ippo
ippo
TtRPC
Created by ippo on 8/23/2023 in #❓-help
fetch failed - error on npm start on production
fixed the problem: fetch() was missing inside httpBatchLink this was missing:
// ...
httpBatchLink({
url: getUrl(),
fetch(url, options) {
return fetch(url, {
...options,
credentials: "include",
});
},
}),
// ...
// ...
httpBatchLink({
url: getUrl(),
fetch(url, options) {
return fetch(url, {
...options,
credentials: "include",
});
},
}),
// ...
3 replies
TtRPC
Created by pjnicolas on 7/21/2023 in #❓-help
How would you implement basic auth session tokens with tRPC?
JWT is just bad for authentication and was never designed as an authentication tool. JWT is an authorization tool by design. (if you are interested I can give you tons and and tons of evidence, articles etc.) Here is a light read: http://cryto.net/~joepie91/blog/2016/06/13/stop-using-jwt-for-sessions/ next-auth uses JWTs for its session strategy and as far as I know, there is not really a good and flexible cookie-session next.js alternative so what should you do? If you want to (and also should) use session cookies for authentication go with express-session. In that case you need a custom next.js server that you can easily setup. If you have that you can use all battle tested express modules and have your custom and extremely custom authentication and authorization logic that you can imagine. The other benefit is that you can use sockets easily in your nextjs/trpc app
10 replies
TtRPC
Created by ippo on 6/4/2023 in #❓-help
Query tRPC the right way
@Nick Lucas so is my idea okay and common in tRPC?
6 replies
TtRPC
Created by ippo on 4/29/2023 in #❓-help
express-session for tRPC
this is how I setup my session with express-session:
app.use(
session({
name: "COOKIE_ID",
store: new RedisStore({
client: redis,
disableTouch: true,
}),
cookie: {
maxAge: 1000 * 60 * 60 * 24, // 1 day
httpOnly: true,
sameSite: "lax", // reLAXed CSRF - Cross Site Request Forgery
secure: true, // cookie only works in https
domain: ".myapp.com", // cookie only works if request comes from this domain
},
saveUninitialized: false, // not every session will be stored, only modified once
secret: "very complicated string", // this string is used to sign the cookie and protect it from modifications.
resave: false, // will not save the session in store on every request, only if was modified
})
);
app.use(
session({
name: "COOKIE_ID",
store: new RedisStore({
client: redis,
disableTouch: true,
}),
cookie: {
maxAge: 1000 * 60 * 60 * 24, // 1 day
httpOnly: true,
sameSite: "lax", // reLAXed CSRF - Cross Site Request Forgery
secure: true, // cookie only works in https
domain: ".myapp.com", // cookie only works if request comes from this domain
},
saveUninitialized: false, // not every session will be stored, only modified once
secret: "very complicated string", // this string is used to sign the cookie and protect it from modifications.
resave: false, // will not save the session in store on every request, only if was modified
})
);
Is there an equivalent for next-auth?
9 replies
TtRPC
Created by ippo on 4/29/2023 in #❓-help
express-session for tRPC
the max age, the signature secret, its behavior and so on?
9 replies
TtRPC
Created by ippo on 4/29/2023 in #❓-help
express-session for tRPC
@tomheaton but where do you set the cookie properties?
9 replies
TtRPC
Created by ippo on 4/29/2023 in #❓-help
express-session for tRPC
does anyone know a repo, that uses cookie authentication where the session-id is stored in a database/redis/memory and where on every request the user is queried and store in the req object?
9 replies