From c8eb9ed7652de27da2a3a80ec71c0f024860b849 Mon Sep 17 00:00:00 2001 From: scosman Date: Thu, 29 Aug 2024 19:52:23 -0400 Subject: [PATCH] Get up to date with the SB SK guide: https://supabase.com/docs/guides/auth/server-side/sveltekit Supress warnings that are not needed: https://github.com/supabase/auth-js/issues/888#issuecomment-2189298518 --- src/hooks.server.ts | 28 ++++++++++++------- src/routes/(admin)/account/+layout.server.ts | 3 +- src/routes/(admin)/account/+layout.ts | 20 +++++++++++-- .../(marketing)/login/+layout.server.ts | 2 ++ src/routes/(marketing)/login/+layout.ts | 4 +-- 5 files changed, 41 insertions(+), 16 deletions(-) diff --git a/src/hooks.server.ts b/src/hooks.server.ts index 0cfd821f..05fd22d4 100644 --- a/src/hooks.server.ts +++ b/src/hooks.server.ts @@ -14,18 +14,16 @@ export const handle: Handle = async ({ event, resolve }) => { PUBLIC_SUPABASE_ANON_KEY, { cookies: { - get: (key) => event.cookies.get(key), + getAll: () => event.cookies.getAll(), /** - * Note: You have to add the `path` variable to the - * set and remove method due to sveltekit's cookie API - * requiring this to be set, setting the path to an empty string - * will replicate previous/standard behaviour (https://kit.svelte.dev/docs/types#public-types-cookies) + * SvelteKit's cookies API requires `path` to be explicitly set in + * the cookie options. Setting `path` to `/` replicates previous/ + * standard behavior. */ - set: (key, value, options) => { - event.cookies.set(key, value, { ...options, path: "/" }) - }, - remove: (key, options) => { - event.cookies.delete(key, { ...options, path: "/" }) + setAll: (cookiesToSet) => { + cookiesToSet.forEach(({ name, value, options }) => { + event.cookies.set(name, value, { ...options, path: "/" }) + }) }, }, }, @@ -37,6 +35,16 @@ export const handle: Handle = async ({ event, resolve }) => { { auth: { persistSession: false } }, ) + // https://github.com/supabase/auth-js/issues/888#issuecomment-2189298518 + if ("suppressGetSessionWarning" in event.locals.supabase.auth) { + // @ts-expect-error - suppressGetSessionWarning is not part of the official API + event.locals.supabase.auth.suppressGetSessionWarning = true + } else { + console.warn( + "SupabaseAuthClient#suppressGetSessionWarning was removed. See https://github.com/supabase/auth-js/issues/888.", + ) + } + /** * Unlike `supabase.auth.getSession()`, which returns the session _without_ * validating the JWT, this function also calls `getUser()` to validate the diff --git a/src/routes/(admin)/account/+layout.server.ts b/src/routes/(admin)/account/+layout.server.ts index 89cbec90..243726d2 100644 --- a/src/routes/(admin)/account/+layout.server.ts +++ b/src/routes/(admin)/account/+layout.server.ts @@ -3,6 +3,7 @@ import type { LayoutServerLoad } from "./$types" export const load: LayoutServerLoad = async ({ locals: { supabase, safeGetSession }, + cookies, }) => { const { session, user } = await safeGetSession() @@ -16,5 +17,5 @@ export const load: LayoutServerLoad = async ({ .eq("id", user?.id) .single() - return { session, profile } + return { session, profile, cookies: cookies.getAll() } } diff --git a/src/routes/(admin)/account/+layout.ts b/src/routes/(admin)/account/+layout.ts index 0ed9c095..e7533d74 100644 --- a/src/routes/(admin)/account/+layout.ts +++ b/src/routes/(admin)/account/+layout.ts @@ -25,17 +25,31 @@ export const load = async ({ fetch, data, depends, url }) => { fetch, }, cookies: { - // TODO: does not match latest supabase guide - get() { - return JSON.stringify(data.session) + getAll() { + return data.cookies }, }, }) + /** + * It's fine to use `getSession` here, because on the client, `getSession` is + * safe, and on the server, it reads `session` from the `LayoutData`, which + * safely checked the session using `safeGetSession`. + * Source: https://supabase.com/docs/guides/auth/server-side/sveltekit + */ const { data: { session }, } = await supabase.auth.getSession() + // https://github.com/supabase/auth-js/issues/888#issuecomment-2189298518 + if ("suppressGetSessionWarning" in supabase.auth) { + // @ts-expect-error - suppressGetSessionWarning is not part of the official API + supabase.auth.suppressGetSessionWarning = true + } else { + console.warn( + "SupabaseAuthClient#suppressGetSessionWarning was removed. See https://github.com/supabase/auth-js/issues/888.", + ) + } const { data: { user }, } = await supabase.auth.getUser() diff --git a/src/routes/(marketing)/login/+layout.server.ts b/src/routes/(marketing)/login/+layout.server.ts index c844cfa1..af7d4c4f 100644 --- a/src/routes/(marketing)/login/+layout.server.ts +++ b/src/routes/(marketing)/login/+layout.server.ts @@ -4,6 +4,7 @@ import type { LayoutServerLoad } from "./$types" export const load: LayoutServerLoad = async ({ url, locals: { safeGetSession }, + cookies, }) => { const { session } = await safeGetSession() @@ -15,5 +16,6 @@ export const load: LayoutServerLoad = async ({ return { session: session, url: url.origin, + cookies: cookies.getAll(), } } diff --git a/src/routes/(marketing)/login/+layout.ts b/src/routes/(marketing)/login/+layout.ts index 968e2deb..333c525c 100644 --- a/src/routes/(marketing)/login/+layout.ts +++ b/src/routes/(marketing)/login/+layout.ts @@ -22,8 +22,8 @@ export const load = async ({ fetch, data, depends }) => { fetch, }, cookies: { - get() { - return JSON.stringify(data.session) + getAll() { + return data.cookies }, }, })