feat(#14): Update code to match documentation

This commit is contained in:
Josh Creek
2024-07-04 19:27:52 +01:00
parent e15565bb56
commit 113268614b
6 changed files with 42 additions and 38 deletions
+20 -17
View File
@@ -5,45 +5,48 @@ import type { Handle } from '@sveltejs/kit';
export const handle: Handle = async ({ event, resolve }) => { export const handle: Handle = async ({ event, resolve }) => {
event.locals.supabase = createServerClient(PUBLIC_SUPABASE_URL, PUBLIC_SUPABASE_ANON_KEY, { event.locals.supabase = createServerClient(PUBLIC_SUPABASE_URL, PUBLIC_SUPABASE_ANON_KEY, {
cookies: { cookies: {
get: (key) => event.cookies.get(key), getAll: () => event.cookies.getAll(),
/** /**
* Note: You have to add the `path` variable to the * SvelteKit's cookies API requires `path` to be explicitly set in
* set and remove method due to sveltekit's cookie API * the cookie options. Setting `path` to `/` replicates previous/
* requiring this to be set, setting the path to an empty string * standard behavior.
* will replicate previous/standard behaviour (https://kit.svelte.dev/docs/types#public-types-cookies)
*/ */
set: (key, value, options) => { setAll: (cookiesToSet) => {
event.cookies.set(key, value, { ...options, path: '/' }); cookiesToSet.forEach(({ name, value, options }) => {
}, event.cookies.set(name, value, { ...options, path: '/' });
remove: (key, options) => { });
event.cookies.delete(key, { ...options, path: '/' });
} }
} }
}); });
/** /**
* Unlike `supabase.auth.getSession`, which is unsafe on the server because it * Unlike `supabase.auth.getSession()`, which returns the session _without_
* doesn't validate the JWT, this function validates the JWT by first calling * validating the JWT, this function also calls `getUser()` to validate the
* `getUser` and aborts early if the JWT signature is invalid. * JWT before returning the session.
*/ */
event.locals.safeGetSession = async () => { event.locals.safeGetSession = async () => {
const {
data: { session }
} = await event.locals.supabase.auth.getSession();
if (!session) {
return { session: null, user: null };
}
const { const {
data: { user }, data: { user },
error error
} = await event.locals.supabase.auth.getUser(); } = await event.locals.supabase.auth.getUser();
if (error) { if (error) {
// JWT validation has failed
return { session: null, user: null }; return { session: null, user: null };
} }
const {
data: { session }
} = await event.locals.supabase.auth.getSession();
return { session, user }; return { session, user };
}; };
return resolve(event, { return resolve(event, {
filterSerializedResponseHeaders(name) { filterSerializedResponseHeaders(name) {
return name === 'content-range'; return name === 'content-range' || name === 'x-supabase-api-version';
} }
}); });
}; };
+3 -2
View File
@@ -1,10 +1,11 @@
import type { LayoutServerLoad } from './$types'; import type { LayoutServerLoad } from './$types';
export const load: LayoutServerLoad = async ({ locals: { safeGetSession } }) => { export const load: LayoutServerLoad = async ({ locals: { safeGetSession }, cookies }) => {
const { session, user } = await safeGetSession(); const { session, user } = await safeGetSession();
return { return {
session, session,
user user,
cookies: cookies.getAll()
}; };
}; };
+2 -2
View File
@@ -32,8 +32,8 @@
let cookiesAccepted = false; let cookiesAccepted = false;
onMount(() => { onMount(() => {
const { data } = supabase.auth.onAuthStateChange((event, _session) => { const { data } = supabase.auth.onAuthStateChange((event, newSession) => {
if (_session?.expires_at !== session?.expires_at) { if (newSession?.expires_at !== session?.expires_at) {
// tells SvelteKit that the root +layout.ts load function should be executed whenever the session updates to keep the page store in sync. // tells SvelteKit that the root +layout.ts load function should be executed whenever the session updates to keep the page store in sync.
invalidate('supabase:auth'); invalidate('supabase:auth');
} }
+16 -15
View File
@@ -1,25 +1,26 @@
import { createBrowserClient, createServerClient, isBrowser } from '@supabase/ssr';
import { PUBLIC_SUPABASE_ANON_KEY, PUBLIC_SUPABASE_URL } from '$env/static/public'; import { PUBLIC_SUPABASE_ANON_KEY, PUBLIC_SUPABASE_URL } from '$env/static/public';
import type { LayoutLoad } from './$types'; import type { LayoutLoad } from './$types';
import { createBrowserClient, isBrowser, parse } from '@supabase/ssr';
export const load: LayoutLoad = async ({ fetch, data, depends }) => { export const load: LayoutLoad = async ({ fetch, data, depends }) => {
depends('supabase:auth'); depends('supabase:auth');
const supabase = createBrowserClient(PUBLIC_SUPABASE_URL, PUBLIC_SUPABASE_ANON_KEY, { const supabase = isBrowser()
global: { ? createBrowserClient(PUBLIC_SUPABASE_URL, PUBLIC_SUPABASE_ANON_KEY, {
fetch global: {
}, fetch
cookies: {
get(key) {
if (!isBrowser()) {
return JSON.stringify(data.session);
} }
})
const cookie = parse(document.cookie); : createServerClient(PUBLIC_SUPABASE_URL, PUBLIC_SUPABASE_ANON_KEY, {
return cookie[key]; global: {
} fetch
} },
}); cookies: {
getAll() {
return data.cookies;
}
}
});
/** /**
* It's fine to use `getSession` here, because on the client, `getSession` is * It's fine to use `getSession` here, because on the client, `getSession` is
-2
View File
@@ -1,6 +1,4 @@
<script lang="ts"> <script lang="ts">
import { onDestroy } from 'svelte';
import { type User } from '@supabase/auth-js';
import SignUp from '$lib/components/SignUp.svelte'; import SignUp from '$lib/components/SignUp.svelte';
export let data; export let data;
+1
View File
@@ -0,0 +1 @@
<p>Login error</p>