Skip to content

Moving logic from templates to libs #2989

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 72 commits into
base: main
Choose a base branch
from
Open

Moving logic from templates to libs #2989

Show file tree
Hide file tree
Changes from 26 commits
Commits
Show all changes
72 commits
Select commit Hold shift + click to select a range
b4e1769
WIP initial implementation
infomiho Jul 22, 2025
8b708bb
Apply the SDK location hack to the libs
infomiho Jul 22, 2025
49d979c
Include libs in the built CLI
infomiho Jul 22, 2025
a352e57
Merge branch 'main' into templates-to-libs
infomiho Jul 28, 2025
97a6838
Add build config. Copy libs in the Dockerfile.
infomiho Jul 28, 2025
121901f
Update todoApp package-lock.json
infomiho Jul 28, 2025
4e248ae
Merge branch 'main' into templates-to-libs
infomiho Jul 29, 2025
ac9d038
Fixes libs deps install in Dockerfile
infomiho Jul 29, 2025
3840e58
Move to using npm pack
infomiho Jul 30, 2025
db8aaeb
Formatting
infomiho Jul 30, 2025
ac55723
Client entry point experiment
infomiho Jul 30, 2025
6dfc790
Fix copy command
infomiho Jul 30, 2025
7a84ae8
Formatting
infomiho Jul 30, 2025
e8c955a
Refactor code
infomiho Jul 31, 2025
f0cfe95
Cleanup
infomiho Jul 31, 2025
2f77c1c
Merge branch 'main' into templates-to-libs
infomiho Aug 11, 2025
36b720c
Install script update
infomiho Aug 11, 2025
083fecb
Append hash to tarball path
infomiho Aug 11, 2025
9a70244
Exclude auth lib from Vite optimizations
infomiho Aug 11, 2025
b450ef2
Test auth client code, test using peerDependencies.
infomiho Aug 11, 2025
00e6fbf
Migrate to tsdown
infomiho Aug 11, 2025
90eab52
Refactor unit tests
infomiho Aug 11, 2025
6b6b2f7
Move typeVersions comment
infomiho Aug 11, 2025
3c818cd
d.ts sourcemap. cleanup.
infomiho Aug 11, 2025
7e76f65
PR comments
infomiho Aug 11, 2025
43aaac5
Refactor
infomiho Aug 11, 2025
1073098
Update shell scripts
infomiho Aug 12, 2025
828b096
Use newtype
infomiho Aug 12, 2025
aa05550
Fix unit tests
infomiho Aug 12, 2025
c4099d5
Update exports to be explict about sdk and server exports
infomiho Aug 12, 2025
82f258c
Refactor WaspLib to have the checksum from creation
infomiho Aug 12, 2025
c3454d7
Copy libs to both out and build dir
infomiho Aug 12, 2025
22958f5
Update the README
infomiho Aug 13, 2025
9f3a53a
Update README and WaspLib to clarify library versioning and improve S…
infomiho Aug 13, 2025
a06e101
Remove redundant copying of libs to the build directory
infomiho Aug 13, 2025
1e1d36c
Merge branch 'main' into templates-to-libs
infomiho Aug 14, 2025
190e789
PR comments
infomiho Aug 14, 2025
fb548b0
Fix Dockerfile consistency
infomiho Aug 14, 2025
48dfe49
Comment dots, scripts cleanup.
infomiho Aug 14, 2025
58fe09a
Formatting
infomiho Aug 14, 2025
bd54fb4
Merge branch 'main' into templates-to-libs
infomiho Aug 14, 2025
ef0182b
Improve Tarball module
infomiho Aug 14, 2025
8851649
WaspLibs comment
infomiho Aug 14, 2025
9fc9e17
Add WaspLib comment
infomiho Aug 14, 2025
8a4ce86
Define SDK package name
infomiho Aug 14, 2025
a88c972
Unit tests helper
infomiho Aug 14, 2025
5bd2680
PR comments
infomiho Aug 14, 2025
4f0a8e7
Naming
infomiho Aug 14, 2025
211a04b
Update unit tests
infomiho Aug 14, 2025
03066ee
Move getting WaspLibs out of AppSpec
infomiho Aug 14, 2025
ae1255b
Ignore `tgz` files in e2e tests (#3078)
infomiho Sep 9, 2025
b9ace98
Merge branch 'main' into templates-to-libs
infomiho Sep 9, 2025
f50e54b
Fix unit tests
infomiho Sep 9, 2025
2478372
Merge branch 'main' into templates-to-libs
infomiho Sep 10, 2025
cd5347c
Remove typesVersions since it's redundant now
infomiho Sep 10, 2025
438314a
Rename from @wasp.sh/{libs-auth => lib-auth}
infomiho Sep 10, 2025
10803d4
Improve password tests
infomiho Sep 10, 2025
52fe7f2
Add Reader monad to Generator to use WaspLibs more easily
infomiho Sep 11, 2025
f2df493
Replace explicit copying of libs with generating copy file drafts
infomiho Sep 11, 2025
b234395
PR comments
infomiho Sep 11, 2025
669faca
Merge branch 'main' into templates-to-libs
infomiho Sep 24, 2025
4e6ddbb
Merge branch 'main' into templates-to-libs
infomiho Sep 26, 2025
5f3078e
PR comments
infomiho Sep 26, 2025
b0417a3
Named empty waspLibs list
infomiho Sep 27, 2025
a695db1
Update package copying scripts safety
infomiho Sep 27, 2025
cd6940b
Rename npm dep making fn
infomiho Sep 27, 2025
5771e1f
Update libs README
infomiho Sep 27, 2025
4b5a1c7
Simplify makeWaspLib
infomiho Sep 27, 2025
133e837
Return CI note for the packages README
infomiho Sep 27, 2025
bcab437
Update tsconfig to be more general
infomiho Sep 30, 2025
f1a21e0
Use ESM only profile for arethetypeswrong
infomiho Sep 30, 2025
563c00c
Fix formatting
infomiho Oct 2, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions .github/workflows/waspc-ci.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -111,6 +111,10 @@ jobs:
if: matrix.os == 'ubuntu-22.04' || matrix.os == 'macos-13'
run: ./tools/install_packages_to_data_dir.sh
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we should be using ./run instead of the script in all cases?


- name: Compile Wasp libs and move it into the Cabal data dir
if: matrix.os == 'ubuntu-22.04' || matrix.os == 'macos-13'
run: ./tools/install_libs_to_data_dir.sh

- name: Build external dependencies
run: cabal build --enable-tests --enable-benchmarks --only-dependencies

Expand Down
6 changes: 6 additions & 0 deletions waspc/cli/src/Wasp/Cli/Command/Build.hs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@ import Wasp.CompileOptions (CompileOptions (..))
import Wasp.Generator.Common (ProjectRootDir)
import Wasp.Generator.Monad (GeneratorWarning (GeneratorNeedsMigrationWarning))
import Wasp.Generator.SdkGenerator.Common (sdkRootDirInGeneratedCodeDir, sdkRootDirInProjectRootDir)
import Wasp.Generator.WaspLibs.Common (libsRootDirInGeneratedCodeDir)
import qualified Wasp.Message as Msg
import Wasp.Project.Common
( CompileError,
Expand Down Expand Up @@ -108,6 +109,11 @@ build = do
(waspProjectDir </> dotWaspDirInWaspProjectDir </> generatedCodeDirInDotWaspDir </> sdkRootDirInGeneratedCodeDir)
(buildDir </> sdkRootDirInGeneratedCodeDir)

liftIO $
copyDirectory
(waspProjectDir </> dotWaspDirInWaspProjectDir </> generatedCodeDirInDotWaspDir </> libsRootDirInGeneratedCodeDir)
(buildDir </> libsRootDirInGeneratedCodeDir)

let packageJsonInBuildDir = buildDir </> castRel packageJsonInWaspProjectDir
let packageLockJsonInBuildDir = buildDir </> castRel packageLockJsonInWaspProjectDir
let tsconfigJsonInBuildDir = buildDir </> castRel srcTsConfigPath
Expand Down
1 change: 1 addition & 0 deletions waspc/data/.gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1 +1,2 @@
packages
Generator/libs/*.tgz
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I mentioned this in a different thread, but why don't we ignore the entire libs directory and have the exact same setup as we do with packages?

Empty file added waspc/data/Generator/libs/.gitkeep
View file
Open in desktop
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How come we're using a different system than the one we use for packages?

Specifically, why are we adding this folder to version control instead of creating during install_libs_to_data_dir as we do for install_packages_to_data_dir?

Empty file.
1 change: 1 addition & 0 deletions waspc/data/Generator/templates/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,7 @@ COPY package-lock.json .
COPY tsconfig*.json .
COPY server .wasp/build/server
COPY sdk .wasp/out/sdk
COPY libs .wasp/out/libs
# Install npm packages, resulting in node_modules/.
RUN npm install && cd .wasp/build/server && npm install
{=# usingPrisma =}
Expand Down
2 changes: 1 addition & 1 deletion waspc/data/Generator/templates/react-app/vite.config.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ const defaultViteConfig = {
detectServerImports(),
],
optimizeDeps: {
exclude: ['wasp']
exclude: {=& depsExcludedFromOptimization =}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
exclude: {=& depsExcludedFromOptimization =}
exclude: {=& depsExcludedFromOptimization =}

},
server: {
port: {= defaultClientPort =},
Expand Down
10 changes: 1 addition & 9 deletions waspc/data/Generator/templates/sdk/wasp/auth/forms/Auth.tsx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,11 +2,11 @@
import { useState, createContext } from 'react'
import { createTheme } from '@stitches/react'
import { styled } from 'wasp/core/stitches.config'
import { AuthContext, type ErrorMessage } from '@wasp.sh/libs-auth/client'

import {
type State,
type CustomizationOptions,
type ErrorMessage,
type AdditionalSignupFields,
} from './types'
import { LoginSignupForm } from './internal/common/LoginSignupForm'
Expand Down Expand Up @@ -38,14 +38,6 @@ const HeaderText = styled('h2', {
})


// PRIVATE API
export const AuthContext = createContext({
isLoading: false,
setIsLoading: (isLoading: boolean) => {},
setErrorMessage: (errorMessage: ErrorMessage | null) => {},
setSuccessMessage: (successMessage: string | null) => {},
})

function Auth ({ state, appearance, logo, socialLayout = 'horizontal', additionalSignupFields }: {
state: State;
} & CustomizationOptions & {
Expand Down
5 changes: 2 additions & 3 deletions waspc/data/Generator/templates/sdk/wasp/auth/forms/internal/common/LoginSignupForm.tsx
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,10 +1,9 @@
{{={= =}=}}
import { useContext } from 'react'
import { useForm, UseFormReturn } from 'react-hook-form'
import { styled } from 'wasp/core/stitches.config'
import { config } from 'wasp/client'

import { AuthContext } from '../../Auth'
import { useAuthContext } from '@wasp.sh/libs-auth/client'
import {
Form,
FormInput,
Expand Down Expand Up @@ -146,7 +145,7 @@ export const LoginSignupForm = ({
setErrorMessage,
setSuccessMessage,
setIsLoading,
} = useContext(AuthContext)
} = useAuthContext();
const isLogin = state === 'login'
const cta = isLogin ? 'Log in' : 'Sign up';
{=# isAnyPasswordBasedAuthEnabled =}
Expand Down
7 changes: 4 additions & 3 deletions waspc/data/Generator/templates/sdk/wasp/auth/forms/internal/email/ForgotPasswordForm.tsx
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,13 +1,14 @@
import { useContext } from 'react'
import { useForm } from 'react-hook-form'
import { useAuthContext } from '@wasp.sh/libs-auth/client'

import { requestPasswordReset } from '../../../email/actions/passwordReset.js'
import { Form, FormItemGroup, FormLabel, FormInput, SubmitButton, FormError } from '../Form'
import { AuthContext } from '../../Auth'


// PRIVATE API
export const ForgotPasswordForm = () => {
const { register, handleSubmit, reset, formState: { errors } } = useForm<{ email: string }>()
const { isLoading, setErrorMessage, setSuccessMessage, setIsLoading } = useContext(AuthContext)
const { isLoading, setErrorMessage, setSuccessMessage, setIsLoading } = useAuthContext()
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

When doing big PRs like this, I advise staying away from all other changes, no matter how minor.

This can stay but we should apply the principle to future PRs.

Btw, update the public API table if necessary.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I actually think it's good that he made this change, it's scoped enough to be a demonstration and a proof that it works, without big changes otherwise.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This was a POC where I had to get a feel for how the lib will ship browser code - I didn't want to ship the system which would be completely wrong for browser stuff. I can remove this bit if you want and add it in a separate PR.


const onSubmit = async (data) => {
setIsLoading(true)
Expand Down
8 changes: 4 additions & 4 deletions waspc/data/Generator/templates/sdk/wasp/auth/forms/internal/email/ResetPasswordForm.tsx
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,14 +1,14 @@
import { useContext } from 'react'
import { useForm } from 'react-hook-form'
import { resetPassword } from '../../../email/actions/passwordReset.js'
import { useLocation } from 'react-router-dom'
import { useAuthContext } from '@wasp.sh/libs-auth/client'

import { resetPassword } from '../../../email/actions/passwordReset.js'
import { Form, FormItemGroup, FormLabel, FormInput, SubmitButton, FormError } from '../Form'
import { AuthContext } from '../../Auth'

// PRIVATE API
export const ResetPasswordForm = () => {
const { register, handleSubmit, reset, formState: { errors } } = useForm<{ password: string; passwordConfirmation: string }>()
const { isLoading, setErrorMessage, setSuccessMessage, setIsLoading } = useContext(AuthContext)
const { isLoading, setErrorMessage, setSuccessMessage, setIsLoading } = useAuthContext()
const location = useLocation()
const token = new URLSearchParams(location.search).get('token')
const onSubmit = async (data) => {
Expand Down
6 changes: 3 additions & 3 deletions waspc/data/Generator/templates/sdk/wasp/auth/forms/internal/email/VerifyEmailForm.tsx
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,12 +1,12 @@
import { useContext, useEffect } from 'react'
import { useEffect } from 'react'
import { useLocation } from 'react-router-dom'
import { useAuthContext } from '@wasp.sh/libs-auth/client'
import { verifyEmail } from '../../../email/actions/verifyEmail.js'
import { Message } from '../Message'
import { AuthContext } from '../../Auth'

// PRIVATE API
export const VerifyEmailForm = () => {
const { isLoading, setErrorMessage, setSuccessMessage, setIsLoading } = useContext(AuthContext)
const { isLoading, setErrorMessage, setSuccessMessage, setIsLoading } = useAuthContext()
const location = useLocation()
const token = new URLSearchParams(location.search).get('token')

Expand Down
6 changes: 0 additions & 6 deletions waspc/data/Generator/templates/sdk/wasp/auth/forms/types.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,12 +21,6 @@ export type CustomizationOptions = {
appearance?: Parameters<typeof createTheme>[0]
}

// PRIVATE API
export type ErrorMessage = {
title: string
description?: string
}

// PRIVATE API
export type FormState = {
isLoading: boolean
Expand Down
25 changes: 9 additions & 16 deletions waspc/data/Generator/templates/sdk/wasp/auth/jwt.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,22 +1,15 @@
import * as jwt from 'oslo/jwt'
import { config } from 'wasp/server'
import { createJWTHelpers } from "@wasp.sh/libs-auth";

const JWT_SECRET = new TextEncoder().encode(config.auth.jwtSecret)
const JWT_ALGORITHM = 'HS256'
import { config } from "wasp/server";

// PRIVATE API
export function createJWT(
data: Parameters<typeof jwt.createJWT>[2],
options: Parameters<typeof jwt.createJWT>[3],
): Promise<string> {
return jwt.createJWT(JWT_ALGORITHM, JWT_SECRET, data, options)
}
const JWT_SECRET = new TextEncoder().encode(config.auth.jwtSecret);
const JWT_ALGORITHM = "HS256";

// PRIVATE API
export async function validateJWT<Payload>(token: string): Promise<Payload> {
const { payload } = await jwt.validateJWT(JWT_ALGORITHM, JWT_SECRET, token)
return payload as Payload
}
export const { createJWT, validateJWT } = createJWTHelpers(
JWT_SECRET,
JWT_ALGORITHM,
);

// PRIVATE API
export { TimeSpan } from 'oslo'
export { TimeSpan } from "@wasp.sh/libs-auth";
37 changes: 1 addition & 36 deletions waspc/data/Generator/templates/sdk/wasp/auth/password.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,36 +1 @@
import { hash, verify, Version, type Options } from "@node-rs/argon2";

// The options are the same as the ones used in the oslo/password library
const hashingOptions: Options = {
memoryCost: 19456,
timeCost: 2,
outputLen: 32,
parallelism: 1,
version: Version.V0x13,
};

// PRIVATE API
export async function hashPassword(password: string): Promise<string> {
return hash(normalizePassword(password), hashingOptions);
}

// PRIVATE API
export async function verifyPassword(
hashedPassword: string,
password: string
): Promise<void> {
const validPassword = await verify(
hashedPassword,
normalizePassword(password),
hashingOptions
);
if (!validPassword) {
throw new Error("Invalid password");
}
}

// We are normalising the password to ensure that the password is always hashed in the same way
// We have the same normalising process as oslo/password did in the past
function normalizePassword(password: string): string {
return password.normalize("NFKC");
}
export { hashPassword, verifyPassword } from "@wasp.sh/libs-auth";
10 changes: 5 additions & 5 deletions waspc/data/Generator/templates/server/src/auth/providers/oauth/cookies.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,13 +1,13 @@
import { parseCookies } from "@wasp.sh/libs-auth";
Copy link
Contributor Author

@infomiho infomiho Jul 31, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I made this refactor by mistake not realizing that I'm touching the server and not the SDK. It works because the @wasp.sh/libs-auth is installed in the root node_modules... but it breaks our philosophy that we introduced with 0.12.0: user imports from the SDK -> framework imports user code.

If the server imports the auth lib directly, I consider that importing the SDK since the auth lib is just an implementation detail of the SDK.

So, how do we tackle this? The server doesn't have oslo listed as one of its deps (meaning this worked just because SDK had oslo as a dep).

Do we add oslo as the dep of the server to be precise?

Can we avoid the server using oslo directly? That would mean that the server uses the SDK?

Do we consider server using the auth lib directly a violation of our 0.12.0 philosophy?

cc: @sodic

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think a straightforward solution would be to have libs-auth-server and libs-auth-sdk etc
Or the same library with multiple exports should be fine, no?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've encoded this worry in this issue as we'll need to figure out the naming: #3069

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Latest status: I've implemented the proposal from the linked issue in this PR #3069

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I like the idea of not "dragging" the server's import chain through the SDK if it isn't necessary. Since SDK will become heavily templated, we want to decouple it from the rest of our codebase as best we can, which means minimizing SDK exports into the framework code.

the SDK since the auth lib is just an implementation detail of the SDK.

This makes sense too because framework code importing stuff from multiple locations seems messy, and I'm 90% sure it will have to import templated stuff at some point.

I'll have to think about this some more, we can discuss it on a call.

import {
Request as ExpressRequest,
Response as ExpressResponse,
} from 'express';
import { parseCookies } from 'oslo/cookie';
} from "express";

import type { ProviderConfig } from 'wasp/auth/providers/types';
import { config } from 'wasp/server';
import type { ProviderConfig } from "wasp/auth/providers/types";
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Double quotes? Is this a formatting mistake?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not sure if we are consistent with formatting in the templates, I'll revert the change to keep the diff cleaner 👍

import { config } from "wasp/server";

import type { OAuthStateFieldName } from './state';
import type { OAuthStateFieldName } from "./state";

export function setOAuthCookieValue(
provider: ProviderConfig,
Expand Down
Loading
Loading