NitonFx
Explore posts from servers"use server"; RPC calls cannot access global objects
@Brendonovich do you have any (more) information about the isolation you talked about. Are there solid-start primitives to bypass this isolation
createServerSideResource() or something like that?16 replies
"use server"; RPC calls cannot access global objects
You can access it with getCookie in any server functionYes this works, i store the key to the map in there (a uuid with httpOnly) and both "use server" and api route can use it
But i don’t think the auth service sends the token to an api route but rather an api route - which is called by the client - should request the token and then pass the token in a httpOnly and secure cookie as a response to the client.Yes and no the server is a OAuth server so he sends me an url which i call with all the security verifiers etc and get the tokens, introspections and so on. But the tokenset and data i get back from the auth server is rly rly big thats why i refrained from storing all that in the cookie (even encrypted) since the cookie would have around ~2kb which is a little bit much?
Regarding the login flow you should probably stick to an example provided by the auth service’s docs.Thats what i am trying to do. They state that it is best practice to not expose the access and refresh tokens from the response to the client (and if rly neccesary only encrypted which is what vinxis useSession would do if i understand right)
The with-auth example is great. It shows how to use vinxi‘s session. The password is just a random string for encryption of the cookie value which is typically an env variable.If implementing a shared store/object/map between a "use server" function and an api route as Brendonovitch pointed out is not possible i will have to fall back to this
16 replies
"use server"; RPC calls cannot access global objects
Maybe i am missunderstanding.
So here is pseudocode-ish what i tried:
src/routes/api/login_callback.ts
src/lib/myglobalmap.ts
src/lib/useThirdPartyApi.ts
and in a component you would use callThirdPartyApi() . But callThirdPartyApi() cannot read the value added to the myglobalmap
I am not sure how i would apply your cache() and useAction createAction with this.
I tried keeping is at short and trimmed down as possible also i wrote the code in discord so many imports missing16 replies
"use server"; RPC calls cannot access global objects
@Madaxen86
by using createAsync with a function that uses the "use server" directive an API route will automatically be created.But i cannot control the api path its always
_server ? My oauth server requires me to have a url /api/login_callback that it can deliver the token to. Or do you mean using an use server function inside the api GET handler so the server RPC calls himself and therefore can access the object/cache/session store bound to the "RPC scope"?
Regarding vinxi useSession i tried to but the documentation didn't state at all what the password is how to generate, handle, rotate ... it securely and so on so i was pretty sure its beta feature; especially when its a security related feature. Also i was concerned about "replacability" how easy could i change to store to redis or postgres but i should maybe try it again?16 replies
Client Only - Local Storage
you can use the
isServer if you dont need the state to be available and renderable on the server.
BUT i think what you are searching for is better suited as a standalone primitive such as the one provided by @solid-primitives
or something homemade and simpler
7 replies
"use server"; RPC calls cannot access global objects
So basically what i want to do is having a route
/api/login_callback that acts as a oauth callback point. On call i want to store the access tokens inMemory and on subsequent requests (either "use server"; or an api route) i want to look the user up in this in memory store. Yes as soon as i want to scale it i have to replace it with redis or whatever but i dont need that for now.16 replies
"use server"; RPC calls cannot access global objects
@Madaxen86 So i saw your example does not use a server route/api route/GET I added such a route and it doesnt work
https://stackblitz.com/edit/github-vzswgd-r4ctkn?file=src%2Fapp.tsx
16 replies
Keeping data and code secure and on the server (restrict code to initial render)
Oh like a path /api/myapi/[...path]
With like a generic handler that replaces the session with API key and relays it to the real API? Altho I probably would have to be quite careful since well requests have quite a lot to them🤔
Or is the mechanism you mean something different?
26 replies
Keeping data and code secure and on the server (restrict code to initial render)
Hmmm ok because the problem i have is i have an api client
this api client object contains the api key (oath access token)
i wanted to do something like
the problem i dont know how to do this without exposing the
apiKey from the myClient to the frontend
ofc i could write a own use server function for every method in MyClient but i am looking at an autogenerated API client with ~100 API endpoints & growing of which i use quite a few26 replies