bug: useSuspenseQuery will get "UNAUTHORIZED" tRPC error
#1765
Comments
|
Yup this is a limitation in Next since they don't provide any primitive to access headers from a client component during the SSR prepass phase, so queries made on the server wont be authed... You can fix this by prefetching the data in an RSC and hydrating the query client or pass the initial data as props. Unfortunately not much we can do here, there is a community package https://github.com/moshest/next-client-cookies that "hacks" around it although I've never tried it |
juliusmarminge
added
🐞 upstream bug
|
Any update or ways around this? Would be great to use useSuspenseQuery |
I use |
|
Are you solved this problem? |
I didn't use |
|
Using this package phryneas/ssr-only-secrets seems to be working great to pass the cookie to the headers on the SSR piece Add a new env variable: // .env.local
SECRET_CLIENT_COOKIE_VAR={"key_ops":["encrypt","decrypt"],"ext":true,"kty":"oct","k":"asdas....","alg":"A256CBC"}I used the code provided to create the key above: Then in the layout file, access the cookie, encrypt it and pass it to the TRPCReactProvider // app/layout.tsx
import { headers } from "next/headers";
import { TRPCReactProvider } from "@/trpc/react";
export default async function Layout(props: {
children: React.ReactNode;
}) {
const cookie = new Headers(headers()).get("cookie");
const encryptedCookie = await cloakSSROnlySecret(cookie ?? "", "SECRET_CLIENT_COOKIE_VAR")
return <html>
<Head/>
<body>
...
<TRPCReactProvider ssrOnlySecret={encryptedCookie}>
{props.children}
</TRPCReactProvider>
</body>
</.html>
}Then decrypt the value and pass it to the headers on the client side. Reading the value on the browser always returns // trcp/react.ts
"use client";
import { readSSROnlySecret } from "ssr-only-secrets";
import type { AppRouter } from "@beebook/api";
import * as React from "react";
import { QueryClientProvider } from "@tanstack/react-query";
import { loggerLink, unstable_httpBatchStreamLink } from "@trpc/client";
import { createTRPCReact } from "@trpc/react-query";
import SuperJSON from "superjson";
import { getBaseUrl, getQueryClient } from "./utils";
export const api = createTRPCReact<AppRouter>();
export function TRPCReactProvider(props: { ssrOnlySecret: string, children: React.ReactNode }) {
const queryClient = getQueryClient();
const [trpcClient] = React.useState(() =>
api.createClient({
links: [
loggerLink({
enabled: (op) =>
process.env.NODE_ENV === "development" ||
(op.direction === "down" && op.result instanceof Error),
}),
unstable_httpBatchStreamLink({
transformer: SuperJSON,
url: getBaseUrl() + "/api/trpc",
async headers() {
const headers = new Headers();
const secret = props.ssrOnlySecret;
const value = await readSSROnlySecret(secret,"SECRET_CLIENT_COOKIE_VAR")
headers.set("x-trpc-source", "nextjs-react");
if(value) {
headers.set("cookie", value);
}
return headers;
},
}),
],
}),
);
return (
<QueryClientProvider client={queryClient}>
<api.Provider client={trpcClient} queryClient={queryClient}>
{props.children}
</api.Provider>
</QueryClientProvider>
);
} |
you're a legend for this — thanks |
|
I ended up using useQuery instead of useSuspenseQuery and setting throwOnError to true in the defaultOptions of QueryClient. It was too much work for me to prefetch every suspense query. |
|
Is this issue tracked upstream somewhere (either tRPC or Next.js)? It's a critical issue, but this is basically the only thread I could find about it. |
|
I disabled SSR around useSuspenseQuery by using next/dynamic. If you are using useSuspenseQuery, there should be a Suspense component wrapping it. |
|
Is there any update on this issue? |
I am coming back here and I realise I've had this exact issue in july. I thought I'll just use useQuery. But not this time. Let's understand the problem first: SSR wants to use the TRPC react client to prefetch data. But it has no authorization, it only has authorization for the server client of TRPC. The solution is to install the ssr-only-secrets package which solves this issue. The code from @sbkl is the solution and I just made it work perfectly. So it is solvable. I am not sure if it's implemented into create-t3-app, but this repo is not really plug and play. You have to do some work here and there to unlock it's potential. Which is fine because we're web devs 👍 |
Okay, so the ssr only secrets thing had some issues. I stumbled upon this solution which is much better: import "server-only";
import { headers, type UnsafeUnwrappedHeaders } from "next/headers";
import { cache } from "react";
import { createHydrationHelpers } from "@trpc/react-query/rsc";
import { createQueryClient } from "./query-client";
import { type AppRouter, createCaller } from "~/server/api/root";
import { createTRPCContext } from "~/server/api/trpc";
/**
* This wraps the `createTRPCContext` helper and provides the required context for the tRPC API when
* handling a tRPC call from a React Server Component.
*/
const createContext = cache(() => {
const heads = new Headers(headers() as unknown as UnsafeUnwrappedHeaders);
heads.set("x-trpc-source", "rsc");
return createTRPCContext({
headers: heads,
});
});
const getQueryClient = cache(createQueryClient);
const caller = createCaller(createContext);
export const { trpc: api, HydrateClient } = createHydrationHelpers<AppRouter>(
caller,
getQueryClient,
);query-client.ts import {
defaultShouldDehydrateQuery,
QueryClient,
} from "@tanstack/react-query";
import SuperJSON from "superjson";
export const createQueryClient = () =>
new QueryClient({
defaultOptions: {
queries: {
// With SSR, we usually want to set some default staleTime
// above 0 to avoid refetching immediately on the client
staleTime: 30 * 1000,
},
dehydrate: {
serializeData: SuperJSON.serialize,
shouldDehydrateQuery: (query) =>
defaultShouldDehydrateQuery(query) ||
query.state.status === "pending",
},
hydrate: {
deserializeData: SuperJSON.deserialize,
},
},
});Note you should also import this createQueryClient in your react.ts for trpc. Then finally anything that needs hydration needs to be wrapped in import { HydrateClient } from "~/trpc/server"; you could put it in the layout.tsx for example. |
Provide environment information
System:
OS: macOS 14.2.1
CPU: (8) arm64 Apple M1 Pro
Memory: 196.13 MB / 16.00 GB
Shell: 5.9 - /bin/zsh
Binaries:
Node: 20.9.0 - ~/.nvm/versions/node/v20.9.0/bin/node
Yarn: 1.22.21 - ~/.nvm/versions/node/v20.9.0/bin/yarn
npm: 10.1.0 - ~/.nvm/versions/node/v20.9.0/bin/npm
pnpm: 8.14.0 - ~/Library/pnpm/pnpm
Describe the bug
If we have a protected api like:
Then we use
useSuspenseQueryWe will get the error
UNAUTHORIZEDfromCleanShot.2024-02-19.at.17.54.35.mp4
You can check the detail of my code in this commit: mengxi-ream/t3-trpc-suspense-bug@b747bba
Reproduction repo
https://github.com/Crayon-ShinChan/t3-trpc-suspense-bug
To reproduce
DISCORD_CLIENT_ID,DISCORD_CLIENT_SECRETto .env filepnpm devAdditional information
No response
The text was updated successfully, but these errors were encountered: