Redwood v0.32

v0.32.2 Highlights :tada:

:open_umbrella: <Set> now takes the prop private to mark a set of routes as Private

For those who like to be less verbose, you can now mark a whole set of Routes as private, without wrapping it in an explicit <Private>block. All the juicy details here: Redwood Router docs

:closed_lock_with_key: Secure Services are available (experimental)

Auth is hard. So is accidentally exposing functionality to the interwebs because you forgot to check for auth in your graphQL query. This release we’re shipping some nifty tricks that make your services secure by default, so we can finally say Auth is was hard. Make sure you read the upgrade guide below to add this functionality to your existing Redwood app.

:open_book: Redwood Security Docs

In addition to documentation about securing Services, Redwood contributors have added and updated many docs with security-specific content, from general overviews to best practices to How-tos. Take a look:

Fixed

Added

Changed

**Dependabot updates**
  • build(deps): bump @typescript-eslint/eslint-plugin from 4.22.0 to 4.23.0 (#2482) 71c433e dependabot[bot]
  • build(deps-dev): bump npm-packlist from 2.1.5 to 2.2.2 (#2464) 0e415b8 dependabot[bot]
  • build(deps): bump @typescript-eslint/parser from 4.22.0 to 4.23.0 (#2483) 84a4f9d dependabot[bot]
  • build(deps): bump lodash from 4.17.20 to 4.17.21 in /tasks/e2e (#2476) bb8ec93 dependabot[bot]
  • build(deps): bump youch from 2.2.1 to 2.2.2 (#2459) 9f3ac7f dependabot[bot]
  • build(deps-dev): bump @types/fs-extra from 9.0.8 to 9.0.11 (#2444) 36618ac dependabot[bot]
  • build(deps): bump fs-extra from 9.1.0 to 10.0.0 (#2446) 13a7e89 dependabot[bot]
  • build(deps): bump youch-terminal from 1.0.1 to 1.1.1 (#2460) 7497136 dependabot[bot]
  • build(deps-dev): bump @supabase/supabase-js from 1.11.8 to 1.11.12 (#2490) 314df63 dependabot[bot]
  • build(deps-dev): bump firebase from 8.4.3 to 8.6.0 (#2494) 6b8ca87 dependabot[bot]
  • build(deps): bump @types/node from 14.14.35 to 15.0.1 (#2369) 3a65eee dependabot[bot]
  • Build(deps): Bump ssri from 6.0.1 to 6.0.2 (#2400) a7a9e6d dependabot[bot]
  • Build(deps): Bump graphql-scalars from 1.9.0 to 1.9.3 (#2408) 96c785b dependabot[bot]
  • Build(deps-dev): Bump @types/node-fetch from 2.5.8 to 2.5.10 (#2411) 34588ef dependabot[bot]
  • Build(deps): Bump esbuild from 0.11.13 to 0.11.16 (#2412) d644c3e dependabot[bot]
  • Build(deps-dev): Bump firebase from 8.4.2 to 8.4.3 (#2414) c062a8b dependabot[bot]
  • Build(deps): Bump graphql-tag from 2.12.2 to 2.12.4 (#2409) f677ab1 dependabot[bot]
  • Bump youch from 2.1.1 to 2.2.1 (#2373) a68cd6d dependabot[bot]
  • Build(deps-dev): Bump firebase-admin from 9.6.0 to 9.7.0 (#2407) f2f26e4 dependabot[bot]
  • Bump typescript from 4.1.3 to 4.2.4 (#2292) 2c38d26 dependabot[bot]
  • Bump @storybook/addon-a11y from 6.2.8 to 6.2.9 (#2387) 6995be3 dependabot[bot]
  • Bump @babel/core from 7.13.15 to 7.13.16 (#2376) 5f0243a dependabot[bot]
  • Bump msal from 1.4.9 to 1.4.10 (#2377) d1ac806 dependabot[bot]
  • Bump @types/pino from 6.3.7 to 6.3.8 (#2378) 97f6fdc dependabot[bot]
  • Bump @apollo/client from 3.3.12 to 3.3.15 (#2379) 2a67471 dependabot[bot]
  • Bump @types/jest from 26.0.21 to 26.0.23 (#2381) 879f724 dependabot[bot]
  • Bump chalk from 4.1.0 to 4.1.1 (#2382) cba16da dependabot[bot]
  • Bump @supabase/supabase-js from 1.11.6 to 1.11.8 (#2383) d34622e dependabot[bot]
  • Bump @graphql-tools/merge from 6.2.10 to 6.2.13 (#2313) 8ed09f0 dependabot[bot]
  • Bump jest-watch-typeahead from 0.6.1 to 0.6.3 (#2348) 4523a90 dependabot[bot]
  • build(deps-dev): bump @types/aws-lambda from 8.10.72 to 8.10.76 (#2357) acd5101 dependabot[bot]
  • build(deps-dev): bump firebase from 8.4.1 to 8.4.2 (#2367) f3a5d56 dependabot[bot]
  • Bump @testing-library/user-event from 13.1.2 to 13.1.6 (#2374) 836a17c dependabot[bot]
  • Bump boxen from 4.2.0 to 5.0.1 (#2308) 6d4400b dependabot[bot]
  • Bump concurrently from 5.3.0 to 6.0.2 (#2295) 9e8f756 dependabot[bot]
  • Bump envinfo from 7.7.4 to 7.8.1 (#2293) 34eaaf5 dependabot[bot]
  • Bump @testing-library/react from 11.2.2 to 11.2.6 (#2291) 82ed18b dependabot[bot]
  • Bump esbuild from 0.11.6 to 0.11.13 (#2337) 76fb814 dependabot[bot]
  • misc Dependabot patch release PRs grouped (#2495) 1607257 @thedavidprice

Breaking :warning:

Nothing to see here! :see_no_evil:


How to Upgrade

Code Modifications

1. Bump React and React-dom versions; remove resolutions

Redwood internally bumped to React v17.0.2. Update the versions in your project’s web/package.json (example file):

// web/package.json

-     "react": "^17.0.1",
-     "react-dom": "^17.0.1"
+     "react": "^17.0.2",
+     "react-dom": "^17.0.2"

And then remove the resolutions from package.json, which are no longer necessary (example file):

// ./package.json

-  },
-   "resolutions": {
-     "react": "17.0.1",
-     "react-dom": "17.0.1"
  }

2. Update .gitignore

If you are using SQLite, you might want to add the following to your project’s .gitignore, which will exclude the file dev.db-journalfrom git commits:

- dev.db
+ dev.db*

Upgrade Packages to v0.32.x from v0.31.x

Run the following command within your App’s directory:

yarn redwood upgrade

Ensure yarn has installed everything correctly by running:

yarn install --force

Upgrading from an earlier version?

Please follow the “how to upgrade” sections for each newer version here :point_right: Releases · redwoodjs/redwood · GitHub, as there may be manual codemods needed for each version.

Upgrading to a version that is not the latest?

The command yarn rw upgrade will always upgrade to the latest (i.e. most recent) Redwood version. If you need to upgrade incrementally to a earlier, specific release, use the --tag option. For example, if you need to upgrade from v0.27.0 to v0.28.4, run the following command:

yarn redwood upgrade --tag 0.28.4

Need help or having trouble upgrading packages?

See this forum topic for manual upgrade instructions and general upgrade help.


Redwood Releases on GitHub

You can see all Redwood release notes and version history on GitHub

2 Likes

I know this is a little late, but I’m fairly certain this version is broke my auth, specifically my identity function.
If users sign up they get a verification email okay, but when that link is clicked and they come back to my website my identify function is now erroring and their email is not verified. (I haven’t tested this flow for a while so that’s why I’ve only realised now.)

I’m still debugging atm but I’m up to the point where I’m certain it was the commit I upgraded the framework that introduced the regression. This commit works fine, where as the one right after it does not.

I can see that auth client on the frontend tries to confirm with the token and sends a request to /.netlify/identity/verify but it get a 422 {"code":422,"msg":"Failed to handle signup webhook"} response back and my function logs produce.

6:44:38 PM: 2021-06-18T08:44:38.496Z	undefined	ERROR	Uncaught Exception 	{"errorType":"Runtime.ImportModuleError","errorMessage":"Error: Cannot find module 'graphql-tag'\nRequire stack:\n- /var/task/node_modules/@redwoodjs/api/dist/makeMergedSchema/rootSchema.js\n- /var/task/node_modules/@redwoodjs/api/dist/makeMergedSchema/makeMergedSchema.js\n- /var/task/node_modules/@redwoodjs/api/dist/index.js\n- /var/task/api/dist/lib/auth.js\n- /var/task/api/dist/services/users/users.js\n- /var/task/api/dist/functions/identity-signup.js\n- /var/task/identity-signup.js\n- /var/runtime/UserFunction.js\n- /var/runtime/index.js","stack":["Runtime.ImportModuleError: Error: Cannot find module 'graphql-tag'","Require stack:","- /var/task/node_modules/@redwoodjs/api/dist/makeMergedSchema/rootSchema.js","- /var/task/node_modules/@redwoodjs/api/dist/makeMergedSchema/makeMergedSchema.js","- /var/task/node_modules/@redwoodjs/api/dist/index.js","- /var/task/api/dist/lib/auth.js","- /var/task/api/dist/services/users/users.js","- /var/task/api/dist/functions/identity-signup.js","- /var/task/identity-signup.js","- /var/runtime/UserFunction.js","- /var/runtime/index.js","    at _loadUserApp (/var/runtime/UserFunction.js:100:13)","    at Object.module.exports.load (/var/runtime/UserFunction.js:140:17)","    at Object.<anonymous> (/var/runtime/index.js:43:30)","    at Module._compile (internal/modules/cjs/loader.js:999:30)","    at Object.Module._extensions..js (internal/modules/cjs/loader.js:1027:10)","    at Module.load (internal/modules/cjs/loader.js:863:32)","    at Function.Module._load (internal/modules/cjs/loader.js:708:14)","    at Function.executeUserEntryPoint [as runMain] (internal/modules/run_main.js:60:12)","    at internal/main/run_main_module.js:17:47"]}
6:44:39 PM: 2021-06-18T08:44:39.766Z	undefined	ERROR	Uncaught Exception 	{"errorType":"Runtime.ImportModuleError","errorMessage":"Error: Cannot find module 'graphql-tag'\nRequire stack:\n- /var/task/node_modules/@redwoodjs/api/dist/makeMergedSchema/rootSchema.js\n- /var/task/node_modules/@redwoodjs/api/dist/makeMergedSchema/makeMergedSchema.js\n- /var/task/node_modules/@redwoodjs/api/dist/index.js\n- /var/task/api/dist/lib/auth.js\n- /var/task/api/dist/services/users/users.js\n- /var/task/api/dist/functions/identity-signup.js\n- /var/task/identity-signup.js\n- /var/runtime/UserFunction.js\n- /var/runtime/index.js","stack":["Runtime.ImportModuleError: Error: Cannot find module 'graphql-tag'","Require stack:","- /var/task/node_modules/@redwoodjs/api/dist/makeMergedSchema/rootSchema.js","- /var/task/node_modules/@redwoodjs/api/dist/makeMergedSchema/makeMergedSchema.js","- /var/task/node_modules/@redwoodjs/api/dist/index.js","- /var/task/api/dist/lib/auth.js","- /var/task/api/dist/services/users/users.js","- /var/task/api/dist/functions/identity-signup.js","- /var/task/identity-signup.js","- /var/runtime/UserFunction.js","- /var/runtime/index.js","    at _loadUserApp (/var/runtime/UserFunction.js:100:13)","    at Object.module.exports.load (/var/runtime/UserFunction.js:140:17)","    at Object.<anonymous> (/var/runtime/index.js:43:30)","    at Module._compile (internal/modules/cjs/loader.js:999:30)","    at Object.Module._extensions..js (internal/modules/cjs/loader.js:1027:10)","    at Module.load (internal/modules/cjs/loader.js:863:32)","    at Function.Module._load (internal/modules/cjs/loader.js:708:14)","    at Function.executeUserEntryPoint [as runMain] (internal/modules/run_main.js:60:12)","    at internal/main/run_main_module.js:17:47"]}
6:44:39 PM: 557dfd2c Duration: 1222.47 ms	Memory Usage: 49 MB	6:44:39 PM: Unknown application error occurred
Runtime.ImportModuleError

At first Error: Cannot find module 'graphql-tag' didn’t make sense to me since I not using anything graphql related in my identity-signup function, but trying to build it locally with esbuild shows the following in the dist/functions/identity-signup.js

// ../node_modules/@redwoodjs/core/esbuild/apiGlobals.js
global.gql = require("graphql-tag");
var {context: context2} = require("@redwoodjs/api");
global.context = context2;

But that only confuses me further as running yarn rw build (i.e without esbuild) then graphql-tag doesn’t appear in the built function and I’m not using esbuild to build the project in prod. My build command is yarn rw deploy netlify, unless that sneakily uses esbuild under the hood :man_shrugging: ?

yarn rw deploy netlify does not require('graphql-tag') in the identity function, so definitely a little lost. not being able to reproduce locally because it’s a netlify infra thing makes it difficult.

I’m going to sleep on it, hopefully I get some insights from putting it on the back burner.

@Irev-Dev I just got the same thing upgrading RBAC Blog with Identity to v0.34 (I confess I skipped v.0.33 and maybe didn’t notice in 32).

The issue is that the RedwoodJS/pino logger doesn’t implement log … just trace, info, debug, war, error etc:

logger.log(`User: ${user.id} signed-up and given roles: ${roles}`)

I have changed to

logger.debug(`User: ${user.id} signed-up and given roles: ${roles}`)

I cannot explain why this didn’t happened before, though.

While you can bind console.log to use the logger like:

console.log = logger.info.bind(logger)

I don’t know a way to have it use log.

Just deployed the fix and is now working for me.

1 Like

Is not or is now?

Either way, thanks for the help with this, DT!

What, me with typos? Shcoking! :wink:

It is foxed. Fixed.

It’s working again.

1 Like

Phew, got it working.

I appreciate the input @dthyresson, I tried removing console logs altogether from everywhere in my API but that didn’t work. According to this comment 422, failed to handle signup webhook is somewhat meaningless since Gotrue uses it for just about any error.

The work around was to believe the error I was getting from the function logs in netlify and make graphql-tag and explicit dependency. Atm I leaning pretty heavily towards this being a Redwood bug, what are your thoughts?

More details of my fix in this PR here.

Ah - you said the magic word trifecta of Netlify + Functions + Dependency and I wonder if you encountered this: Modern, faster Netlify Functions: New bundler and JavaScript features

With the latest release of our function bundler, we’re starting to use esbuild under the hood to handle some parts of this. It also includes an additional step of inlining , where your function code and its dependencies are physically merged into a single file.

The new bundler will be enabled for all projects during the week of May 17, but you can choose to opt-in right now to test the new functionality in public beta and take advantage of the performance improvements immediately.

Perhaps the way Netlify is bundling now wasn’t finding that dependency?

And v.0.32 was released on May 14 so … “week of May 17” does coincide.

Thus make graphql-tag and explicit dependency fixing the issue fits.

You can define a list of modules that should be copied to the generated function artifact with their source and references untouched, skipping the inlining and tree-shaking stages. This is useful for handling dependencies that can’t be inlined, such as modules with native addons.

This is done with the external_node_modules property, which you can apply to all functions, or filter some them by name using a wildcard pattern.

# In your netlify.toml
# All functions
[functions]
  external_node_modules = ["module-one", "module-two"]

# Functions with a name starting with "my-function-*"
[functions."my-function-*"]
  external_node_modules = ["module-three", "module-four"]

# A function named "my-function-1"
[functions.my-function-1]
  external_node_modules = ["module-five", "module-six"]
1 Like

Ah okay, thanks for the extra context.

hmmm I’m not sure what I like better, keep what I’ve got or adding the modules in the netlify.toml, feels like maintaining two sets of dependencies :man_shrugging:.

I would have appreciated a breaking change email from netlify on this one.

I’ve tried

[functions.identity-singup]
  external_node_modules = ["graphql-tag"]

no luck so I’ll stick to my fix for now.

Sounds good.

If you still have question, you might want to try Netlify’s forums or their support team directly as they did say they could

use your feedback to create the best possible experience.

I found out about it in an email from them on 4/21

I thought I had a more prominent/actionable email, but maybe not.

1 Like