Fix cache invalidation (#1280)

* invalidate ancestor pages when adding/removing tags
* invalidate area & climb cache by tag (uuid)

Author: vnugent

.github/workflows/nodejs.yml

@@ -27,7 +27,7 @@ jobs:
       - name: Setup Node.js environment
         uses: actions/[email protected]
         with:
-          node-version: '18'
+          node-version: '20'
 
       - name: 'Checkout Project'
         uses: 'actions/checkout@v2'

Dockerfile

@@ -0,0 +1,66 @@
+# syntax=docker.io/docker/dockerfile:1
+
+FROM node:20-alpine AS base
+
+# Install dependencies only when needed
+FROM base AS deps
+# Check https://github.com/nodejs/docker-node/tree/b4117f9333da4138b03a546ec926ef50a31506c3#nodealpine to understand why libc6-compat might be needed.
+RUN apk add --no-cache libc6-compat
+WORKDIR /app
+
+# Install dependencies based on the preferred package manager
+COPY package.json yarn.lock* package-lock.json* pnpm-lock.yaml* .npmrc* ./
+RUN \
+  if [ -f yarn.lock ]; then yarn --frozen-lockfile; \
+  elif [ -f package-lock.json ]; then npm ci; \
+  elif [ -f pnpm-lock.yaml ]; then corepack enable pnpm && pnpm i --frozen-lockfile; \
+  else echo "Lockfile not found." && exit 1; \
+  fi
+
+
+# Rebuild the source code only when needed
+FROM base AS builder
+WORKDIR /app
+COPY --from=deps /app/node_modules ./node_modules
+COPY . .
+
+# Next.js collects completely anonymous telemetry data about general usage.
+# Learn more here: https://nextjs.org/telemetry
+# Uncomment the following line in case you want to disable telemetry during the build.
+ENV NEXT_TELEMETRY_DISABLED=1
+
+RUN \
+  if [ -f yarn.lock ]; then yarn run build; \
+  elif [ -f package-lock.json ]; then npm run build; \
+  elif [ -f pnpm-lock.yaml ]; then corepack enable pnpm && pnpm run build; \
+  else echo "Lockfile not found." && exit 1; \
+  fi
+
+# Production image, copy all the files and run next
+FROM base AS runner
+WORKDIR /app
+
+ENV NODE_ENV=production
+# Uncomment the following line in case you want to disable telemetry during runtime.
+ENV NEXT_TELEMETRY_DISABLED=1
+
+RUN addgroup --system --gid 1001 nodejs
+RUN adduser --system --uid 1001 nextjs
+
+COPY --from=builder /app/public ./public
+
+# Automatically leverage output traces to reduce image size
+# https://nextjs.org/docs/advanced-features/output-file-tracing
+COPY --from=builder --chown=nextjs:nodejs /app/.next/standalone ./
+COPY --from=builder --chown=nextjs:nodejs /app/.next/static ./.next/static
+
+USER nextjs
+
+EXPOSE 3000
+
+ENV PORT=3000
+
+# server.js is created by next build from the standalone output
+# https://nextjs.org/docs/pages/api-reference/config/next-config-js/output
+ENV HOSTNAME="0.0.0.0"
+CMD ["node", "server.js"]

next.config.js

@@ -68,5 +68,8 @@ module.exports = {
         permanent: false
       }
     ]
+  },
+  experimental: {
+    optimizePackageImports: ['@phosphor-icons/react']
   }
 }

package.json

@@ -7,7 +7,7 @@
     "@algolia/autocomplete-js": "1.7.1",
     "@algolia/autocomplete-theme-classic": "1.7.1",
     "@apollo/client": "^3.10.1",
-    "@apollo/experimental-nextjs-app-support": "^0.10.0",
+    "@apollo/experimental-nextjs-app-support": "^0.11.9",
     "@dnd-kit/core": "^6.1.0",
     "@dnd-kit/sortable": "^8.0.0",
     "@dnd-kit/utilities": "^3.2.2",
@@ -18,7 +18,7 @@
     "@lexical/react": "^0.7.5",
     "@math.gl/web-mercator": "3.6.2",
     "@openbeta/sandbag": "^0.0.51",
-    "@phosphor-icons/react": "^2.1.5",
+    "@phosphor-icons/react": "^2.1.7",
     "@radix-ui/react-alert-dialog": "^1.0.0",
     "@radix-ui/react-dialog": "^1.0.0",
     "@radix-ui/react-dropdown-menu": "^2.0.1",
@@ -50,8 +50,8 @@
     "maplibre-gl": "^4.3.2",
     "nanoid": "^4.0.0",
     "nanoid-dictionary": "^4.3.0",
-    "next": "^13.5.6",
-    "next-auth": "^4.22.1",
+    "next": "^13.5.8",
+    "next-auth": "^4.24.11",
     "nprogress": "^0.2.0",
     "paper": "^0.12.17",
     "paperjs-offset": "^1.0.8",
@@ -149,6 +149,6 @@
     }
   },
   "engines": {
-    "node": "18"
+    "node": "20"
   }
 }

src/app/(default)/area/[[...slug]]/page.tsx

@@ -5,7 +5,7 @@ import { MapPinLine, Lightbulb, ArrowRight } from '@phosphor-icons/react/dist/ss
 import Markdown from 'react-markdown'
 
 import PhotoMontage, { UploadPhotoCTA } from '@/components/media/PhotoMontage'
-import { getArea } from '@/js/graphql/getArea'
+import { getAreaRSC } from '@/js/graphql/getAreaRSC'
 import { StickyHeaderContainer } from '@/app/(default)/components/ui/StickyHeaderContainer'
 import { AreaCrumbs } from '@/components/breadcrumbs/AreaCrumbs'
 import { ArticleLastUpdate } from '@/components/edit/ArticleLastUpdate'
@@ -22,14 +22,14 @@ import { PageWithCatchAllUuidProps, PageSlugType } from '@/js/types/pages'
 /**
  * Page cache settings
  */
-export const revalidate = 3600 // 1 hr
+export const revalidate = 2592000 // 30 days
 
 /**
  * Area/crag page
  */
 export default async function Page ({ params }: PageWithCatchAllUuidProps): Promise<any> {
   const areaUuid = parseUuidAsFirstParam({ params })
-  const pageData = await getArea(areaUuid)
+  const pageData = await getAreaRSC(areaUuid)
   if (pageData == null || pageData.area == null) {
     notFound()
   }
@@ -182,7 +182,7 @@ export function generateStaticParams (): PageSlugType[] {
 // Page metadata
 export async function generateMetadata ({ params }: PageWithCatchAllUuidProps): Promise<Metadata> {
   const areaUuid = parseUuidAsFirstParam({ params })
-  const area = await getArea(areaUuid, 'cache-first')
+  const area = await getAreaRSC(areaUuid, 'cache-first')
 
   if (area == null || area.area == null) {
     return {}

src/app/(default)/climb/[[...slug]]/page.tsx

@@ -6,7 +6,7 @@ import PhotoMontage, { UploadPhotoCTA } from '@/components/media/PhotoMontage'
 import { StickyHeaderContainer } from '../../components/ui/StickyHeaderContainer'
 import { parseUuidAsFirstParam, climbLeftRightIndexComparator, getFriendlySlug, getClimbPageFriendlyUrl } from '@/js/utils'
 import { PageWithCatchAllUuidProps } from '@/js/types/pages'
-import { getClimbById } from '@/js/graphql/api'
+import { getClimbByIdRSC } from '@/js/graphql/getClimbRSC'
 import { ClimbData } from './components/ClimbData'
 import { ContentBlock } from './components/ContentBlock'
 import { Summary } from '../../components/ui/Summary'
@@ -19,15 +19,14 @@ import { PageAlert } from './components/PageAlert'
 /**
  * Page cache settings
  */
-export const revalidate = 300 // 5 mins
-export const fetchCache = 'force-no-store' // opt out of Nextjs version of 'fetch'
+export const revalidate = 2592000 // 30 days
 
 /**
  * Climb page
  */
 export default async function Page ({ params }: PageWithCatchAllUuidProps): Promise<any> {
   const climbId = parseUuidAsFirstParam({ params })
-  const climb = await getClimbById(climbId)
+  const climb = await getClimbByIdRSC(climbId)
   if (climb == null) {
     notFound()
   }

src/app/(default)/edit/page.tsx

@@ -9,7 +9,7 @@ export const metadata: Metadata = {
   description: 'Share your climbing adventure photos and contribute to the climbing route catalog.'
 }
 
-export const revalidate = 600
+export const revalidate = 1800
 
 export default async function Page (): Promise<ReactElement> {
   const history = await getChangeHistoryServerSide()

src/app/(default)/login/page.tsx

@@ -1,9 +1,13 @@
 'use client'
-import { useEffect } from 'react'
+import { useEffect, Suspense } from 'react'
 import { useSearchParams, redirect } from 'next/navigation'
 import { signIn, useSession } from 'next-auth/react'
 
 export default function Page (): any {
+  return <Suspense><Login /></Suspense>
+}
+
+function Login (): any {
   const { status } = useSession()
   const searchParams = useSearchParams()
   useEffect(() => {
@@ -15,5 +19,9 @@ export default function Page (): any {
       void signIn('auth0')
     }
   }, [status])
-  return <div className='h-screen w-screen'><div className='m-6 text-sm'>Please wait...</div></div>
+  return (
+    <div className='h-screen w-screen'>
+      <div className='m-6 text-sm'>Please wait...</div>
+    </div>
+  )
 }

src/app/api/auth/[...nextauth]/authOptions.ts

@@ -0,0 +1,158 @@
+import axios from 'axios'
+import type { NextAuthOptions } from 'next-auth'
+import Auth0Provider from 'next-auth/providers/auth0'
+
+import { AUTH_CONFIG_SERVER } from '../../../../Config'
+import { IUserMetadata, UserRole } from '../../../../js/types/User'
+import { initializeUserInDB } from '@/js/auth/initializeUserInDb'
+
+const CustomClaimsNS = 'https://tacos.openbeta.io/'
+const CustomClaimUserMetadata = CustomClaimsNS + 'user_metadata'
+const CustomClaimRoles = CustomClaimsNS + 'roles'
+
+if (AUTH_CONFIG_SERVER == null) throw new Error('AUTH_CONFIG_SERVER not defined')
+const { clientSecret, clientId, issuer } = AUTH_CONFIG_SERVER
+
+if (process.env.NODE_ENV === 'production' && clientSecret.length === 0) {
+  throw new Error('AUTH0_CLIENT_SECRET is required in production')
+}
+
+export const authOptions: NextAuthOptions = {
+  providers: [
+    Auth0Provider({
+      clientId,
+      clientSecret,
+      issuer,
+      authorization: {
+        params: {
+          audience: 'https://api.openbeta.io',
+          scope: 'offline_access access_token_authz openid email profile read:current_user create:current_user_metadata update:current_user_metadata read:stats update:area_attrs'
+        }
+      },
+      client: {
+        token_endpoint_auth_method: clientSecret.length === 0 ? 'none' : 'client_secret_basic'
+      }
+    })
+  ],
+  debug: false,
+  events: {},
+  pages: {
+    verifyRequest: '/auth/verify-request',
+    signIn: '/login'
+  },
+  theme: {
+    colorScheme: 'light',
+    brandColor: '#F15E40', // Hex color code
+    logo: 'https://openbeta.io/_next/static/media/openbeta-logo-with-text.3621d038.svg', // Absolute URL to image
+    buttonText: '#111826' // Hex color code
+  },
+  callbacks: {
+    // See https://next-auth.js.org/configuration/callbacks#jwt-callback
+    async jwt ({ token, account, profile, user }) {
+      /**
+         * `account` object is only populated once when the user first logged in.
+         */
+      if (account?.access_token != null) {
+        token.accessToken = account.access_token
+      }
+
+      if (account?.refresh_token != null) {
+        token.refreshToken = account.refresh_token
+      }
+
+      /**
+         * `account.expires_at` is set in Auth0 custom API
+         *  Applications -> API -> (OB Climb API) -> Access Token Settings -> Implicit/Hybrid Access Token Lifetime
+         */
+      if (account?.expires_at != null) {
+        token.expiresAt = account.expires_at
+      }
+
+      if (profile?.sub != null) {
+        token.id = profile.sub
+      }
+
+      // @ts-expect-error
+      if (profile?.[CustomClaimUserMetadata] != null) {
+        // null guard needed because profile object is only available once
+        // @ts-expect-error
+        token.userMetadata = (profile?.[CustomClaimUserMetadata] as IUserMetadata)
+        // @ts-expect-error
+        const customClaimRoles = profile?.[CustomClaimRoles] as string[] ?? []
+        token.userMetadata.roles = customClaimRoles.map((r: string) => {
+          return UserRole[r.toUpperCase() as keyof typeof UserRole]
+        })
+      }
+
+      if (token?.refreshToken == null || token?.expiresAt == null) {
+        throw new Error('Invalid auth data')
+      }
+
+      if (!(token.userMetadata?.initializedDb ?? false)) {
+        const { userMetadata, email, picture: avatar, id: auth0UserId } = token
+        const { nick: username, uuid: userUuid } = userMetadata
+        const { accessToken } = token
+
+        const success = await initializeUserInDB({ auth0UserId, accessToken, username, userUuid, avatar, email })
+        if (success) {
+          token.userMetadata.initializedDb = true
+        }
+      }
+
+      if ((token.expiresAt as number) < (Date.now() / 1000)) {
+        const { accessToken, refreshToken, expiresAt } = await refreshAccessTokenSilently(token.refreshToken as string)
+        token.accessToken = accessToken
+        token.refreshToken = refreshToken
+        token.expiresAt = expiresAt
+      }
+
+      return token
+    },
+
+    async session ({ session, user, token }) {
+      if (token.userMetadata == null ||
+          token?.userMetadata?.uuid == null || token?.userMetadata?.nick == null) {
+        // we must have user uuid and nickname for everything to work
+        throw new Error('Missing user uuid and nickname from Auth provider')
+      }
+
+      session.user.metadata = token.userMetadata
+      session.accessToken = token.accessToken
+      session.id = token.id
+      return session
+    }
+  }
+}
+
+const refreshAccessTokenSilently = async (refreshToken: string): Promise<any> => {
+  const response = await axios.request<{
+    access_token: string
+    refresh_token: string
+    expires_in: number
+  }>({
+    method: 'POST',
+    url: `${issuer}/oauth/token`,
+    headers: { 'content-type': 'application/json' },
+    data: JSON.stringify({
+      grant_type: 'refresh_token',
+      client_id: clientId,
+      client_secret: clientSecret,
+      refresh_token: refreshToken
+    })
+  })
+
+  /* eslint-disable @typescript-eslint/naming-convention */
+  const {
+    access_token, refresh_token, expires_in
+  } = response.data
+
+  if (access_token == null || refresh_token == null || expires_in == null) {
+    throw new Error('Missing data in refresh token flow')
+  }
+
+  return {
+    accessToken: access_token,
+    refreshToken: refresh_token,
+    expiresAt: Math.floor((Date.now() / 1000) + expires_in)
+  }
+}