Forem: simi-obs The latest articles on Forem by simi-obs (@simiobs). https://forem.com/simiobs https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F779971%2F0431712f-3238-433a-8e96-fd19a754e25b.png Forem: simi-obs https://forem.com/simiobs en Deploy Full-Stack Next.js T3App with Cognito and Prisma using AWS Lambda simi-obs Mon, 15 Apr 2024 13:18:11 +0000 https://forem.com/simiobs/deploy-full-stack-nextjs-t3app-with-cognito-and-prisma-using-aws-lambda-2pm4 https://forem.com/simiobs/deploy-full-stack-nextjs-t3app-with-cognito-and-prisma-using-aws-lambda-2pm4 <h2> Author note </h2> <p>This tutorial was originally published as a part of <a href="https://docs.stacktape.com/tutorials/t3-nextjs-app/">Stacktape documentation</a>. I advise to follow this tutorial directly in the Stacktape docs due to better readability and code highlighting.</p> <h2> Introduction </h2> <p>Deploying a full-stack <a href="https://nextjs.org/">Next.js</a> web app can seem complex, but with the right tools, it's straightforward. This tutorial will cover the essentials to get your app up and running quickly:</p> <ul> <li> <strong>Initializing Next.js project using CT3A</strong>: How to initialize a full-stack, typesafe Next.js app using <a href="https://create.t3.gg/">T3 App scaffolder</a>.</li> <li> <strong>Deploying Next.js app on AWS Lambda</strong>: How to use Stacktape to deploy your web app using a serverless approach.</li> <li> <strong>Setting up a Postgres database with Prisma ORM</strong>: Steps to integrate a robust database system with your app using <a href="https://www.prisma.io/">Prisma ORM</a> </li> <li> <strong>Implementing Authentication with Cognito</strong>: Simplify user authentication by integrating AWS Cognito and <a href="https://next-auth.js.org/">NextAuth.js</a> into your app.</li> </ul> <p>This guide is designed to be practical and to the point, ensuring you can deploy your app efficiently with Stacktape.</p> <h2> Prerequisites </h2> <p>To complete this tutorial, you will need:</p> <ul> <li>NodeJS (18+) installed on your system</li> <li> <a href="https://console.stacktape.com/sign-up">Stacktape account</a> and <a href="https://console.stacktape.com/aws-accounts">AWS account connected</a> to your organization</li> <li>(OPTIONAL) If you are using VSCode, we recommend using our <a href="https://marketplace.visualstudio.com/items?itemName=stacktape.vscode-stacktape">Stacktape extension</a> for easier writing of Stacktape template.</li> </ul> <h2> Initializing App Using CT3A </h2> <p>Initialize your app using <a href="https://create.t3.gg/">T3 App scaffolder</a>.</p> <p>To scaffold an app using <code>create-t3-app</code>, run the following commands and answer the command prompt questions:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npm create t3-app@latest </code></pre> </div> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--chtp01yc--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://docs.stacktape.com/static/7d9c86db14fc0a12b66087a8764ba833/e2ccf/t3-prompts.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--chtp01yc--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://docs.stacktape.com/static/7d9c86db14fc0a12b66087a8764ba833/e2ccf/t3-prompts.png" alt="T3 App create - prompt answers" width="572" height="624"></a></p> <p>T3 App create - prompt answers</p> <h2> Create stacktape.yml </h2> <p>In your project directory root, create <code>stacktape.yml</code> file.</p> <p>Every Stacktape project starts with a simple template file. This is your app's single source of truth, the blueprint of your app. Unlike other setups where you might juggle multiple template files for different tools, Stacktape brings everything into one place. You can write your template in YAML, <a href="https://docs.stacktape.com/user-guides/writing-config-in-typescript/">TypeScript</a>, or even Python.</p> <p>In this tutorial, we will be using YAML.</p> <blockquote> <p>To write the Stacktape template more efficiently, consider using our <a href="https://marketplace.visualstudio.com/items?itemName=stacktape.vscode-stacktape">VSCode extension</a> or the <a href="https://simon-console.stacktape.com/stack-composer?editorType=editor">stack composer editor</a> in the console.</p> </blockquote> <h3> Add nextjs-web resource </h3> <p>Add the <strong>resources</strong> section with <a href="https://docs.stacktape.com/compute-resources/nextjs-website/">nextjs-web</a> resource called <code>web</code> to your <code>stacktape.yml</code> file.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">resources</span><span class="pi">:</span> <span class="na">web</span><span class="pi">:</span> <span class="na">type</span><span class="pi">:</span> <span class="s">nextjs-web</span> <span class="na">properties</span><span class="pi">:</span> <span class="na">appDirectory</span><span class="pi">:</span> <span class="s">./</span> </code></pre> </div> <p>Contents of <code>stacktape.yml</code></p> <p>The <strong>nextjs-web</strong> resource type is a purpose-built resource for deploying Next.js app using AWS Lambda. In the background, it packages your Next.js app and creates multiple different AWS resources required to run your website as efficiently as possible. To learn more about the resource, refer to <a href="https://docs.stacktape.com/compute-resources/nextjs-website/">our docs</a>.</p> <h3> Add relational-database resource </h3> <p>In this step, we add a <a href="https://docs.stacktape.com/database-resources/relational-databases/">relational-database</a> resource to our template. Since during the CT3A initialization, we have chosen to use <code>PostgreSQL</code>. Therefore, the database should also use the <code>postgres</code> engine.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">resources</span><span class="pi">:</span> <span class="na">web</span><span class="pi">:</span> <span class="na">type</span><span class="pi">:</span> <span class="s">nextjs-web</span> <span class="na">properties</span><span class="pi">:</span> <span class="na">appDirectory</span><span class="pi">:</span> <span class="s">./</span> <span class="na">database</span><span class="pi">:</span> <span class="na">type</span><span class="pi">:</span> <span class="s">relational-database</span> <span class="na">properties</span><span class="pi">:</span> <span class="na">engine</span><span class="pi">:</span> <span class="na">type</span><span class="pi">:</span> <span class="s">postgres</span> <span class="na">properties</span><span class="pi">:</span> <span class="na">primaryInstance</span><span class="pi">:</span> <span class="na">instanceSize</span><span class="pi">:</span> <span class="s">db.t4g.micro</span> <span class="na">credentials</span><span class="pi">:</span> <span class="na">masterUserPassword</span><span class="pi">:</span> <span class="s">$Secret('t3app-db-password')</span> </code></pre> </div> <p>Contents of <code>stacktape.yml</code></p> <p>You might notice that the password for our database references a secret using a <a href="https://docs.stacktape.com/configuration/directives/#secret">$Secret</a> directive. We will create the secret later in the tutorial.</p> <h3> Add user-auth-pool resource </h3> <p>We use Cognito <a href="https://docs.stacktape.com/security-resources/user-auth-pools/">user-auth-pool</a> to provide an authentication mechanism for our Next.js app. By using this resource, we offload user management and authentication responsibilities from developers to a managed service. Luckily, Cognito <strong>user-auth-pool</strong> easily integrates with <a href="https://next-auth.js.org/">NextAuth.js</a>, which we have chosen as our authentication provider during the CT3A initialization.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">resources</span><span class="pi">:</span> <span class="na">web</span><span class="pi">:</span> <span class="na">type</span><span class="pi">:</span> <span class="s">nextjs-web</span> <span class="na">properties</span><span class="pi">:</span> <span class="na">appDirectory</span><span class="pi">:</span> <span class="s">./</span> <span class="na">database</span><span class="pi">:</span> <span class="na">type</span><span class="pi">:</span> <span class="s">relational-database</span> <span class="na">properties</span><span class="pi">:</span> <span class="na">engine</span><span class="pi">:</span> <span class="na">type</span><span class="pi">:</span> <span class="s">postgres</span> <span class="na">properties</span><span class="pi">:</span> <span class="na">primaryInstance</span><span class="pi">:</span> <span class="na">instanceSize</span><span class="pi">:</span> <span class="s">db.t4g.micro</span> <span class="na">credentials</span><span class="pi">:</span> <span class="na">masterUserPassword</span><span class="pi">:</span> <span class="s">$Secret('t3app-db-password')</span> <span class="na">userPool</span><span class="pi">:</span> <span class="na">type</span><span class="pi">:</span> <span class="s">user-auth-pool</span> <span class="na">properties</span><span class="pi">:</span> <span class="na">generateClientSecret</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">callbackURLs</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">$CfFormat('{}/api/auth/callback/cognito', $ResourceParam('web', 'url'))</span> <span class="na">logoutURLs</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">$CfFormat('{}/api/auth/signout', $ResourceParam('web', 'url'))</span> </code></pre> </div> <p>Contents of <code>stacktape.yml</code></p> <ul> <li><p>You might notice that we have set <code>generateClientSecret</code> to <code>true</code>. Client secret is not generated by default but is required when using <a href="https://next-auth.js.org/providers/cognito">CognitoProvider</a> with NextAuth.js.</p></li> <li><p>We have also set allowed <code>callbackURLs</code> and allowed <code>logoutURLs</code>, which need to be configured for sign-in/sign-out to work.</p></li> </ul> <p>Since we do not know what the URL of our Next.js web will be yet (Stacktape will assign URL during deployment):</p> <ul> <li>we are using <a href="https://docs.stacktape.com/configuration/directives/#cf-format">$CfFormat</a> directive to <strong>"compose" the final URLs during the deployment</strong>.</li> <li>Inside the <strong>$CfFormat</strong> directive, we are using <a href="https://docs.stacktape.com/configuration/directives/#resource-param">$ResourceParam</a> directive to get <code>url</code> parameter of our <code>web</code> resource. This directive will also be resolved during the deployment.</li> </ul> <h3> Add environment variables </h3> <p>We have added <code>relational-database</code> and <code>user-auth-pool</code> resources, but we still need to pass information about them into our <code>nextjs-web</code> resource. We will do this by using environment variables.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">resources</span><span class="pi">:</span> <span class="na">web</span><span class="pi">:</span> <span class="na">type</span><span class="pi">:</span> <span class="s">nextjs-web</span> <span class="na">properties</span><span class="pi">:</span> <span class="na">appDirectory</span><span class="pi">:</span> <span class="s">./</span> <span class="na">environment</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">DATABASE_URL</span> <span class="na">value</span><span class="pi">:</span> <span class="s">$ResourceParam('database', 'connectionString')</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">NEXTAUTH_SECRET</span> <span class="na">value</span><span class="pi">:</span> <span class="s">$Secret('t3app-nextauth-secret')</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">NEXTAUTH_URL</span> <span class="na">value</span><span class="pi">:</span> <span class="s">$ResourceParam('web', 'url')</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">USER_POOL_CLIENT_ID</span> <span class="na">value</span><span class="pi">:</span> <span class="s">$ResourceParam('userPool', 'clientId')</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">USER_POOL_CLIENT_SECRET</span> <span class="na">value</span><span class="pi">:</span> <span class="s">$ResourceParam('userPool', 'clientSecret')</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">USER_POOL_PROVIDER_URL</span> <span class="na">value</span><span class="pi">:</span> <span class="s">$ResourceParam('userPool', 'providerUrl')</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">USER_POOL_DOMAIN</span> <span class="na">value</span><span class="pi">:</span> <span class="s">$ResourceParam('userPool', 'domain')</span> <span class="na">database</span><span class="pi">:</span> <span class="na">type</span><span class="pi">:</span> <span class="s">relational-database</span> <span class="na">properties</span><span class="pi">:</span> <span class="na">engine</span><span class="pi">:</span> <span class="na">type</span><span class="pi">:</span> <span class="s">postgres</span> <span class="na">properties</span><span class="pi">:</span> <span class="na">primaryInstance</span><span class="pi">:</span> <span class="na">instanceSize</span><span class="pi">:</span> <span class="s">db.t4g.micro</span> <span class="na">credentials</span><span class="pi">:</span> <span class="na">masterUserPassword</span><span class="pi">:</span> <span class="s">$Secret('t3app-db-password')</span> <span class="na">userPool</span><span class="pi">:</span> <span class="na">type</span><span class="pi">:</span> <span class="s">user-auth-pool</span> <span class="na">properties</span><span class="pi">:</span> <span class="na">generateClientSecret</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">callbackURLs</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">$CfFormat('{}/api/auth/callback/cognito', $ResourceParam('web', 'url'))</span> <span class="na">logoutURLs</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">$CfFormat('{}/api/auth/signout', $ResourceParam('web', 'url'))</span> </code></pre> </div> <p>Contents of <code>stacktape.yml</code></p> <p>As we can see, we have added a lot of environment variables, so let me break it down for you:</p> <ul> <li> <code>DATABASE_URL</code> - required for communicating with the database. We are using <a href="https://docs.stacktape.com/configuration/directives/#resource-param">$ResourceParam</a> directive to resolve the connection string URL during deployment. <code>NEXTAUTH_SECRET</code> and <code>NEXTAUTH_URL</code>- are required for the correct functioning of NextAuth.js. You can see that we have used a <a href="https://docs.stacktape.com/configuration/directives/#secret">$Secret</a> directive to reference a secret. We will create the secret later in the tutorial.</li> <li> <code>USER_POOL_CLIENT_ID</code> + <code>USER_POOL_CLIENT_SECRET</code> + <code>USER_POOL_PROVIDER_URL</code> + <code>USER_POOL_DOMAIN</code> - these environment variables are resolved during deployment from our <strong>userPool</strong> resource and are required for making CognitoProvider work.</li> </ul> <blockquote> <p>In many cases, it would be easier to use <a href="https://docs.stacktape.com/compute-resources/nextjs-website/#using-connect-to">connectTo</a> property to automatically inject information about other resources into our Next.js web app. In this tutorial, we are adhering to how CT3A names the env variables and we are passing the environment variables explicitly.</p> </blockquote> <h3> Add scripts and hooks </h3> <p>We have all the resources configured but are still missing a few pieces. During CT3A initialization, we chose to use Prisma ORM to make it easy to work and interact with the Postgres database in our stack.</p> <p>The pre-generated schema (data model definitions) resides in <code>prisma/schema.prisma</code> file. To ensure that both <strong>our Prisma client</strong> (which we use in our Next.js web) and <strong>our Postgres database</strong> schema are in sync with our Prisma schema, we need to:</p> <ul> <li> <strong>Before deployment:</strong> generate Prisma client using the command <code>prisma generate</code>. The generated client will be used inside the Next.js web.</li> <li> <strong>After deployment:</strong> migrate Postgres database schema using the command <code>prisma db push</code>, so the Postgres database is in sync with our Prisma schema data model.</li> </ul> <p>To automate these steps and make them part of our deployment process, we will use <a href="https://docs.stacktape.com/configuration/scripts/">scripts</a> and <a href="https://docs.stacktape.com/configuration/hooks/">hooks</a><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">scripts</span><span class="pi">:</span> <span class="na">generateClient</span><span class="pi">:</span> <span class="na">type</span><span class="pi">:</span> <span class="s">local-script</span> <span class="na">properties</span><span class="pi">:</span> <span class="na">executeCommand</span><span class="pi">:</span> <span class="s">npx prisma generate</span> <span class="na">migrateSchema</span><span class="pi">:</span> <span class="na">type</span><span class="pi">:</span> <span class="s">local-script</span> <span class="na">properties</span><span class="pi">:</span> <span class="na">executeCommand</span><span class="pi">:</span> <span class="s">npx prisma db push</span> <span class="na">environment</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">DATABASE_URL</span> <span class="na">value</span><span class="pi">:</span> <span class="s">$ResourceParam('database', 'connectionString')</span> <span class="na">hooks</span><span class="pi">:</span> <span class="na">beforeDeploy</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">scriptName</span><span class="pi">:</span> <span class="s">generateClient</span> <span class="na">afterDeploy</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">scriptName</span><span class="pi">:</span> <span class="s">migrateSchema</span> <span class="na">resources</span><span class="pi">:</span> <span class="na">web</span><span class="pi">:</span> <span class="na">type</span><span class="pi">:</span> <span class="s">nextjs-web</span> <span class="na">properties</span><span class="pi">:</span> <span class="na">appDirectory</span><span class="pi">:</span> <span class="s">./</span> <span class="na">environment</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">DATABASE_URL</span> <span class="na">value</span><span class="pi">:</span> <span class="s">$ResourceParam('database', 'connectionString')</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">NEXTAUTH_SECRET</span> <span class="na">value</span><span class="pi">:</span> <span class="s">$Secret('t3app-nextauth-secret')</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">NEXTAUTH_URL</span> <span class="na">value</span><span class="pi">:</span> <span class="s">$ResourceParam('web', 'url')</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">USER_POOL_CLIENT_ID</span> <span class="na">value</span><span class="pi">:</span> <span class="s">$ResourceParam('userPool', 'clientId')</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">USER_POOL_CLIENT_SECRET</span> <span class="na">value</span><span class="pi">:</span> <span class="s">$ResourceParam('userPool', 'clientSecret')</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">USER_POOL_PROVIDER_URL</span> <span class="na">value</span><span class="pi">:</span> <span class="s">$ResourceParam('userPool', 'providerUrl')</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">USER_POOL_DOMAIN</span> <span class="na">value</span><span class="pi">:</span> <span class="s">$ResourceParam('userPool', 'domain')</span> <span class="na">database</span><span class="pi">:</span> <span class="na">type</span><span class="pi">:</span> <span class="s">relational-database</span> <span class="na">properties</span><span class="pi">:</span> <span class="na">engine</span><span class="pi">:</span> <span class="na">type</span><span class="pi">:</span> <span class="s">postgres</span> <span class="na">properties</span><span class="pi">:</span> <span class="na">primaryInstance</span><span class="pi">:</span> <span class="na">instanceSize</span><span class="pi">:</span> <span class="s">db.t4g.micro</span> <span class="na">credentials</span><span class="pi">:</span> <span class="na">masterUserPassword</span><span class="pi">:</span> <span class="s">$Secret('t3app-db-password')</span> <span class="na">userPool</span><span class="pi">:</span> <span class="na">type</span><span class="pi">:</span> <span class="s">user-auth-pool</span> <span class="na">properties</span><span class="pi">:</span> <span class="na">generateClientSecret</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">callbackURLs</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">$CfFormat('{}/api/auth/callback/cognito', $ResourceParam('web', 'url'))</span> <span class="na">logoutURLs</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">$CfFormat('{}/api/auth/signout', $ResourceParam('web', 'url'))</span> </code></pre> </div> <p>Contents of <code>stacktape.yml</code></p> <p>In the <strong>scripts</strong> section, we have specified two scripts:</p> <ul> <li> <code>generateClient</code> - generates client</li> <li> <code>migrateSchema</code> - migrates schema (env variable <strong>DATABASE_URL</strong> is automatically resolved during script execution).</li> </ul> <p>In the <strong>hooks</strong> section, we reference the scripts to execute during specified deployment phases. This is the way of telling Stacktape when to execute the scripts. You can also execute scripts manually using <a href="https://docs.stacktape.com/cli/commands/script-run/">script:run command</a>.</p> <h2> Create Secrets </h2> <p>In our <code>stacktape.yml</code> we have referenced two secrets <code>t3app-db-password</code> and <code>t3app-nextauth-secret</code>.</p> <p>You can create these secrets easily in <a href="https://console.stacktape.com/secrets">stacktape console</a>.</p> <blockquote> <p>Remember to create secrets in a region where you plan to deploy.</p> </blockquote> <p><a href="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fdre6gqty28n5f29htq5d.png" class="article-body-image-wrapper"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fdre6gqty28n5f29htq5d.png" alt="Secrets page" width="800" height="418"></a></p> <p>Secrets page</p> <p><a href="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Flgz70i7itdzyjwsccj3c.png" class="article-body-image-wrapper"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Flgz70i7itdzyjwsccj3c.png" alt="Create DB password secret" width="800" height="416"></a></p> <p>Create DB password secret</p> <blockquote> <p>From NextAuth.js docs: You can quickly create a good value for the NEXTAUTH_SECRET on the command line via this <strong>openssl</strong> command:<br> <code>openssl rand -base64 32</code></p> </blockquote> <p><a href="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fix49no5fws87c8iuvhhv.png" class="article-body-image-wrapper"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fix49no5fws87c8iuvhhv.png" alt="Create NextAuth.js secret" width="800" height="419"></a></p> <p>Create NextAuth.js secret</p> <h2> Adjust CT3A Next.js app </h2> <p>So far, we have:</p> <ul> <li>initialized our T3 Next.js app</li> <li>created our <code>stacktape.yml</code>,</li> <li>and created secrets.</li> </ul> <p>Last step is to make minor adjustments to the generated Next.js web app to make it work with AWS Lambda (upon which our <strong>nextjs-web</strong> resource is built) and AWS Cognito.</p> <blockquote> <p>In the upcoming sections, we will always highlight parts of the code that were modified.</p> </blockquote> <h3> Modify src/env.js </h3> <p>Apps initialized by CT3A use the <code>@t3-oss/env-nextjs</code> package to bring order, validation, and transparency into environment variables handling.</p> <p>Based on the environment variables we are passing to our <strong>nextjs-web</strong> resource, we need to adjust the <code>src/env.js</code>:</p> <ul> <li>We are commenting out env variables needed for Discord auth (CT3A app initializes a project to use DiscordProvider with NextAuth.js, but we will be using <a href="https://next-auth.js.org/providers/cognito">CognitoProvider</a>) and replacing them with variables needed for Cognito auth.</li> <li>We are disabling/skipping the validation of environment variables during the build because environment variables will be resolved during deployment but are not available during build time. </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">createEnv</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">@t3-oss/env-nextjs</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">z</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">zod</span><span class="dl">"</span><span class="p">;</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">env</span> <span class="o">=</span> <span class="nf">createEnv</span><span class="p">({</span> <span class="cm">/** * Specify your server-side environment variables schema here. This way you can ensure the app * isn't built with invalid env vars. */</span> <span class="na">server</span><span class="p">:</span> <span class="p">{</span> <span class="na">DATABASE_URL</span><span class="p">:</span> <span class="nx">z</span> <span class="p">.</span><span class="nf">string</span><span class="p">()</span> <span class="p">.</span><span class="nf">url</span><span class="p">()</span> <span class="p">.</span><span class="nf">refine</span><span class="p">((</span><span class="nx">str</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="o">!</span><span class="nx">str</span><span class="p">.</span><span class="nf">includes</span><span class="p">(</span><span class="dl">"</span><span class="s2">YOUR_MYSQL_URL_HERE</span><span class="dl">"</span><span class="p">),</span> <span class="dl">"</span><span class="s2">You forgot to change the default URL</span><span class="dl">"</span><span class="p">),</span> <span class="na">NODE_ENV</span><span class="p">:</span> <span class="nx">z</span><span class="p">.</span><span class="nf">enum</span><span class="p">([</span><span class="dl">"</span><span class="s2">development</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">test</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">production</span><span class="dl">"</span><span class="p">]).</span><span class="k">default</span><span class="p">(</span><span class="dl">"</span><span class="s2">development</span><span class="dl">"</span><span class="p">),</span> <span class="na">NEXTAUTH_SECRET</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">NODE_ENV</span> <span class="o">===</span> <span class="dl">"</span><span class="s2">production</span><span class="dl">"</span> <span class="p">?</span> <span class="nx">z</span><span class="p">.</span><span class="nf">string</span><span class="p">()</span> <span class="p">:</span> <span class="nx">z</span><span class="p">.</span><span class="nf">string</span><span class="p">().</span><span class="nf">optional</span><span class="p">(),</span> <span class="na">NEXTAUTH_URL</span><span class="p">:</span> <span class="nx">z</span><span class="p">.</span><span class="nf">preprocess</span><span class="p">(</span> <span class="c1">// This makes Vercel deployments not fail if you don't set NEXTAUTH_URL</span> <span class="c1">// Since NextAuth.js automatically uses the VERCEL_URL if present.</span> <span class="p">(</span><span class="nx">str</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">VERCEL_URL</span> <span class="o">??</span> <span class="nx">str</span><span class="p">,</span> <span class="c1">// VERCEL_URL doesn't include `https` so it cant be validated as a URL</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">VERCEL</span> <span class="p">?</span> <span class="nx">z</span><span class="p">.</span><span class="nf">string</span><span class="p">()</span> <span class="p">:</span> <span class="nx">z</span><span class="p">.</span><span class="nf">string</span><span class="p">().</span><span class="nf">url</span><span class="p">()</span> <span class="p">),</span> <span class="c1">// adding user pool env variables</span> <span class="na">USER_POOL_CLIENT_ID</span><span class="p">:</span> <span class="nx">z</span><span class="p">.</span><span class="nf">string</span><span class="p">(),</span> <span class="na">USER_POOL_CLIENT_SECRET</span><span class="p">:</span> <span class="nx">z</span><span class="p">.</span><span class="nf">string</span><span class="p">(),</span> <span class="na">USER_POOL_PROVIDER_URL</span><span class="p">:</span> <span class="nx">z</span><span class="p">.</span><span class="nf">string</span><span class="p">(),</span> <span class="na">USER_POOL_DOMAIN</span><span class="p">:</span> <span class="nx">z</span><span class="p">.</span><span class="nf">string</span><span class="p">()</span> <span class="c1">// DISCORD_CLIENT_ID: z.string(),</span> <span class="c1">// DISCORD_CLIENT_SECRET: z.string(),</span> <span class="p">},</span> <span class="cm">/** * Specify your client-side environment variables schema here. This way you can ensure the app * isn't built with invalid env vars. To expose them to the client, prefix them with * `NEXT_PUBLIC_`. */</span> <span class="na">client</span><span class="p">:</span> <span class="p">{</span> <span class="c1">// NEXT_PUBLIC_CLIENTVAR: z.string(),</span> <span class="p">},</span> <span class="cm">/** * You can't destruct `process.env` as a regular object in the Next.js edge runtimes (e.g. * middlewares) or client-side so we need to destruct manually. */</span> <span class="na">runtimeEnv</span><span class="p">:</span> <span class="p">{</span> <span class="na">DATABASE_URL</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">DATABASE_URL</span><span class="p">,</span> <span class="na">NODE_ENV</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">NODE_ENV</span><span class="p">,</span> <span class="na">NEXTAUTH_SECRET</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">NEXTAUTH_SECRET</span><span class="p">,</span> <span class="na">NEXTAUTH_URL</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">NEXTAUTH_URL</span><span class="p">,</span> <span class="c1">// user pool env variables</span> <span class="na">USER_POOL_CLIENT_ID</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">USER_POOL_CLIENT_ID</span><span class="p">,</span> <span class="na">USER_POOL_CLIENT_SECRET</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">USER_POOL_CLIENT_SECRET</span><span class="p">,</span> <span class="na">USER_POOL_PROVIDER_URL</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">USER_POOL_PROVIDER_URL</span><span class="p">,</span> <span class="na">USER_POOL_DOMAIN</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">USER_POOL_DOMAIN</span> <span class="c1">// DISCORD_CLIENT_ID : process.env.DISCORD_CLIENT_ID,</span> <span class="c1">// DISCORD_CLIENT_SECRET: process.env.DISCORD_CLIENT_SECRET,</span> <span class="p">},</span> <span class="cm">/** * Run `build` or `dev` with `SKIP_ENV_VALIDATION` to skip env validation. This is especially * useful for Docker builds. */</span> <span class="na">skipValidation</span><span class="p">:</span> <span class="kc">true</span> <span class="c1">// !!process.env.SKIP_ENV_VALIDATION,</span> <span class="cm">/** * Makes it so that empty strings are treated as undefined. `SOME_VAR: z.string()` and * `SOME_VAR=''` will throw an error. */</span> <span class="na">emptyStringAsUndefined</span><span class="p">:</span> <span class="kc">true</span> <span class="p">});</span> </code></pre> </div> <p>Contents of <code>src/env.js</code></p> <h3> Modify src/server/auth.ts </h3> <p>As we have touched on earlier, the CT3A app initializes a project to use DiscordProvider with NextAuth.js, <strong>but we are using <a href="https://next-auth.js.org/providers/cognito">CognitoProvider</a></strong>. Therefore, we need to modify <code>src/server/auth.ts</code>.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">PrismaAdapter</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">@auth/prisma-adapter</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">getServerSession</span><span class="p">,</span> <span class="kd">type</span> <span class="nx">DefaultSession</span><span class="p">,</span> <span class="kd">type</span> <span class="nx">NextAuthOptions</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">next-auth</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="kd">type</span> <span class="nx">Adapter</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">next-auth/adapters</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="nx">CognitoProvider</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">next-auth/providers/cognito</span><span class="dl">"</span><span class="p">;</span> <span class="c1">// import DiscordProvider from "next-auth/providers/discord";</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">env</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">~/env</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">db</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">~/server/db</span><span class="dl">"</span><span class="p">;</span> <span class="cm">/** * Module augmentation for `next-auth` types. Allows us to add custom properties to the `session` * object and keep type safety. * * @see https://next-auth.js.org/getting-started/typescript#module-augmentation */</span> <span class="kr">declare</span> <span class="kr">module</span> <span class="dl">"</span><span class="s2">next-auth</span><span class="dl">"</span> <span class="p">{</span> <span class="kr">interface</span> <span class="nx">Session</span> <span class="kd">extends</span> <span class="nx">DefaultSession</span> <span class="p">{</span> <span class="nl">user</span><span class="p">:</span> <span class="p">{</span> <span class="na">id</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="c1">// ...other properties</span> <span class="c1">// role: UserRole;</span> <span class="p">}</span> <span class="o">&amp;</span> <span class="nx">DefaultSession</span><span class="p">[</span><span class="dl">"</span><span class="s2">user</span><span class="dl">"</span><span class="p">];</span> <span class="p">}</span> <span class="c1">// interface User {</span> <span class="c1">// // ...other properties</span> <span class="c1">// // role: UserRole;</span> <span class="c1">// }</span> <span class="p">}</span> <span class="cm">/** * Options for NextAuth.js used to configure adapters, providers, callbacks, etc. * * @see https://next-auth.js.org/configuration/options */</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">authOptions</span><span class="p">:</span> <span class="nx">NextAuthOptions</span> <span class="o">=</span> <span class="p">{</span> <span class="na">callbacks</span><span class="p">:</span> <span class="p">{</span> <span class="na">session</span><span class="p">:</span> <span class="p">({</span> <span class="nx">session</span><span class="p">,</span> <span class="nx">user</span> <span class="p">})</span> <span class="o">=&gt;</span> <span class="p">({</span> <span class="p">...</span><span class="nx">session</span><span class="p">,</span> <span class="na">user</span><span class="p">:</span> <span class="p">{</span> <span class="p">...</span><span class="nx">session</span><span class="p">.</span><span class="nx">user</span><span class="p">,</span> <span class="na">id</span><span class="p">:</span> <span class="nx">user</span><span class="p">.</span><span class="nx">id</span> <span class="p">}</span> <span class="p">})</span> <span class="p">},</span> <span class="na">adapter</span><span class="p">:</span> <span class="nc">PrismaAdapter</span><span class="p">(</span><span class="nx">db</span><span class="p">)</span> <span class="k">as</span> <span class="nx">Adapter</span><span class="p">,</span> <span class="na">providers</span><span class="p">:</span> <span class="p">[</span> <span class="nc">CognitoProvider</span><span class="p">({</span> <span class="na">clientId</span><span class="p">:</span> <span class="nx">env</span><span class="p">.</span><span class="nx">USER_POOL_CLIENT_ID</span><span class="p">,</span> <span class="na">clientSecret</span><span class="p">:</span> <span class="nx">env</span><span class="p">.</span><span class="nx">USER_POOL_CLIENT_SECRET</span><span class="p">,</span> <span class="na">issuer</span><span class="p">:</span> <span class="nx">env</span><span class="p">.</span><span class="nx">USER_POOL_PROVIDER_URL</span> <span class="p">})</span> <span class="c1">// DiscordProvider({</span> <span class="c1">// clientId: env.DISCORD_CLIENT_ID,</span> <span class="c1">// clientSecret: env.DISCORD_CLIENT_SECRET,</span> <span class="c1">// }),</span> <span class="cm">/** * ...add more providers here. * * Most other providers require a bit more work than the Discord provider. For example, the * GitHub provider requires you to add the `refresh_token_expires_in` field to the Account * model. Refer to the NextAuth.js docs for the provider you want to use. Example: * * @see https://next-auth.js.org/providers/github */</span> <span class="p">]</span> <span class="p">};</span> <span class="cm">/** * Wrapper for `getServerSession` so that you don't need to import the `authOptions` in every file. * * @see https://next-auth.js.org/configuration/nextjs */</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">getServerAuthSession</span> <span class="o">=</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="nf">getServerSession</span><span class="p">(</span><span class="nx">authOptions</span><span class="p">);</span> </code></pre> </div> <p>Contents of <code>src/server/auth.ts</code></p> <h3> Modify src/trpc/react.tsx </h3> <p>During CT3A initialization, we chose to use <a href="https://trpc.io/">tRPC</a> framework. This framework simplifies and accelerates the development of typesafe APIs in TypeScript applications by automatically inferring types from your API to the client.</p> <p>However, CT3A initialized the tRPC client to use new HTTP streaming features, which are still <strong>unstable</strong>. Moreover, streaming is still considered <strong>experimental</strong> with both <a href="https://open-next.js.org/">OpenNEXT</a> adapter (internal part of <strong>nextjs-web</strong> resource) and AWS Lambda (on which the Next.js app will run).</p> <p>Therefore, we <strong>switch from the HTTP streaming to the proven HTTP request/response</strong>.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight tsx"><code><span class="dl">"</span><span class="s2">use client</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">QueryClient</span><span class="p">,</span> <span class="nx">QueryClientProvider</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">@tanstack/react-query</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">loggerLink</span><span class="p">,</span> <span class="nx">httpBatchLink</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">@trpc/client</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">createTRPCReact</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">@trpc/react-query</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">useState</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">react</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="kd">type</span> <span class="nx">AppRouter</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">~/server/api/root</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">getUrl</span><span class="p">,</span> <span class="nx">transformer</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">./shared</span><span class="dl">"</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">createQueryClient</span> <span class="o">=</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="k">new</span> <span class="nc">QueryClient</span><span class="p">();</span> <span class="kd">let</span> <span class="nx">clientQueryClientSingleton</span><span class="p">:</span> <span class="nx">QueryClient</span> <span class="o">|</span> <span class="kc">undefined</span> <span class="o">=</span> <span class="kc">undefined</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">getQueryClient</span> <span class="o">=</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="k">typeof</span> <span class="nb">window</span> <span class="o">===</span> <span class="dl">"</span><span class="s2">undefined</span><span class="dl">"</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// Server: always make a new query client</span> <span class="k">return</span> <span class="nf">createQueryClient</span><span class="p">();</span> <span class="p">}</span> <span class="c1">// Browser: use singleton pattern to keep the same query client</span> <span class="k">return </span><span class="p">(</span><span class="nx">clientQueryClientSingleton</span> <span class="o">??=</span> <span class="nf">createQueryClient</span><span class="p">());</span> <span class="p">};</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">api</span> <span class="o">=</span> <span class="nx">createTRPCReact</span><span class="o">&lt;</span><span class="nx">AppRouter</span><span class="o">&gt;</span><span class="p">();</span> <span class="k">export</span> <span class="kd">function</span> <span class="nf">TRPCReactProvider</span><span class="p">(</span><span class="nx">props</span><span class="p">:</span> <span class="p">{</span> <span class="nl">children</span><span class="p">:</span> <span class="nx">React</span><span class="p">.</span><span class="nx">ReactNode</span> <span class="p">})</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">queryClient</span> <span class="o">=</span> <span class="nf">getQueryClient</span><span class="p">();</span> <span class="kd">const</span> <span class="p">[</span><span class="nx">trpcClient</span><span class="p">]</span> <span class="o">=</span> <span class="nf">useState</span><span class="p">(()</span> <span class="o">=&gt;</span> <span class="nx">api</span><span class="p">.</span><span class="nf">createClient</span><span class="p">({</span> <span class="nx">transformer</span><span class="p">,</span> <span class="na">links</span><span class="p">:</span> <span class="p">[</span> <span class="nf">loggerLink</span><span class="p">({</span> <span class="na">enabled</span><span class="p">:</span> <span class="p">(</span><span class="nx">op</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">NODE_ENV</span> <span class="o">===</span> <span class="dl">"</span><span class="s2">development</span><span class="dl">"</span> <span class="o">||</span> <span class="p">(</span><span class="nx">op</span><span class="p">.</span><span class="nx">direction</span> <span class="o">===</span> <span class="dl">"</span><span class="s2">down</span><span class="dl">"</span> <span class="o">&amp;&amp;</span> <span class="nx">op</span><span class="p">.</span><span class="nx">result</span> <span class="k">instanceof</span> <span class="nb">Error</span><span class="p">)</span> <span class="p">}),</span> <span class="nf">httpBatchLink</span><span class="p">({</span> <span class="na">url</span><span class="p">:</span> <span class="nf">getUrl</span><span class="p">()</span> <span class="p">})</span> <span class="p">]</span> <span class="p">})</span> <span class="p">);</span> <span class="k">return </span><span class="p">(</span> <span class="p">&lt;</span><span class="nc">QueryClientProvider</span> <span class="na">client</span><span class="p">=</span><span class="si">{</span><span class="nx">queryClient</span><span class="si">}</span><span class="p">&gt;</span> <span class="p">&lt;</span><span class="nt">api</span><span class="p">.</span><span class="nc">Provider</span> <span class="na">client</span><span class="p">=</span><span class="si">{</span><span class="nx">trpcClient</span><span class="si">}</span> <span class="na">queryClient</span><span class="p">=</span><span class="si">{</span><span class="nx">queryClient</span><span class="si">}</span><span class="p">&gt;</span> <span class="si">{</span><span class="nx">props</span><span class="p">.</span><span class="nx">children</span><span class="si">}</span> <span class="p">&lt;/</span><span class="nt">api</span><span class="p">.</span><span class="nc">Provider</span><span class="p">&gt;</span> <span class="p">&lt;/</span><span class="nc">QueryClientProvider</span><span class="p">&gt;</span> <span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p>Contents of <code>src/trpc/react.tsx</code></p> <h3> Modify prisma/schema.prisma </h3> <p>By default, the <code>prisma generate</code> command generates a Prisma client that is runnable on your current OS platform (platform of your workstation). However, once we deploy, the Prisma client will be running on AWS Lambda which might (and probably does) use a different underlying OS platform.</p> <p>To make Prisma generate a client for AWS Lambda, we need to specify <code>binaryTargets</code> for client in <code>prisma/schema.prisma</code> file:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>generator client { provider = "prisma-client-js" binaryTargets = ["native", "rhel-openssl-1.0.x"] } datasource db { provider = "postgresql" // NOTE: When using mysql or sqlserver, uncomment the @db.Text annotations in model Account below // Further reading: // https://next-auth.js.org/adapters/prisma#create-the-prisma-schema // https://www.prisma.io/docs/reference/api-reference/prisma-schema-reference#string url = env("DATABASE_URL") } model Post { id Int @id @default(autoincrement()) name String createdAt DateTime @default(now()) updatedAt DateTime @updatedAt createdBy User @relation(fields: [createdById], references: [id]) createdById String @@index([name]) } // ... rest of the schema </code></pre> </div> <p>Contents of <code>prima/schema.prisma</code> (incomplete)</p> <h3> Create src/middleware.ts </h3> <p>NextAuth.js is not perfect. One of the shortcomings is that it currently <a href="https://github.com/nextauthjs/next-auth/issues/5862">does not implement federated logout</a>. This means that even if a user signs out of the Next.js app, <strong>he does NOT get signed out of the Cognito user pool client</strong>. As a consequence, the user is not really being logged out (i.e he is able to login again without providing the credentials). You can read more about this problem in this <a href="https://github.com/nextauthjs/next-auth/discussions/3938">Github thread</a>.</p> <p>The simple solution for this problem is to create a redirect to facilitate the logout. We will implement the redirect using <a href="https://nextjs.org/docs/app/building-your-application/routing/middleware">Next.js middleware</a>. Create a <code>src/middleware.ts</code> file with the following content:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">NextResponse</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">next/server</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="kd">type</span> <span class="p">{</span> <span class="nx">NextRequest</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">next/server</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">env</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">~/env</span><span class="dl">"</span><span class="p">;</span> <span class="c1">// This function can be marked `async` if using `await` inside</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">middleware</span> <span class="o">=</span> <span class="p">(</span><span class="nx">_request</span><span class="p">:</span> <span class="nx">NextRequest</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">NextResponse</span><span class="p">.</span><span class="nf">redirect</span><span class="p">(</span> <span class="p">[</span> <span class="s2">`https://</span><span class="p">${</span><span class="nx">env</span><span class="p">.</span><span class="nx">USER_POOL_DOMAIN</span><span class="p">}</span><span class="s2">/logout?client_id=</span><span class="p">${</span><span class="nx">env</span><span class="p">.</span><span class="nx">USER_POOL_CLIENT_ID</span><span class="p">}</span><span class="s2">`</span><span class="p">,</span> <span class="s2">`logout_uri=</span><span class="p">${</span><span class="nf">encodeURIComponent</span><span class="p">(</span><span class="s2">`</span><span class="p">${</span><span class="nx">env</span><span class="p">.</span><span class="nx">NEXTAUTH_URL</span><span class="p">}</span><span class="s2">/api/auth/signout`</span><span class="p">)}</span><span class="s2">`</span><span class="p">,</span> <span class="s2">`redirect_uri=</span><span class="p">${</span><span class="nf">encodeURIComponent</span><span class="p">(</span><span class="s2">`</span><span class="p">${</span><span class="nx">env</span><span class="p">.</span><span class="nx">NEXTAUTH_URL</span><span class="p">}</span><span class="s2">/api/auth/signout`</span><span class="p">)}</span><span class="s2">`</span><span class="p">,</span> <span class="s2">`response_type=code`</span> <span class="p">].</span><span class="nf">join</span><span class="p">(</span><span class="dl">"</span><span class="s2">&amp;</span><span class="dl">"</span><span class="p">)</span> <span class="p">);</span> <span class="p">};</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">config</span> <span class="o">=</span> <span class="p">{</span> <span class="na">matcher</span><span class="p">:</span> <span class="dl">"</span><span class="s2">/api/signout</span><span class="dl">"</span> <span class="p">};</span> </code></pre> </div> <p>Contents of <code>src/middleware.ts</code></p> <h3> Modify app/page.tsx </h3> <p>Now that we have added the redirect, we need to make use of it inside our Next.js app. Modify the signout link inside the <code>app/page.tsx</code> file:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight tsx"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">unstable_noStore</span> <span class="k">as</span> <span class="nx">noStore</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">next/cache</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="nx">Link</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">next/link</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">CreatePost</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">~/app/_components/create-post</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">getServerAuthSession</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">~/server/auth</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">api</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">~/trpc/server</span><span class="dl">"</span><span class="p">;</span> <span class="k">export</span> <span class="k">default</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">Home</span><span class="p">()</span> <span class="p">{</span> <span class="nf">noStore</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">hello</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">api</span><span class="p">.</span><span class="nx">post</span><span class="p">.</span><span class="nx">hello</span><span class="p">.</span><span class="nf">query</span><span class="p">({</span> <span class="na">text</span><span class="p">:</span> <span class="dl">"</span><span class="s2">from tRPC</span><span class="dl">"</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">session</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">getServerAuthSession</span><span class="p">();</span> <span class="k">return </span><span class="p">(</span> <span class="p">&lt;</span><span class="nt">main</span> <span class="na">className</span><span class="p">=</span><span class="s">"flex min-h-screen flex-col items-center justify-center bg-gradient-to-b from-[#2e026d] to-[#15162c] text-white"</span><span class="p">&gt;</span> <span class="p">&lt;</span><span class="nt">div</span> <span class="na">className</span><span class="p">=</span><span class="s">"container flex flex-col items-center justify-center gap-12 px-4 py-16 "</span><span class="p">&gt;</span> <span class="p">&lt;</span><span class="nt">h1</span> <span class="na">className</span><span class="p">=</span><span class="s">"text-5xl font-extrabold tracking-tight sm:text-[5rem]"</span><span class="p">&gt;</span> Create <span class="p">&lt;</span><span class="nt">span</span> <span class="na">className</span><span class="p">=</span><span class="s">"text-[hsl(280,100%,70%)]"</span><span class="p">&gt;</span>T3<span class="p">&lt;/</span><span class="nt">span</span><span class="p">&gt;</span> App <span class="p">&lt;/</span><span class="nt">h1</span><span class="p">&gt;</span> <span class="p">&lt;</span><span class="nt">div</span> <span class="na">className</span><span class="p">=</span><span class="s">"grid grid-cols-1 gap-4 sm:grid-cols-2 md:gap-8"</span><span class="p">&gt;</span> <span class="p">&lt;</span><span class="nc">Link</span> <span class="na">className</span><span class="p">=</span><span class="s">"flex max-w-xs flex-col gap-4 rounded-xl bg-white/10 p-4 hover:bg-white/20"</span> <span class="na">href</span><span class="p">=</span><span class="s">"https://create.t3.gg/en/usage/first-steps"</span> <span class="na">target</span><span class="p">=</span><span class="s">"_blank"</span> <span class="p">&gt;</span> <span class="p">&lt;</span><span class="nt">h3</span> <span class="na">className</span><span class="p">=</span><span class="s">"text-2xl font-bold"</span><span class="p">&gt;</span>First Steps →<span class="p">&lt;/</span><span class="nt">h3</span><span class="p">&gt;</span> <span class="p">&lt;</span><span class="nt">div</span> <span class="na">className</span><span class="p">=</span><span class="s">"text-lg"</span><span class="p">&gt;</span> Just the basics - Everything you need to know to set up your database and authentication. <span class="p">&lt;/</span><span class="nt">div</span><span class="p">&gt;</span> <span class="p">&lt;/</span><span class="nc">Link</span><span class="p">&gt;</span> <span class="p">&lt;</span><span class="nc">Link</span> <span class="na">className</span><span class="p">=</span><span class="s">"flex max-w-xs flex-col gap-4 rounded-xl bg-white/10 p-4 hover:bg-white/20"</span> <span class="na">href</span><span class="p">=</span><span class="s">"https://create.t3.gg/en/introduction"</span> <span class="na">target</span><span class="p">=</span><span class="s">"_blank"</span> <span class="p">&gt;</span> <span class="p">&lt;</span><span class="nt">h3</span> <span class="na">className</span><span class="p">=</span><span class="s">"text-2xl font-bold"</span><span class="p">&gt;</span>Documentation →<span class="p">&lt;/</span><span class="nt">h3</span><span class="p">&gt;</span> <span class="p">&lt;</span><span class="nt">div</span> <span class="na">className</span><span class="p">=</span><span class="s">"text-lg"</span><span class="p">&gt;</span>Learn more about Create T3 App, the libraries it uses, and how to deploy it.<span class="p">&lt;/</span><span class="nt">div</span><span class="p">&gt;</span> <span class="p">&lt;/</span><span class="nc">Link</span><span class="p">&gt;</span> <span class="p">&lt;/</span><span class="nt">div</span><span class="p">&gt;</span> <span class="p">&lt;</span><span class="nt">div</span> <span class="na">className</span><span class="p">=</span><span class="s">"flex flex-col items-center gap-2"</span><span class="p">&gt;</span> <span class="p">&lt;</span><span class="nt">p</span> <span class="na">className</span><span class="p">=</span><span class="s">"text-2xl text-white"</span><span class="p">&gt;</span><span class="si">{</span><span class="nx">hello</span> <span class="p">?</span> <span class="nx">hello</span><span class="p">.</span><span class="nx">greeting</span> <span class="p">:</span> <span class="dl">"</span><span class="s2">Loading tRPC query...</span><span class="dl">"</span><span class="si">}</span><span class="p">&lt;/</span><span class="nt">p</span><span class="p">&gt;</span> <span class="p">&lt;</span><span class="nt">div</span> <span class="na">className</span><span class="p">=</span><span class="s">"flex flex-col items-center justify-center gap-4"</span><span class="p">&gt;</span> <span class="p">&lt;</span><span class="nt">p</span> <span class="na">className</span><span class="p">=</span><span class="s">"text-center text-2xl text-white"</span><span class="p">&gt;</span> <span class="si">{</span><span class="nx">session</span> <span class="o">&amp;&amp;</span> <span class="p">&lt;</span><span class="nt">span</span><span class="p">&gt;</span>Logged in as <span class="si">{</span><span class="nx">session</span><span class="p">.</span><span class="nx">user</span><span class="p">?.</span><span class="nx">email</span><span class="si">}</span><span class="p">&lt;/</span><span class="nt">span</span><span class="p">&gt;</span><span class="si">}</span> <span class="p">&lt;/</span><span class="nt">p</span><span class="p">&gt;</span> <span class="p">&lt;</span><span class="nc">Link</span> <span class="na">href</span><span class="p">=</span><span class="si">{</span><span class="nx">session</span> <span class="p">?</span> <span class="dl">"</span><span class="s2">/api/signout</span><span class="dl">"</span> <span class="p">:</span> <span class="dl">"</span><span class="s2">/api/auth/signin</span><span class="dl">"</span><span class="si">}</span> <span class="na">className</span><span class="p">=</span><span class="s">"rounded-full bg-white/10 px-10 py-3 font-semibold no-underline transition hover:bg-white/20"</span> <span class="p">&gt;</span> <span class="si">{</span><span class="nx">session</span> <span class="p">?</span> <span class="dl">"</span><span class="s2">Sign out</span><span class="dl">"</span> <span class="p">:</span> <span class="dl">"</span><span class="s2">Sign in</span><span class="dl">"</span><span class="si">}</span> <span class="p">&lt;/</span><span class="nc">Link</span><span class="p">&gt;</span> <span class="p">&lt;/</span><span class="nt">div</span><span class="p">&gt;</span> <span class="p">&lt;/</span><span class="nt">div</span><span class="p">&gt;</span> <span class="p">&lt;</span><span class="nc">CrudShowcase</span> <span class="p">/&gt;</span> <span class="p">&lt;/</span><span class="nt">div</span><span class="p">&gt;</span> <span class="p">&lt;/</span><span class="nt">main</span><span class="p">&gt;</span> <span class="p">);</span> <span class="p">}</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">CrudShowcase</span><span class="p">()</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">session</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">getServerAuthSession</span><span class="p">();</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">session</span><span class="p">?.</span><span class="nx">user</span><span class="p">)</span> <span class="k">return</span> <span class="kc">null</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">latestPost</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">api</span><span class="p">.</span><span class="nx">post</span><span class="p">.</span><span class="nx">getLatest</span><span class="p">.</span><span class="nf">query</span><span class="p">();</span> <span class="k">return </span><span class="p">(</span> <span class="p">&lt;</span><span class="nt">div</span> <span class="na">className</span><span class="p">=</span><span class="s">"w-full max-w-xs"</span><span class="p">&gt;</span> <span class="si">{</span><span class="nx">latestPost</span> <span class="p">?</span> <span class="p">(</span> <span class="p">&lt;</span><span class="nt">p</span> <span class="na">className</span><span class="p">=</span><span class="s">"truncate"</span><span class="p">&gt;</span>Your most recent post: <span class="si">{</span><span class="nx">latestPost</span><span class="p">.</span><span class="nx">name</span><span class="si">}</span><span class="p">&lt;/</span><span class="nt">p</span><span class="p">&gt;</span> <span class="p">)</span> <span class="p">:</span> <span class="p">(</span> <span class="p">&lt;</span><span class="nt">p</span><span class="p">&gt;</span>You have no posts yet.<span class="p">&lt;/</span><span class="nt">p</span><span class="p">&gt;</span> <span class="p">)</span><span class="si">}</span> <span class="p">&lt;</span><span class="nc">CreatePost</span> <span class="p">/&gt;</span> <span class="p">&lt;/</span><span class="nt">div</span><span class="p">&gt;</span> <span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p>Contents of <code>app/page.tsx</code></p> <h2> Deploy </h2> <p>Now, we are ready to deploy. You have two options for how to deploy:</p> <ul> <li>deploy using git (push-to-deploy)</li> <li>deploy using CLI</li> </ul> <h3> Deploy using Git (push-to-deploy) </h3> <p>If you prefer to deploy your app using <code>push-to-deploy</code> Github/Gitlab integration, <a href="https://github.com/new">create a repository</a> and then connect your repository to the <a href="https://console.stacktape.com/create-new-project/git-project-using-console">Stacktape in the console</a>. After that, push your app into the configured repository and branch.</p> <p>To use Git for deploy, you can also follow our detailed <a href="https://docs.stacktape.com/getting-started/deploy-with-git">tutorial</a>.</p> <h3> Deploy using CLI </h3> <p>If you prefer to deploy from your workstation, you can use Stacktape CLI. To install it, follow the <a href="https://docs.stacktape.com/getting-started/setup-stacktape/">instructions in our docs</a>.</p> <p>After you have installed the CLI, use the <a href="https://docs.stacktape.com/cli/commands/codebuild-deploy/">codebuild:deploy</a> or <a href="https://docs.stacktape.com/cli/commands/deploy/">deploy</a> command inside your project directory to deploy your app:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>stacktape deploy <span class="nt">--region</span> eu-west-1 <span class="nt">--stage</span> my-stage <span class="nt">--project-name</span> my-t3-app </code></pre> </div> <h2> Explore the app </h2> <p>Explore your application in the <a href="https://console.stacktape.com/projects">Stacktape console</a>. You can find your app URL and other information there.</p> <blockquote> <p>If you used CLI to deploy URL of your app along with the link to the console will be printed into terminal.</p> </blockquote> Introducing Stacktape - Full power of AWS with Heroku-like experience simi-obs Wed, 13 Apr 2022 11:48:42 +0000 https://forem.com/simiobs/introducing-stacktape-4l9a https://forem.com/simiobs/introducing-stacktape-4l9a <p>So you've just finished writing your application, and now you need to deploy it. You have several options:</p> <ul> <li>You can go with <strong>Kubernetes</strong> and <strong>Terraform</strong>. But the complexity of running this in production can be overwhelming even for a team of dedicated DevOps specialists. There are a lot of <a href="https://k8s.af/">horror stories</a>.</li> <li>Or you could go with <strong>Heroku</strong>. But if you're not willing to pay 5-10 times more for your infrastructure just because your application was easier to deploy, you're going to need something else.</li> <li>You could also choose <strong>Serverless framework</strong> or <strong>Firebase</strong>. But when your use-case evolves, and you need Containers, SQL database or Redis cluster, you're out of luck.</li> <li>Or you could configure everything yourself on AWS. But I believe you can spend your time more productively than reading 100s of pages of documentation trying to figure out how to setup IAM permissions, VPCs, Security groups, Route tables, Subnets and more.</li> </ul> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--_yZnmqg3--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://stacktape.com/static/choose-aws-heroku-meme-5c65dfb70c49fc6a010a87dd55ceef75.jpg" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--_yZnmqg3--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://stacktape.com/static/choose-aws-heroku-meme-5c65dfb70c49fc6a010a87dd55ceef75.jpg" alt="DEV struggles" width="351" height="513"></a></p> <blockquote> <p>Until now, you could chose either "powerful" or "easy". Today, you have another option.</p> </blockquote> <h2> Introducing Stacktape </h2> <p>Stacktape is a <strong>DevOps-free cloud framework</strong> made for developers. It allows you to develop, deploy and run applications on AWS. With 98% less configuration and without the need for DevOps or Cloud expertise.</p> <p>Unlike with other solutions, you can deploy both serverless (AWS lambda-based) and more traditional (container-based) applications. Stacktape also supports 20+ infrastructure components, including <strong>SQL databases, Load balancers, MongoDB Atlas clusters, Batch-jobs, Upstash Kafka topics, Redis clusters &amp; more</strong>.</p> <p>Besides infrastructure management, Stacktape handles:</p> <ul> <li>source code packaging</li> <li>deployments</li> <li>local/remote development</li> <li>and much more</li> </ul> <p>Stacktape also comes with a VScode extension and local development studio (GUI).</p> <h2> Stacktape in action </h2> <p>To deploy a REST API to a production-grade infrastructure on AWS using Stacktape, you'll need just a few lines of configuration:</p> <div class="ltag_gist-liquid-tag"> </div> <p>To deploy your application, all you need is a single command:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>&gt; stacktape deploy --stage test --region eu-west-1 </code></pre> </div> <p>Stacktape will handle the rest:</p> <ul> <li> <strong>Package your source code</strong>, resolve all of its dependencies and create a Docker image</li> <li> <strong>Push the Docker image</strong> to a pre-created container registry on AWS</li> <li> <strong>Configure and provision your infrastructure</strong>. Under the hood, Stacktape will create ~35-40 AWS resources, including VPC, security group, IAM permissions, route tables and more</li> <li><strong>Run your application</strong></li> </ul> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--Xtxvv9jA--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_66%2Cw_880/https://stacktape.com/static/render1649767711990-b5379c56e2334a367419190f67b21cef.gif" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--Xtxvv9jA--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_66%2Cw_880/https://stacktape.com/static/render1649767711990-b5379c56e2334a367419190f67b21cef.gif" alt="Deploying with Stacktape" width="700" height="554"></a></p> <h2> Conclusion </h2> <p>With Stacktape, you get best of both worlds - the simplicity of Heroku, and the power of AWS:</p> <ul> <li>Production grade and fully-managed infrastructure - scalable, reliable, secure and performant</li> <li>Significantly faster time-to-production (few hours to 5 days vs. 3-12 months)</li> <li>DevOps-free, developer-friendly experience</li> <li>Heavily-optimized and efficient deployments</li> <li>Future-proof solution that can scale to any project size</li> <li>Reliable, repeatable and auditable deployments</li> <li>Lower infrastructure costs</li> </ul> <p>We'll be very happy if you give Stacktape a try and let us know what you think.<br> To get started, head over to <a href="https://docs.stacktape.com/getting-started/setup-stacktape/">stacktape docs</a>.</p> <p>You can also join the discussion on <a href="https://news.ycombinator.com/item?id=31014247">Hacker News</a> or <a href="https://www.producthunt.com/posts/stacktape?utm_source=badge-featured&amp;utm_medium=badge&amp;utm_souce=badge-stacktape">ProductHunt</a>.</p> serverless cloud iac aws