fix(next-iron-session): modernize App Router examples for Next.js 16#30
Closed
riceharvest wants to merge 59 commits intomainfrom
Closed
fix(next-iron-session): modernize App Router examples for Next.js 16#30riceharvest wants to merge 59 commits intomainfrom
riceharvest wants to merge 59 commits intomainfrom
Conversation
- Upgraded multiple packages to modern standards (Next.js, Next-auth, PWA, SEO). - Added new utility packages: critters, next-circuit-breaker, next-csrf, next-images, next-json-ld. - Integrated Changesets for versioning. - Updated CI/CD workflows and linting configurations. - Fixed numerous linting and type-checking issues across the monorepo.
- Remove legacy NextAuth adapters and resolve workspace version conflicts - Clean up test warning noise and fix tsconfig/jest setups for next-auth - Update Workbox/Terser dependencies in next-pwa to align with workspace - Synchronize root lockfile to reflect nested package resolutions
Fixes `JWT_AUTO_GENERATED_SIGNING_KEY` and `JWT_AUTO_GENERATED_ENCRYPTION_KEY` warnings properly by supplying JWKs directly in the test suite rather than mocking the logger.
…te tests to Vitest
…d update tests to Vitest
Review Summary by QodoComprehensive modernization of test infrastructure, security enhancements, and new MDX/Auth systems with improved type safety
WalkthroughsDescription• **Comprehensive modernization of test infrastructure**: Migrated multiple test suites from Jest/Vitest to Node.js native test runner (node:test) and updated Vitest assertions to modern syntax across next-iron-session, next-images, next-csrf, next-cookies, and react-virtualized packages • **CSRF security enhancements**: Added flexible token extraction with getRequestToken() helper, implemented App Router CSRF verification for Server Actions, separated cookie security policies for secrets vs tokens, and added new error codes for token validation • **MDX content system**: Created complete MDX module with file discovery (get-files.ts), node retrieval with caching (get-nodes.ts), configuration loading (get-config.ts), table of contents generation, and client-side hydration utilities • **React Query Auth example**: Implemented full authentication system with mock database (user management, password hashing), MSW API handlers, authentication configuration, and comprehensive API client • **Session utilities enhancement**: Added duration unit parsing (s, m, h, d) to parseTime(), improved cookie serialization, and enhanced type safety with explicit type exports • **Build and configuration improvements**: Updated tsup configurations for multiple packages, simplified Vitest setups, added Next.js 13+ native transpilePackages support detection, and refactored plugin composition logic • **Type safety improvements**: Added explicit type imports and exports, improved TypeScript compatibility with type casting, created comprehensive type definitions for PWA and react-virtualized • **Security fixes**: Fixed CSS inlining robustness in Critters with proper stylesheet handling and URL sanitization, improved container detection with fallback logic • **Plugin system enhancements**: Implemented core plugin composition with phase-based filtering, optional plugin resolution, and configuration merging for next-compose-plugins • **Image optimization**: Created complete image optimization system with loader detection, resource query configuration, webpack integration, and support for multiple image formats • **NextAuth improvements**: Migrated JWT tests to Vitest with cryptographic key fixtures, implemented Prisma legacy adapter, added OAuth client cleanup, and created build configuration with auto-generated provider exports • **Cookie optimization**: Added singleton browser cookie instance caching to reduce unnecessary instantiation • **Iron-session compatibility**: Improved type flexibility for crypto handling with broader compatibility • **Test coverage additions**: Added comprehensive test suites for CSRF middleware, optional plugins, phase-based configuration, plugin composition, MDX functionality, and image optimization loaders Diagramflowchart LR
A["Test Framework Migration<br/>Jest/Vitest → Node.js native"] --> B["Enhanced Test Coverage"]
C["CSRF Security<br/>Token extraction & App Router"] --> D["Improved Security"]
E["MDX System<br/>File discovery, nodes, config"] --> F["Content Management"]
G["React Query Auth<br/>Mock DB, MSW, API client"] --> H["Example Implementation"]
I["Session Utils<br/>Duration parsing, type safety"] --> J["Better Utilities"]
K["Build Config<br/>tsup, Next.js 13+ support"] --> L["Optimized Builds"]
M["Type Definitions<br/>PWA, react-virtualized"] --> N["Type Safety"]
O["Image Optimization<br/>Loaders, webpack integration"] --> P["Asset Optimization"]
B --> Q["Modernized Codebase"]
D --> Q
F --> Q
H --> Q
J --> Q
L --> Q
N --> Q
P --> Q
File Changes1. packages/next-images/test/index.test.ts
|
Code Review by Qodo
1. Prettier violations in new files
|
Contributor
Code Review SummaryStatus: No Issues Found | Recommendation: Merge Files Reviewed (2 files)
Changes Made:
The changes are minimal and focused on fixing the examples. The code should now work correctly with Next.js 16. |
![qodo-code-review[bot]](https://avatars.githubusercontent.com/in/484649?s=60&v=4){kind=small}
Comment on lines
+1
to
+10
| import { defineConfig } from "vitest/config" | ||
|
|
||
| export default defineConfig({ | ||
| test: { | ||
| globals: true, | ||
| env: { | ||
| NEXTAUTH_URL: "http://localhost:3000/api/auth", | ||
| }, | ||
| }, | ||
| }) |
There was a problem hiding this comment.
1. Prettier violations in new files 📘 Rule violation ✓ Correctness
New/added files contain formatting that conflicts with the repo Prettier standards (e.g., double quotes, missing semicolons, and unwrapped long lines). This reduces consistency and may cause CI/style checks to fail.
Agent Prompt
## Issue description
Newly added/modified files are not formatted to match the repository Prettier standards (notably: double quotes + missing semicolons, and long lines exceeding 100 characters).
## Issue Context
The repo compliance checklist requires consistent formatting: 2-space indentation, single quotes, semicolons, trailing commas (es5), and ~100-character line width.
## Fix Focus Areas
- vitest.config.js[1-10]
- packages/next-compose-plugins/src/__tests__/index.test.js[18-21]
- packages/next-mdx/test/index.test.js[1-7]
ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools
Comment on lines
+1
to
+2
| import { describe, it, expect, vi, beforeEach } from 'vitest'; | ||
| import nextPwa from '../index.js'; |
There was a problem hiding this comment.
2. New *.test.js files added 📘 Rule violation ⛯ Reliability
The PR adds new test files using the *.test.js naming pattern instead of the required *.test.ts or *.test.tsx. This can lead to inconsistent test discovery and violates the mandated test naming convention.
Agent Prompt
## Issue description
The PR adds new test files with `.test.js` extensions, but the compliance checklist requires new tests to be named `*.test.ts` or `*.test.tsx`.
## Issue Context
This affects consistent test discovery across tooling and repo scripts.
## Fix Focus Areas
- packages/next-pwa/test/unit.test.js[1-27]
- packages/next-compose-plugins/src/__tests__/index.test.js[1-28]
- packages/next-optimized-images/__tests__/index.test.js[1-20]
- packages/next-mdx/test/index.test.js[1-12]
- packages/next-mdx-toc/test/index.test.js[1-16]
ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools
| @@ -10,7 +10,7 @@ | |||
| }, | |||
| "dependencies": { | |||
| "fathom-client": "3.6.0", | |||
| "@opensourceframework/next-iron-session": "workspace:*", | |||
| "iron-session": "workspace:*", | |||
There was a problem hiding this comment.
3. Example workspace dep broken 🐞 Bug ✓ Correctness
The next-iron-session Next.js example now depends on iron-session via workspace:*, but the only local workspace package is named @opensourceframework/next-iron-session, so pnpm workspace resolution will fail and the example won’t install/run from this repo.
Agent Prompt
### Issue description
The Next.js example depends on `"iron-session": "workspace:*"`, but there is no workspace package with name `iron-session` (the local package is `@opensourceframework/next-iron-session`). This breaks pnpm workspace resolution for the example.
### Issue Context
This example imports from `iron-session`, but the monorepo package name is scoped. `workspace:*` requires the target package name to exist in the workspace.
### Fix Focus Areas
- packages/next-iron-session/examples/next/package.json[10-16]
- packages/next-iron-session/package.json[1-5]
ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools
Comment on lines
+20
to
33
| await test("should throw if the request parameter is missing", async () => { | ||
| await rejects( | ||
| // @ts-expect-error we're verifying JavaScript runtime checks here (DX) | ||
| getSession(), | ||
| ).rejects.toThrow( | ||
| "iron-session: Bad usage: use getIronSession(req, res, options) or getIronSession(cookieStore, options).", | ||
| "Error: iron-session: Bad usage: use getIronSession(req, res, options) or getIronSession(cookies, options).", | ||
| ); | ||
| }); | ||
|
|
||
| test("should throw if the response parameter is missing", async () => { | ||
| await expect( | ||
| await test("should throw if the response parameter is missing", async () => { | ||
| await rejects( | ||
| // @ts-expect-error we're verifying JavaScript runtime checks here (DX) | ||
| getSession({}), | ||
| ).rejects.toThrow( | ||
| "iron-session: Bad usage: use getIronSession(req, res, options) or getIronSession(cookieStore, options).", | ||
| "Error: iron-session: Bad usage: use getIronSession(req, res, options) or getIronSession(cookies, options).", | ||
| ); |
There was a problem hiding this comment.
4. Bad-usage message mismatch 🐞 Bug ⛯ Reliability
packages/next-iron-session/src/index.test.ts now expects the bad-usage error to mention cookies, but the implementation throws an error mentioning cookieStore, so the test expectation contradicts the actual thrown error text.
Agent Prompt
### Issue description
The next-iron-session tests expect a bad-usage error message mentioning `cookies`, but the implementation throws a message mentioning `cookieStore`. This makes tests inconsistent with the real runtime error string.
### Issue Context
`badUsageMessage` is thrown when `getIronSession` is called without required args. The tests should validate the actual message.
### Fix Focus Areas
- packages/next-iron-session/src/index.test.ts[20-34]
- packages/next-iron-session/src/core.ts[303-332]
ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools
Owner
Author
|
|
4 similar comments
Owner
Author
|
|
Owner
Author
|
|
Owner
Author
|
|
Owner
Author
|
|
Owner
Author
|
Superseded by #59 (squash merge of all modernization PRs). Changes included in main. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Closes #27.
protected-middlewareandprotected-serverexamples to use modern Next.js 16 patterns.revalidate = 0anddynamicflags with properforce-dynamicandcookies()handling.cookies()as required by Next.js 16 async APIs.