From 42920ef421d4a6fc64101380ea2c3ab4aa73d5e0 Mon Sep 17 00:00:00 2001 From: anitarua Date: Fri, 21 Jul 2023 14:38:06 -0700 Subject: [PATCH 1/5] feat: allow configurable tokens in nextjs app example --- examples/web/nextjs-chat/README.md | 4 ++ examples/web/nextjs-chat/package-lock.json | 60 +++++++++---------- examples/web/nextjs-chat/package.json | 4 +- .../src/app/api/momento/token/config.ts | 52 ++++++++++++++++ .../src/app/api/momento/token/route.ts | 7 +-- 5 files changed, 91 insertions(+), 36 deletions(-) create mode 100644 examples/web/nextjs-chat/src/app/api/momento/token/config.ts diff --git a/examples/web/nextjs-chat/README.md b/examples/web/nextjs-chat/README.md index 0f5a0d265..c633c200e 100644 --- a/examples/web/nextjs-chat/README.md +++ b/examples/web/nextjs-chat/README.md @@ -14,6 +14,10 @@ First, create a new file called `.env.local` that looks like MOMENTO_AUTH_TOKEN= ``` +Second, go to the [config.ts file](./src/app/api/momento/token/config.ts) and configure the scope of permissions and the expiry duration for the tokens that the nextjs app will use to talk to the Momento service. + +For example, you can restrict the permissions for these browser tokens so that they have read-only access or read-write access, and you can also restrict them to specific caches or topics. + Then, run the development server: ```bash diff --git a/examples/web/nextjs-chat/package-lock.json b/examples/web/nextjs-chat/package-lock.json index 1be2a4e2f..b1582f9c6 100644 --- a/examples/web/nextjs-chat/package-lock.json +++ b/examples/web/nextjs-chat/package-lock.json @@ -8,8 +8,8 @@ "name": "momento-nextjs-chat", "version": "0.1.0", "dependencies": { - "@gomomento/sdk": "^1.26.3", - "@gomomento/sdk-web": "^1.26.3", + "@gomomento/sdk": "^1.28.0", + "@gomomento/sdk-web": "^1.28.0", "autoprefixer": "10.4.14", "next": "13.4.8", "react": "18.2.0", @@ -113,28 +113,28 @@ } }, "node_modules/@gomomento/generated-types": { - "version": "0.62.1", - "resolved": "https://registry.npmjs.org/@gomomento/generated-types/-/generated-types-0.62.1.tgz", - "integrity": "sha512-EpF8X/+oTJQiXbHB8MDRSLlKaeBs9t0nw3nz2HdQ72oXDLsaVuJT3I/g3l6ZGlvVcInT+qUyg7cKPENtTHE4gg==", + "version": "0.68.0", + "resolved": "https://registry.npmjs.org/@gomomento/generated-types/-/generated-types-0.68.0.tgz", + "integrity": "sha512-2nBNCUQEREOglY/iGRh3AHZkEYUmxnQKD2N7eLDb+dApzQ8HKJ3kprIkEdcDNyfA/ZikpCWNIHRlOnXKV36uWg==", "dependencies": { - "@grpc/grpc-js": "1.8.14", + "@grpc/grpc-js": "1.8.17", "@types/google-protobuf": "3.15.6", "google-protobuf": "3.21.2" } }, "node_modules/@gomomento/generated-types-webtext": { - "version": "0.62.1", - "resolved": "https://registry.npmjs.org/@gomomento/generated-types-webtext/-/generated-types-webtext-0.62.1.tgz", - "integrity": "sha512-4NFP8eoHHGY+oDP5WX9Vd7/Yv3DjqmjqyFacLoT5QNIRqZ/EY6MQl2A4V+nR6udQIxitPooLCXb96paIsNiraw==" + "version": "0.68.0", + "resolved": "https://registry.npmjs.org/@gomomento/generated-types-webtext/-/generated-types-webtext-0.68.0.tgz", + "integrity": "sha512-OEvSB2SlAzrG0hDGFEeIk1uIPyhCfpXpKLM+5nhOuzarox3ndrN8TwBLjbAaO6bi/une+DU+2NYE/miGfXazLw==" }, "node_modules/@gomomento/sdk": { - "version": "1.26.3", - "resolved": "https://registry.npmjs.org/@gomomento/sdk/-/sdk-1.26.3.tgz", - "integrity": "sha512-JwKIVGyMdNVoYXnzG3XlEa2/J5iRAXPsX7OaYtwImLBTqP/48zStocC6NrPjCwLRx6qQo0XEc4Q/OAgyNETADw==", + "version": "1.28.0", + "resolved": "https://registry.npmjs.org/@gomomento/sdk/-/sdk-1.28.0.tgz", + "integrity": "sha512-Xj9VckgHKpiJpsxa0Wstxw5GfsUh/aTtRSSTOUTDXlRR3ZucyQhXmIqpc8kJd6rINPkx9OFoCFjb8Xu0FPZhoQ==", "dependencies": { - "@gomomento/generated-types": "0.62.1", - "@gomomento/sdk-core": "1.26.3", - "@grpc/grpc-js": "1.8.14", + "@gomomento/generated-types": "0.68.0", + "@gomomento/sdk-core": "1.28.0", + "@grpc/grpc-js": "1.8.17", "google-protobuf": "3.21.2", "jwt-decode": "3.1.2" }, @@ -143,9 +143,9 @@ } }, "node_modules/@gomomento/sdk-core": { - "version": "1.26.3", - "resolved": "https://registry.npmjs.org/@gomomento/sdk-core/-/sdk-core-1.26.3.tgz", - "integrity": "sha512-8C1G8/YPBtV4JFafnaMDeyhNJ8UK5wcJmbAwbuc81z841EH388W1f//dpFxL9+pd/jDb3OE7F8yyoW7XfLM1zg==", + "version": "1.28.0", + "resolved": "https://registry.npmjs.org/@gomomento/sdk-core/-/sdk-core-1.28.0.tgz", + "integrity": "sha512-wYwGRUuq/6GoQNbO5nBMNzqwjkLTHAhLmwF/vMPnP4vZ68HbgzZfs5yJU0Tpj2TKOtwsxV+tWU+kD6pCpUuJlg==", "dependencies": { "buffer": "^6.0.3", "jwt-decode": "3.1.2" @@ -155,12 +155,12 @@ } }, "node_modules/@gomomento/sdk-web": { - "version": "1.26.3", - "resolved": "https://registry.npmjs.org/@gomomento/sdk-web/-/sdk-web-1.26.3.tgz", - "integrity": "sha512-8ivM9rmoaqL9w4WnRVnaCVr0UrqVlM9WdJ/HqlJ185z+Y5DAAiVxVHOYAfePN9vskurMJIlxofFCDU+TpUGfnA==", + "version": "1.28.0", + "resolved": "https://registry.npmjs.org/@gomomento/sdk-web/-/sdk-web-1.28.0.tgz", + "integrity": "sha512-fUUJbLSakDqaCSLVGEiks99wRSVVXakB7iE1mHxPp0wPOkkugnbpq0eXOPXlIpRf8NLOTvkr3V0I3evhx58gUg==", "dependencies": { - "@gomomento/generated-types-webtext": "0.62.1", - "@gomomento/sdk-core": "1.26.3", + "@gomomento/generated-types-webtext": "0.68.0", + "@gomomento/sdk-core": "1.28.0", "google-protobuf": "3.21.2", "grpc-web": "1.4.2", "jwt-decode": "3.1.2" @@ -170,9 +170,9 @@ } }, "node_modules/@grpc/grpc-js": { - "version": "1.8.14", - "resolved": "https://registry.npmjs.org/@grpc/grpc-js/-/grpc-js-1.8.14.tgz", - "integrity": "sha512-w84maJ6CKl5aApCMzFll0hxtFNT6or9WwMslobKaqWUEf1K+zhlL43bSQhFreyYWIWR+Z0xnVFC1KtLm4ZpM/A==", + "version": "1.8.17", + "resolved": "https://registry.npmjs.org/@grpc/grpc-js/-/grpc-js-1.8.17.tgz", + "integrity": "sha512-DGuSbtMFbaRsyffMf+VEkVu8HkSXEUfO3UyGJNtqxW9ABdtTIA+2UXAJpwbJS+xfQxuwqLUeELmL6FuZkOqPxw==", "dependencies": { "@grpc/proto-loader": "^0.7.0", "@types/node": ">=12.12.47" @@ -182,14 +182,14 @@ } }, "node_modules/@grpc/proto-loader": { - "version": "0.7.7", - "resolved": "https://registry.npmjs.org/@grpc/proto-loader/-/proto-loader-0.7.7.tgz", - "integrity": "sha512-1TIeXOi8TuSCQprPItwoMymZXxWT0CPxUhkrkeCUH+D8U7QDwQ6b7SUz2MaLuWM2llT+J/TVFLmQI5KtML3BhQ==", + "version": "0.7.8", + "resolved": "https://registry.npmjs.org/@grpc/proto-loader/-/proto-loader-0.7.8.tgz", + "integrity": "sha512-GU12e2c8dmdXb7XUlOgYWZ2o2i+z9/VeACkxTA/zzAe2IjclC5PnVL0lpgjhrqfpDYHzM8B1TF6pqWegMYAzlA==", "dependencies": { "@types/long": "^4.0.1", "lodash.camelcase": "^4.3.0", "long": "^4.0.0", - "protobufjs": "^7.0.0", + "protobufjs": "^7.2.4", "yargs": "^17.7.2" }, "bin": { diff --git a/examples/web/nextjs-chat/package.json b/examples/web/nextjs-chat/package.json index aa3a9cfdc..2d57c6ad2 100644 --- a/examples/web/nextjs-chat/package.json +++ b/examples/web/nextjs-chat/package.json @@ -9,8 +9,8 @@ "lint": "next lint" }, "dependencies": { - "@gomomento/sdk": "^1.26.3", - "@gomomento/sdk-web": "^1.26.3", + "@gomomento/sdk": "^1.28.0", + "@gomomento/sdk-web": "^1.28.0", "autoprefixer": "10.4.14", "next": "13.4.8", "react": "18.2.0", diff --git a/examples/web/nextjs-chat/src/app/api/momento/token/config.ts b/examples/web/nextjs-chat/src/app/api/momento/token/config.ts new file mode 100644 index 000000000..488222a79 --- /dev/null +++ b/examples/web/nextjs-chat/src/app/api/momento/token/config.ts @@ -0,0 +1,52 @@ +import { + AllDataReadWrite, + ExpiresIn, + TopicRole, + CacheRole, + TokenScope, + AllTopics, + AllCaches +} from "@gomomento/sdk"; + +/** + * First, set the scope of permissions for your tokens. + * + * AllDataReadWrite provides read and write permissions to all of your caches: + * export const tokenPermissions: TokenScope = AllDataReadWrite; + * + * You may also provide a bespoke list of permissions for each cache and topic that you have: + * export const tokenPermissions: TokenScope = { + * permissions: [ + * { + * role: CacheRole.ReadWrite | CacheRole.ReadOnly, + * cache: AllCaches | "your-cache-name" + * }, + * { + * role: TopicRole.PublishSubscribe | TopicRole.SubscribeOnly, + * cache: AllCaches | "your-cache-name", + * topic: AllTopics | "your-topic-name" + * } + * ] + * }; + * + * More information here: https://docs.momentohq.com/develop/api-reference/auth-tokens#tokenscope-objects + */ +export const tokenPermissions: TokenScope = { + permissions: [ + { + role: CacheRole.ReadWrite, + cache: "default-cache" + }, + { + role: TopicRole.PublishSubscribe, + cache: "default-cache", + topic: AllTopics + } +]}; + +/** + * Second, set the TTL for your tokens in terms of seconds, minutes, hours, + * days, or using epoch format. You may also set tokens to never expire. + * More information here: https://docs.momentohq.com/develop/api-reference/auth-tokens#generateauthtoken-api + */ +export const tokenExpiresIn: ExpiresIn = ExpiresIn.minutes(5); \ No newline at end of file diff --git a/examples/web/nextjs-chat/src/app/api/momento/token/route.ts b/examples/web/nextjs-chat/src/app/api/momento/token/route.ts index 496fc8831..ca3665c5d 100644 --- a/examples/web/nextjs-chat/src/app/api/momento/token/route.ts +++ b/examples/web/nextjs-chat/src/app/api/momento/token/route.ts @@ -1,10 +1,9 @@ import { - AllDataReadWrite, AuthClient, CredentialProvider, - ExpiresIn, GenerateAuthToken, } from "@gomomento/sdk"; +import { tokenPermissions, tokenExpiresIn } from "./config"; const authClient = new AuthClient({ credentialProvider: CredentialProvider.fromString({ @@ -15,8 +14,8 @@ const authClient = new AuthClient({ export const revalidate = 0; export async function GET(_request: Request) { const generateAuthTokenResponse = await authClient.generateAuthToken( - AllDataReadWrite, - ExpiresIn.minutes(5), + tokenPermissions, + tokenExpiresIn, ); if (generateAuthTokenResponse instanceof GenerateAuthToken.Success) { From df88fea9d8588fa55debc6b7fa8df551d5b191ae Mon Sep 17 00:00:00 2001 From: anitarua Date: Fri, 21 Jul 2023 16:08:11 -0700 Subject: [PATCH 2/5] added example for using TokenScopes functions to get token permissions --- .../src/app/api/momento/token/config.ts | 20 +++++++------------ 1 file changed, 7 insertions(+), 13 deletions(-) diff --git a/examples/web/nextjs-chat/src/app/api/momento/token/config.ts b/examples/web/nextjs-chat/src/app/api/momento/token/config.ts index 488222a79..b6dcb17ce 100644 --- a/examples/web/nextjs-chat/src/app/api/momento/token/config.ts +++ b/examples/web/nextjs-chat/src/app/api/momento/token/config.ts @@ -5,7 +5,8 @@ import { CacheRole, TokenScope, AllTopics, - AllCaches + AllCaches, + TokenScopes } from "@gomomento/sdk"; /** @@ -14,6 +15,10 @@ import { * AllDataReadWrite provides read and write permissions to all of your caches: * export const tokenPermissions: TokenScope = AllDataReadWrite; * + * TokenScopes provides several functions that will return the permissions you + * request for a given cache and topic name. + * export const tokenPermissions: TokenScope = TokenScopes.topicPublishSubscribe("default-cache", AllTopics); + * * You may also provide a bespoke list of permissions for each cache and topic that you have: * export const tokenPermissions: TokenScope = { * permissions: [ @@ -31,18 +36,7 @@ import { * * More information here: https://docs.momentohq.com/develop/api-reference/auth-tokens#tokenscope-objects */ -export const tokenPermissions: TokenScope = { - permissions: [ - { - role: CacheRole.ReadWrite, - cache: "default-cache" - }, - { - role: TopicRole.PublishSubscribe, - cache: "default-cache", - topic: AllTopics - } -]}; +export const tokenPermissions: TokenScope = TokenScopes.topicPublishSubscribe("default-cache", AllTopics); /** * Second, set the TTL for your tokens in terms of seconds, minutes, hours, From a34bf816c1d66d8d4401bac26f9c443bebc6a72b Mon Sep 17 00:00:00 2001 From: anitarua Date: Tue, 25 Jul 2023 14:17:41 -0700 Subject: [PATCH 3/5] update default token scope for nextjs app --- examples/web/nextjs-chat/src/app/api/momento/token/config.ts | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/examples/web/nextjs-chat/src/app/api/momento/token/config.ts b/examples/web/nextjs-chat/src/app/api/momento/token/config.ts index b6dcb17ce..9a2e6f207 100644 --- a/examples/web/nextjs-chat/src/app/api/momento/token/config.ts +++ b/examples/web/nextjs-chat/src/app/api/momento/token/config.ts @@ -17,7 +17,7 @@ import { * * TokenScopes provides several functions that will return the permissions you * request for a given cache and topic name. - * export const tokenPermissions: TokenScope = TokenScopes.topicPublishSubscribe("default-cache", AllTopics); + * export const tokenPermissions: TokenScope = TokenScopes.topicPublishSubscribe(AllCaches | "your-cache-name", AllTopics); * * You may also provide a bespoke list of permissions for each cache and topic that you have: * export const tokenPermissions: TokenScope = { @@ -36,7 +36,7 @@ import { * * More information here: https://docs.momentohq.com/develop/api-reference/auth-tokens#tokenscope-objects */ -export const tokenPermissions: TokenScope = TokenScopes.topicPublishSubscribe("default-cache", AllTopics); +export const tokenPermissions: TokenScope = TokenScopes.topicPublishSubscribe(AllCaches, AllTopics); /** * Second, set the TTL for your tokens in terms of seconds, minutes, hours, From 274d179741a5967710cb4d7c9dff3fbfa9f3fa52 Mon Sep 17 00:00:00 2001 From: anitarua Date: Wed, 26 Jul 2023 09:03:19 -0700 Subject: [PATCH 4/5] created separate line in the config example comment --- examples/web/nextjs-chat/src/app/api/momento/token/config.ts | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/examples/web/nextjs-chat/src/app/api/momento/token/config.ts b/examples/web/nextjs-chat/src/app/api/momento/token/config.ts index 9a2e6f207..590e13d60 100644 --- a/examples/web/nextjs-chat/src/app/api/momento/token/config.ts +++ b/examples/web/nextjs-chat/src/app/api/momento/token/config.ts @@ -17,7 +17,10 @@ import { * * TokenScopes provides several functions that will return the permissions you * request for a given cache and topic name. - * export const tokenPermissions: TokenScope = TokenScopes.topicPublishSubscribe(AllCaches | "your-cache-name", AllTopics); + * export const tokenPermissions: TokenScope = TokenScopes.topicPublishSubscribe("your-cache-name", AllTopics); + * + * You can also set it to subscribe to all caches if you prefer: + * export const tokenPermissions: TokenScope = TokenScopes.topicPublishSubscribe(AllCaches, AllTopics); * * You may also provide a bespoke list of permissions for each cache and topic that you have: * export const tokenPermissions: TokenScope = { From cb9403808f4349fc8290ab5ed67ec1a09b2750ef Mon Sep 17 00:00:00 2001 From: anitarua Date: Thu, 27 Jul 2023 09:12:48 -0700 Subject: [PATCH 5/5] fix: small wording change --- examples/web/nextjs-chat/src/app/api/momento/token/config.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/web/nextjs-chat/src/app/api/momento/token/config.ts b/examples/web/nextjs-chat/src/app/api/momento/token/config.ts index 590e13d60..c1e28c333 100644 --- a/examples/web/nextjs-chat/src/app/api/momento/token/config.ts +++ b/examples/web/nextjs-chat/src/app/api/momento/token/config.ts @@ -19,7 +19,7 @@ import { * request for a given cache and topic name. * export const tokenPermissions: TokenScope = TokenScopes.topicPublishSubscribe("your-cache-name", AllTopics); * - * You can also set it to subscribe to all caches if you prefer: + * You can also set it to allow subscriptions to topics in all caches if you prefer: * export const tokenPermissions: TokenScope = TokenScopes.topicPublishSubscribe(AllCaches, AllTopics); * * You may also provide a bespoke list of permissions for each cache and topic that you have: