ITEnthusiasm
11/22/2022, 1:30 PMSuperTokens.init
(once)
2) cors
middleware
3) SuperTokens middleware
4) SuperTokens error handling middleware
The reason I ask is that as more SSR frameworks come out (e.g., SolidStart, SvelteKit, etc.), I'm realizing that a lot of tools -- even some of Auth0's tools -- are restricted by the fact that they're expecting to be run directly on some kind of server (e.g., an express server).
Of course, they are running on some kind of server. But the SSR frameworks try to abstract all of that away. This makes it hard (if not impossible) to apply the security logic which SuperTokens applies. These frameworks have "middleware-like" logic that can be supplied, but oftentimes this is incompatible with "real middleware".
Obviously this has been a problem for other similar auth options so far. But if SuperTokens were able to provide a way to integrate with these frameworks universally (or maybe a way can already be found from the codebase), it would have an edge on the other options -- at least as far as the crazy JS ecosystem is concerned.rp_st
11/22/2022, 1:32 PMITEnthusiasm
11/22/2022, 1:46 PMapp.use
-like logic to create a middleware chain.
Svelte Kit has handle
(https://kit.svelte.dev/docs/hooks#server-hooks), which gives people the opportunity to do something with a request before server rendering the page. But that means any logic (e.g., SuperTokens middleware) has to be placed within the handle
function (directly, or indirectly via functions), which means insights would be needed on what the SuperTokens middleware is trying to do. The request information is also a bit different since it's in the form of a "RequestEvent" (https://kit.svelte.dev/docs/types#sveltejs-kit-requestevent).
Solid.js similarly has a createHandler
utility (https://start.solidjs.com/api/entry-server#createhandlermiddlewarefn). It seems this utility is only intended to be used once. It also exposes request information within some kind of "event" (a "PageEvent"). So again, any logic that would have come from app.use(middleware)
now has to be put within the function itself.
Technically speaking, other tools like Next.js are like this. But I'm assuming tools like Auth0 just work around this by using their knowledge of some of the details about Next.js's backend... and then they export something through a package. It's only worthwhile to go through that effort because Next.js is so big.rp_st
11/22/2022, 1:49 PMrp_st
11/22/2022, 1:49 PMITEnthusiasm
11/22/2022, 1:49 PMrp_st
11/22/2022, 1:49 PM