runtimes/js: Add support for cookies (#1917)

Adds support for adding cookies in auth handler params and in api
request/response schema.

Generated client will ignore cookies and hand over the responsibility to
the browser.

Author: fredr

Cargo.lock

@@ -24,6 +24,8 @@ export function PreviewEnv(pr) {
     return Environment(`pr${pr}`)
 }
 
+const BROWSER = typeof globalThis === "object" && ("window" in globalThis);
+
 /**
  * Client is an API client for the slug Encore application.
  */
@@ -760,7 +762,7 @@ class BaseClient {
 
         // Add User-Agent header if the script is running in the server
         // because browsers do not allow setting User-Agent headers to requests
-        if (typeof window === "undefined") {
+        if (!BROWSER) {
             this.headers["User-Agent"] = "slug-Generated-JS-Client (Encore/v0.0.0-develop)";
         }
 

e2e-tests/testdata/echo_client/js/client.js

@@ -26,6 +26,8 @@ export function PreviewEnv(pr: number | string): BaseURL {
     return Environment(`pr${pr}`)
 }
 
+const BROWSER = typeof globalThis === "object" && ("window" in globalThis);
+
 /**
  * Client is an API client for the slug Encore application.
  */
@@ -169,7 +171,7 @@ export namespace di {
             await this.baseClient.callTypedAPI("POST", `/di/one`)
         }
 
-        public async Three(method: string, body?: BodyInit, options?: CallParameters): Promise<globalThis.Response> {
+        public async Three(method: string, body?: RequestInit["body"], options?: CallParameters): Promise<globalThis.Response> {
             return this.baseClient.callAPI(method, `/di/raw`, body, options)
         }
 
@@ -700,7 +702,7 @@ export namespace test {
          * RawEndpoint allows us to test the clients' ability to send raw requests
          * under auth
          */
-        public async RawEndpoint(method: "PUT" | "POST" | "DELETE" | "GET", id: string[], body?: BodyInit, options?: CallParameters): Promise<globalThis.Response> {
+        public async RawEndpoint(method: "PUT" | "POST" | "DELETE" | "GET", id: string[], body?: RequestInit["body"], options?: CallParameters): Promise<globalThis.Response> {
             return this.baseClient.callAPI(method, `/raw/blah/${id.map(encodeURIComponent).join("/")}`, body, options)
         }
 
@@ -1026,7 +1028,7 @@ class BaseClient {
 
         // Add User-Agent header if the script is running in the server
         // because browsers do not allow setting User-Agent headers to requests
-        if ( typeof globalThis === "object" && !("window" in globalThis) ) {
+        if (!BROWSER) {
             this.headers["User-Agent"] = "slug-Generated-TS-Client (Encore/v0.0.0-develop)";
         }
 
@@ -1146,15 +1148,15 @@ class BaseClient {
     }
 
     // callTypedAPI makes an API call, defaulting content type to "application/json"
-    public async callTypedAPI(method: string, path: string, body?: BodyInit, params?: CallParameters): Promise<Response> {
+    public async callTypedAPI(method: string, path: string, body?: RequestInit["body"], params?: CallParameters): Promise<Response> {
         return this.callAPI(method, path, body, {
             ...params,
             headers: { "Content-Type": "application/json", ...params?.headers }
         });
     }
 
     // callAPI is used by each generated API method to actually make the request
-    public async callAPI(method: string, path: string, body?: BodyInit, params?: CallParameters): Promise<Response> {
+    public async callAPI(method: string, path: string, body?: RequestInit["body"], params?: CallParameters): Promise<Response> {
         let { query, headers, ...rest } = params ?? {}
         const init = {
             ...this.requestInit,

e2e-tests/testdata/echo_client/ts/client.ts

@@ -61,12 +61,14 @@ var requestTags = map[string]tagDescription{
 	"query":  QueryTag,
 	"qs":     QsTag,
 	"header": HeaderTag,
+	"cookie": CookieTag,
 	"json":   JSONTag,
 }
 
 // responseTags is a description of tags used for responses
 var responseTags = map[string]tagDescription{
 	"header": HeaderTag,
+	"cookie": CookieTag,
 	"json":   JSONTag,
 }
 
@@ -154,18 +156,19 @@ func (e *AuthEncoding) ParameterEncodingMapByName() map[string][]*ParameterEncod
 type ResponseEncoding struct {
 	// Contains metadata about how to marshal an HTTP parameter
 	HeaderParameters []*ParameterEncoding `json:"header_parameters"`
+	CookieParameters []*ParameterEncoding `json:"cookie_parameters"`
 	BodyParameters   []*ParameterEncoding `json:"body_parameters"`
 }
 
 // ParameterEncodingMap returns the parameter encodings as a map, keyed by SrcName.
 func (e *ResponseEncoding) ParameterEncodingMap() map[string]*ParameterEncoding {
-	return toEncodingMap(srcNameKey, e.HeaderParameters, e.BodyParameters)
+	return toEncodingMap(srcNameKey, e.HeaderParameters, e.CookieParameters, e.BodyParameters)
 }
 
 // ParameterEncodingMapByName returns the parameter encodings as a map, keyed by Name.
 // Conflicts result in an undefined encoding getting set.
 func (e *ResponseEncoding) ParameterEncodingMapByName() map[string][]*ParameterEncoding {
-	return toEncodingMultiMap(nameKey, e.HeaderParameters, e.BodyParameters)
+	return toEncodingMultiMap(nameKey, e.HeaderParameters, e.CookieParameters, e.BodyParameters)
 }
 
 // RequestEncoding expresses how a request should be encoded for an explicit set of HTTPMethods
@@ -175,18 +178,19 @@ type RequestEncoding struct {
 	// Contains metadata about how to marshal an HTTP parameter
 	HeaderParameters []*ParameterEncoding `json:"header_parameters"`
 	QueryParameters  []*ParameterEncoding `json:"query_parameters"`
+	CookieParameters []*ParameterEncoding `json:"cookie_parameters"`
 	BodyParameters   []*ParameterEncoding `json:"body_parameters"`
 }
 
 // ParameterEncodingMap returns the parameter encodings as a map, keyed by SrcName.
 func (e *RequestEncoding) ParameterEncodingMap() map[string]*ParameterEncoding {
-	return toEncodingMap(srcNameKey, e.HeaderParameters, e.QueryParameters, e.BodyParameters)
+	return toEncodingMap(srcNameKey, e.HeaderParameters, e.QueryParameters, e.BodyParameters, e.CookieParameters)
 }
 
 // ParameterEncodingMapByName returns the parameter encodings as a map, keyed by Name.
 // Conflicts result in an undefined encoding getting set.
 func (e *RequestEncoding) ParameterEncodingMapByName() map[string][]*ParameterEncoding {
-	return toEncodingMultiMap(nameKey, e.HeaderParameters, e.QueryParameters, e.BodyParameters)
+	return toEncodingMultiMap(nameKey, e.HeaderParameters, e.QueryParameters, e.BodyParameters, e.CookieParameters)
 }
 
 // ParameterEncoding expresses how a parameter should be encoded on the wire
@@ -302,6 +306,7 @@ func DescribeRPC(appMetaData *meta.Data, rpc *meta.RPC, options *Options) (*RPCE
 			HeaderParameters: defaultEncoding.HeaderParameters,
 			BodyParameters:   defaultEncoding.BodyParameters,
 			QueryParameters:  defaultEncoding.QueryParameters,
+			CookieParameters: defaultEncoding.CookieParameters,
 		}
 	}
 
@@ -565,12 +570,13 @@ func DescribeResponse(appMetaData *meta.Data, responseSchema *schema.Type, optio
 	if err != nil {
 		return nil, err
 	}
-	if keys := keyDiff(fields, Header, Body); len(keys) > 0 {
-		return nil, errors.Newf("response must only contain body and header parameters. Found: %v", keys)
+	if keys := keyDiff(fields, Header, Body, Cookie); len(keys) > 0 {
+		return nil, errors.Newf("response must only contain body, header and cookie parameters. Found: %v", keys)
 	}
 	return &ResponseEncoding{
 		BodyParameters:   fields[Body],
 		HeaderParameters: fields[Header],
+		CookieParameters: fields[Cookie],
 	}, nil
 }
 
@@ -620,13 +626,14 @@ func DescribeRequest(appMetaData *meta.Data, requestSchema *schema.Type, options
 			}
 		}
 
-		if keys := keyDiff(fields, Query, Header, Body); len(keys) > 0 {
-			return nil, errors.Newf("request must only contain Query, Body and Header parameters. Found: %v", keys)
+		if keys := keyDiff(fields, Query, Header, Body, Cookie); len(keys) > 0 {
+			return nil, errors.Newf("request must only contain Query, Body, Header and Cookie parameters. Found: %v", keys)
 		}
 		reqs = append(reqs, &RequestEncoding{
 			HTTPMethods:      methods,
 			QueryParameters:  fields[Query],
 			HeaderParameters: fields[Header],
+			CookieParameters: fields[Cookie],
 			BodyParameters:   fields[Body],
 		})
 	}

parser/encoding/rpc.go

@@ -77,8 +77,10 @@ func (js *javascript) Generate(p clientgentypes.GenerateParams) (err error) {
 	js.typs = getNamedTypes(p.Meta, p.Services)
 
 	if js.md.AuthHandler != nil {
-		js.hasAuth = true
-		js.authIsComplexType = js.md.AuthHandler.Params.GetBuiltin() != schema.Builtin_STRING
+		if !js.isAuthCookiesOnly() {
+			js.hasAuth = true
+			js.authIsComplexType = js.md.AuthHandler.Params.GetBuiltin() != schema.Builtin_STRING
+		}
 	}
 
 	js.WriteString("// " + doNotEditHeader() + "\n\n")
@@ -106,6 +108,41 @@ func (js *javascript) Generate(p clientgentypes.GenerateParams) (err error) {
 	return nil
 }
 
+func (js *javascript) getFields(typ *schema.Type) []*schema.Field {
+	if typ == nil {
+		return nil
+	}
+	switch typ.Typ.(type) {
+	case *schema.Type_Struct:
+		return typ.GetStruct().Fields
+	case *schema.Type_Named:
+		decl := js.md.Decls[typ.GetNamed().Id]
+		return js.getFields(decl.Type)
+	default:
+		return nil
+	}
+}
+
+func (js *javascript) isEmptyObject(typ *schema.Type) bool {
+	fields := js.getFields(typ)
+	if fields == nil {
+		return false
+	}
+	for _, field := range fields {
+		if field.Wire.GetCookie() == nil {
+			return false
+		}
+	}
+	return true
+}
+
+func (js *javascript) isAuthCookiesOnly() bool {
+	if js.md.AuthHandler == nil {
+		return false
+	}
+	return js.isEmptyObject(js.md.AuthHandler.Params)
+}
+
 func (js *javascript) writeService(svc *meta.Service, set clientgentypes.ServiceSet, tags clientgentypes.TagSet) error {
 	// Determine if we have anything worth exposing.
 	// Either a public RPC or a named type.
@@ -199,7 +236,8 @@ func (js *javascript) writeService(svc *meta.Service, set clientgentypes.Service
 		// Avoid a name collision.
 		payloadName := "params"
 
-		if (!isStream && rpc.RequestSchema != nil) || (isStream && rpc.HandshakeSchema != nil) {
+		if (!isStream && (rpc.RequestSchema != nil && !js.isEmptyObject(rpc.RequestSchema))) ||
+			(isStream && (rpc.HandshakeSchema != nil && !js.isEmptyObject(rpc.HandshakeSchema))) {
 			if nParams > 0 {
 				js.WriteString(", ")
 			}
@@ -470,7 +508,7 @@ func (js *javascript) rpcCallSite(w *indentWriter, rpc *meta.RPC, rpcPath string
 	callAPI += ")"
 
 	// If there's no response schema, we can just return the call to the API directly
-	if rpc.ResponseSchema == nil {
+	if rpc.ResponseSchema == nil || js.isEmptyObject(rpc.ResponseSchema) {
 		w.WriteStringf("await %s\n", callAPI)
 		return nil
 	}
@@ -489,12 +527,23 @@ func (js *javascript) rpcCallSite(w *indentWriter, rpc *meta.RPC, rpcPath string
 	w.WriteString("\n//Populate the return object from the JSON body and received headers\nconst rtn = await resp.json()\n")
 
 	for _, headerField := range respEnc.HeaderParameters {
+		isSetCookie := strings.ToLower(headerField.WireFormat) == "set-cookie"
+		if isSetCookie {
+			w.WriteString("// Skip set-cookie header in browser context as browsers doesn't have access to read it\n")
+			w.WriteString("if (!BROWSER) {\n")
+			w = w.Indent()
+		}
+
 		js.seenHeaderResponse = true
 		fieldValue := fmt.Sprintf("mustBeSet(\"Header `%s`\", resp.headers.get(\"%s\"))", headerField.WireFormat, headerField.WireFormat)
 
 		w.WriteStringf("%s = %s\n", js.Dot("rtn", headerField.SrcName), js.convertStringToBuiltin(headerField.Type.GetBuiltin(), fieldValue))
-	}
 
+		if isSetCookie {
+			w = w.Dedent()
+			w.WriteString("}\n")
+		}
+	}
 	w.WriteString("return rtn\n")
 	return nil
 }
@@ -544,6 +593,8 @@ export function PreviewEnv(pr) {
     return Environment(` + "`pr${pr}`" + `)
 }
 
+const BROWSER = typeof globalThis === "object" && ("window" in globalThis);
+
 /**
  * Client is an API client for the ` + js.appSlug + ` Encore application.
  */
@@ -751,7 +802,7 @@ class BaseClient {`)
 
         // Add User-Agent header if the script is running in the server
         // because browsers do not allow setting User-Agent headers to requests
-        if (typeof window === "undefined") {
+        if (!BROWSER) {
             this.headers["User-Agent"] = "` + userAgent + `";
         }
 

pkg/clientgen/javascript.go

@@ -24,6 +24,8 @@ export function PreviewEnv(pr) {
     return Environment(`pr${pr}`)
 }
 
+const BROWSER = typeof globalThis === "object" && ("window" in globalThis);
+
 /**
  * Client is an API client for the app Encore application.
  */
@@ -270,7 +272,7 @@ class BaseClient {
 
         // Add User-Agent header if the script is running in the server
         // because browsers do not allow setting User-Agent headers to requests
-        if (typeof window === "undefined") {
+        if (!BROWSER) {
             this.headers["User-Agent"] = "app-Generated-JS-Client (Encore/v0.0.0-develop)";
         }
 

pkg/clientgen/testdata/goapp/expected_baseauth_javascript.js

@@ -26,6 +26,8 @@ export function PreviewEnv(pr: number | string): BaseURL {
     return Environment(`pr${pr}`)
 }
 
+const BROWSER = typeof globalThis === "object" && ("window" in globalThis);
+
 /**
  * Client is an API client for the app Encore application.
  */
@@ -359,7 +361,7 @@ class BaseClient {
 
         // Add User-Agent header if the script is running in the server
         // because browsers do not allow setting User-Agent headers to requests
-        if ( typeof globalThis === "object" && !("window" in globalThis) ) {
+        if (!BROWSER) {
             this.headers["User-Agent"] = "app-Generated-TS-Client (Encore/v0.0.0-develop)";
         }
 
@@ -472,15 +474,15 @@ class BaseClient {
     }
 
     // callTypedAPI makes an API call, defaulting content type to "application/json"
-    public async callTypedAPI(method: string, path: string, body?: BodyInit, params?: CallParameters): Promise<Response> {
+    public async callTypedAPI(method: string, path: string, body?: RequestInit["body"], params?: CallParameters): Promise<Response> {
         return this.callAPI(method, path, body, {
             ...params,
             headers: { "Content-Type": "application/json", ...params?.headers }
         });
     }
 
     // callAPI is used by each generated API method to actually make the request
-    public async callAPI(method: string, path: string, body?: BodyInit, params?: CallParameters): Promise<Response> {
+    public async callAPI(method: string, path: string, body?: RequestInit["body"], params?: CallParameters): Promise<Response> {
         let { query, headers, ...rest } = params ?? {}
         const init = {
             ...this.requestInit,

pkg/clientgen/testdata/goapp/expected_baseauth_typescript.ts

@@ -24,6 +24,8 @@ export function PreviewEnv(pr) {
     return Environment(`pr${pr}`)
 }
 
+const BROWSER = typeof globalThis === "object" && ("window" in globalThis);
+
 /**
  * Client is an API client for the app Encore application.
  */
@@ -466,7 +468,7 @@ class BaseClient {
 
         // Add User-Agent header if the script is running in the server
         // because browsers do not allow setting User-Agent headers to requests
-        if (typeof window === "undefined") {
+        if (!BROWSER) {
             this.headers["User-Agent"] = "app-Generated-JS-Client (Encore/v0.0.0-develop)";
         }