feat(next, next-sample): support nextjs edge runtime (#469)

* fix(next-sample): use location assign for sign in redirect

* chore: remove lodash

* chore: ignore vercel cache

* chore: bump essentials version

* feat: next edge package

* feat: add next edge sample

* test: fix js test

* fix: cr fix

* fix: avoid error code breaking change

* chore: fix build

* fix: fix browser test

* fix: fix package file

Author: wangsijie

.gitignore

@@ -29,3 +29,4 @@ cache
 .idea/
 *.pem
 .history
+.vercel

packages/browser/jest.setup.js

@@ -7,7 +7,12 @@ const { TextDecoder, TextEncoder } = require('text-encoder');
 /* eslint-enable unicorn/prefer-module */
 
 /* eslint-disable @silverhand/fp/no-mutation */
-global.crypto.subtle = crypto.webcrypto.subtle;
+// Mock WebCrypto in JSDOM
+if (global.window !== undefined) {
+  global.CryptoKey = crypto.webcrypto.CryptoKey;
+  global.crypto.subtle = crypto.webcrypto.subtle;
+}
+
 global.TextDecoder = TextDecoder;
 global.TextEncoder = TextEncoder;
 /* eslint-enable @silverhand/fp/no-mutation */

packages/browser/package.json

@@ -43,7 +43,6 @@
     "eslint": "^8.38.0",
     "jest": "^29.5.0",
     "jest-environment-jsdom": "^29.5.0",
-    "jest-location-mock": "^1.0.9",
     "jest-matcher-specific-error": "^1.0.0",
     "lint-staged": "^13.0.0",
     "prettier": "^2.8.7",

packages/client/package.json

@@ -32,9 +32,7 @@
     "@logto/js": "^1.1.2",
     "@silverhand/essentials": "^2.6.1",
     "camelcase-keys": "^7.0.1",
-    "jose": "^4.13.2",
-    "lodash.get": "^4.4.2",
-    "lodash.once": "^4.1.1"
+    "jose": "^4.13.2"
   },
   "devDependencies": {
     "@jest/types": "^29.5.0",
@@ -43,8 +41,6 @@
     "@swc/core": "^1.3.50",
     "@swc/jest": "^0.2.24",
     "@types/jest": "^29.5.0",
-    "@types/lodash.get": "^4.4.6",
-    "@types/lodash.once": "^4.1.7",
     "@types/node": "^18.0.0",
     "eslint": "^8.38.0",
     "jest": "^29.5.0",

packages/client/src/errors.ts

@@ -1,34 +1,18 @@
-import type { NormalizeKeyPaths } from '@silverhand/essentials';
-import get from 'lodash.get';
-
 const logtoClientErrorCodes = Object.freeze({
-  sign_in_session: {
-    invalid: 'Invalid sign-in session.',
-    not_found: 'Sign-in session not found.',
-  },
+  'sign_in_session.invalid': 'Invalid sign-in session.',
+  'sign_in_session.not_found': 'Sign-in session not found.',
   not_authenticated: 'Not authenticated.',
   fetch_user_info_failed: 'Unable to fetch user info. The access token may be invalid.',
 });
 
-export type LogtoClientErrorCode = NormalizeKeyPaths<typeof logtoClientErrorCodes>;
-
-const getMessageByErrorCode = (errorCode: LogtoClientErrorCode): string => {
-  // eslint-disable-next-line @typescript-eslint/no-unsafe-assignment
-  const message = get(logtoClientErrorCodes, errorCode);
-
-  if (typeof message === 'string') {
-    return message;
-  }
-
-  return errorCode;
-};
+export type LogtoClientErrorCode = keyof typeof logtoClientErrorCodes;
 
 export class LogtoClientError extends Error {
   code: LogtoClientErrorCode;
   data: unknown;
 
   constructor(code: LogtoClientErrorCode, data?: unknown) {
-    super(getMessageByErrorCode(code));
+    super(logtoClientErrorCodes[code]);
     this.code = code;
     this.data = data;
   }

packages/client/src/index.ts

@@ -20,13 +20,13 @@ import {
 } from '@logto/js';
 import type { Nullable } from '@silverhand/essentials';
 import { createRemoteJWKSet } from 'jose';
-import once from 'lodash.once';
 
 import type { ClientAdapter } from './adapter';
 import { LogtoClientError } from './errors';
 import type { AccessToken, LogtoConfig, LogtoSignInSessionItem } from './types';
 import { isLogtoAccessTokenMap, isLogtoSignInSessionItem } from './types';
 import { buildAccessTokenKey, getDiscoveryEndpoint } from './utils';
+import { once } from './utils/once';
 
 export type { IdTokenClaims, LogtoErrorCode, UserInfoResponse, InteractionMode } from '@logto/js';
 export {

packages/client/src/utils/once.ts

@@ -0,0 +1,20 @@
+type Procedure<T> = (...args: unknown[]) => T;
+
+// TODO @sijie move to essentials
+/* eslint-disable @silverhand/fp/no-let */
+/* eslint-disable @silverhand/fp/no-mutation */
+export function once<T>(function_: Procedure<T>): Procedure<T> {
+  let called = false;
+  let result: T;
+
+  return function (this: unknown, ...args: unknown[]) {
+    if (!called) {
+      called = true;
+      result = function_.apply(this, args);
+    }
+
+    return result;
+  };
+}
+/* eslint-enable @silverhand/fp/no-mutation */
+/* eslint-enable @silverhand/fp/no-let */

packages/js/package.json

@@ -31,8 +31,7 @@
   "dependencies": {
     "@silverhand/essentials": "^2.6.1",
     "camelcase-keys": "^7.0.1",
-    "jose": "^4.13.2",
-    "lodash.get": "^4.4.2"
+    "jose": "^4.13.2"
   },
   "devDependencies": {
     "@jest/types": "^29.5.0",
@@ -41,7 +40,6 @@
     "@swc/core": "^1.3.50",
     "@swc/jest": "^0.2.24",
     "@types/jest": "^29.5.0",
-    "@types/lodash.get": "^4.4.6",
     "@types/node": "^18.0.0",
     "eslint": "^8.38.0",
     "jest": "^29.5.0",

packages/js/src/utils/errors.test.ts

@@ -13,12 +13,12 @@ describe('LogtoError', () => {
   });
 
   test('new LogtoError with error code, which is not related to unique message, should contain message equaling to error code', () => {
-    const code: LogtoErrorCode = 'callback_uri_verification';
+    const code: LogtoErrorCode = 'callback_uri_verification.missing_code';
     const error = 'error_value';
     const errorDescription = 'error_description_content';
     const logtoError = new LogtoError(code, new OidcError(error, errorDescription));
     expect(logtoError).toHaveProperty('code', code);
-    expect(logtoError).toHaveProperty('message', code);
+    expect(logtoError).toHaveProperty('message', 'Missing code in the callback URI');
     expect(logtoError).toHaveProperty('data', { error, errorDescription });
     expect(logtoError.data).toBeInstanceOf(OidcError);
   });

packages/js/src/utils/errors.ts

@@ -1,43 +1,26 @@
-import type { NormalizeKeyPaths } from '@silverhand/essentials';
-import get from 'lodash.get';
-
 import { isArbitraryObject } from './arbitrary-object';
 
 const logtoErrorCodes = Object.freeze({
-  id_token: {
-    invalid_iat: 'Invalid issued at time in the ID token',
-    invalid_token: 'Invalid ID token',
-  },
-  callback_uri_verification: {
-    redirect_uri_mismatched: 'The callback URI mismatches the redirect URI.',
-    error_found: 'Error found in the callback URI',
-    missing_state: 'Missing state in the callback URI',
-    state_mismatched: 'State mismatched in the callback URI',
-    missing_code: 'Missing code in the callback URI',
-  },
+  'id_token.invalid_iat': 'Invalid issued at time in the ID token',
+  'id_token.invalid_token': 'Invalid ID token',
+  'callback_uri_verification.redirect_uri_mismatched':
+    'The callback URI mismatches the redirect URI.',
+  'callback_uri_verification.error_found': 'Error found in the callback URI',
+  'callback_uri_verification.missing_state': 'Missing state in the callback URI',
+  'callback_uri_verification.state_mismatched': 'State mismatched in the callback URI',
+  'callback_uri_verification.missing_code': 'Missing code in the callback URI',
   crypto_subtle_unavailable: 'Crypto.subtle is unavailable in insecure contexts (non-HTTPS).',
   unexpected_response_error: 'Unexpected response error from the server.',
 });
 
-export type LogtoErrorCode = NormalizeKeyPaths<typeof logtoErrorCodes>;
-
-const getMessageByErrorCode = (errorCode: LogtoErrorCode): string => {
-  // eslint-disable-next-line @typescript-eslint/no-unsafe-assignment
-  const message = get(logtoErrorCodes, errorCode);
-
-  if (typeof message === 'string') {
-    return message;
-  }
-
-  return errorCode;
-};
+export type LogtoErrorCode = keyof typeof logtoErrorCodes;
 
 export class LogtoError extends Error {
   code: LogtoErrorCode;
   data: unknown;
 
   constructor(code: LogtoErrorCode, data?: unknown) {
-    super(getMessageByErrorCode(code));
+    super(logtoErrorCodes[code]);
     this.code = code;
     this.data = data;
   }

packages/next-sample/.gitignore

@@ -1 +1,2 @@
 .next
+.vercel

packages/next-sample/libraries/config.ts

@@ -0,0 +1,8 @@
+export const config = {
+  appId: 'appId', // Replace with your own appId
+  appSecret: 'appSecret', // Replace with your own appSecret
+  endpoint: 'http://localhost:3001',
+  baseUrl: 'http://localhost:3000',
+  cookieSecret: 'complex_password_at_least_32_characters_long',
+  cookieSecure: process.env.NODE_ENV === 'production',
+};

packages/next-sample/libraries/logto-edge.ts

@@ -0,0 +1,5 @@
+import LogtoClient from '@logto/next/edge';
+
+import { config } from './config';
+
+export const logtoClient = new LogtoClient(config);

packages/next-sample/libraries/logto.ts

@@ -1,10 +1,5 @@
 import LogtoClient from '@logto/next';
 
-export const logtoClient = new LogtoClient({
-  appId: 'appId', // Replace with your own appId
-  appSecret: 'appSecret', // Replace with your own appSecret
-  endpoint: 'http://localhost:3001',
-  baseUrl: 'http://localhost:3000',
-  cookieSecret: 'complex_password_at_least_32_characters_long',
-  cookieSecure: process.env.NODE_ENV === 'production',
-});
+import { config } from './config';
+
+export const logtoClient = new LogtoClient(config);

packages/next-sample/pages/api/edge.ts

@@ -0,0 +1,33 @@
+import { logtoClient } from '../../libraries/logto-edge';
+
+export default logtoClient.withLogtoApiRoute((request, response) => {
+  if (!request.user.isAuthenticated) {
+    return new Response(
+      JSON.stringify({
+        message: 'Unauthorized',
+      }),
+      {
+        status: 401,
+        headers: {
+          'content-type': 'application/json',
+        },
+      }
+    );
+  }
+
+  return new Response(
+    JSON.stringify({
+      data: 'Protected Resource in Edge API',
+    }),
+    {
+      status: 200,
+      headers: {
+        'content-type': 'application/json',
+      },
+    }
+  );
+});
+
+export const config = {
+  runtime: 'experimental-edge',
+};

packages/next/.gitignore

@@ -0,0 +1 @@
+edge/lib

packages/next/edge/index.ts

@@ -0,0 +1,16 @@
+import BaseClient from '../src/client';
+import type { LogtoNextConfig } from '../src/types';
+import { withIronSessionApiRoute, withIronSessionSsr } from './iron-session-edge';
+
+export { ReservedScope, UserScope } from '@logto/node';
+
+export type { LogtoContext, InteractionMode } from '@logto/node';
+
+export default class LogtoClient extends BaseClient {
+  constructor(config: LogtoNextConfig) {
+    super(config, {
+      withIronSessionApiRoute,
+      withIronSessionSsr,
+    });
+  }
+}

packages/next/edge/iron-session-edge/get-property-descriptor-for-request-session.ts

@@ -0,0 +1,36 @@
+import type { IronSession } from 'iron-session';
+
+export default function getPropertyDescriptorForRequestSession(
+  session: IronSession
+): PropertyDescriptor {
+  return {
+    enumerable: true,
+    get() {
+      return session;
+    },
+    set(value) {
+      const keys = Object.keys(value);
+      const currentKeys = Object.keys(session);
+
+      for (const key of currentKeys) {
+        if (!keys.includes(key)) {
+          /* eslint-disable @typescript-eslint/no-dynamic-delete */
+          /* eslint-disable @silverhand/fp/no-delete */
+          // @ts-expect-error See comment in IronSessionData interface
+          delete session[key];
+          /* eslint-enable @silverhand/fp/no-delete */
+          /* eslint-enable @typescript-eslint/no-dynamic-delete */
+        }
+      }
+
+      for (const key of keys) {
+        /* eslint-disable @typescript-eslint/no-unsafe-assignment */
+        /* eslint-disable @silverhand/fp/no-mutation */
+        // @ts-expect-error See comment in IronSessionData interface
+        session[key] = value[key];
+        /* eslint-enable @silverhand/fp/no-mutation */
+        /* eslint-enable @typescript-eslint/no-unsafe-assignment */
+      }
+    },
+  };
+}

packages/next/edge/iron-session-edge/index.ts

@@ -0,0 +1,62 @@
+import type { IncomingMessage, ServerResponse } from 'http';
+
+import type { IronSessionOptions } from 'iron-session';
+import { getIronSession } from 'iron-session/edge';
+import type {
+  NextApiHandler,
+  GetServerSidePropsContext,
+  GetServerSidePropsResult,
+  NextApiRequest,
+  NextApiResponse,
+} from 'next';
+
+import getPropertyDescriptorForRequestSession from './get-property-descriptor-for-request-session';
+
+// Argument types based on getIronSession function
+type GetIronSessionApiOptions = (
+  request: NextApiRequest,
+  response: NextApiResponse
+) => Promise<IronSessionOptions> | IronSessionOptions;
+
+export function withIronSessionApiRoute(
+  handler: NextApiHandler,
+  options: IronSessionOptions | GetIronSessionApiOptions
+): NextApiHandler {
+  return async (request, response) => {
+    const sessionOptions = options instanceof Function ? await options(request, response) : options;
+    const session = await getIronSession(request, response, sessionOptions);
+
+    // We define req.session as being enumerable (so console.log(req) shows it)
+    // and we also want to allow people to do:
+    // req.session = { admin: true }; or req.session = {...req.session, admin: true};
+    // req.session.save();
+    // eslint-disable-next-line @silverhand/fp/no-mutating-methods
+    Object.defineProperty(request, 'session', getPropertyDescriptorForRequestSession(session));
+
+    return handler(request, response);
+  };
+}
+
+// Argument type based on the SSR context
+type GetIronSessionSsrOptions = (
+  request: IncomingMessage,
+  response: ServerResponse
+) => Promise<IronSessionOptions> | IronSessionOptions;
+
+export function withIronSessionSsr<P extends Record<string, unknown> = Record<string, unknown>>(
+  handler: (
+    context: GetServerSidePropsContext
+  ) => GetServerSidePropsResult<P> | Promise<GetServerSidePropsResult<P>>,
+  options: IronSessionOptions | GetIronSessionSsrOptions
+) {
+  return async (context: GetServerSidePropsContext) => {
+    const sessionOptions =
+      options instanceof Function ? await options(context.req, context.res) : options;
+    const session = await getIronSession(context.req, context.res, sessionOptions);
+
+    // eslint-disable-next-line @silverhand/fp/no-mutating-methods
+    Object.defineProperty(context.req, 'session', getPropertyDescriptorForRequestSession(session));
+
+    return handler(context);
+  };
+}