
Here's the relevant part of the code:
This check ensures that a user can only access the client credentials that belong to them. Even if a user tries to fetch another user's client credentials by manipulating the request in the network tab or reading the source code, they will not be able to bypass this check.
However, please note that this is just one part of securing your application. You should also ensure that your application is secure in other aspects, such as using HTTPS, storing passwords securely, validating and sanitizing user input, and so on. You can refer to the OWASP Top Ten (https://owasp.org/www-project-top-ten/) for a list of the most critical web application security risks and how to mitigate them.
----------------------
Note: you can ask me a follow up question by @ mentioning me again :speech_balloon:
----------------------
Sorry @Sven, I seem to be having a bit of trouble. Don't worry though, I've pinged my support and they will try to fix me up! :technologist:
Perhaps try again in 15mins?Goaaatattttt
@kapa.ai write for me the schema that i can put in the prisma file, as well as the TS code that will put the encrypted client-id client-secret and userId in the table.
Let me check the knowledge base for you. One moment! :books:
----------------------
Sure, let's start with the Prisma schema. You can define an entity in your
main.wasp file that corresponds to a table in your database. This table will store the encrypted client-id, client-secret, and the user ID. Here's how you can define this entity:
In this entity, clientId and clientSecret are the encrypted client-id and client-secret, respectively. userId is the ID of the user that the client credentials belong to. The user field establishes a relation to the User entity, which represents the users in your application.
Next, let's move on to the TypeScript code that will put the encrypted client-id, client-secret, and user ID in the table. You can create a Wasp action that takes the client-id, client-secret, and user ID as parameters, encrypts the client-id and client-secret, and then stores them in the database. Here's how you can define this action:
In this action, encrypt is a function that encrypts a string. You would need to import this function from where you have defined it.
Please note that this is a general guide and you might need to adjust the code according to your specific use case and the structure of your Wasp project. Also, remember to handle errors and edge cases as needed.
----------------------
Note: you can ask me a follow up question by @ mentioning me again :speech_balloon:
----------------------
Sorry @Sven, I seem to be having a bit of trouble. Don't worry though, I've pinged my support and they will try to fix me up! :technologist:
Perhaps try again in 15mins?@kapa.ai , why would i need user User @relation(fields: [userId], references: [id])
Let me check the knowledge base for you. One moment! :books:
----------------------
The line
user User @relation(fields: [userId], references: [id]) in the Prisma schema establishes a relation between the ClientCredentials entity and the User entity. This is a foreign key relation that connects each client credential to the user it belongs to.
Here's what each part of this line means:
- user User: This declares a field named user of type User. This field will hold the User record that the client credential is related to.
- @relation(fields: [userId], references: [id]): This is a Prisma decorator that establishes the relation. The fields array contains the fields in the ClientCredentials entity that are used to store the relation. The references array contains the fields in the User entity that these fields refer to.
In this case, the userId field in the ClientCredentials entity refers to the id field in the User entity. This means that for each client credential, the userId field stores the ID of the user it belongs to.
This relation allows you to easily fetch the user that a client credential belongs to, and vice versa. For example, if you have a ClientCredentials record, you can get the User record it belongs to by accessing the user field. Similarly, if you have a User record, you can get all the ClientCredentials records that belong to it.
For more information on how relations work in Prisma, you can refer to the Prisma documentation (https://www.prisma.io/docs/concepts/components/prisma-schema/relations).
----------------------
Note: you can ask me a follow up question by @ mentioning me again :speech_balloon:
----------------------
Sorry @Sven, I seem to be having a bit of trouble. Don't worry though, I've pinged my support and they will try to fix me up! :technologist:
Perhaps try again in 15mins?@kapa.ai I have this operation that will store encryptedclient credentials. However can you tell me how to find/ fill in the userId there?
Let me check the knowledge base for you. One moment! :books:
----------------------
In your
storeClientCreds operation, you can get the userId from the args parameter, which contains the data passed to the operation. Here's how you can do it:
In this code, args.userId is the ID of the user that the client credentials belong to. This ID should be passed to the operation when it's called.
Please note that this is a general guide and you might need to adjust the code according to your specific use case and the structure of your Wasp project. Also, remember to handle errors and edge cases as needed.
----------------------
Note: you can ask me a follow up question by @ mentioning me again :speech_balloon:
----------------------
Sorry @Sven, I seem to be having a bit of trouble. Don't worry though, I've pinged my support and they will try to fix me up! :technologist:
Perhaps try again in 15mins?@kapa.ai is there no other way of doing it?
Let me check the knowledge base for you. One moment! :books:
----------------------
If you want to automatically associate the client credentials with the currently logged-in user, you can get the user ID from the
context.user object. Here's how you can do it:
In this code, context.user.id is the ID of the currently logged-in user. If the user is not logged in, the operation throws an error.
This method automatically associates the client credentials with the currently logged-in user, so you don't need to pass the user ID to the operation. However, you need to ensure that the operation is only called when a user is logged in.
Please note that this is a general guide and you might need to adjust the code according to your specific use case and the structure of your Wasp project. Also, remember to handle errors and edge cases as needed.
----------------------
Note: you can ask me a follow up question by @ mentioning me again :speech_balloon:
----------------------
Sorry @Sven, I seem to be having a bit of trouble. Don't worry though, I've pinged my support and they will try to fix me up! :technologist:
Perhaps try again in 15mins?Question solved, had access the .env on the server side by adding a script in the
/server folder.
Here you can acces the process.env to safely for example encrypt data. Then decelare this in the main.wasp as an action to be able to import it on a react page like:
Update: also added a user authentication to make sure other authenticated users cant access other peoples data if they are a bit nerdy.Wohooo @Sven, you just became a Waspeteer level 7!
@kapa.ai about this message you sent, i only need to use the encrypt client-id and client-secret on the server side to make a specific request to an endpoint (to return some data). How would i do this such that users cant request anything from other users or other credentials and thus preventing them from accesinf tat data
Let me check the knowledge base for you. One moment! :books:
----------------------
To ensure that users can only make requests with their own client credentials, you can implement access control in your Wasp application. This involves checking the user's identity and their permissions before executing a query or action.
Here's a general idea of how you can do it:
1. Add a
userId field to the table where you store the client-id and client-secret. This field should store the ID of the user that the clients belong to.
2. In your queries or actions that retrieve the client-id and client-secret, check if the userId matches the ID of the currently logged-in user. You can access the currently logged-in user through the context.user object.
Here's an example of how you can do this in a query:
In this example, ClientCredentials is the entity that represents the table where you store the client-id and client-secret. The getClientCredentials query retrieves the client credentials with the specified ID. It first checks if the user is logged in. If not, it throws a 401 error. Then, it checks if the userId of the client credentials matches the ID of the currently logged-in user. If not, it throws a 403 error.
This check ensures that a user can only access the client credentials that belong to them. Even if a user tries to fetch another user's client credentials by manipulating the request in the network tab or reading the source code, they will not be able to bypass this check.
However, please note that this is just one part of securing your application. You should also ensure that your application is secure in other aspects, such as using HTTPS, storing passwords securely, validating and sanitizing user input, and so on. You can refer to the OWASP Top Ten (https://owasp.org/www-project-top-ten/) for a list of the most critical web application security risks and how to mitigate them.
----------------------
Note: you can ask me a follow up question by @ mentioning me again :speech_balloon:
----------------------
Sorry @Sven, I seem to be having a bit of trouble. Don't worry though, I've pinged my support and they will try to fix me up! :technologist:
Perhaps try again in 15mins?where do i implement this function and how do i use it? Do i need to declare anything in my main.wasp? @kapa.ai
Let me check the knowledge base for you. One moment! :books:
----------------------
The function
getClientCredentials is a query function that you would typically implement in a JavaScript or TypeScript file in the src/queries directory of your Wasp project. For example, you could put it in a file named src/queries/clientCredentials.js or src/queries/clientCredentials.ts.
Here's how you can declare this query in your main.wasp file:
In this declaration, fn: import { getClientCredentials } from "@src/queries/clientCredentials.js" specifies that the implementation for the query function is exported from src/queries/clientCredentials.js. The entities: [ClientCredentials] line tells Wasp that this query reads from the ClientCredentials entity. Wasp will automatically update the results of this query when client credentials are modified.
After declaring the query, you can use it from anywhere in your code. For example, you could use it in a React component to fetch the client credentials of the currently logged-in user and make a request to an endpoint.
Please note that this is a general guide and you might need to adjust the code according to your specific use case and the structure of your Wasp project. Also, remember to handle errors and edge cases as needed.
For more information on how to work with queries in Wasp, you can refer to the Wasp documentation (https://wasp-lang.dev/docs/data-model/operations/queries#working-with-queries).
----------------------
Note: you can ask me a follow up question by @ mentioning me again :speech_balloon:
----------------------
Sorry @Sven, I seem to be having a bit of trouble. Don't worry though, I've pinged my support and they will try to fix me up! :technologist:
Perhaps try again in 15mins?@kapa.ai wouldn't it be better to impelent this user check on the server side?
Let me check the knowledge base for you. One moment! :books:
----------------------
Yes, you're absolutely correct. The
getClientCredentials function I described earlier is indeed intended to be run on the server-side. In Wasp, all queries and actions are executed on the server-side. This is where you should implement checks for user authentication and authorization.
The context.user object is available in all queries and actions when authentication is enabled. It contains all User entity's fields and the auth identities connected to the user. If context.user is undefined, it means the user is not authenticated. You can use this object to check if a user is authenticated and authorized to perform a certain operation.
Here's the server-side code snippet again for reference:
In this code, context.user is used to check if the user is authenticated and if they are authorized to access the specified client credentials. If the user is not authenticated or not authorized, the function throws an error and the operation is aborted.
For more information on how to implement authentication and access control in Wasp, you can refer to the Wasp documentation (https://wasp-lang.dev/docs/auth/overview#using-the-contextuser-object) and the Wasp Discord community (https://discord.com/channels/686873244791210014/1211733266235916358).
----------------------
Note: you can ask me a follow up question by @ mentioning me again :speech_balloon:
----------------------
Sorry @Sven, I seem to be having a bit of trouble. Don't worry though, I've pinged my support and they will try to fix me up! :technologist:
Perhaps try again in 15mins?@kapa.ai how would i acces context on the server side? als ogive an example implementation in a tsx file.
Let me check the knowledge base for you. One moment! :books:
----------------------
In Wasp, the
context object is automatically passed as an argument to your queries and actions. It contains useful information such as the currently logged-in user and the entities that are being operated on.
Here's an example of how you can access context in a query:
In this TypeScript code, context is the second argument to the getClientCredentials function. context.user is the currently logged-in user, and context.entities.ClientCredentials is the Prisma client for the ClientCredentials entity.
You can use context in a similar way in actions. For example, here's how you can use context in an action that creates a task:
In this TypeScript code, context is the second argument to the createTask function. context.user is the currently logged-in user, and context.entities.Task is the Prisma client for the Task entity.
For more information on how to use context in Wasp, you can refer to the Wasp documentation (https://wasp-lang.dev/docs/data-model/crud#defining-the-overrides) and the Wasp Discord community (https://discord.com/channels/686873244791210014/1222813122025226350).
----------------------
Note: you can ask me a follow up question by @ mentioning me again :speech_balloon:
----------------------
Sorry @Sven, I seem to be having a bit of trouble. Don't worry though, I've pinged my support and they will try to fix me up! :technologist:
Perhaps try again in 15mins?@kapa.ai how do i compose the input arg for this speicic function from a .tsx file so client side
Let me check the knowledge base for you. One moment! :books:
----------------------
To call the
storeClientCreds function from a .tsx file (client-side), you would typically use it in a React component, possibly in an event handler. Here's an example of how you can do it:
In this example, clientId and clientSecret are state variables that store the input values. The handleSubmit function is an event handler that is called when the form is submitted. It calls storeClientCreds with the input values as arguments.
Please note that this is a general guide and you might need to adjust the code according to your specific use case and the structure of your Wasp project. Also, remember to handle errors and edge cases as needed.
For more information on how to use actions in Wasp, you can refer to the Wasp documentation (https://wasp-lang.dev/docs/data-model/operations/actions#working-with-actions).
----------------------
Note: you can ask me a follow up question by @ mentioning me again :speech_balloon:
----------------------
Sorry @Sven, I seem to be having a bit of trouble. Don't worry though, I've pinged my support and they will try to fix me up! :technologist:
Perhaps try again in 15mins?no @kapa.ai i mean how would i make the input args for this function below on the client side:
Let me check the knowledge base for you. One moment! :books:
----------------------
To call the
getClientCredentials function from a .tsx file (client-side), you would typically use it in a React component, possibly in an effect hook. The args for this function would be an object with an id property that corresponds to the ID of the client credentials you want to retrieve.
Here's an example of how you can do it:
In this example, getClientCredentials is called inside the fetchClientCredentials function with { id: 1 } as the argument. This argument is an object with an id property that corresponds to the ID of the client credentials you want to retrieve. You should replace 1 with the actual ID.
Please note that this is a general guide and you might need to adjust the code according to your specific use case and the structure of your Wasp project. Also, remember to handle errors and edge cases as needed.
For more information on how to use queries in Wasp, you can refer to the Wasp documentation (https://wasp-lang.dev/docs/data-model/operations/queries#working-with-queries).
----------------------
Note: you can ask me a follow up question by @ mentioning me again :speech_balloon:
----------------------
Sorry @Sven, I seem to be having a bit of trouble. Don't worry though, I've pinged my support and they will try to fix me up! :technologist:
Perhaps try again in 15mins?Hey @Sven did Kappa solve your problem or do you need me to jump in?
I haven't read through everything so, if you need me, please give me a TL;DR 🙂
It got solced
Wohooo @Sven, you just became a Waspeteer level 8!
Basically was just a few errors i wanted kapa to debug