nextjs-auth0 icon indicating copy to clipboard operation
nextjs-auth0 copied to clipboard

Published 20 hours ago verified publisher icon auth0

Edge getSession adds large joi-browser package

Open nocodehummel opened this issue 1 year ago • 9 comments

Checklist

  • [X] The issue can be reproduced in the nextjs-auth0 sample app (or N/A).
  • [X] I have looked into the Readme, Examples, and FAQ and have not found a suitable solution or answer.
  • [X] I have looked into the API documentation and have not found a suitable solution or answer.
  • [X] I have searched the issues and have not found a suitable solution or answer.
  • [X] I have searched the Auth0 Community forums and have not found a suitable solution or answer.
  • [X] I agree to the terms within the Auth0 Code of Conduct.

Description

The Nextjs middleware package contains the joi-browser package when getSession is imported from @auth0/nextjs-auth0/edge. Joi-browser is deprecated and should not be part of the server bundle.

import { NextResponse } from 'next/server';
import { getSession } from '@auth0/nextjs-auth0/edge';

export async function middleware(request: Request) {
  const session = await getSession();
  return NextResponse.next();
}

It has a large impact on the Edge middleware package size.

image

Reproduction

  1. import { getSession } from '@auth0/nextjs-auth0/edge' in middleware.ts.
  2. call getSession inside the middleware function.
  3. build the application with a bundle analyzer.

Additional context

Reproduced with: https://github.com/nordicgit70/nextjs-app/tree/auth0-joi.

nextjs-auth0 version

3.3.0

Next.js version

14.0.2

Node.js version

18.18.2

nocodehummel avatar Nov 27 '23 06:11 nocodehummel

Thanks for raising this @nordicgit70

Joi-browser is deprecated and should not be part of the server bundle.

Will take a look at upgrading to @hapi/[email protected]

adamjmcgrath avatar Nov 30 '23 08:11 adamjmcgrath

Thanks, it would great if the getSession function could have less impact on the bundle size. VSC Import Cost indicates a very large import.

import { useUser } from '@auth0/nextjs-auth0/client'; 12.3k (gzipped: 2.8k)
import { getSession } from '@auth0/nextjs-auth0'; 481.9k (gzipped: 132.9k)

nocodehummel avatar Nov 30 '23 14:11 nocodehummel

Closed by mistake.

nocodehummel avatar Dec 01 '23 05:12 nocodehummel

It looks like joi-browser.min.js is pulled in from joi and is still in there, see https://github.com/hapijs/joi/blob/master/package.json#L8C6-L8C13.

When you say joi-browser, is being deprecated, I assume you refer to the npm package and not the file used in this case, is that correct? In that case, I think having joi-browser.min.js is expected and not deprecated (unless I am missing something?).

I also think we should not migrate to @hapi/joi but stay on joi, see: https://github.com/hapijs/joi/issues/2411

However, we might want to consider moving away from joi altogteher, but that isn't something we can prioritise short term.

frederikprijck avatar Dec 18 '23 10:12 frederikprijck

Hi, my main issue is with the impact on package size. If that could be resolved would be great. I do not have an opinion on the usage of Joi.

nocodehummel avatar Dec 19 '23 07:12 nocodehummel

Hi, is it planned to resolve this?

nocodehummel avatar Mar 27 '24 11:03 nocodehummel

There is currently nothing planned to move away from joi, no.

frederikprijck avatar Mar 27 '24 12:03 frederikprijck

How can I reduce the package size? The package @auth0/nextjs-auth0/edge is too large to run in Edge (middleware).

nocodehummel avatar Mar 27 '24 13:03 nocodehummel