-
-
Notifications
You must be signed in to change notification settings - Fork 232
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
The SvelteKit SSR Documentation Examples Enhancements #742
Comments
See my issue supabase/auth-helpers#742 The SvelteKit documentation may be improved mainly by adding src/routes/+layout.svelte example with invalidation call.
Wow, great job! Love how in-depth the tutorial is. One thing I would point out that you might want to change in your tutorial: event.locals.getSession = async () => {
let {
data: { session },
} = await event.locals.supabase.auth.getSession()
// solving the case if the user was deleted from the database but the browser still has a cookie/loggedin user
// +lauout.server.js will delete the cookie if the session is null
const { data: getUserData, error: err } = await event.locals.supabase.auth.getUser()
if (getUserData.user == null) {
session = null
}
return session
} As you mentioned, we have a warning in our docs that using It's better practice to call event.locals.getSessionAndUser = async () => {
const { data: user, error: err } = await event.locals.supabase.auth.getUser()
let session
if (err) {
return { session, user: null }
}
else {
session = (await event.locals.supabase.auth.getSession()).data?.session
}
return {session, user}
} |
Added getUser() call as advices by @charislam in this discussion concerning the enancement of the documentation supabase/auth-helpers#742 (comment)
Thanks! Upon reviewing my comment, I realized I wasn't quite rigorous enough, so I've edited it, the key points being:
Really appreciate the PR! We're working through some changes to SvelteKit docs, including figuring out what we want to recommend as best practices, so I'm going to take a look at it in conjunction with that. Might take a bit longer than a quick review, but your work is definitely appreciated ❤️ and we're going to incorporate it somehow! |
what does this look like for typescript? The supabase documentation does not do too much of a good job explaining the types/shapes of the values returned by the auth functions... |
Somewhat related to the general discussion of Auth documentation. I do like the fact, that we can easily change the environment (Next.js, Sveltekit...) with tabs. Not less convenient would be a way to just switch between JS and TS. |
Following the discussion how to enhance SvelteKit SSR Auth docs and introduce best practices supabase/auth-helpers#742
As the majority of proposals are in the official documentation now I am closing this. |
Hey I am getting a |
What is calling |
@kvetoslavnovak @ssantoshp There is a longer discussion about problems surrounding this topic at: |
@codepainting thank you for letting me know. |
Did you find a solution to this? @kvetoslavnovak @codepainting @santoshlite I am getting |
@henrisuurorg |
Improve documentation
I dived into SvelteKit implementation of Supabase SSR. The SvelteKit documentation may be improved as suggested hereunder..
A link to the page which needs improvement :
https://supabase.com/docs/guides/auth/server-side/creating-a-client?framework=sveltekit
Describe the problem
Here is my working tutorial how to implement Supabase Auth SSR in SvelteKit fully. Mainly it gives the missing part how to implement invalidation so auth/session state is in sync between server and browser or between more opened browser tabs.
Feel free to use this tutorial in Supabase website somewhere.
Describe the improvement
EDIT: I HAVILY EDITED MY COMMETS AND CODE EXAMPLES, PUT THE FINAL SOLUTION HERE AT THE TOP AND DELETED PREVIOUS IDEAS TO AVOID POSSIBLE CONFUSION. I HAVE ALSO DELETED A PULL REQUEST IN MATTER UNTIL THIS IS SOLID.
SvelteKit 2 needs a path "/" for a cookie, not ann empty string. Using name createServerClient for server client so not to be confused with browser client.
Invalidation call was missing in the documentation but is importatnt to keep the layout and UI in sync.
Using prefered way to get session and user from locals which is rerun in hooks for every request. This is more secure way compared to gettting the session and user from layout data because layout data are not refreshed everytime. Also it is important to note that server load functions run all at once.
If you prefere to use layout data do not forget to call await parent()
API Route
Here are the "final" examples in Typescript:
API Route
The rest full code for login, logout, update , reset etc. is in the tutorial.
Additional context
Important issue is for example to show how to protect sensitive pages with session check and redirect (or maybe more generally in hooks.server.js). You can see this in my tutorial
The text was updated successfully, but these errors were encountered: