Merge pull request #11 from Favo02/better-ssr-usage

Better SvelteKit SSR usage, fix CORS problems
Favo02 · Apr 22, 2024 · 75586d2 · 75586d2
2 parents 15512c7 + 33a71f7
commit 75586d2
Show file tree

Hide file tree

Showing 25 changed files with 544 additions and 474 deletions.
diff --git a/.env.template b/.env.template
@@ -1,4 +1,3 @@
 SIHL_ENV=production
 SIHL_SECRET=<secret>
 DATABASE_URL=postgresql://<username>:<password>@<host>:<port>/<database>
-CORS_ORIGIN=<frontend url>
diff --git a/README.md b/README.md
@@ -6,7 +6,7 @@
 
 ## Tech stack
 
-TL;DR: **OCaml** 🐪 (Sihl) + **JavaScript** 🤢 (Svelte) + **PostgreSQL** 🐘
+TL;DR: **OCaml** 🐪 (Sihl) + **JavaScript** 🤢 (SvelteKit) + **PostgreSQL** 🐘
 
 > [!TIP]
 > If you want to preserve your mental health, you should **NOT** write JavaScript code _(and frontends in general)_. OCaml is just better.

diff --git a/backend/src/common/middlewares.ml b/backend/src/common/middlewares.ml
@@ -30,10 +30,3 @@ let verify_expiration =
   Rock.Middleware.create ~filter: verify_expiration ~name: "verify expiration"
 
 let logger = Opium.Middleware.logger
-
-let allow_cors =
-  let origin = match Sihl.Configuration.read_string "CORS_ORIGIN" with
-    | Some origin -> origin
-    | None -> "*" (* this will make the authorization (Set-Cookie headers) NOT work *)
-  in
-  Opium.Middleware.allow_cors ~origins: [ origin ] ()
diff --git a/backend/src/common/utils.ml b/backend/src/common/utils.ml
@@ -30,7 +30,7 @@ let session_return ?(max_age = 86400L) (status : int) (json : (string * string)
   Opium.Response.of_json
     ?status: (Some (Opium.Status.of_code status))
     (`Assoc (json |> List.map (fun (k, v) -> (k, `String v))))
-  |> Session.set_cookie ~max_age:max_age ~scope:"/" ~same_site:"none" ~http_only:true session
+  |> Session.set_cookie ~max_age:max_age ~scope:"/" ~same_site:"strict" ~http_only:true session
   |> Lwt.return
 
 (* same as return but with fixed json payload fiels "error" and "message" *)

diff --git a/backend/src/main.ml b/backend/src/main.ml
@@ -27,7 +27,7 @@ let auth = Web.choose ~scope: "/api" ~middlewares: [ require_login; verify_expir
   Web.post  "/reviews/create"   Handlers.Reviews.create;
 ]
 
-let router = Web.choose ~middlewares: [ logger; allow_cors; ] [
+let router = Web.choose ~middlewares: [ logger; ] [
   public;
   no_auth;
   auth;

diff --git a/frontend/.env.template b/frontend/.env.template
@@ -1 +1 @@
-VITE_API_URL=<backend url>
+API_URL=<backend url>
diff --git a/frontend/src/routes/+error.svelte b/frontend/src/routes/+error.svelte
diff --git a/frontend/src/routes/+page.server.js b/frontend/src/routes/+page.server.js
diff --git a/frontend/src/routes/+page.svelte b/frontend/src/routes/+page.svelte
diff --git a/frontend/src/routes/login/+page.server.js b/frontend/src/routes/login/+page.server.js
diff --git a/frontend/src/routes/login/+page.svelte b/frontend/src/routes/login/+page.svelte
diff --git a/frontend/src/routes/profile/+page.server.js b/frontend/src/routes/profile/+page.server.js