@blitzjs/rpc does not work without auth plugin

[edrickleong]

What is the problem?

Hi, I am trying to setup the minimal blitzjs project and adding the @blitz/rpc without the @blitz/auth package. I assumed that blitz rpc would work without the blitz auth plugin but it currently throws an error.

Paste all your error logs here:

Error: Internal Blitz Error: globalThis.__BLITZ_SESSION_COOKIE_PREFIX is not set

Paste all relevant code snippets here:

I created a brand new blitz project and made minimal changes to add @blitz/rpc. The reproduced repo and commit to add @blitz/rpc can be found here https://github.com/edrickleong/blitz-rpc-error/commit/dd56ed6145e3e60a453abe9f5a9398b7f585e7a2

What are detailed steps to reproduce this?

1. Clone https://github.com/edrickleong/blitz-rpc-error
2. Run blitz dev

Run blitz -v and paste the output here:

Blitz version: 2.0.0-alpha.65 (local)
macOS Monterey | darwin-x64 | Node: v16.15.1


 Package manager: pnpm

  System:
    OS: macOS 12.5
    CPU: (12) x64 Intel(R) Core(TM) i7-9750H CPU @ 2.60GHz
    Memory: 4.25 GB / 32.00 GB
    Shell: 5.8.1 - /bin/zsh
  Binaries:
    Node: 16.15.1 - ~/.volta/tools/image/node/16.15.1/bin/node
    Yarn: 1.22.17 - ~/.volta/tools/image/yarn/1.22.17/bin/yarn
    npm: 8.4.0 - ~/.volta/tools/image/npm/8.4.0/bin/npm
  npmPackages:
    @blitzjs/auth: Not Found
    @blitzjs/next: alpha => 2.0.0-alpha.65 
    @blitzjs/rpc: alpha => 2.0.0-alpha.65 
    @prisma/client: Not Found
    blitz: 2.0.0-alpha.65 => 2.0.0-alpha.65 
    next: 12.2.0 => 12.2.0 
    prisma: Not Found
    react: 18.0.0 => 18.0.0 
    react-dom: 18.0.0 => 18.0.0 
    typescript: ^4.5.3 => 4.7.4 

Please include below any other applicable logs and screenshots that show your problem:

[itsdillon]

Yup, we're aware of this. Currently we're tinkering on the best approach to this.

[beerose]

Adding some notes on making @blitzjs/rpc work without @blitzjs/auth:

What we need to do:

1. Hook up auth types into the rpc package instead of importing them from @blitzjs/auth. For example, ResolverAuthorize should be different depending on whether the user uses the auth plugin. If yes, we should have AuthenticatedMiddlewareCtx provided as a generic argument to ResultWithContext. Otherwise, we should use MiddlewareCtx or something else.

interface ResolverAuthorize {
  <T, C = Ctx>(...args: Parameters<SessionContextBase["$authorize"]>): (
    input: T,
    ctx: C,
  ) => ResultWithContext<T, AuthenticatedMiddlewareCtx>
}

There are many ways to do it — we can have MiddlewareCtx and augment it with blitz-auth. Or we can pass generic arguments to setupBlitzServer. If we go with augmentation, there are also multiple ways (layers) where the augmentation could happen.

2. Resolver authorize should only be exposed/available if a user is using blitz-auth. setupBlitzServer could pass context to other plugins, and this way we can hook up information about auth-plugin to the rpc plugin without them being explicitly dependent on each other and without rpc plugin knowing about auth plugin.

3. useSession in react-query.ts — it should only be used if a user is using auth plugin. This is something we were talking about before. We were thinking of having hooks like onBeforeRequest etc., in order for plugins to hook up some logic into other plugins.

In this case, auth plugin could define onBeforeRequest: the useSession logic, and it would be used by the rpc plugin without it knowing that the auth plugin exists.

4. Not sure about anti csrf token and public data that are used in __internal_buildRpcClient — something left to figure out.