Moving logic from templates to libs #2989

infomiho · 2025-07-22T09:45:51Z

High-level overview

This PR:

Introduces the waspc/libs directory
- This directory contains the source code of libraries
Introduces the data/libs directory
- This directory contains the built libraries
- The built libraries will be copied to .wasp/out alongside the SDK directory so the SDK can import the libs
Introduces auth library in the libs directory (named @wasp.sh/libs-auth)
- This library contains some auth code that was extracted from the Wasp SDK
- It demonstrates how we can build the source code with tsdown
- It demonstrates how to pack the library using npm pack and copy it into the data dir
- It demonstrates how to define deps e.g. oslo
- It demonstrates how to have multiple entry points e.g. ./sdk and ./sdk/browser to be able to separate server and browser exports
Introduces the concept of a WaspLib which is how we refer to the libraries in Haskell
- We define the libs by name and this is enough to know where to find the packaged libs (.tgz files) and where to copy them
- We also generate the dependencies needed for SDK from the WaspLib (e.g. file:../../lib-1.0.0.tgz)
- We defined the version to be fixed to 0.0.0 since it will be replaced with the lib checksum when copied
Uses the auth library in the SDK and the server
- It uses some jwt, cookies and password helpers, these helpers depend on external deps e.g. oslo and @node-rs/argon2 (native deps)
- It defined some React helpers in the ./sdk/browser entry to show we can split the code

Note

Note for reviewers: there are three sections:

the auth library
the way the auth library is used in the SDK
and the machinery to package the libs and copy them to the data dir.

I'd suggest reviewing the auth library last since it's just a JS project, nothing new to see there.

How to test it locally

Run ./tools/install_packages_to_data_dir.sh
Start the waspc/examples/todoApp with the cabal run or your alias of choice e.g. wrun
Try using Auth UI to verify the browser code works
Try to login with email to verify password hashing works, reset a password to verify JWTs still work, try OAuth to verify cookies still work

I've tested it in development and production build modes and it works as expected ✅

Known issues in development

~~You have to delete the node_modules and the @wasp.sh/libs-auth entry from package-lock.json to install the new development lib version that you built locally.~~

EDIT: fixed by using a checksum of the library's .tgz checksum as the version which prevents npm from using a stale version. Also, I've excluded the libs from being optimized (and then becoming stale) by Vite in development mode.

Left to do

We need to update the snapshot tests runner not to care about the .tgz files. I'll do this in a separate PR to keep it easier to review this one. Ignore tgz files in e2e tests #3078
Update development workflow in the waspc/README.md and in run script

Closes #2936
Closes #3069

Signed-off-by: Mihovil Ilakovac <[email protected]>

cloudflare-workers-and-pages · 2025-07-22T20:43:53Z

Deploying wasp-docs-on-main with Cloudflare Pages

Latest commit:	`7c08e2d`
Status:	✅ Deploy successful!
Preview URL:	https://461bd450.wasp-docs-on-main.pages.dev
Branch Preview URL:	https://templates-to-libs.wasp-docs-on-main.pages.dev

View logs

waspc/cli/src/Wasp/Cli/Command/Build.hs

.github/workflows/ci-waspc-test.yaml

waspc/data/Generator/templates/sdk/wasp/auth/jwt.ts

infomiho · 2025-07-31T11:56:19Z

waspc/data/Generator/templates/server/src/auth/providers/oauth/cookies.ts

@@ -1,13 +1,13 @@
+import { parseCookies } from "@wasp.sh/libs-auth";


I made this refactor by mistake not realizing that I'm touching the server and not the SDK. It works because the @wasp.sh/libs-auth is installed in the root node_modules... but it breaks our philosophy that we introduced with 0.12.0: user imports from the SDK -> framework imports user code.

If the server imports the auth lib directly, I consider that importing the SDK since the auth lib is just an implementation detail of the SDK.

So, how do we tackle this? The server doesn't have oslo listed as one of its deps (meaning this worked just because SDK had oslo as a dep).

Do we add oslo as the dep of the server to be precise?

Can we avoid the server using oslo directly? That would mean that the server uses the SDK?

Do we consider server using the auth lib directly a violation of our 0.12.0 philosophy?

cc: @sodic

I think a straightforward solution would be to have libs-auth-server and libs-auth-sdk etc
Or the same library with multiple exports should be fine, no?

I've encoded this worry in this issue as we'll need to figure out the naming: #3069

Latest status: I've implemented the proposal from the linked issue in this PR #3069

I like the idea of not "dragging" the server's import chain through the SDK if it isn't necessary. Since SDK will become heavily templated, we want to decouple it from the rest of our codebase as best we can, which means minimizing SDK exports into the framework code.

the SDK since the auth lib is just an implementation detail of the SDK.

This makes sense too because framework code importing stuff from multiple locations seems messy, and I'm 90% sure it will have to import templated stuff at some point.

I'll have to think about this some more, we can discuss it on a call.

waspc/libs/auth/src/client/index.ts

waspc/libs/auth/src/jwt.ts

Martinsos

@infomiho I went through all the comments and commented again to those that needed it!

I think we are are tehre 99% on my side. Most of the comments have RAW in them, so please check them out and then resolve them so they don't clutter the convo.
There are only a few that might need more communication, but I thikn we can get those done quickly.

cprecioso

Approving this PR as in:

Did a mid-depth review, I think we're covered on deep ones
Downloaded it and checked that it works
Happy with the solution design
Green light to merge once you address the outstanding comments

I saw that you agreed with all my comments, so feel free to resolve them once they're fixed. I will unsubscribe myself from this PR now but you can @ tag me if you need my input anywhere.

infomiho · 2025-10-06T10:01:27Z

@sodic ready for another look!

@cprecioso I have only one of your comments to resolve (using WaspLibs in the deps command) - I maybe tackle it in a separate PR even to make it easier to review? #2989 (comment)

@Martinsos responded to all of your comment and resolved the ones marked with RAW if it was all clear

cprecioso · 2025-10-06T10:27:41Z

@infomiho fine by me. I take it this comment will also be part of that PR?

Martinsos

ONly one comment left on my side but it is RAW, so approving!

infomiho changed the title ~~Tempaltes -> libs~~ Moving logic from templates to libs Jul 22, 2025

infomiho force-pushed the templates-to-libs branch 2 times, most recently from 0770d1f to 679a882 Compare July 22, 2025 09:50

WIP initial implementation

b4e1769

Signed-off-by: Mihovil Ilakovac <[email protected]>

infomiho force-pushed the templates-to-libs branch from 679a882 to b4e1769 Compare July 22, 2025 09:50

Apply the SDK location hack to the libs

8b708bb

infomiho force-pushed the templates-to-libs branch 2 times, most recently from 08f9765 to 72e2676 Compare July 22, 2025 21:35

Include libs in the built CLI

49d979c

infomiho force-pushed the templates-to-libs branch from 72e2676 to 49d979c Compare July 22, 2025 22:15

infomiho added 11 commits July 28, 2025 12:45

Merge branch 'main' into templates-to-libs

a352e57

Add build config. Copy libs in the Dockerfile.

97a6838

Update todoApp package-lock.json

121901f

Merge branch 'main' into templates-to-libs

4e248ae

Fixes libs deps install in Dockerfile

ac9d038

Move to using npm pack

3840e58

Formatting

db8aaeb

Client entry point experiment

ac55723

Fix copy command

6dfc790

Formatting

7a84ae8

Refactor code

e8c955a

infomiho marked this pull request as ready for review July 31, 2025 11:33