Redwood v0.32

v0.32.2 Highlights

<Set> now takes the prop private to mark a set of routes as Private

For those who like to be less verbose, you can now mark a whole set of Routes as private, without wrapping it in an explicit <Private>block. All the juicy details here: Redwood Router docs

Secure Services are available (experimental)

Auth is hard. So is accidentally exposing functionality to the interwebs because you forgot to check for auth in your graphQL query. This release we’re shipping some nifty tricks that make your services secure by default, so we can finally say Auth is was hard. Make sure you read the upgrade guide below to add this functionality to your existing Redwood app.

• Forum Announcement and Discussion Thread
• Redwood Services Doc

Redwood Security Docs

In addition to documentation about securing Services, Redwood contributors have added and updated many docs with security-specific content, from general overviews to best practices to How-tos. Take a look:

• Redwood Security
• Serverless Function Security Considerations
• Webhooks
• GraphQL Security

Fixed

• Lock engines package.json: node 14.x, yarn 1.x (#2474) 6661670 @Tobbe
• Fix babel loose warnings & SVG import (#2475) 9d854ec @dac09
• Call any included onClick before navigating with <Link> and <NavLink> (#2346) 740ca2d @cannikin
• Fix runtime error “Cannot find module ‘prettier’” (#2498) 2e2048a @peterp
• Update error message to reference “rules” instead of “before” 130507c @cannikin
• Stop msw from prompting for the file (#2512) caa4298 @jtoar

Added

• MSW integration: update package, expose additional features (#2063) 4852a6c @msutkowski
• Decode Nhost JWT and add in needed claims and roles for API side (#2350) dace5ef @dthyresson
• Allow private prop on Set (#2364) cb50977 @Tobbe
• Create github workflow to publish release candidate (#2399) ccde222 @renansoares
• Secure Services with beforeResolver (#2272) 064a34d @cannikin
• Pass service args through to beforeResolver verification functions (#2363) 30aec82 @cannikin

Changed

• Rework and Cleanup Seed template for Typescript and multiple inserts (#2432) fe57eed @dthyresson
• Tidies auth template by removing verbose comments (#2433) 6fd86c4 @dthyresson
• Silences log output when in Test environment and with Webhook verifiers (#2491) a6db163 @dthyresson
• improve rw upgrade command and remove “publish PR packages” option (#2497) 0fb8a3b @dac09
• Ignore dev.db-journal (#2496) f19481b @bozdoz
• Bump ts-morph in rw/structure (#2415) 281fda3 @dac09
• upgrade React (et al.) to v17.0.2 (#2375) 7fe4da6 @thedavidprice
• upgrade prisma v2.22.1 (#2493) eb1872f @thedavidprice
• upgrade eslint v7.25.0 and other eslint packages (#2391) 9d8e255 @thedavidprice
• Upgrade @typescript-eslint to v4.22 (dependabot) (#2366) d497c16 @thedavidprice
  
  

Breaking

Nothing to see here!

How to Upgrade

Code Modifications

1. Bump React and React-dom versions; remove resolutions

Redwood internally bumped to React v17.0.2. Update the versions in your project’s web/package.json (example file):

// web/package.json

-     "react": "^17.0.1",
-     "react-dom": "^17.0.1"
+     "react": "^17.0.2",
+     "react-dom": "^17.0.2"

And then remove the resolutions from package.json, which are no longer necessary (example file):

// ./package.json

-  },
-   "resolutions": {
-     "react": "17.0.1",
-     "react-dom": "17.0.1"
  }

2. Update .gitignore

If you are using SQLite, you might want to add the following to your project’s .gitignore, which will exclude the file dev.db-journalfrom git commits:

- dev.db
+ dev.db*

Upgrade Packages to v0.32.x from v0.31.x

Run the following command within your App’s directory:

yarn redwood upgrade

Ensure yarn has installed everything correctly by running:

yarn install --force

Upgrading from an earlier version?

Please follow the “how to upgrade” sections for each newer version here Releases · redwoodjs/redwood · GitHub, as there may be manual codemods needed for each version.

Upgrading to a version that is not the latest?

The command yarn rw upgrade will always upgrade to the latest (i.e. most recent) Redwood version. If you need to upgrade incrementally to a earlier, specific release, use the --tag option. For example, if you need to upgrade from v0.27.0 to v0.28.4, run the following command:

yarn redwood upgrade --tag 0.28.4

Need help or having trouble upgrading packages?

See this forum topic for manual upgrade instructions and general upgrade help.

Redwood Releases on GitHub

You can see all Redwood release notes and version history on GitHub

I know this is a little late, but I’m fairly certain this version is broke my auth, specifically my identity function.
If users sign up they get a verification email okay, but when that link is clicked and they come back to my website my identify function is now erroring and their email is not verified. (I haven’t tested this flow for a while so that’s why I’ve only realised now.)

I’m still debugging atm but I’m up to the point where I’m certain it was the commit I upgraded the framework that introduced the regression. This commit works fine, where as the one right after it does not.

I can see that auth client on the frontend tries to confirm with the token and sends a request to /.netlify/identity/verify but it get a 422 {"code":422,"msg":"Failed to handle signup webhook"} response back and my function logs produce.

6:44:38 PM: 2021-06-18T08:44:38.496Z	undefined	ERROR	Uncaught Exception 	{"errorType":"Runtime.ImportModuleError","errorMessage":"Error: Cannot find module 'graphql-tag'\nRequire stack:\n- /var/task/node_modules/@redwoodjs/api/dist/makeMergedSchema/rootSchema.js\n- /var/task/node_modules/@redwoodjs/api/dist/makeMergedSchema/makeMergedSchema.js\n- /var/task/node_modules/@redwoodjs/api/dist/index.js\n- /var/task/api/dist/lib/auth.js\n- /var/task/api/dist/services/users/users.js\n- /var/task/api/dist/functions/identity-signup.js\n- /var/task/identity-signup.js\n- /var/runtime/UserFunction.js\n- /var/runtime/index.js","stack":["Runtime.ImportModuleError: Error: Cannot find module 'graphql-tag'","Require stack:","- /var/task/node_modules/@redwoodjs/api/dist/makeMergedSchema/rootSchema.js","- /var/task/node_modules/@redwoodjs/api/dist/makeMergedSchema/makeMergedSchema.js","- /var/task/node_modules/@redwoodjs/api/dist/index.js","- /var/task/api/dist/lib/auth.js","- /var/task/api/dist/services/users/users.js","- /var/task/api/dist/functions/identity-signup.js","- /var/task/identity-signup.js","- /var/runtime/UserFunction.js","- /var/runtime/index.js","    at _loadUserApp (/var/runtime/UserFunction.js:100:13)","    at Object.module.exports.load (/var/runtime/UserFunction.js:140:17)","    at Object.<anonymous> (/var/runtime/index.js:43:30)","    at Module._compile (internal/modules/cjs/loader.js:999:30)","    at Object.Module._extensions..js (internal/modules/cjs/loader.js:1027:10)","    at Module.load (internal/modules/cjs/loader.js:863:32)","    at Function.Module._load (internal/modules/cjs/loader.js:708:14)","    at Function.executeUserEntryPoint [as runMain] (internal/modules/run_main.js:60:12)","    at internal/main/run_main_module.js:17:47"]}
6:44:39 PM: 2021-06-18T08:44:39.766Z	undefined	ERROR	Uncaught Exception 	{"errorType":"Runtime.ImportModuleError","errorMessage":"Error: Cannot find module 'graphql-tag'\nRequire stack:\n- /var/task/node_modules/@redwoodjs/api/dist/makeMergedSchema/rootSchema.js\n- /var/task/node_modules/@redwoodjs/api/dist/makeMergedSchema/makeMergedSchema.js\n- /var/task/node_modules/@redwoodjs/api/dist/index.js\n- /var/task/api/dist/lib/auth.js\n- /var/task/api/dist/services/users/users.js\n- /var/task/api/dist/functions/identity-signup.js\n- /var/task/identity-signup.js\n- /var/runtime/UserFunction.js\n- /var/runtime/index.js","stack":["Runtime.ImportModuleError: Error: Cannot find module 'graphql-tag'","Require stack:","- /var/task/node_modules/@redwoodjs/api/dist/makeMergedSchema/rootSchema.js","- /var/task/node_modules/@redwoodjs/api/dist/makeMergedSchema/makeMergedSchema.js","- /var/task/node_modules/@redwoodjs/api/dist/index.js","- /var/task/api/dist/lib/auth.js","- /var/task/api/dist/services/users/users.js","- /var/task/api/dist/functions/identity-signup.js","- /var/task/identity-signup.js","- /var/runtime/UserFunction.js","- /var/runtime/index.js","    at _loadUserApp (/var/runtime/UserFunction.js:100:13)","    at Object.module.exports.load (/var/runtime/UserFunction.js:140:17)","    at Object.<anonymous> (/var/runtime/index.js:43:30)","    at Module._compile (internal/modules/cjs/loader.js:999:30)","    at Object.Module._extensions..js (internal/modules/cjs/loader.js:1027:10)","    at Module.load (internal/modules/cjs/loader.js:863:32)","    at Function.Module._load (internal/modules/cjs/loader.js:708:14)","    at Function.executeUserEntryPoint [as runMain] (internal/modules/run_main.js:60:12)","    at internal/main/run_main_module.js:17:47"]}
6:44:39 PM: 557dfd2c Duration: 1222.47 ms	Memory Usage: 49 MB	6:44:39 PM: Unknown application error occurred
Runtime.ImportModuleError

At first Error: Cannot find module 'graphql-tag' didn’t make sense to me since I not using anything graphql related in my identity-signup function, but trying to build it locally with esbuild shows the following in the dist/functions/identity-signup.js

// ../node_modules/@redwoodjs/core/esbuild/apiGlobals.js
global.gql = require("graphql-tag");
var {context: context2} = require("@redwoodjs/api");
global.context = context2;

But that only confuses me further as running yarn rw build (i.e without esbuild) then graphql-tag doesn’t appear in the built function and I’m not using esbuild to build the project in prod. My build command is yarn rw deploy netlify, unless that sneakily uses esbuild under the hood ?

yarn rw deploy netlify does not require('graphql-tag') in the identity function, so definitely a little lost. not being able to reproduce locally because it’s a netlify infra thing makes it difficult.

I’m going to sleep on it, hopefully I get some insights from putting it on the back burner.

@Irev-Dev I just got the same thing upgrading RBAC Blog with Identity to v0.34 (I confess I skipped v.0.33 and maybe didn’t notice in 32).

The issue is that the RedwoodJS/pino logger doesn’t implement log … just trace, info, debug, war, error etc:

logger.log(`User: ${user.id} signed-up and given roles: ${roles}`)

I have changed to

logger.debug(`User: ${user.id} signed-up and given roles: ${roles}`)

I cannot explain why this didn’t happened before, though.

While you can bind console.log to use the logger like:

console.log = logger.info.bind(logger)

I don’t know a way to have it use log.

Just deployed the fix and is now working for me.

Is not or is now?

Either way, thanks for the help with this, DT!

What, me with typos? Shcoking!

It is foxed. Fixed.

It’s working again.

Phew, got it working.

I appreciate the input @dthyresson, I tried removing console logs altogether from everywhere in my API but that didn’t work. According to this comment 422, failed to handle signup webhook is somewhat meaningless since Gotrue uses it for just about any error.

The work around was to believe the error I was getting from the function logs in netlify and make graphql-tag and explicit dependency. Atm I leaning pretty heavily towards this being a Redwood bug, what are your thoughts?

More details of my fix in this PR here.

Ah - you said the magic word trifecta of Netlify + Functions + Dependency and I wonder if you encountered this: Modern, faster Netlify Functions: New bundler and JavaScript features

With the latest release of our function bundler, we’re starting to use esbuild under the hood to handle some parts of this. It also includes an additional step of inlining , where your function code and its dependencies are physically merged into a single file.

The new bundler will be enabled for all projects during the week of May 17, but you can choose to opt-in right now to test the new functionality in public beta and take advantage of the performance improvements immediately.

Perhaps the way Netlify is bundling now wasn’t finding that dependency?

And v.0.32 was released on May 14 so … “week of May 17” does coincide.

Thus make graphql-tag and explicit dependency fixing the issue fits.

You can define a list of modules that should be copied to the generated function artifact with their source and references untouched, skipping the inlining and tree-shaking stages. This is useful for handling dependencies that can’t be inlined, such as modules with native addons.

This is done with the external_node_modules property, which you can apply to all functions, or filter some them by name using a wildcard pattern.

# In your netlify.toml
# All functions
[functions]
  external_node_modules = ["module-one", "module-two"]

# Functions with a name starting with "my-function-*"
[functions."my-function-*"]
  external_node_modules = ["module-three", "module-four"]

# A function named "my-function-1"
[functions.my-function-1]
  external_node_modules = ["module-five", "module-six"]

Ah okay, thanks for the extra context.

hmmm I’m not sure what I like better, keep what I’ve got or adding the modules in the netlify.toml, feels like maintaining two sets of dependencies .

I would have appreciated a breaking change email from netlify on this one.

I’ve tried

[functions.identity-singup]
  external_node_modules = ["graphql-tag"]

no luck so I’ll stick to my fix for now.

Sounds good.

If you still have question, you might want to try Netlify’s forums or their support team directly as they did say they could

use your feedback to create the best possible experience.

I found out about it in an email from them on 4/21

image799×372 61 KB

I thought I had a more prominent/actionable email, but maybe not.