2023-05-15 22:16:29 +03:00
# Use React Framework
Merge Next.js into `main` (#3116)
* Initialise Next.js app using create-next-app
Command run: npx create-next-app@latest
* Also tell VSCode to format TS and TSX files
* WIP: Sign in with next-auth
* Add Fluent
Unfortunately, since the ReactLocalization object contains
functions, it can't be shared between client and server (because
functions can't be serialized), so in effect every page that uses
localisation has to be a client component.
But at least we can set the correct `lang` attribute on <html> on
the server, so there's that :)
* Copy-paste public breach scan into Next.js
* Halfway migrate public breach list
Did not do: breach icons and getLocale() (for list and date
formatting).
* Enable SSR for localised strings
This allows our pages to be Server Components now.
* Download breach logos in Next.js server
* Tell search engines not to index non-prod envs
* Port existing security headers from Helmet to Next
* Add a 404 page
* Relax CSP in local development
* Set up Next-Auth for server components
It still doesn't work at the moment because the correct redirect
URL hasn't yet been set up on FxA.
* Apply Prettier to Next.js files on commit
* Enable Sass
* feat: Port existing landing page
* fix: Set hibp footer as html
* Wire up Next.js to FxA using iron-session
* feat: Port main layout for authenticated pages
* chore: Get session in layout
* Set up Prettier for VSCode users
* fix: Provide fxa user menu with data
* chore: Format Create Next App template
* Make Next-Auth work with FxA
To test, add the following two variables to your .env:
NEXTAUTH_URL=http://localhost:6060
NEXTAUTH_SECRET=<generate using `openssl rand -base64 32`>
You can then add <SignInButton/> to e.g. the landing page to kick
off authentication.
* Port breach-detail page to Next.js
* Add pending translations
* Access session data in React components
* Use Prettier as the formatter in VSCode
* Port Nebula & Protocol tokens into tokens file
* merge: Resolve conflicts
* fix: Move hr into li element
* feat: Handle authenticated users
* chore: Add todo note
* chore: Don’t use default exports for SignInButton and UserMenu
* chore: Move site navigation to client-side component
* Make mozlog work with Next.js
Unfortunately, this required patching the `intel` package. That
said, since that package hasn't been updated in six years, this
should be relatively safe.
The problem is that `intel` was trying to dynamically determine
which modules to load based on which files were present in its
directory. However, since Next.js moves (and presumably bundles)
Node modules into the `.next` folder, it was unable to find the
modules that `mozlog` was expecting to use.
The patch fixes this by simply explicitly importing those four
modules.
* Add back a couple of authentication logs
* add woff files and metropolis css file
* add right font path
* format scss file to include camelcase
* chore: Move components into (nextjs_migration) and remove redundant layout file
* chore: Remove redirect landing page -> dashboard
* chore: Redirect to dashboard upon signin
* add title and body copy variables
* use token variables in landing scss file instead of old variables from variables.css
* feat: Add basic dashboard page elements
* chore: Add circle chart web component
* chore: Add custom select web component
* breaches get and put calls
* cleanup
* get rid of debug logs
* Add sentry to nextJS branch (#3075)
MNTOR-1641 - enable Sentry for NextJS, for front- and back-end code
* chore: Render user breaches
* feat: Port breach resolution api
* fix: Check breach resolution filter by default
* chore: Add redirect /user/dashboard -> /user/breaches
* feat: Add breach page types
* chore: Remove breach resolution API call headers
* fix: Rename changed API response data key
* add template button component
* remove assets
* add button styling
* chore: Trigger auto signIn for pages that require authentication
* chore: Update breach types
* chore: Repurpose HIBP BreachDataTypes
* chore: Don’t capitalize first letter of chart label
* chore: Remove duplicate font size
* chore: Rename BreachResolutionApiBody -> BreachResolutionRequest
* Add a redirect from /security-tips for Next.js
This was already present in the Express-based website.
* Add the app shell for the React-based website
* chore: Re-enable gtag
* use old font code and add status pill component
* remove unnecessary package additions and style status pills
* lint
* test exposurecard data func
* MNTOR-1765 - set title, favicon, and meta tag correctly for nextjs app (#3082)
* Port unsubscribe-monthly page to Next.js
* add toggle to exposurecard accordion
* add icons to exposure type
* Ease transition from `getMessage`
This adds a `getStringLookup` API to ease the transition from old
Fluent functions (which depend on the user's locale being stored in
AsyncLocalStorage). It will behave the same as the old getMessage()
when called as-is, but when passed an instance of ReactLocalization
(which we have access to in Next.js routes), it will retrieve the
localised string from that.
* Add preliminary Subscriber table type definition
* Process new user sign-in
This does a couple of things:
- It updates the code that sends the breach check email on
first sign-in to pass an instance of ReactLocalization.
- It splits session data and JWT properties to separate data
provided to use by FxA from data we store in our own database.
- It checks if the user that signs in is already known in our
database, and if not, it adds them. It does so using mostly the
same code as in /src/controllers/auth.js's `confirmed` function.
* dockerflow endpoints
* remove introduction.mdx for now, refine button states
* apply some changes
* Move new components out of migration dir
* Delete .bash_profile
* Delete storybook.log
* Delete main.js
* Delete preview.js
* remove use of inter for now
* feat: add email api
* feat: remove email api
* verify email
* update comms options
* light refactoring
* take shared function out to util
* send verification email
* add another property to EmailRow
* add some types
* rename route
* fix review comment
* Fix MNTOR-1634: Stub /settings page (auth)
* Remove commented code, add CSS, match HTML markup from previous iterations
* Remove/comment out logic dependent on session info
* Wire up settings page and new APIs
* Work around radio button unchecking on page load
* Adding a catch all 404
Not ideal but the best solution at the moment
Co-authored-by: Vincent <Vinnl@users.noreply.github.com>
* version route
* remove log
* Port admin pages to Next.js
The Notification email doesn't work yet, because it's not clear yet
how to trigger the Cloud Function.
* Add Storybook build output folder to gitignore
* Set up Netlify
* Group Storybook ignores together
* add node env
Co-authored-by: Vincent <Vinnl@users.noreply.github.com>
* fix test
* fix npm test
* fix css lint
* fix lint js
* exclude sentry.*
* Set up the actual linting we'll use
* Prettier-ignore appropriate files, format the rest
* Fix/ignore ESLint and TypeScript errors
* Make tests work with getStringLookup
* Remove now-unused dependencies and build scripts
* Update CI scripts for Next.js
* Add missing Next.js dependencies to the lockfile
These were added when running `next build`.
* Tag Next.js migration TODOs
* Make "add email" dialog work on dashboard
* Load client-side scripts as modules
This is the same the old website did, and avoids e.g. different
`init` functions overriding each other.
* Fix loading of FxA avatar
* Use <BreachLogo> component
* Allow Next.js's inline scripts/styles in prod
For `style-src`, the current website already enables
'unsafe-inline'. For script-src, it looks like we currently cannot
avoid that: https://github.com/vercel/next.js/discussions/51039
* Debug Playwright (#3118)
---------
Co-authored-by: Florian Zia <zia.florian@gmail.com>
Co-authored-by: Kaitlyn <kandres@mozilla.com>
Co-authored-by: Joey Zhou <jozhou@mozilla.com>
Co-authored-by: Robert Helmer <rhelmer@mozilla.com>
Co-authored-by: maxxcrawford <maxx.crawford@gmail.com>
2023-06-12 23:35:35 +03:00
- Status: proposed
- Deciders: Monitor team
- Date: 2022-05-03
- Technical Story: [MNTOR-1588 ](https://mozilla-hub.atlassian.net/browse/MNTOR-1588 )
2023-05-15 22:16:29 +03:00
## Context and Problem Statement
Merge Next.js into `main` (#3116)
* Initialise Next.js app using create-next-app
Command run: npx create-next-app@latest
* Also tell VSCode to format TS and TSX files
* WIP: Sign in with next-auth
* Add Fluent
Unfortunately, since the ReactLocalization object contains
functions, it can't be shared between client and server (because
functions can't be serialized), so in effect every page that uses
localisation has to be a client component.
But at least we can set the correct `lang` attribute on <html> on
the server, so there's that :)
* Copy-paste public breach scan into Next.js
* Halfway migrate public breach list
Did not do: breach icons and getLocale() (for list and date
formatting).
* Enable SSR for localised strings
This allows our pages to be Server Components now.
* Download breach logos in Next.js server
* Tell search engines not to index non-prod envs
* Port existing security headers from Helmet to Next
* Add a 404 page
* Relax CSP in local development
* Set up Next-Auth for server components
It still doesn't work at the moment because the correct redirect
URL hasn't yet been set up on FxA.
* Apply Prettier to Next.js files on commit
* Enable Sass
* feat: Port existing landing page
* fix: Set hibp footer as html
* Wire up Next.js to FxA using iron-session
* feat: Port main layout for authenticated pages
* chore: Get session in layout
* Set up Prettier for VSCode users
* fix: Provide fxa user menu with data
* chore: Format Create Next App template
* Make Next-Auth work with FxA
To test, add the following two variables to your .env:
NEXTAUTH_URL=http://localhost:6060
NEXTAUTH_SECRET=<generate using `openssl rand -base64 32`>
You can then add <SignInButton/> to e.g. the landing page to kick
off authentication.
* Port breach-detail page to Next.js
* Add pending translations
* Access session data in React components
* Use Prettier as the formatter in VSCode
* Port Nebula & Protocol tokens into tokens file
* merge: Resolve conflicts
* fix: Move hr into li element
* feat: Handle authenticated users
* chore: Add todo note
* chore: Don’t use default exports for SignInButton and UserMenu
* chore: Move site navigation to client-side component
* Make mozlog work with Next.js
Unfortunately, this required patching the `intel` package. That
said, since that package hasn't been updated in six years, this
should be relatively safe.
The problem is that `intel` was trying to dynamically determine
which modules to load based on which files were present in its
directory. However, since Next.js moves (and presumably bundles)
Node modules into the `.next` folder, it was unable to find the
modules that `mozlog` was expecting to use.
The patch fixes this by simply explicitly importing those four
modules.
* Add back a couple of authentication logs
* add woff files and metropolis css file
* add right font path
* format scss file to include camelcase
* chore: Move components into (nextjs_migration) and remove redundant layout file
* chore: Remove redirect landing page -> dashboard
* chore: Redirect to dashboard upon signin
* add title and body copy variables
* use token variables in landing scss file instead of old variables from variables.css
* feat: Add basic dashboard page elements
* chore: Add circle chart web component
* chore: Add custom select web component
* breaches get and put calls
* cleanup
* get rid of debug logs
* Add sentry to nextJS branch (#3075)
MNTOR-1641 - enable Sentry for NextJS, for front- and back-end code
* chore: Render user breaches
* feat: Port breach resolution api
* fix: Check breach resolution filter by default
* chore: Add redirect /user/dashboard -> /user/breaches
* feat: Add breach page types
* chore: Remove breach resolution API call headers
* fix: Rename changed API response data key
* add template button component
* remove assets
* add button styling
* chore: Trigger auto signIn for pages that require authentication
* chore: Update breach types
* chore: Repurpose HIBP BreachDataTypes
* chore: Don’t capitalize first letter of chart label
* chore: Remove duplicate font size
* chore: Rename BreachResolutionApiBody -> BreachResolutionRequest
* Add a redirect from /security-tips for Next.js
This was already present in the Express-based website.
* Add the app shell for the React-based website
* chore: Re-enable gtag
* use old font code and add status pill component
* remove unnecessary package additions and style status pills
* lint
* test exposurecard data func
* MNTOR-1765 - set title, favicon, and meta tag correctly for nextjs app (#3082)
* Port unsubscribe-monthly page to Next.js
* add toggle to exposurecard accordion
* add icons to exposure type
* Ease transition from `getMessage`
This adds a `getStringLookup` API to ease the transition from old
Fluent functions (which depend on the user's locale being stored in
AsyncLocalStorage). It will behave the same as the old getMessage()
when called as-is, but when passed an instance of ReactLocalization
(which we have access to in Next.js routes), it will retrieve the
localised string from that.
* Add preliminary Subscriber table type definition
* Process new user sign-in
This does a couple of things:
- It updates the code that sends the breach check email on
first sign-in to pass an instance of ReactLocalization.
- It splits session data and JWT properties to separate data
provided to use by FxA from data we store in our own database.
- It checks if the user that signs in is already known in our
database, and if not, it adds them. It does so using mostly the
same code as in /src/controllers/auth.js's `confirmed` function.
* dockerflow endpoints
* remove introduction.mdx for now, refine button states
* apply some changes
* Move new components out of migration dir
* Delete .bash_profile
* Delete storybook.log
* Delete main.js
* Delete preview.js
* remove use of inter for now
* feat: add email api
* feat: remove email api
* verify email
* update comms options
* light refactoring
* take shared function out to util
* send verification email
* add another property to EmailRow
* add some types
* rename route
* fix review comment
* Fix MNTOR-1634: Stub /settings page (auth)
* Remove commented code, add CSS, match HTML markup from previous iterations
* Remove/comment out logic dependent on session info
* Wire up settings page and new APIs
* Work around radio button unchecking on page load
* Adding a catch all 404
Not ideal but the best solution at the moment
Co-authored-by: Vincent <Vinnl@users.noreply.github.com>
* version route
* remove log
* Port admin pages to Next.js
The Notification email doesn't work yet, because it's not clear yet
how to trigger the Cloud Function.
* Add Storybook build output folder to gitignore
* Set up Netlify
* Group Storybook ignores together
* add node env
Co-authored-by: Vincent <Vinnl@users.noreply.github.com>
* fix test
* fix npm test
* fix css lint
* fix lint js
* exclude sentry.*
* Set up the actual linting we'll use
* Prettier-ignore appropriate files, format the rest
* Fix/ignore ESLint and TypeScript errors
* Make tests work with getStringLookup
* Remove now-unused dependencies and build scripts
* Update CI scripts for Next.js
* Add missing Next.js dependencies to the lockfile
These were added when running `next build`.
* Tag Next.js migration TODOs
* Make "add email" dialog work on dashboard
* Load client-side scripts as modules
This is the same the old website did, and avoids e.g. different
`init` functions overriding each other.
* Fix loading of FxA avatar
* Use <BreachLogo> component
* Allow Next.js's inline scripts/styles in prod
For `style-src`, the current website already enables
'unsafe-inline'. For script-src, it looks like we currently cannot
avoid that: https://github.com/vercel/next.js/discussions/51039
* Debug Playwright (#3118)
---------
Co-authored-by: Florian Zia <zia.florian@gmail.com>
Co-authored-by: Kaitlyn <kandres@mozilla.com>
Co-authored-by: Joey Zhou <jozhou@mozilla.com>
Co-authored-by: Robert Helmer <rhelmer@mozilla.com>
Co-authored-by: maxxcrawford <maxx.crawford@gmail.com>
2023-06-12 23:35:35 +03:00
The Monitor team is tasked with launching a premium product offering as soon as possible. The current architecture of Monitor is not suited for synchronous feature development and lacks the complex client-side state management premium will require.
2023-05-15 22:16:29 +03:00
## Decision Drivers <!-- optional -->
Merge Next.js into `main` (#3116)
* Initialise Next.js app using create-next-app
Command run: npx create-next-app@latest
* Also tell VSCode to format TS and TSX files
* WIP: Sign in with next-auth
* Add Fluent
Unfortunately, since the ReactLocalization object contains
functions, it can't be shared between client and server (because
functions can't be serialized), so in effect every page that uses
localisation has to be a client component.
But at least we can set the correct `lang` attribute on <html> on
the server, so there's that :)
* Copy-paste public breach scan into Next.js
* Halfway migrate public breach list
Did not do: breach icons and getLocale() (for list and date
formatting).
* Enable SSR for localised strings
This allows our pages to be Server Components now.
* Download breach logos in Next.js server
* Tell search engines not to index non-prod envs
* Port existing security headers from Helmet to Next
* Add a 404 page
* Relax CSP in local development
* Set up Next-Auth for server components
It still doesn't work at the moment because the correct redirect
URL hasn't yet been set up on FxA.
* Apply Prettier to Next.js files on commit
* Enable Sass
* feat: Port existing landing page
* fix: Set hibp footer as html
* Wire up Next.js to FxA using iron-session
* feat: Port main layout for authenticated pages
* chore: Get session in layout
* Set up Prettier for VSCode users
* fix: Provide fxa user menu with data
* chore: Format Create Next App template
* Make Next-Auth work with FxA
To test, add the following two variables to your .env:
NEXTAUTH_URL=http://localhost:6060
NEXTAUTH_SECRET=<generate using `openssl rand -base64 32`>
You can then add <SignInButton/> to e.g. the landing page to kick
off authentication.
* Port breach-detail page to Next.js
* Add pending translations
* Access session data in React components
* Use Prettier as the formatter in VSCode
* Port Nebula & Protocol tokens into tokens file
* merge: Resolve conflicts
* fix: Move hr into li element
* feat: Handle authenticated users
* chore: Add todo note
* chore: Don’t use default exports for SignInButton and UserMenu
* chore: Move site navigation to client-side component
* Make mozlog work with Next.js
Unfortunately, this required patching the `intel` package. That
said, since that package hasn't been updated in six years, this
should be relatively safe.
The problem is that `intel` was trying to dynamically determine
which modules to load based on which files were present in its
directory. However, since Next.js moves (and presumably bundles)
Node modules into the `.next` folder, it was unable to find the
modules that `mozlog` was expecting to use.
The patch fixes this by simply explicitly importing those four
modules.
* Add back a couple of authentication logs
* add woff files and metropolis css file
* add right font path
* format scss file to include camelcase
* chore: Move components into (nextjs_migration) and remove redundant layout file
* chore: Remove redirect landing page -> dashboard
* chore: Redirect to dashboard upon signin
* add title and body copy variables
* use token variables in landing scss file instead of old variables from variables.css
* feat: Add basic dashboard page elements
* chore: Add circle chart web component
* chore: Add custom select web component
* breaches get and put calls
* cleanup
* get rid of debug logs
* Add sentry to nextJS branch (#3075)
MNTOR-1641 - enable Sentry for NextJS, for front- and back-end code
* chore: Render user breaches
* feat: Port breach resolution api
* fix: Check breach resolution filter by default
* chore: Add redirect /user/dashboard -> /user/breaches
* feat: Add breach page types
* chore: Remove breach resolution API call headers
* fix: Rename changed API response data key
* add template button component
* remove assets
* add button styling
* chore: Trigger auto signIn for pages that require authentication
* chore: Update breach types
* chore: Repurpose HIBP BreachDataTypes
* chore: Don’t capitalize first letter of chart label
* chore: Remove duplicate font size
* chore: Rename BreachResolutionApiBody -> BreachResolutionRequest
* Add a redirect from /security-tips for Next.js
This was already present in the Express-based website.
* Add the app shell for the React-based website
* chore: Re-enable gtag
* use old font code and add status pill component
* remove unnecessary package additions and style status pills
* lint
* test exposurecard data func
* MNTOR-1765 - set title, favicon, and meta tag correctly for nextjs app (#3082)
* Port unsubscribe-monthly page to Next.js
* add toggle to exposurecard accordion
* add icons to exposure type
* Ease transition from `getMessage`
This adds a `getStringLookup` API to ease the transition from old
Fluent functions (which depend on the user's locale being stored in
AsyncLocalStorage). It will behave the same as the old getMessage()
when called as-is, but when passed an instance of ReactLocalization
(which we have access to in Next.js routes), it will retrieve the
localised string from that.
* Add preliminary Subscriber table type definition
* Process new user sign-in
This does a couple of things:
- It updates the code that sends the breach check email on
first sign-in to pass an instance of ReactLocalization.
- It splits session data and JWT properties to separate data
provided to use by FxA from data we store in our own database.
- It checks if the user that signs in is already known in our
database, and if not, it adds them. It does so using mostly the
same code as in /src/controllers/auth.js's `confirmed` function.
* dockerflow endpoints
* remove introduction.mdx for now, refine button states
* apply some changes
* Move new components out of migration dir
* Delete .bash_profile
* Delete storybook.log
* Delete main.js
* Delete preview.js
* remove use of inter for now
* feat: add email api
* feat: remove email api
* verify email
* update comms options
* light refactoring
* take shared function out to util
* send verification email
* add another property to EmailRow
* add some types
* rename route
* fix review comment
* Fix MNTOR-1634: Stub /settings page (auth)
* Remove commented code, add CSS, match HTML markup from previous iterations
* Remove/comment out logic dependent on session info
* Wire up settings page and new APIs
* Work around radio button unchecking on page load
* Adding a catch all 404
Not ideal but the best solution at the moment
Co-authored-by: Vincent <Vinnl@users.noreply.github.com>
* version route
* remove log
* Port admin pages to Next.js
The Notification email doesn't work yet, because it's not clear yet
how to trigger the Cloud Function.
* Add Storybook build output folder to gitignore
* Set up Netlify
* Group Storybook ignores together
* add node env
Co-authored-by: Vincent <Vinnl@users.noreply.github.com>
* fix test
* fix npm test
* fix css lint
* fix lint js
* exclude sentry.*
* Set up the actual linting we'll use
* Prettier-ignore appropriate files, format the rest
* Fix/ignore ESLint and TypeScript errors
* Make tests work with getStringLookup
* Remove now-unused dependencies and build scripts
* Update CI scripts for Next.js
* Add missing Next.js dependencies to the lockfile
These were added when running `next build`.
* Tag Next.js migration TODOs
* Make "add email" dialog work on dashboard
* Load client-side scripts as modules
This is the same the old website did, and avoids e.g. different
`init` functions overriding each other.
* Fix loading of FxA avatar
* Use <BreachLogo> component
* Allow Next.js's inline scripts/styles in prod
For `style-src`, the current website already enables
'unsafe-inline'. For script-src, it looks like we currently cannot
avoid that: https://github.com/vercel/next.js/discussions/51039
* Debug Playwright (#3118)
---------
Co-authored-by: Florian Zia <zia.florian@gmail.com>
Co-authored-by: Kaitlyn <kandres@mozilla.com>
Co-authored-by: Joey Zhou <jozhou@mozilla.com>
Co-authored-by: Robert Helmer <rhelmer@mozilla.com>
Co-authored-by: maxxcrawford <maxx.crawford@gmail.com>
2023-06-12 23:35:35 +03:00
- The expansion in Monitor premium requires a framework to manage increased complexity and client-side state management
- Promote component sharing between S& P web-based products, Relay & Monitor
- Allow developers to work on specific components and features without affecting the rest of the codebase (fewer merge conflicts, makes it easier break down tickets)
- Unidirectional (one-way) data flow makes it easier to understand the flow of data in the application, which may be necessary when handling multiple states (especially for the data removal sequence)
- Monitor Front-end engineers have extensive React experience
2023-05-15 22:16:29 +03:00
## Considered Options
1. Migrate framework to React and Next.js
Merge Next.js into `main` (#3116)
* Initialise Next.js app using create-next-app
Command run: npx create-next-app@latest
* Also tell VSCode to format TS and TSX files
* WIP: Sign in with next-auth
* Add Fluent
Unfortunately, since the ReactLocalization object contains
functions, it can't be shared between client and server (because
functions can't be serialized), so in effect every page that uses
localisation has to be a client component.
But at least we can set the correct `lang` attribute on <html> on
the server, so there's that :)
* Copy-paste public breach scan into Next.js
* Halfway migrate public breach list
Did not do: breach icons and getLocale() (for list and date
formatting).
* Enable SSR for localised strings
This allows our pages to be Server Components now.
* Download breach logos in Next.js server
* Tell search engines not to index non-prod envs
* Port existing security headers from Helmet to Next
* Add a 404 page
* Relax CSP in local development
* Set up Next-Auth for server components
It still doesn't work at the moment because the correct redirect
URL hasn't yet been set up on FxA.
* Apply Prettier to Next.js files on commit
* Enable Sass
* feat: Port existing landing page
* fix: Set hibp footer as html
* Wire up Next.js to FxA using iron-session
* feat: Port main layout for authenticated pages
* chore: Get session in layout
* Set up Prettier for VSCode users
* fix: Provide fxa user menu with data
* chore: Format Create Next App template
* Make Next-Auth work with FxA
To test, add the following two variables to your .env:
NEXTAUTH_URL=http://localhost:6060
NEXTAUTH_SECRET=<generate using `openssl rand -base64 32`>
You can then add <SignInButton/> to e.g. the landing page to kick
off authentication.
* Port breach-detail page to Next.js
* Add pending translations
* Access session data in React components
* Use Prettier as the formatter in VSCode
* Port Nebula & Protocol tokens into tokens file
* merge: Resolve conflicts
* fix: Move hr into li element
* feat: Handle authenticated users
* chore: Add todo note
* chore: Don’t use default exports for SignInButton and UserMenu
* chore: Move site navigation to client-side component
* Make mozlog work with Next.js
Unfortunately, this required patching the `intel` package. That
said, since that package hasn't been updated in six years, this
should be relatively safe.
The problem is that `intel` was trying to dynamically determine
which modules to load based on which files were present in its
directory. However, since Next.js moves (and presumably bundles)
Node modules into the `.next` folder, it was unable to find the
modules that `mozlog` was expecting to use.
The patch fixes this by simply explicitly importing those four
modules.
* Add back a couple of authentication logs
* add woff files and metropolis css file
* add right font path
* format scss file to include camelcase
* chore: Move components into (nextjs_migration) and remove redundant layout file
* chore: Remove redirect landing page -> dashboard
* chore: Redirect to dashboard upon signin
* add title and body copy variables
* use token variables in landing scss file instead of old variables from variables.css
* feat: Add basic dashboard page elements
* chore: Add circle chart web component
* chore: Add custom select web component
* breaches get and put calls
* cleanup
* get rid of debug logs
* Add sentry to nextJS branch (#3075)
MNTOR-1641 - enable Sentry for NextJS, for front- and back-end code
* chore: Render user breaches
* feat: Port breach resolution api
* fix: Check breach resolution filter by default
* chore: Add redirect /user/dashboard -> /user/breaches
* feat: Add breach page types
* chore: Remove breach resolution API call headers
* fix: Rename changed API response data key
* add template button component
* remove assets
* add button styling
* chore: Trigger auto signIn for pages that require authentication
* chore: Update breach types
* chore: Repurpose HIBP BreachDataTypes
* chore: Don’t capitalize first letter of chart label
* chore: Remove duplicate font size
* chore: Rename BreachResolutionApiBody -> BreachResolutionRequest
* Add a redirect from /security-tips for Next.js
This was already present in the Express-based website.
* Add the app shell for the React-based website
* chore: Re-enable gtag
* use old font code and add status pill component
* remove unnecessary package additions and style status pills
* lint
* test exposurecard data func
* MNTOR-1765 - set title, favicon, and meta tag correctly for nextjs app (#3082)
* Port unsubscribe-monthly page to Next.js
* add toggle to exposurecard accordion
* add icons to exposure type
* Ease transition from `getMessage`
This adds a `getStringLookup` API to ease the transition from old
Fluent functions (which depend on the user's locale being stored in
AsyncLocalStorage). It will behave the same as the old getMessage()
when called as-is, but when passed an instance of ReactLocalization
(which we have access to in Next.js routes), it will retrieve the
localised string from that.
* Add preliminary Subscriber table type definition
* Process new user sign-in
This does a couple of things:
- It updates the code that sends the breach check email on
first sign-in to pass an instance of ReactLocalization.
- It splits session data and JWT properties to separate data
provided to use by FxA from data we store in our own database.
- It checks if the user that signs in is already known in our
database, and if not, it adds them. It does so using mostly the
same code as in /src/controllers/auth.js's `confirmed` function.
* dockerflow endpoints
* remove introduction.mdx for now, refine button states
* apply some changes
* Move new components out of migration dir
* Delete .bash_profile
* Delete storybook.log
* Delete main.js
* Delete preview.js
* remove use of inter for now
* feat: add email api
* feat: remove email api
* verify email
* update comms options
* light refactoring
* take shared function out to util
* send verification email
* add another property to EmailRow
* add some types
* rename route
* fix review comment
* Fix MNTOR-1634: Stub /settings page (auth)
* Remove commented code, add CSS, match HTML markup from previous iterations
* Remove/comment out logic dependent on session info
* Wire up settings page and new APIs
* Work around radio button unchecking on page load
* Adding a catch all 404
Not ideal but the best solution at the moment
Co-authored-by: Vincent <Vinnl@users.noreply.github.com>
* version route
* remove log
* Port admin pages to Next.js
The Notification email doesn't work yet, because it's not clear yet
how to trigger the Cloud Function.
* Add Storybook build output folder to gitignore
* Set up Netlify
* Group Storybook ignores together
* add node env
Co-authored-by: Vincent <Vinnl@users.noreply.github.com>
* fix test
* fix npm test
* fix css lint
* fix lint js
* exclude sentry.*
* Set up the actual linting we'll use
* Prettier-ignore appropriate files, format the rest
* Fix/ignore ESLint and TypeScript errors
* Make tests work with getStringLookup
* Remove now-unused dependencies and build scripts
* Update CI scripts for Next.js
* Add missing Next.js dependencies to the lockfile
These were added when running `next build`.
* Tag Next.js migration TODOs
* Make "add email" dialog work on dashboard
* Load client-side scripts as modules
This is the same the old website did, and avoids e.g. different
`init` functions overriding each other.
* Fix loading of FxA avatar
* Use <BreachLogo> component
* Allow Next.js's inline scripts/styles in prod
For `style-src`, the current website already enables
'unsafe-inline'. For script-src, it looks like we currently cannot
avoid that: https://github.com/vercel/next.js/discussions/51039
* Debug Playwright (#3118)
---------
Co-authored-by: Florian Zia <zia.florian@gmail.com>
Co-authored-by: Kaitlyn <kandres@mozilla.com>
Co-authored-by: Joey Zhou <jozhou@mozilla.com>
Co-authored-by: Robert Helmer <rhelmer@mozilla.com>
Co-authored-by: maxxcrawford <maxx.crawford@gmail.com>
2023-06-12 23:35:35 +03:00
1. Leave as-is
2023-05-15 22:16:29 +03:00
1. Use a different framework
## Decision Outcome
TBD
Merge Next.js into `main` (#3116)
* Initialise Next.js app using create-next-app
Command run: npx create-next-app@latest
* Also tell VSCode to format TS and TSX files
* WIP: Sign in with next-auth
* Add Fluent
Unfortunately, since the ReactLocalization object contains
functions, it can't be shared between client and server (because
functions can't be serialized), so in effect every page that uses
localisation has to be a client component.
But at least we can set the correct `lang` attribute on <html> on
the server, so there's that :)
* Copy-paste public breach scan into Next.js
* Halfway migrate public breach list
Did not do: breach icons and getLocale() (for list and date
formatting).
* Enable SSR for localised strings
This allows our pages to be Server Components now.
* Download breach logos in Next.js server
* Tell search engines not to index non-prod envs
* Port existing security headers from Helmet to Next
* Add a 404 page
* Relax CSP in local development
* Set up Next-Auth for server components
It still doesn't work at the moment because the correct redirect
URL hasn't yet been set up on FxA.
* Apply Prettier to Next.js files on commit
* Enable Sass
* feat: Port existing landing page
* fix: Set hibp footer as html
* Wire up Next.js to FxA using iron-session
* feat: Port main layout for authenticated pages
* chore: Get session in layout
* Set up Prettier for VSCode users
* fix: Provide fxa user menu with data
* chore: Format Create Next App template
* Make Next-Auth work with FxA
To test, add the following two variables to your .env:
NEXTAUTH_URL=http://localhost:6060
NEXTAUTH_SECRET=<generate using `openssl rand -base64 32`>
You can then add <SignInButton/> to e.g. the landing page to kick
off authentication.
* Port breach-detail page to Next.js
* Add pending translations
* Access session data in React components
* Use Prettier as the formatter in VSCode
* Port Nebula & Protocol tokens into tokens file
* merge: Resolve conflicts
* fix: Move hr into li element
* feat: Handle authenticated users
* chore: Add todo note
* chore: Don’t use default exports for SignInButton and UserMenu
* chore: Move site navigation to client-side component
* Make mozlog work with Next.js
Unfortunately, this required patching the `intel` package. That
said, since that package hasn't been updated in six years, this
should be relatively safe.
The problem is that `intel` was trying to dynamically determine
which modules to load based on which files were present in its
directory. However, since Next.js moves (and presumably bundles)
Node modules into the `.next` folder, it was unable to find the
modules that `mozlog` was expecting to use.
The patch fixes this by simply explicitly importing those four
modules.
* Add back a couple of authentication logs
* add woff files and metropolis css file
* add right font path
* format scss file to include camelcase
* chore: Move components into (nextjs_migration) and remove redundant layout file
* chore: Remove redirect landing page -> dashboard
* chore: Redirect to dashboard upon signin
* add title and body copy variables
* use token variables in landing scss file instead of old variables from variables.css
* feat: Add basic dashboard page elements
* chore: Add circle chart web component
* chore: Add custom select web component
* breaches get and put calls
* cleanup
* get rid of debug logs
* Add sentry to nextJS branch (#3075)
MNTOR-1641 - enable Sentry for NextJS, for front- and back-end code
* chore: Render user breaches
* feat: Port breach resolution api
* fix: Check breach resolution filter by default
* chore: Add redirect /user/dashboard -> /user/breaches
* feat: Add breach page types
* chore: Remove breach resolution API call headers
* fix: Rename changed API response data key
* add template button component
* remove assets
* add button styling
* chore: Trigger auto signIn for pages that require authentication
* chore: Update breach types
* chore: Repurpose HIBP BreachDataTypes
* chore: Don’t capitalize first letter of chart label
* chore: Remove duplicate font size
* chore: Rename BreachResolutionApiBody -> BreachResolutionRequest
* Add a redirect from /security-tips for Next.js
This was already present in the Express-based website.
* Add the app shell for the React-based website
* chore: Re-enable gtag
* use old font code and add status pill component
* remove unnecessary package additions and style status pills
* lint
* test exposurecard data func
* MNTOR-1765 - set title, favicon, and meta tag correctly for nextjs app (#3082)
* Port unsubscribe-monthly page to Next.js
* add toggle to exposurecard accordion
* add icons to exposure type
* Ease transition from `getMessage`
This adds a `getStringLookup` API to ease the transition from old
Fluent functions (which depend on the user's locale being stored in
AsyncLocalStorage). It will behave the same as the old getMessage()
when called as-is, but when passed an instance of ReactLocalization
(which we have access to in Next.js routes), it will retrieve the
localised string from that.
* Add preliminary Subscriber table type definition
* Process new user sign-in
This does a couple of things:
- It updates the code that sends the breach check email on
first sign-in to pass an instance of ReactLocalization.
- It splits session data and JWT properties to separate data
provided to use by FxA from data we store in our own database.
- It checks if the user that signs in is already known in our
database, and if not, it adds them. It does so using mostly the
same code as in /src/controllers/auth.js's `confirmed` function.
* dockerflow endpoints
* remove introduction.mdx for now, refine button states
* apply some changes
* Move new components out of migration dir
* Delete .bash_profile
* Delete storybook.log
* Delete main.js
* Delete preview.js
* remove use of inter for now
* feat: add email api
* feat: remove email api
* verify email
* update comms options
* light refactoring
* take shared function out to util
* send verification email
* add another property to EmailRow
* add some types
* rename route
* fix review comment
* Fix MNTOR-1634: Stub /settings page (auth)
* Remove commented code, add CSS, match HTML markup from previous iterations
* Remove/comment out logic dependent on session info
* Wire up settings page and new APIs
* Work around radio button unchecking on page load
* Adding a catch all 404
Not ideal but the best solution at the moment
Co-authored-by: Vincent <Vinnl@users.noreply.github.com>
* version route
* remove log
* Port admin pages to Next.js
The Notification email doesn't work yet, because it's not clear yet
how to trigger the Cloud Function.
* Add Storybook build output folder to gitignore
* Set up Netlify
* Group Storybook ignores together
* add node env
Co-authored-by: Vincent <Vinnl@users.noreply.github.com>
* fix test
* fix npm test
* fix css lint
* fix lint js
* exclude sentry.*
* Set up the actual linting we'll use
* Prettier-ignore appropriate files, format the rest
* Fix/ignore ESLint and TypeScript errors
* Make tests work with getStringLookup
* Remove now-unused dependencies and build scripts
* Update CI scripts for Next.js
* Add missing Next.js dependencies to the lockfile
These were added when running `next build`.
* Tag Next.js migration TODOs
* Make "add email" dialog work on dashboard
* Load client-side scripts as modules
This is the same the old website did, and avoids e.g. different
`init` functions overriding each other.
* Fix loading of FxA avatar
* Use <BreachLogo> component
* Allow Next.js's inline scripts/styles in prod
For `style-src`, the current website already enables
'unsafe-inline'. For script-src, it looks like we currently cannot
avoid that: https://github.com/vercel/next.js/discussions/51039
* Debug Playwright (#3118)
---------
Co-authored-by: Florian Zia <zia.florian@gmail.com>
Co-authored-by: Kaitlyn <kandres@mozilla.com>
Co-authored-by: Joey Zhou <jozhou@mozilla.com>
Co-authored-by: Robert Helmer <rhelmer@mozilla.com>
Co-authored-by: maxxcrawford <maxx.crawford@gmail.com>
2023-06-12 23:35:35 +03:00
_Note: If "Migrate to React/Next.js" is selected, we also need to decide on the migration plan_
2023-05-15 22:16:29 +03:00
## Pros and Cons of the Options <!-- optional -->
### Migrate framework to React and Next.js
Merge Next.js into `main` (#3116)
* Initialise Next.js app using create-next-app
Command run: npx create-next-app@latest
* Also tell VSCode to format TS and TSX files
* WIP: Sign in with next-auth
* Add Fluent
Unfortunately, since the ReactLocalization object contains
functions, it can't be shared between client and server (because
functions can't be serialized), so in effect every page that uses
localisation has to be a client component.
But at least we can set the correct `lang` attribute on <html> on
the server, so there's that :)
* Copy-paste public breach scan into Next.js
* Halfway migrate public breach list
Did not do: breach icons and getLocale() (for list and date
formatting).
* Enable SSR for localised strings
This allows our pages to be Server Components now.
* Download breach logos in Next.js server
* Tell search engines not to index non-prod envs
* Port existing security headers from Helmet to Next
* Add a 404 page
* Relax CSP in local development
* Set up Next-Auth for server components
It still doesn't work at the moment because the correct redirect
URL hasn't yet been set up on FxA.
* Apply Prettier to Next.js files on commit
* Enable Sass
* feat: Port existing landing page
* fix: Set hibp footer as html
* Wire up Next.js to FxA using iron-session
* feat: Port main layout for authenticated pages
* chore: Get session in layout
* Set up Prettier for VSCode users
* fix: Provide fxa user menu with data
* chore: Format Create Next App template
* Make Next-Auth work with FxA
To test, add the following two variables to your .env:
NEXTAUTH_URL=http://localhost:6060
NEXTAUTH_SECRET=<generate using `openssl rand -base64 32`>
You can then add <SignInButton/> to e.g. the landing page to kick
off authentication.
* Port breach-detail page to Next.js
* Add pending translations
* Access session data in React components
* Use Prettier as the formatter in VSCode
* Port Nebula & Protocol tokens into tokens file
* merge: Resolve conflicts
* fix: Move hr into li element
* feat: Handle authenticated users
* chore: Add todo note
* chore: Don’t use default exports for SignInButton and UserMenu
* chore: Move site navigation to client-side component
* Make mozlog work with Next.js
Unfortunately, this required patching the `intel` package. That
said, since that package hasn't been updated in six years, this
should be relatively safe.
The problem is that `intel` was trying to dynamically determine
which modules to load based on which files were present in its
directory. However, since Next.js moves (and presumably bundles)
Node modules into the `.next` folder, it was unable to find the
modules that `mozlog` was expecting to use.
The patch fixes this by simply explicitly importing those four
modules.
* Add back a couple of authentication logs
* add woff files and metropolis css file
* add right font path
* format scss file to include camelcase
* chore: Move components into (nextjs_migration) and remove redundant layout file
* chore: Remove redirect landing page -> dashboard
* chore: Redirect to dashboard upon signin
* add title and body copy variables
* use token variables in landing scss file instead of old variables from variables.css
* feat: Add basic dashboard page elements
* chore: Add circle chart web component
* chore: Add custom select web component
* breaches get and put calls
* cleanup
* get rid of debug logs
* Add sentry to nextJS branch (#3075)
MNTOR-1641 - enable Sentry for NextJS, for front- and back-end code
* chore: Render user breaches
* feat: Port breach resolution api
* fix: Check breach resolution filter by default
* chore: Add redirect /user/dashboard -> /user/breaches
* feat: Add breach page types
* chore: Remove breach resolution API call headers
* fix: Rename changed API response data key
* add template button component
* remove assets
* add button styling
* chore: Trigger auto signIn for pages that require authentication
* chore: Update breach types
* chore: Repurpose HIBP BreachDataTypes
* chore: Don’t capitalize first letter of chart label
* chore: Remove duplicate font size
* chore: Rename BreachResolutionApiBody -> BreachResolutionRequest
* Add a redirect from /security-tips for Next.js
This was already present in the Express-based website.
* Add the app shell for the React-based website
* chore: Re-enable gtag
* use old font code and add status pill component
* remove unnecessary package additions and style status pills
* lint
* test exposurecard data func
* MNTOR-1765 - set title, favicon, and meta tag correctly for nextjs app (#3082)
* Port unsubscribe-monthly page to Next.js
* add toggle to exposurecard accordion
* add icons to exposure type
* Ease transition from `getMessage`
This adds a `getStringLookup` API to ease the transition from old
Fluent functions (which depend on the user's locale being stored in
AsyncLocalStorage). It will behave the same as the old getMessage()
when called as-is, but when passed an instance of ReactLocalization
(which we have access to in Next.js routes), it will retrieve the
localised string from that.
* Add preliminary Subscriber table type definition
* Process new user sign-in
This does a couple of things:
- It updates the code that sends the breach check email on
first sign-in to pass an instance of ReactLocalization.
- It splits session data and JWT properties to separate data
provided to use by FxA from data we store in our own database.
- It checks if the user that signs in is already known in our
database, and if not, it adds them. It does so using mostly the
same code as in /src/controllers/auth.js's `confirmed` function.
* dockerflow endpoints
* remove introduction.mdx for now, refine button states
* apply some changes
* Move new components out of migration dir
* Delete .bash_profile
* Delete storybook.log
* Delete main.js
* Delete preview.js
* remove use of inter for now
* feat: add email api
* feat: remove email api
* verify email
* update comms options
* light refactoring
* take shared function out to util
* send verification email
* add another property to EmailRow
* add some types
* rename route
* fix review comment
* Fix MNTOR-1634: Stub /settings page (auth)
* Remove commented code, add CSS, match HTML markup from previous iterations
* Remove/comment out logic dependent on session info
* Wire up settings page and new APIs
* Work around radio button unchecking on page load
* Adding a catch all 404
Not ideal but the best solution at the moment
Co-authored-by: Vincent <Vinnl@users.noreply.github.com>
* version route
* remove log
* Port admin pages to Next.js
The Notification email doesn't work yet, because it's not clear yet
how to trigger the Cloud Function.
* Add Storybook build output folder to gitignore
* Set up Netlify
* Group Storybook ignores together
* add node env
Co-authored-by: Vincent <Vinnl@users.noreply.github.com>
* fix test
* fix npm test
* fix css lint
* fix lint js
* exclude sentry.*
* Set up the actual linting we'll use
* Prettier-ignore appropriate files, format the rest
* Fix/ignore ESLint and TypeScript errors
* Make tests work with getStringLookup
* Remove now-unused dependencies and build scripts
* Update CI scripts for Next.js
* Add missing Next.js dependencies to the lockfile
These were added when running `next build`.
* Tag Next.js migration TODOs
* Make "add email" dialog work on dashboard
* Load client-side scripts as modules
This is the same the old website did, and avoids e.g. different
`init` functions overriding each other.
* Fix loading of FxA avatar
* Use <BreachLogo> component
* Allow Next.js's inline scripts/styles in prod
For `style-src`, the current website already enables
'unsafe-inline'. For script-src, it looks like we currently cannot
avoid that: https://github.com/vercel/next.js/discussions/51039
* Debug Playwright (#3118)
---------
Co-authored-by: Florian Zia <zia.florian@gmail.com>
Co-authored-by: Kaitlyn <kandres@mozilla.com>
Co-authored-by: Joey Zhou <jozhou@mozilla.com>
Co-authored-by: Robert Helmer <rhelmer@mozilla.com>
Co-authored-by: maxxcrawford <maxx.crawford@gmail.com>
2023-06-12 23:35:35 +03:00
- Good, Component-based Architecture: This simplifies code maintenance by breaking complex UIs into reusable components.
- Good, Testing: the virtual DOM makes it feasible to write non-brittle (i.e. without needing to fire up a full browser) unit tests of the front-end
- Good, Fewer bugs: having React take care of removing, adding or changing DOM nodes removes a large surface area for bugs.
- Good, Shared knowledge: This approach shares the same structure as Firefox Relay. This would immediately allow the team to reuse and reference.
- Note that FxA came to a similar decision: [FxA ADR: Refactor Subscription Platform frontend - with Next.js ](https://github.com/mozilla/fxa/blob/main/docs/adr/0035-refactor-payments-frontend-with-nextjs.md )
- Good, Enables static analysis: programmatically-generated DOM and explicit module imports enables optimal use of TypeScript to catch errors at compile-time and make code more self-explanatory.
- Good, Industry Usage/Standard: React has a large and active community of developers, with many resources available, including libraries, tutorials, and support.
- Accessibility: Access to [React Aria ](https://react-spectrum.adobe.com/react-aria/ ) (Relay also uses this library).
- Good, [fluent-react ](https://github.com/projectfluent/fluent.js/tree/main/fluent-react ) enables localised messages that can be updated on the client-side
- Good, Avoid snowflake configs: we won't have to manually set up tooling and make sure they work well together, like [#3003 ](https://github.com/mozilla/blurts-server/pull/3003 ) and [#2987 ](https://github.com/mozilla/blurts-server/pull/2987 )
- Good, Automatic code splitting, avoiding e.g. cumulative layout shift, and decreating bundle sizes.
- Good, Great front-end developer experience: VSCode code plugins for code completion, error linting, hot reloading for rapid iteration, etc.
- Good, Reduce network roundtrip time and frequency, improves app performance
- Bad, Tooling Overhead: React's tooling and ecosystem can be complex, which can be a disadvantage for developers who prefer a more minimalistic approach.
- Bad, Performance cost when rendering a large number of components, may require additional optimization work
- Bad, Learning curve: Challenging for new developers jumping into the project to understand how to debug issues or how components are interacting with each other
- Bad, Time Cost: Time spent porting existing site over to React
- Bad, We give away some autonomy w.r.t. what tooling we can use and when we can use the latest versions.
- Bad, The client-side execution time of React is additional overhead.
- Bad, No portability or interoperability to non-React projects.
- Bad, React will require maintenance and periodic upgrades
- Bad, Rendering performance cost: Initial load of React
2023-05-15 22:16:29 +03:00
## (Secondary Decision) Migration Plan Options
There are roughly three options to migrate to React
#### 1. Static-site generation (SSG)
This is what Relay currently does. This involves a strong split between our front-end and the back-end: the front-end is compiled to a bunch of JS, HTML and CSS files, that are then served as-is by the back-end. After they get loaded by the browser, the client-side JS then makes a bunch of API calls to the server to determine what to show to the user.
Pros:
Merge Next.js into `main` (#3116)
* Initialise Next.js app using create-next-app
Command run: npx create-next-app@latest
* Also tell VSCode to format TS and TSX files
* WIP: Sign in with next-auth
* Add Fluent
Unfortunately, since the ReactLocalization object contains
functions, it can't be shared between client and server (because
functions can't be serialized), so in effect every page that uses
localisation has to be a client component.
But at least we can set the correct `lang` attribute on <html> on
the server, so there's that :)
* Copy-paste public breach scan into Next.js
* Halfway migrate public breach list
Did not do: breach icons and getLocale() (for list and date
formatting).
* Enable SSR for localised strings
This allows our pages to be Server Components now.
* Download breach logos in Next.js server
* Tell search engines not to index non-prod envs
* Port existing security headers from Helmet to Next
* Add a 404 page
* Relax CSP in local development
* Set up Next-Auth for server components
It still doesn't work at the moment because the correct redirect
URL hasn't yet been set up on FxA.
* Apply Prettier to Next.js files on commit
* Enable Sass
* feat: Port existing landing page
* fix: Set hibp footer as html
* Wire up Next.js to FxA using iron-session
* feat: Port main layout for authenticated pages
* chore: Get session in layout
* Set up Prettier for VSCode users
* fix: Provide fxa user menu with data
* chore: Format Create Next App template
* Make Next-Auth work with FxA
To test, add the following two variables to your .env:
NEXTAUTH_URL=http://localhost:6060
NEXTAUTH_SECRET=<generate using `openssl rand -base64 32`>
You can then add <SignInButton/> to e.g. the landing page to kick
off authentication.
* Port breach-detail page to Next.js
* Add pending translations
* Access session data in React components
* Use Prettier as the formatter in VSCode
* Port Nebula & Protocol tokens into tokens file
* merge: Resolve conflicts
* fix: Move hr into li element
* feat: Handle authenticated users
* chore: Add todo note
* chore: Don’t use default exports for SignInButton and UserMenu
* chore: Move site navigation to client-side component
* Make mozlog work with Next.js
Unfortunately, this required patching the `intel` package. That
said, since that package hasn't been updated in six years, this
should be relatively safe.
The problem is that `intel` was trying to dynamically determine
which modules to load based on which files were present in its
directory. However, since Next.js moves (and presumably bundles)
Node modules into the `.next` folder, it was unable to find the
modules that `mozlog` was expecting to use.
The patch fixes this by simply explicitly importing those four
modules.
* Add back a couple of authentication logs
* add woff files and metropolis css file
* add right font path
* format scss file to include camelcase
* chore: Move components into (nextjs_migration) and remove redundant layout file
* chore: Remove redirect landing page -> dashboard
* chore: Redirect to dashboard upon signin
* add title and body copy variables
* use token variables in landing scss file instead of old variables from variables.css
* feat: Add basic dashboard page elements
* chore: Add circle chart web component
* chore: Add custom select web component
* breaches get and put calls
* cleanup
* get rid of debug logs
* Add sentry to nextJS branch (#3075)
MNTOR-1641 - enable Sentry for NextJS, for front- and back-end code
* chore: Render user breaches
* feat: Port breach resolution api
* fix: Check breach resolution filter by default
* chore: Add redirect /user/dashboard -> /user/breaches
* feat: Add breach page types
* chore: Remove breach resolution API call headers
* fix: Rename changed API response data key
* add template button component
* remove assets
* add button styling
* chore: Trigger auto signIn for pages that require authentication
* chore: Update breach types
* chore: Repurpose HIBP BreachDataTypes
* chore: Don’t capitalize first letter of chart label
* chore: Remove duplicate font size
* chore: Rename BreachResolutionApiBody -> BreachResolutionRequest
* Add a redirect from /security-tips for Next.js
This was already present in the Express-based website.
* Add the app shell for the React-based website
* chore: Re-enable gtag
* use old font code and add status pill component
* remove unnecessary package additions and style status pills
* lint
* test exposurecard data func
* MNTOR-1765 - set title, favicon, and meta tag correctly for nextjs app (#3082)
* Port unsubscribe-monthly page to Next.js
* add toggle to exposurecard accordion
* add icons to exposure type
* Ease transition from `getMessage`
This adds a `getStringLookup` API to ease the transition from old
Fluent functions (which depend on the user's locale being stored in
AsyncLocalStorage). It will behave the same as the old getMessage()
when called as-is, but when passed an instance of ReactLocalization
(which we have access to in Next.js routes), it will retrieve the
localised string from that.
* Add preliminary Subscriber table type definition
* Process new user sign-in
This does a couple of things:
- It updates the code that sends the breach check email on
first sign-in to pass an instance of ReactLocalization.
- It splits session data and JWT properties to separate data
provided to use by FxA from data we store in our own database.
- It checks if the user that signs in is already known in our
database, and if not, it adds them. It does so using mostly the
same code as in /src/controllers/auth.js's `confirmed` function.
* dockerflow endpoints
* remove introduction.mdx for now, refine button states
* apply some changes
* Move new components out of migration dir
* Delete .bash_profile
* Delete storybook.log
* Delete main.js
* Delete preview.js
* remove use of inter for now
* feat: add email api
* feat: remove email api
* verify email
* update comms options
* light refactoring
* take shared function out to util
* send verification email
* add another property to EmailRow
* add some types
* rename route
* fix review comment
* Fix MNTOR-1634: Stub /settings page (auth)
* Remove commented code, add CSS, match HTML markup from previous iterations
* Remove/comment out logic dependent on session info
* Wire up settings page and new APIs
* Work around radio button unchecking on page load
* Adding a catch all 404
Not ideal but the best solution at the moment
Co-authored-by: Vincent <Vinnl@users.noreply.github.com>
* version route
* remove log
* Port admin pages to Next.js
The Notification email doesn't work yet, because it's not clear yet
how to trigger the Cloud Function.
* Add Storybook build output folder to gitignore
* Set up Netlify
* Group Storybook ignores together
* add node env
Co-authored-by: Vincent <Vinnl@users.noreply.github.com>
* fix test
* fix npm test
* fix css lint
* fix lint js
* exclude sentry.*
* Set up the actual linting we'll use
* Prettier-ignore appropriate files, format the rest
* Fix/ignore ESLint and TypeScript errors
* Make tests work with getStringLookup
* Remove now-unused dependencies and build scripts
* Update CI scripts for Next.js
* Add missing Next.js dependencies to the lockfile
These were added when running `next build`.
* Tag Next.js migration TODOs
* Make "add email" dialog work on dashboard
* Load client-side scripts as modules
This is the same the old website did, and avoids e.g. different
`init` functions overriding each other.
* Fix loading of FxA avatar
* Use <BreachLogo> component
* Allow Next.js's inline scripts/styles in prod
For `style-src`, the current website already enables
'unsafe-inline'. For script-src, it looks like we currently cannot
avoid that: https://github.com/vercel/next.js/discussions/51039
* Debug Playwright (#3118)
---------
Co-authored-by: Florian Zia <zia.florian@gmail.com>
Co-authored-by: Kaitlyn <kandres@mozilla.com>
Co-authored-by: Joey Zhou <jozhou@mozilla.com>
Co-authored-by: Robert Helmer <rhelmer@mozilla.com>
Co-authored-by: maxxcrawford <maxx.crawford@gmail.com>
2023-06-12 23:35:35 +03:00
2023-05-15 22:16:29 +03:00
- Back-end doesn't need to run Node (very applicable to Relay).
- The front-end can be deployed separately from the back-end, e.g. to Netlify.
Cons:
Merge Next.js into `main` (#3116)
* Initialise Next.js app using create-next-app
Command run: npx create-next-app@latest
* Also tell VSCode to format TS and TSX files
* WIP: Sign in with next-auth
* Add Fluent
Unfortunately, since the ReactLocalization object contains
functions, it can't be shared between client and server (because
functions can't be serialized), so in effect every page that uses
localisation has to be a client component.
But at least we can set the correct `lang` attribute on <html> on
the server, so there's that :)
* Copy-paste public breach scan into Next.js
* Halfway migrate public breach list
Did not do: breach icons and getLocale() (for list and date
formatting).
* Enable SSR for localised strings
This allows our pages to be Server Components now.
* Download breach logos in Next.js server
* Tell search engines not to index non-prod envs
* Port existing security headers from Helmet to Next
* Add a 404 page
* Relax CSP in local development
* Set up Next-Auth for server components
It still doesn't work at the moment because the correct redirect
URL hasn't yet been set up on FxA.
* Apply Prettier to Next.js files on commit
* Enable Sass
* feat: Port existing landing page
* fix: Set hibp footer as html
* Wire up Next.js to FxA using iron-session
* feat: Port main layout for authenticated pages
* chore: Get session in layout
* Set up Prettier for VSCode users
* fix: Provide fxa user menu with data
* chore: Format Create Next App template
* Make Next-Auth work with FxA
To test, add the following two variables to your .env:
NEXTAUTH_URL=http://localhost:6060
NEXTAUTH_SECRET=<generate using `openssl rand -base64 32`>
You can then add <SignInButton/> to e.g. the landing page to kick
off authentication.
* Port breach-detail page to Next.js
* Add pending translations
* Access session data in React components
* Use Prettier as the formatter in VSCode
* Port Nebula & Protocol tokens into tokens file
* merge: Resolve conflicts
* fix: Move hr into li element
* feat: Handle authenticated users
* chore: Add todo note
* chore: Don’t use default exports for SignInButton and UserMenu
* chore: Move site navigation to client-side component
* Make mozlog work with Next.js
Unfortunately, this required patching the `intel` package. That
said, since that package hasn't been updated in six years, this
should be relatively safe.
The problem is that `intel` was trying to dynamically determine
which modules to load based on which files were present in its
directory. However, since Next.js moves (and presumably bundles)
Node modules into the `.next` folder, it was unable to find the
modules that `mozlog` was expecting to use.
The patch fixes this by simply explicitly importing those four
modules.
* Add back a couple of authentication logs
* add woff files and metropolis css file
* add right font path
* format scss file to include camelcase
* chore: Move components into (nextjs_migration) and remove redundant layout file
* chore: Remove redirect landing page -> dashboard
* chore: Redirect to dashboard upon signin
* add title and body copy variables
* use token variables in landing scss file instead of old variables from variables.css
* feat: Add basic dashboard page elements
* chore: Add circle chart web component
* chore: Add custom select web component
* breaches get and put calls
* cleanup
* get rid of debug logs
* Add sentry to nextJS branch (#3075)
MNTOR-1641 - enable Sentry for NextJS, for front- and back-end code
* chore: Render user breaches
* feat: Port breach resolution api
* fix: Check breach resolution filter by default
* chore: Add redirect /user/dashboard -> /user/breaches
* feat: Add breach page types
* chore: Remove breach resolution API call headers
* fix: Rename changed API response data key
* add template button component
* remove assets
* add button styling
* chore: Trigger auto signIn for pages that require authentication
* chore: Update breach types
* chore: Repurpose HIBP BreachDataTypes
* chore: Don’t capitalize first letter of chart label
* chore: Remove duplicate font size
* chore: Rename BreachResolutionApiBody -> BreachResolutionRequest
* Add a redirect from /security-tips for Next.js
This was already present in the Express-based website.
* Add the app shell for the React-based website
* chore: Re-enable gtag
* use old font code and add status pill component
* remove unnecessary package additions and style status pills
* lint
* test exposurecard data func
* MNTOR-1765 - set title, favicon, and meta tag correctly for nextjs app (#3082)
* Port unsubscribe-monthly page to Next.js
* add toggle to exposurecard accordion
* add icons to exposure type
* Ease transition from `getMessage`
This adds a `getStringLookup` API to ease the transition from old
Fluent functions (which depend on the user's locale being stored in
AsyncLocalStorage). It will behave the same as the old getMessage()
when called as-is, but when passed an instance of ReactLocalization
(which we have access to in Next.js routes), it will retrieve the
localised string from that.
* Add preliminary Subscriber table type definition
* Process new user sign-in
This does a couple of things:
- It updates the code that sends the breach check email on
first sign-in to pass an instance of ReactLocalization.
- It splits session data and JWT properties to separate data
provided to use by FxA from data we store in our own database.
- It checks if the user that signs in is already known in our
database, and if not, it adds them. It does so using mostly the
same code as in /src/controllers/auth.js's `confirmed` function.
* dockerflow endpoints
* remove introduction.mdx for now, refine button states
* apply some changes
* Move new components out of migration dir
* Delete .bash_profile
* Delete storybook.log
* Delete main.js
* Delete preview.js
* remove use of inter for now
* feat: add email api
* feat: remove email api
* verify email
* update comms options
* light refactoring
* take shared function out to util
* send verification email
* add another property to EmailRow
* add some types
* rename route
* fix review comment
* Fix MNTOR-1634: Stub /settings page (auth)
* Remove commented code, add CSS, match HTML markup from previous iterations
* Remove/comment out logic dependent on session info
* Wire up settings page and new APIs
* Work around radio button unchecking on page load
* Adding a catch all 404
Not ideal but the best solution at the moment
Co-authored-by: Vincent <Vinnl@users.noreply.github.com>
* version route
* remove log
* Port admin pages to Next.js
The Notification email doesn't work yet, because it's not clear yet
how to trigger the Cloud Function.
* Add Storybook build output folder to gitignore
* Set up Netlify
* Group Storybook ignores together
* add node env
Co-authored-by: Vincent <Vinnl@users.noreply.github.com>
* fix test
* fix npm test
* fix css lint
* fix lint js
* exclude sentry.*
* Set up the actual linting we'll use
* Prettier-ignore appropriate files, format the rest
* Fix/ignore ESLint and TypeScript errors
* Make tests work with getStringLookup
* Remove now-unused dependencies and build scripts
* Update CI scripts for Next.js
* Add missing Next.js dependencies to the lockfile
These were added when running `next build`.
* Tag Next.js migration TODOs
* Make "add email" dialog work on dashboard
* Load client-side scripts as modules
This is the same the old website did, and avoids e.g. different
`init` functions overriding each other.
* Fix loading of FxA avatar
* Use <BreachLogo> component
* Allow Next.js's inline scripts/styles in prod
For `style-src`, the current website already enables
'unsafe-inline'. For script-src, it looks like we currently cannot
avoid that: https://github.com/vercel/next.js/discussions/51039
* Debug Playwright (#3118)
---------
Co-authored-by: Florian Zia <zia.florian@gmail.com>
Co-authored-by: Kaitlyn <kandres@mozilla.com>
Co-authored-by: Joey Zhou <jozhou@mozilla.com>
Co-authored-by: Robert Helmer <rhelmer@mozilla.com>
Co-authored-by: maxxcrawford <maxx.crawford@gmail.com>
2023-06-12 23:35:35 +03:00
2023-05-15 22:16:29 +03:00
- Negative performance impact on non-prerendered pages (e.g. behind a login), as after downloading the client, JS needs to run and API requests need to complete before the page can be rendered.
- The initial response cannot be tailored to the current user, e.g. by communicating the content language (which is determined by client-side JS). This can negatively affect e.g. client-side translation and thus Lighthouse scores.
- Missing out on a bunch of automatic optimisations Next.js does, and going a bit "against the grain" on the main use case the Next.js folks focus on.
#### 2. Server-side rendering (SSR)
This involves having Next.js run our back-end, where it can tailor the initially-rendered DOM to the current user.
Pros:
Merge Next.js into `main` (#3116)
* Initialise Next.js app using create-next-app
Command run: npx create-next-app@latest
* Also tell VSCode to format TS and TSX files
* WIP: Sign in with next-auth
* Add Fluent
Unfortunately, since the ReactLocalization object contains
functions, it can't be shared between client and server (because
functions can't be serialized), so in effect every page that uses
localisation has to be a client component.
But at least we can set the correct `lang` attribute on <html> on
the server, so there's that :)
* Copy-paste public breach scan into Next.js
* Halfway migrate public breach list
Did not do: breach icons and getLocale() (for list and date
formatting).
* Enable SSR for localised strings
This allows our pages to be Server Components now.
* Download breach logos in Next.js server
* Tell search engines not to index non-prod envs
* Port existing security headers from Helmet to Next
* Add a 404 page
* Relax CSP in local development
* Set up Next-Auth for server components
It still doesn't work at the moment because the correct redirect
URL hasn't yet been set up on FxA.
* Apply Prettier to Next.js files on commit
* Enable Sass
* feat: Port existing landing page
* fix: Set hibp footer as html
* Wire up Next.js to FxA using iron-session
* feat: Port main layout for authenticated pages
* chore: Get session in layout
* Set up Prettier for VSCode users
* fix: Provide fxa user menu with data
* chore: Format Create Next App template
* Make Next-Auth work with FxA
To test, add the following two variables to your .env:
NEXTAUTH_URL=http://localhost:6060
NEXTAUTH_SECRET=<generate using `openssl rand -base64 32`>
You can then add <SignInButton/> to e.g. the landing page to kick
off authentication.
* Port breach-detail page to Next.js
* Add pending translations
* Access session data in React components
* Use Prettier as the formatter in VSCode
* Port Nebula & Protocol tokens into tokens file
* merge: Resolve conflicts
* fix: Move hr into li element
* feat: Handle authenticated users
* chore: Add todo note
* chore: Don’t use default exports for SignInButton and UserMenu
* chore: Move site navigation to client-side component
* Make mozlog work with Next.js
Unfortunately, this required patching the `intel` package. That
said, since that package hasn't been updated in six years, this
should be relatively safe.
The problem is that `intel` was trying to dynamically determine
which modules to load based on which files were present in its
directory. However, since Next.js moves (and presumably bundles)
Node modules into the `.next` folder, it was unable to find the
modules that `mozlog` was expecting to use.
The patch fixes this by simply explicitly importing those four
modules.
* Add back a couple of authentication logs
* add woff files and metropolis css file
* add right font path
* format scss file to include camelcase
* chore: Move components into (nextjs_migration) and remove redundant layout file
* chore: Remove redirect landing page -> dashboard
* chore: Redirect to dashboard upon signin
* add title and body copy variables
* use token variables in landing scss file instead of old variables from variables.css
* feat: Add basic dashboard page elements
* chore: Add circle chart web component
* chore: Add custom select web component
* breaches get and put calls
* cleanup
* get rid of debug logs
* Add sentry to nextJS branch (#3075)
MNTOR-1641 - enable Sentry for NextJS, for front- and back-end code
* chore: Render user breaches
* feat: Port breach resolution api
* fix: Check breach resolution filter by default
* chore: Add redirect /user/dashboard -> /user/breaches
* feat: Add breach page types
* chore: Remove breach resolution API call headers
* fix: Rename changed API response data key
* add template button component
* remove assets
* add button styling
* chore: Trigger auto signIn for pages that require authentication
* chore: Update breach types
* chore: Repurpose HIBP BreachDataTypes
* chore: Don’t capitalize first letter of chart label
* chore: Remove duplicate font size
* chore: Rename BreachResolutionApiBody -> BreachResolutionRequest
* Add a redirect from /security-tips for Next.js
This was already present in the Express-based website.
* Add the app shell for the React-based website
* chore: Re-enable gtag
* use old font code and add status pill component
* remove unnecessary package additions and style status pills
* lint
* test exposurecard data func
* MNTOR-1765 - set title, favicon, and meta tag correctly for nextjs app (#3082)
* Port unsubscribe-monthly page to Next.js
* add toggle to exposurecard accordion
* add icons to exposure type
* Ease transition from `getMessage`
This adds a `getStringLookup` API to ease the transition from old
Fluent functions (which depend on the user's locale being stored in
AsyncLocalStorage). It will behave the same as the old getMessage()
when called as-is, but when passed an instance of ReactLocalization
(which we have access to in Next.js routes), it will retrieve the
localised string from that.
* Add preliminary Subscriber table type definition
* Process new user sign-in
This does a couple of things:
- It updates the code that sends the breach check email on
first sign-in to pass an instance of ReactLocalization.
- It splits session data and JWT properties to separate data
provided to use by FxA from data we store in our own database.
- It checks if the user that signs in is already known in our
database, and if not, it adds them. It does so using mostly the
same code as in /src/controllers/auth.js's `confirmed` function.
* dockerflow endpoints
* remove introduction.mdx for now, refine button states
* apply some changes
* Move new components out of migration dir
* Delete .bash_profile
* Delete storybook.log
* Delete main.js
* Delete preview.js
* remove use of inter for now
* feat: add email api
* feat: remove email api
* verify email
* update comms options
* light refactoring
* take shared function out to util
* send verification email
* add another property to EmailRow
* add some types
* rename route
* fix review comment
* Fix MNTOR-1634: Stub /settings page (auth)
* Remove commented code, add CSS, match HTML markup from previous iterations
* Remove/comment out logic dependent on session info
* Wire up settings page and new APIs
* Work around radio button unchecking on page load
* Adding a catch all 404
Not ideal but the best solution at the moment
Co-authored-by: Vincent <Vinnl@users.noreply.github.com>
* version route
* remove log
* Port admin pages to Next.js
The Notification email doesn't work yet, because it's not clear yet
how to trigger the Cloud Function.
* Add Storybook build output folder to gitignore
* Set up Netlify
* Group Storybook ignores together
* add node env
Co-authored-by: Vincent <Vinnl@users.noreply.github.com>
* fix test
* fix npm test
* fix css lint
* fix lint js
* exclude sentry.*
* Set up the actual linting we'll use
* Prettier-ignore appropriate files, format the rest
* Fix/ignore ESLint and TypeScript errors
* Make tests work with getStringLookup
* Remove now-unused dependencies and build scripts
* Update CI scripts for Next.js
* Add missing Next.js dependencies to the lockfile
These were added when running `next build`.
* Tag Next.js migration TODOs
* Make "add email" dialog work on dashboard
* Load client-side scripts as modules
This is the same the old website did, and avoids e.g. different
`init` functions overriding each other.
* Fix loading of FxA avatar
* Use <BreachLogo> component
* Allow Next.js's inline scripts/styles in prod
For `style-src`, the current website already enables
'unsafe-inline'. For script-src, it looks like we currently cannot
avoid that: https://github.com/vercel/next.js/discussions/51039
* Debug Playwright (#3118)
---------
Co-authored-by: Florian Zia <zia.florian@gmail.com>
Co-authored-by: Kaitlyn <kandres@mozilla.com>
Co-authored-by: Joey Zhou <jozhou@mozilla.com>
Co-authored-by: Robert Helmer <rhelmer@mozilla.com>
Co-authored-by: maxxcrawford <maxx.crawford@gmail.com>
2023-06-12 23:35:35 +03:00
2023-05-15 22:16:29 +03:00
- Quick rendering of the first response to the user.
- Back-end wouldn't need to add an API endpoint for all the data we currently use.
- Can benefit from more automatic optimisations provided by Next.js, e.g. [image optimisation ](https://nextjs.org/docs/pages/building-your-application/optimizing/images ) to speed up data transfer and minimise cumulative layout shift.
Cons:
Merge Next.js into `main` (#3116)
* Initialise Next.js app using create-next-app
Command run: npx create-next-app@latest
* Also tell VSCode to format TS and TSX files
* WIP: Sign in with next-auth
* Add Fluent
Unfortunately, since the ReactLocalization object contains
functions, it can't be shared between client and server (because
functions can't be serialized), so in effect every page that uses
localisation has to be a client component.
But at least we can set the correct `lang` attribute on <html> on
the server, so there's that :)
* Copy-paste public breach scan into Next.js
* Halfway migrate public breach list
Did not do: breach icons and getLocale() (for list and date
formatting).
* Enable SSR for localised strings
This allows our pages to be Server Components now.
* Download breach logos in Next.js server
* Tell search engines not to index non-prod envs
* Port existing security headers from Helmet to Next
* Add a 404 page
* Relax CSP in local development
* Set up Next-Auth for server components
It still doesn't work at the moment because the correct redirect
URL hasn't yet been set up on FxA.
* Apply Prettier to Next.js files on commit
* Enable Sass
* feat: Port existing landing page
* fix: Set hibp footer as html
* Wire up Next.js to FxA using iron-session
* feat: Port main layout for authenticated pages
* chore: Get session in layout
* Set up Prettier for VSCode users
* fix: Provide fxa user menu with data
* chore: Format Create Next App template
* Make Next-Auth work with FxA
To test, add the following two variables to your .env:
NEXTAUTH_URL=http://localhost:6060
NEXTAUTH_SECRET=<generate using `openssl rand -base64 32`>
You can then add <SignInButton/> to e.g. the landing page to kick
off authentication.
* Port breach-detail page to Next.js
* Add pending translations
* Access session data in React components
* Use Prettier as the formatter in VSCode
* Port Nebula & Protocol tokens into tokens file
* merge: Resolve conflicts
* fix: Move hr into li element
* feat: Handle authenticated users
* chore: Add todo note
* chore: Don’t use default exports for SignInButton and UserMenu
* chore: Move site navigation to client-side component
* Make mozlog work with Next.js
Unfortunately, this required patching the `intel` package. That
said, since that package hasn't been updated in six years, this
should be relatively safe.
The problem is that `intel` was trying to dynamically determine
which modules to load based on which files were present in its
directory. However, since Next.js moves (and presumably bundles)
Node modules into the `.next` folder, it was unable to find the
modules that `mozlog` was expecting to use.
The patch fixes this by simply explicitly importing those four
modules.
* Add back a couple of authentication logs
* add woff files and metropolis css file
* add right font path
* format scss file to include camelcase
* chore: Move components into (nextjs_migration) and remove redundant layout file
* chore: Remove redirect landing page -> dashboard
* chore: Redirect to dashboard upon signin
* add title and body copy variables
* use token variables in landing scss file instead of old variables from variables.css
* feat: Add basic dashboard page elements
* chore: Add circle chart web component
* chore: Add custom select web component
* breaches get and put calls
* cleanup
* get rid of debug logs
* Add sentry to nextJS branch (#3075)
MNTOR-1641 - enable Sentry for NextJS, for front- and back-end code
* chore: Render user breaches
* feat: Port breach resolution api
* fix: Check breach resolution filter by default
* chore: Add redirect /user/dashboard -> /user/breaches
* feat: Add breach page types
* chore: Remove breach resolution API call headers
* fix: Rename changed API response data key
* add template button component
* remove assets
* add button styling
* chore: Trigger auto signIn for pages that require authentication
* chore: Update breach types
* chore: Repurpose HIBP BreachDataTypes
* chore: Don’t capitalize first letter of chart label
* chore: Remove duplicate font size
* chore: Rename BreachResolutionApiBody -> BreachResolutionRequest
* Add a redirect from /security-tips for Next.js
This was already present in the Express-based website.
* Add the app shell for the React-based website
* chore: Re-enable gtag
* use old font code and add status pill component
* remove unnecessary package additions and style status pills
* lint
* test exposurecard data func
* MNTOR-1765 - set title, favicon, and meta tag correctly for nextjs app (#3082)
* Port unsubscribe-monthly page to Next.js
* add toggle to exposurecard accordion
* add icons to exposure type
* Ease transition from `getMessage`
This adds a `getStringLookup` API to ease the transition from old
Fluent functions (which depend on the user's locale being stored in
AsyncLocalStorage). It will behave the same as the old getMessage()
when called as-is, but when passed an instance of ReactLocalization
(which we have access to in Next.js routes), it will retrieve the
localised string from that.
* Add preliminary Subscriber table type definition
* Process new user sign-in
This does a couple of things:
- It updates the code that sends the breach check email on
first sign-in to pass an instance of ReactLocalization.
- It splits session data and JWT properties to separate data
provided to use by FxA from data we store in our own database.
- It checks if the user that signs in is already known in our
database, and if not, it adds them. It does so using mostly the
same code as in /src/controllers/auth.js's `confirmed` function.
* dockerflow endpoints
* remove introduction.mdx for now, refine button states
* apply some changes
* Move new components out of migration dir
* Delete .bash_profile
* Delete storybook.log
* Delete main.js
* Delete preview.js
* remove use of inter for now
* feat: add email api
* feat: remove email api
* verify email
* update comms options
* light refactoring
* take shared function out to util
* send verification email
* add another property to EmailRow
* add some types
* rename route
* fix review comment
* Fix MNTOR-1634: Stub /settings page (auth)
* Remove commented code, add CSS, match HTML markup from previous iterations
* Remove/comment out logic dependent on session info
* Wire up settings page and new APIs
* Work around radio button unchecking on page load
* Adding a catch all 404
Not ideal but the best solution at the moment
Co-authored-by: Vincent <Vinnl@users.noreply.github.com>
* version route
* remove log
* Port admin pages to Next.js
The Notification email doesn't work yet, because it's not clear yet
how to trigger the Cloud Function.
* Add Storybook build output folder to gitignore
* Set up Netlify
* Group Storybook ignores together
* add node env
Co-authored-by: Vincent <Vinnl@users.noreply.github.com>
* fix test
* fix npm test
* fix css lint
* fix lint js
* exclude sentry.*
* Set up the actual linting we'll use
* Prettier-ignore appropriate files, format the rest
* Fix/ignore ESLint and TypeScript errors
* Make tests work with getStringLookup
* Remove now-unused dependencies and build scripts
* Update CI scripts for Next.js
* Add missing Next.js dependencies to the lockfile
These were added when running `next build`.
* Tag Next.js migration TODOs
* Make "add email" dialog work on dashboard
* Load client-side scripts as modules
This is the same the old website did, and avoids e.g. different
`init` functions overriding each other.
* Fix loading of FxA avatar
* Use <BreachLogo> component
* Allow Next.js's inline scripts/styles in prod
For `style-src`, the current website already enables
'unsafe-inline'. For script-src, it looks like we currently cannot
avoid that: https://github.com/vercel/next.js/discussions/51039
* Debug Playwright (#3118)
---------
Co-authored-by: Florian Zia <zia.florian@gmail.com>
Co-authored-by: Kaitlyn <kandres@mozilla.com>
Co-authored-by: Joey Zhou <jozhou@mozilla.com>
Co-authored-by: Robert Helmer <rhelmer@mozilla.com>
Co-authored-by: maxxcrawford <maxx.crawford@gmail.com>
2023-06-12 23:35:35 +03:00
2023-05-15 22:16:29 +03:00
- Front-end coupled to the back-end, so preview deployments still aren't a given.
- Has significant architectural impacts on the backend.
- Not clear yet how e.g. FxA integration and cron jobs would work.
#### 3. Server-side rendering in front of our current back-end (hybrid SSR?)
Pros:
Merge Next.js into `main` (#3116)
* Initialise Next.js app using create-next-app
Command run: npx create-next-app@latest
* Also tell VSCode to format TS and TSX files
* WIP: Sign in with next-auth
* Add Fluent
Unfortunately, since the ReactLocalization object contains
functions, it can't be shared between client and server (because
functions can't be serialized), so in effect every page that uses
localisation has to be a client component.
But at least we can set the correct `lang` attribute on <html> on
the server, so there's that :)
* Copy-paste public breach scan into Next.js
* Halfway migrate public breach list
Did not do: breach icons and getLocale() (for list and date
formatting).
* Enable SSR for localised strings
This allows our pages to be Server Components now.
* Download breach logos in Next.js server
* Tell search engines not to index non-prod envs
* Port existing security headers from Helmet to Next
* Add a 404 page
* Relax CSP in local development
* Set up Next-Auth for server components
It still doesn't work at the moment because the correct redirect
URL hasn't yet been set up on FxA.
* Apply Prettier to Next.js files on commit
* Enable Sass
* feat: Port existing landing page
* fix: Set hibp footer as html
* Wire up Next.js to FxA using iron-session
* feat: Port main layout for authenticated pages
* chore: Get session in layout
* Set up Prettier for VSCode users
* fix: Provide fxa user menu with data
* chore: Format Create Next App template
* Make Next-Auth work with FxA
To test, add the following two variables to your .env:
NEXTAUTH_URL=http://localhost:6060
NEXTAUTH_SECRET=<generate using `openssl rand -base64 32`>
You can then add <SignInButton/> to e.g. the landing page to kick
off authentication.
* Port breach-detail page to Next.js
* Add pending translations
* Access session data in React components
* Use Prettier as the formatter in VSCode
* Port Nebula & Protocol tokens into tokens file
* merge: Resolve conflicts
* fix: Move hr into li element
* feat: Handle authenticated users
* chore: Add todo note
* chore: Don’t use default exports for SignInButton and UserMenu
* chore: Move site navigation to client-side component
* Make mozlog work with Next.js
Unfortunately, this required patching the `intel` package. That
said, since that package hasn't been updated in six years, this
should be relatively safe.
The problem is that `intel` was trying to dynamically determine
which modules to load based on which files were present in its
directory. However, since Next.js moves (and presumably bundles)
Node modules into the `.next` folder, it was unable to find the
modules that `mozlog` was expecting to use.
The patch fixes this by simply explicitly importing those four
modules.
* Add back a couple of authentication logs
* add woff files and metropolis css file
* add right font path
* format scss file to include camelcase
* chore: Move components into (nextjs_migration) and remove redundant layout file
* chore: Remove redirect landing page -> dashboard
* chore: Redirect to dashboard upon signin
* add title and body copy variables
* use token variables in landing scss file instead of old variables from variables.css
* feat: Add basic dashboard page elements
* chore: Add circle chart web component
* chore: Add custom select web component
* breaches get and put calls
* cleanup
* get rid of debug logs
* Add sentry to nextJS branch (#3075)
MNTOR-1641 - enable Sentry for NextJS, for front- and back-end code
* chore: Render user breaches
* feat: Port breach resolution api
* fix: Check breach resolution filter by default
* chore: Add redirect /user/dashboard -> /user/breaches
* feat: Add breach page types
* chore: Remove breach resolution API call headers
* fix: Rename changed API response data key
* add template button component
* remove assets
* add button styling
* chore: Trigger auto signIn for pages that require authentication
* chore: Update breach types
* chore: Repurpose HIBP BreachDataTypes
* chore: Don’t capitalize first letter of chart label
* chore: Remove duplicate font size
* chore: Rename BreachResolutionApiBody -> BreachResolutionRequest
* Add a redirect from /security-tips for Next.js
This was already present in the Express-based website.
* Add the app shell for the React-based website
* chore: Re-enable gtag
* use old font code and add status pill component
* remove unnecessary package additions and style status pills
* lint
* test exposurecard data func
* MNTOR-1765 - set title, favicon, and meta tag correctly for nextjs app (#3082)
* Port unsubscribe-monthly page to Next.js
* add toggle to exposurecard accordion
* add icons to exposure type
* Ease transition from `getMessage`
This adds a `getStringLookup` API to ease the transition from old
Fluent functions (which depend on the user's locale being stored in
AsyncLocalStorage). It will behave the same as the old getMessage()
when called as-is, but when passed an instance of ReactLocalization
(which we have access to in Next.js routes), it will retrieve the
localised string from that.
* Add preliminary Subscriber table type definition
* Process new user sign-in
This does a couple of things:
- It updates the code that sends the breach check email on
first sign-in to pass an instance of ReactLocalization.
- It splits session data and JWT properties to separate data
provided to use by FxA from data we store in our own database.
- It checks if the user that signs in is already known in our
database, and if not, it adds them. It does so using mostly the
same code as in /src/controllers/auth.js's `confirmed` function.
* dockerflow endpoints
* remove introduction.mdx for now, refine button states
* apply some changes
* Move new components out of migration dir
* Delete .bash_profile
* Delete storybook.log
* Delete main.js
* Delete preview.js
* remove use of inter for now
* feat: add email api
* feat: remove email api
* verify email
* update comms options
* light refactoring
* take shared function out to util
* send verification email
* add another property to EmailRow
* add some types
* rename route
* fix review comment
* Fix MNTOR-1634: Stub /settings page (auth)
* Remove commented code, add CSS, match HTML markup from previous iterations
* Remove/comment out logic dependent on session info
* Wire up settings page and new APIs
* Work around radio button unchecking on page load
* Adding a catch all 404
Not ideal but the best solution at the moment
Co-authored-by: Vincent <Vinnl@users.noreply.github.com>
* version route
* remove log
* Port admin pages to Next.js
The Notification email doesn't work yet, because it's not clear yet
how to trigger the Cloud Function.
* Add Storybook build output folder to gitignore
* Set up Netlify
* Group Storybook ignores together
* add node env
Co-authored-by: Vincent <Vinnl@users.noreply.github.com>
* fix test
* fix npm test
* fix css lint
* fix lint js
* exclude sentry.*
* Set up the actual linting we'll use
* Prettier-ignore appropriate files, format the rest
* Fix/ignore ESLint and TypeScript errors
* Make tests work with getStringLookup
* Remove now-unused dependencies and build scripts
* Update CI scripts for Next.js
* Add missing Next.js dependencies to the lockfile
These were added when running `next build`.
* Tag Next.js migration TODOs
* Make "add email" dialog work on dashboard
* Load client-side scripts as modules
This is the same the old website did, and avoids e.g. different
`init` functions overriding each other.
* Fix loading of FxA avatar
* Use <BreachLogo> component
* Allow Next.js's inline scripts/styles in prod
For `style-src`, the current website already enables
'unsafe-inline'. For script-src, it looks like we currently cannot
avoid that: https://github.com/vercel/next.js/discussions/51039
* Debug Playwright (#3118)
---------
Co-authored-by: Florian Zia <zia.florian@gmail.com>
Co-authored-by: Kaitlyn <kandres@mozilla.com>
Co-authored-by: Joey Zhou <jozhou@mozilla.com>
Co-authored-by: Robert Helmer <rhelmer@mozilla.com>
Co-authored-by: maxxcrawford <maxx.crawford@gmail.com>
2023-06-12 23:35:35 +03:00
2023-05-15 22:16:29 +03:00
- We can potentially leave more of our current back-end code unmodified in the short term.
- Quick rendering of the first response to the user.
- Can benefit from more automatic optimisations provided by Next.js, e.g. [image optimisation ](https://nextjs.org/docs/pages/building-your-application/optimizing/images ) to speed up data transfer and minimise cumulative layout shift.
Cons:
Merge Next.js into `main` (#3116)
* Initialise Next.js app using create-next-app
Command run: npx create-next-app@latest
* Also tell VSCode to format TS and TSX files
* WIP: Sign in with next-auth
* Add Fluent
Unfortunately, since the ReactLocalization object contains
functions, it can't be shared between client and server (because
functions can't be serialized), so in effect every page that uses
localisation has to be a client component.
But at least we can set the correct `lang` attribute on <html> on
the server, so there's that :)
* Copy-paste public breach scan into Next.js
* Halfway migrate public breach list
Did not do: breach icons and getLocale() (for list and date
formatting).
* Enable SSR for localised strings
This allows our pages to be Server Components now.
* Download breach logos in Next.js server
* Tell search engines not to index non-prod envs
* Port existing security headers from Helmet to Next
* Add a 404 page
* Relax CSP in local development
* Set up Next-Auth for server components
It still doesn't work at the moment because the correct redirect
URL hasn't yet been set up on FxA.
* Apply Prettier to Next.js files on commit
* Enable Sass
* feat: Port existing landing page
* fix: Set hibp footer as html
* Wire up Next.js to FxA using iron-session
* feat: Port main layout for authenticated pages
* chore: Get session in layout
* Set up Prettier for VSCode users
* fix: Provide fxa user menu with data
* chore: Format Create Next App template
* Make Next-Auth work with FxA
To test, add the following two variables to your .env:
NEXTAUTH_URL=http://localhost:6060
NEXTAUTH_SECRET=<generate using `openssl rand -base64 32`>
You can then add <SignInButton/> to e.g. the landing page to kick
off authentication.
* Port breach-detail page to Next.js
* Add pending translations
* Access session data in React components
* Use Prettier as the formatter in VSCode
* Port Nebula & Protocol tokens into tokens file
* merge: Resolve conflicts
* fix: Move hr into li element
* feat: Handle authenticated users
* chore: Add todo note
* chore: Don’t use default exports for SignInButton and UserMenu
* chore: Move site navigation to client-side component
* Make mozlog work with Next.js
Unfortunately, this required patching the `intel` package. That
said, since that package hasn't been updated in six years, this
should be relatively safe.
The problem is that `intel` was trying to dynamically determine
which modules to load based on which files were present in its
directory. However, since Next.js moves (and presumably bundles)
Node modules into the `.next` folder, it was unable to find the
modules that `mozlog` was expecting to use.
The patch fixes this by simply explicitly importing those four
modules.
* Add back a couple of authentication logs
* add woff files and metropolis css file
* add right font path
* format scss file to include camelcase
* chore: Move components into (nextjs_migration) and remove redundant layout file
* chore: Remove redirect landing page -> dashboard
* chore: Redirect to dashboard upon signin
* add title and body copy variables
* use token variables in landing scss file instead of old variables from variables.css
* feat: Add basic dashboard page elements
* chore: Add circle chart web component
* chore: Add custom select web component
* breaches get and put calls
* cleanup
* get rid of debug logs
* Add sentry to nextJS branch (#3075)
MNTOR-1641 - enable Sentry for NextJS, for front- and back-end code
* chore: Render user breaches
* feat: Port breach resolution api
* fix: Check breach resolution filter by default
* chore: Add redirect /user/dashboard -> /user/breaches
* feat: Add breach page types
* chore: Remove breach resolution API call headers
* fix: Rename changed API response data key
* add template button component
* remove assets
* add button styling
* chore: Trigger auto signIn for pages that require authentication
* chore: Update breach types
* chore: Repurpose HIBP BreachDataTypes
* chore: Don’t capitalize first letter of chart label
* chore: Remove duplicate font size
* chore: Rename BreachResolutionApiBody -> BreachResolutionRequest
* Add a redirect from /security-tips for Next.js
This was already present in the Express-based website.
* Add the app shell for the React-based website
* chore: Re-enable gtag
* use old font code and add status pill component
* remove unnecessary package additions and style status pills
* lint
* test exposurecard data func
* MNTOR-1765 - set title, favicon, and meta tag correctly for nextjs app (#3082)
* Port unsubscribe-monthly page to Next.js
* add toggle to exposurecard accordion
* add icons to exposure type
* Ease transition from `getMessage`
This adds a `getStringLookup` API to ease the transition from old
Fluent functions (which depend on the user's locale being stored in
AsyncLocalStorage). It will behave the same as the old getMessage()
when called as-is, but when passed an instance of ReactLocalization
(which we have access to in Next.js routes), it will retrieve the
localised string from that.
* Add preliminary Subscriber table type definition
* Process new user sign-in
This does a couple of things:
- It updates the code that sends the breach check email on
first sign-in to pass an instance of ReactLocalization.
- It splits session data and JWT properties to separate data
provided to use by FxA from data we store in our own database.
- It checks if the user that signs in is already known in our
database, and if not, it adds them. It does so using mostly the
same code as in /src/controllers/auth.js's `confirmed` function.
* dockerflow endpoints
* remove introduction.mdx for now, refine button states
* apply some changes
* Move new components out of migration dir
* Delete .bash_profile
* Delete storybook.log
* Delete main.js
* Delete preview.js
* remove use of inter for now
* feat: add email api
* feat: remove email api
* verify email
* update comms options
* light refactoring
* take shared function out to util
* send verification email
* add another property to EmailRow
* add some types
* rename route
* fix review comment
* Fix MNTOR-1634: Stub /settings page (auth)
* Remove commented code, add CSS, match HTML markup from previous iterations
* Remove/comment out logic dependent on session info
* Wire up settings page and new APIs
* Work around radio button unchecking on page load
* Adding a catch all 404
Not ideal but the best solution at the moment
Co-authored-by: Vincent <Vinnl@users.noreply.github.com>
* version route
* remove log
* Port admin pages to Next.js
The Notification email doesn't work yet, because it's not clear yet
how to trigger the Cloud Function.
* Add Storybook build output folder to gitignore
* Set up Netlify
* Group Storybook ignores together
* add node env
Co-authored-by: Vincent <Vinnl@users.noreply.github.com>
* fix test
* fix npm test
* fix css lint
* fix lint js
* exclude sentry.*
* Set up the actual linting we'll use
* Prettier-ignore appropriate files, format the rest
* Fix/ignore ESLint and TypeScript errors
* Make tests work with getStringLookup
* Remove now-unused dependencies and build scripts
* Update CI scripts for Next.js
* Add missing Next.js dependencies to the lockfile
These were added when running `next build`.
* Tag Next.js migration TODOs
* Make "add email" dialog work on dashboard
* Load client-side scripts as modules
This is the same the old website did, and avoids e.g. different
`init` functions overriding each other.
* Fix loading of FxA avatar
* Use <BreachLogo> component
* Allow Next.js's inline scripts/styles in prod
For `style-src`, the current website already enables
'unsafe-inline'. For script-src, it looks like we currently cannot
avoid that: https://github.com/vercel/next.js/discussions/51039
* Debug Playwright (#3118)
---------
Co-authored-by: Florian Zia <zia.florian@gmail.com>
Co-authored-by: Kaitlyn <kandres@mozilla.com>
Co-authored-by: Joey Zhou <jozhou@mozilla.com>
Co-authored-by: Robert Helmer <rhelmer@mozilla.com>
Co-authored-by: maxxcrawford <maxx.crawford@gmail.com>
2023-06-12 23:35:35 +03:00
2023-05-15 22:16:29 +03:00
- Not clear how incremental an eventual migration to plain SSR would be - i.e. migrating a whole endpoint at a time is still a fairly big chunk, and I'm not sure if that granularity will even be feasible.
- Might involve lots of complexity to e.g. share sessions between the two back-ends.
- Not sure what impact this will have w.r.t. Kubernetes (which I know basically nothing about).
- Still has significant architectural impacts on the backend.
### Leave as-is
Merge Next.js into `main` (#3116)
* Initialise Next.js app using create-next-app
Command run: npx create-next-app@latest
* Also tell VSCode to format TS and TSX files
* WIP: Sign in with next-auth
* Add Fluent
Unfortunately, since the ReactLocalization object contains
functions, it can't be shared between client and server (because
functions can't be serialized), so in effect every page that uses
localisation has to be a client component.
But at least we can set the correct `lang` attribute on <html> on
the server, so there's that :)
* Copy-paste public breach scan into Next.js
* Halfway migrate public breach list
Did not do: breach icons and getLocale() (for list and date
formatting).
* Enable SSR for localised strings
This allows our pages to be Server Components now.
* Download breach logos in Next.js server
* Tell search engines not to index non-prod envs
* Port existing security headers from Helmet to Next
* Add a 404 page
* Relax CSP in local development
* Set up Next-Auth for server components
It still doesn't work at the moment because the correct redirect
URL hasn't yet been set up on FxA.
* Apply Prettier to Next.js files on commit
* Enable Sass
* feat: Port existing landing page
* fix: Set hibp footer as html
* Wire up Next.js to FxA using iron-session
* feat: Port main layout for authenticated pages
* chore: Get session in layout
* Set up Prettier for VSCode users
* fix: Provide fxa user menu with data
* chore: Format Create Next App template
* Make Next-Auth work with FxA
To test, add the following two variables to your .env:
NEXTAUTH_URL=http://localhost:6060
NEXTAUTH_SECRET=<generate using `openssl rand -base64 32`>
You can then add <SignInButton/> to e.g. the landing page to kick
off authentication.
* Port breach-detail page to Next.js
* Add pending translations
* Access session data in React components
* Use Prettier as the formatter in VSCode
* Port Nebula & Protocol tokens into tokens file
* merge: Resolve conflicts
* fix: Move hr into li element
* feat: Handle authenticated users
* chore: Add todo note
* chore: Don’t use default exports for SignInButton and UserMenu
* chore: Move site navigation to client-side component
* Make mozlog work with Next.js
Unfortunately, this required patching the `intel` package. That
said, since that package hasn't been updated in six years, this
should be relatively safe.
The problem is that `intel` was trying to dynamically determine
which modules to load based on which files were present in its
directory. However, since Next.js moves (and presumably bundles)
Node modules into the `.next` folder, it was unable to find the
modules that `mozlog` was expecting to use.
The patch fixes this by simply explicitly importing those four
modules.
* Add back a couple of authentication logs
* add woff files and metropolis css file
* add right font path
* format scss file to include camelcase
* chore: Move components into (nextjs_migration) and remove redundant layout file
* chore: Remove redirect landing page -> dashboard
* chore: Redirect to dashboard upon signin
* add title and body copy variables
* use token variables in landing scss file instead of old variables from variables.css
* feat: Add basic dashboard page elements
* chore: Add circle chart web component
* chore: Add custom select web component
* breaches get and put calls
* cleanup
* get rid of debug logs
* Add sentry to nextJS branch (#3075)
MNTOR-1641 - enable Sentry for NextJS, for front- and back-end code
* chore: Render user breaches
* feat: Port breach resolution api
* fix: Check breach resolution filter by default
* chore: Add redirect /user/dashboard -> /user/breaches
* feat: Add breach page types
* chore: Remove breach resolution API call headers
* fix: Rename changed API response data key
* add template button component
* remove assets
* add button styling
* chore: Trigger auto signIn for pages that require authentication
* chore: Update breach types
* chore: Repurpose HIBP BreachDataTypes
* chore: Don’t capitalize first letter of chart label
* chore: Remove duplicate font size
* chore: Rename BreachResolutionApiBody -> BreachResolutionRequest
* Add a redirect from /security-tips for Next.js
This was already present in the Express-based website.
* Add the app shell for the React-based website
* chore: Re-enable gtag
* use old font code and add status pill component
* remove unnecessary package additions and style status pills
* lint
* test exposurecard data func
* MNTOR-1765 - set title, favicon, and meta tag correctly for nextjs app (#3082)
* Port unsubscribe-monthly page to Next.js
* add toggle to exposurecard accordion
* add icons to exposure type
* Ease transition from `getMessage`
This adds a `getStringLookup` API to ease the transition from old
Fluent functions (which depend on the user's locale being stored in
AsyncLocalStorage). It will behave the same as the old getMessage()
when called as-is, but when passed an instance of ReactLocalization
(which we have access to in Next.js routes), it will retrieve the
localised string from that.
* Add preliminary Subscriber table type definition
* Process new user sign-in
This does a couple of things:
- It updates the code that sends the breach check email on
first sign-in to pass an instance of ReactLocalization.
- It splits session data and JWT properties to separate data
provided to use by FxA from data we store in our own database.
- It checks if the user that signs in is already known in our
database, and if not, it adds them. It does so using mostly the
same code as in /src/controllers/auth.js's `confirmed` function.
* dockerflow endpoints
* remove introduction.mdx for now, refine button states
* apply some changes
* Move new components out of migration dir
* Delete .bash_profile
* Delete storybook.log
* Delete main.js
* Delete preview.js
* remove use of inter for now
* feat: add email api
* feat: remove email api
* verify email
* update comms options
* light refactoring
* take shared function out to util
* send verification email
* add another property to EmailRow
* add some types
* rename route
* fix review comment
* Fix MNTOR-1634: Stub /settings page (auth)
* Remove commented code, add CSS, match HTML markup from previous iterations
* Remove/comment out logic dependent on session info
* Wire up settings page and new APIs
* Work around radio button unchecking on page load
* Adding a catch all 404
Not ideal but the best solution at the moment
Co-authored-by: Vincent <Vinnl@users.noreply.github.com>
* version route
* remove log
* Port admin pages to Next.js
The Notification email doesn't work yet, because it's not clear yet
how to trigger the Cloud Function.
* Add Storybook build output folder to gitignore
* Set up Netlify
* Group Storybook ignores together
* add node env
Co-authored-by: Vincent <Vinnl@users.noreply.github.com>
* fix test
* fix npm test
* fix css lint
* fix lint js
* exclude sentry.*
* Set up the actual linting we'll use
* Prettier-ignore appropriate files, format the rest
* Fix/ignore ESLint and TypeScript errors
* Make tests work with getStringLookup
* Remove now-unused dependencies and build scripts
* Update CI scripts for Next.js
* Add missing Next.js dependencies to the lockfile
These were added when running `next build`.
* Tag Next.js migration TODOs
* Make "add email" dialog work on dashboard
* Load client-side scripts as modules
This is the same the old website did, and avoids e.g. different
`init` functions overriding each other.
* Fix loading of FxA avatar
* Use <BreachLogo> component
* Allow Next.js's inline scripts/styles in prod
For `style-src`, the current website already enables
'unsafe-inline'. For script-src, it looks like we currently cannot
avoid that: https://github.com/vercel/next.js/discussions/51039
* Debug Playwright (#3118)
---------
Co-authored-by: Florian Zia <zia.florian@gmail.com>
Co-authored-by: Kaitlyn <kandres@mozilla.com>
Co-authored-by: Joey Zhou <jozhou@mozilla.com>
Co-authored-by: Robert Helmer <rhelmer@mozilla.com>
Co-authored-by: maxxcrawford <maxx.crawford@gmail.com>
2023-06-12 23:35:35 +03:00
- Good, the current website has gone through extensive testing, fox fooding and is working
- Good, Little Third-Party dependencies
- Good, No throw away code
- Good, Conveys our support for standards and the web standards process
- Bad, Front-end testing requires additional set-up (using a full browser) which would impact test speeds and contribute to flakiness.
- Bad, Harder to learn our snowflake framework (e.g. our use of a proxy on one page to update the DOM)
- Bad, Easy for server and client-side state to get out of sync
- Bad, Hard to re-use code on the client-side (see: dynamic Fluent strings)
- Bad, Hard to statically analyse, and in general doesn't make use of a lot of tooling that can help us deliver better quality code without us manually set up
- Bad, Poor front-end developer experience: Writing in template literals removes tag coloring, auto-complete functions, etc.
2023-05-15 22:16:29 +03:00
### Use a different framework
Merge Next.js into `main` (#3116)
* Initialise Next.js app using create-next-app
Command run: npx create-next-app@latest
* Also tell VSCode to format TS and TSX files
* WIP: Sign in with next-auth
* Add Fluent
Unfortunately, since the ReactLocalization object contains
functions, it can't be shared between client and server (because
functions can't be serialized), so in effect every page that uses
localisation has to be a client component.
But at least we can set the correct `lang` attribute on <html> on
the server, so there's that :)
* Copy-paste public breach scan into Next.js
* Halfway migrate public breach list
Did not do: breach icons and getLocale() (for list and date
formatting).
* Enable SSR for localised strings
This allows our pages to be Server Components now.
* Download breach logos in Next.js server
* Tell search engines not to index non-prod envs
* Port existing security headers from Helmet to Next
* Add a 404 page
* Relax CSP in local development
* Set up Next-Auth for server components
It still doesn't work at the moment because the correct redirect
URL hasn't yet been set up on FxA.
* Apply Prettier to Next.js files on commit
* Enable Sass
* feat: Port existing landing page
* fix: Set hibp footer as html
* Wire up Next.js to FxA using iron-session
* feat: Port main layout for authenticated pages
* chore: Get session in layout
* Set up Prettier for VSCode users
* fix: Provide fxa user menu with data
* chore: Format Create Next App template
* Make Next-Auth work with FxA
To test, add the following two variables to your .env:
NEXTAUTH_URL=http://localhost:6060
NEXTAUTH_SECRET=<generate using `openssl rand -base64 32`>
You can then add <SignInButton/> to e.g. the landing page to kick
off authentication.
* Port breach-detail page to Next.js
* Add pending translations
* Access session data in React components
* Use Prettier as the formatter in VSCode
* Port Nebula & Protocol tokens into tokens file
* merge: Resolve conflicts
* fix: Move hr into li element
* feat: Handle authenticated users
* chore: Add todo note
* chore: Don’t use default exports for SignInButton and UserMenu
* chore: Move site navigation to client-side component
* Make mozlog work with Next.js
Unfortunately, this required patching the `intel` package. That
said, since that package hasn't been updated in six years, this
should be relatively safe.
The problem is that `intel` was trying to dynamically determine
which modules to load based on which files were present in its
directory. However, since Next.js moves (and presumably bundles)
Node modules into the `.next` folder, it was unable to find the
modules that `mozlog` was expecting to use.
The patch fixes this by simply explicitly importing those four
modules.
* Add back a couple of authentication logs
* add woff files and metropolis css file
* add right font path
* format scss file to include camelcase
* chore: Move components into (nextjs_migration) and remove redundant layout file
* chore: Remove redirect landing page -> dashboard
* chore: Redirect to dashboard upon signin
* add title and body copy variables
* use token variables in landing scss file instead of old variables from variables.css
* feat: Add basic dashboard page elements
* chore: Add circle chart web component
* chore: Add custom select web component
* breaches get and put calls
* cleanup
* get rid of debug logs
* Add sentry to nextJS branch (#3075)
MNTOR-1641 - enable Sentry for NextJS, for front- and back-end code
* chore: Render user breaches
* feat: Port breach resolution api
* fix: Check breach resolution filter by default
* chore: Add redirect /user/dashboard -> /user/breaches
* feat: Add breach page types
* chore: Remove breach resolution API call headers
* fix: Rename changed API response data key
* add template button component
* remove assets
* add button styling
* chore: Trigger auto signIn for pages that require authentication
* chore: Update breach types
* chore: Repurpose HIBP BreachDataTypes
* chore: Don’t capitalize first letter of chart label
* chore: Remove duplicate font size
* chore: Rename BreachResolutionApiBody -> BreachResolutionRequest
* Add a redirect from /security-tips for Next.js
This was already present in the Express-based website.
* Add the app shell for the React-based website
* chore: Re-enable gtag
* use old font code and add status pill component
* remove unnecessary package additions and style status pills
* lint
* test exposurecard data func
* MNTOR-1765 - set title, favicon, and meta tag correctly for nextjs app (#3082)
* Port unsubscribe-monthly page to Next.js
* add toggle to exposurecard accordion
* add icons to exposure type
* Ease transition from `getMessage`
This adds a `getStringLookup` API to ease the transition from old
Fluent functions (which depend on the user's locale being stored in
AsyncLocalStorage). It will behave the same as the old getMessage()
when called as-is, but when passed an instance of ReactLocalization
(which we have access to in Next.js routes), it will retrieve the
localised string from that.
* Add preliminary Subscriber table type definition
* Process new user sign-in
This does a couple of things:
- It updates the code that sends the breach check email on
first sign-in to pass an instance of ReactLocalization.
- It splits session data and JWT properties to separate data
provided to use by FxA from data we store in our own database.
- It checks if the user that signs in is already known in our
database, and if not, it adds them. It does so using mostly the
same code as in /src/controllers/auth.js's `confirmed` function.
* dockerflow endpoints
* remove introduction.mdx for now, refine button states
* apply some changes
* Move new components out of migration dir
* Delete .bash_profile
* Delete storybook.log
* Delete main.js
* Delete preview.js
* remove use of inter for now
* feat: add email api
* feat: remove email api
* verify email
* update comms options
* light refactoring
* take shared function out to util
* send verification email
* add another property to EmailRow
* add some types
* rename route
* fix review comment
* Fix MNTOR-1634: Stub /settings page (auth)
* Remove commented code, add CSS, match HTML markup from previous iterations
* Remove/comment out logic dependent on session info
* Wire up settings page and new APIs
* Work around radio button unchecking on page load
* Adding a catch all 404
Not ideal but the best solution at the moment
Co-authored-by: Vincent <Vinnl@users.noreply.github.com>
* version route
* remove log
* Port admin pages to Next.js
The Notification email doesn't work yet, because it's not clear yet
how to trigger the Cloud Function.
* Add Storybook build output folder to gitignore
* Set up Netlify
* Group Storybook ignores together
* add node env
Co-authored-by: Vincent <Vinnl@users.noreply.github.com>
* fix test
* fix npm test
* fix css lint
* fix lint js
* exclude sentry.*
* Set up the actual linting we'll use
* Prettier-ignore appropriate files, format the rest
* Fix/ignore ESLint and TypeScript errors
* Make tests work with getStringLookup
* Remove now-unused dependencies and build scripts
* Update CI scripts for Next.js
* Add missing Next.js dependencies to the lockfile
These were added when running `next build`.
* Tag Next.js migration TODOs
* Make "add email" dialog work on dashboard
* Load client-side scripts as modules
This is the same the old website did, and avoids e.g. different
`init` functions overriding each other.
* Fix loading of FxA avatar
* Use <BreachLogo> component
* Allow Next.js's inline scripts/styles in prod
For `style-src`, the current website already enables
'unsafe-inline'. For script-src, it looks like we currently cannot
avoid that: https://github.com/vercel/next.js/discussions/51039
* Debug Playwright (#3118)
---------
Co-authored-by: Florian Zia <zia.florian@gmail.com>
Co-authored-by: Kaitlyn <kandres@mozilla.com>
Co-authored-by: Joey Zhou <jozhou@mozilla.com>
Co-authored-by: Robert Helmer <rhelmer@mozilla.com>
Co-authored-by: maxxcrawford <maxx.crawford@gmail.com>
2023-06-12 23:35:35 +03:00
- Good, Opportunity to explore new, modern tech (Vue, Svelte, etc)
- Good, Other frameworks may have better performance when compared to React
- Bad, Additional tool fracturing across the Mozilla ecosystem
- Bad, Both Next.js and React have lots of momentum and unlikely to go away anytime soon, and have a history of maintaining backwards compatibility
- Bad, Time spent analysing all potential options is time not spent creating value
2023-05-15 22:16:29 +03:00
## Links <!-- optional -->
Merge Next.js into `main` (#3116)
* Initialise Next.js app using create-next-app
Command run: npx create-next-app@latest
* Also tell VSCode to format TS and TSX files
* WIP: Sign in with next-auth
* Add Fluent
Unfortunately, since the ReactLocalization object contains
functions, it can't be shared between client and server (because
functions can't be serialized), so in effect every page that uses
localisation has to be a client component.
But at least we can set the correct `lang` attribute on <html> on
the server, so there's that :)
* Copy-paste public breach scan into Next.js
* Halfway migrate public breach list
Did not do: breach icons and getLocale() (for list and date
formatting).
* Enable SSR for localised strings
This allows our pages to be Server Components now.
* Download breach logos in Next.js server
* Tell search engines not to index non-prod envs
* Port existing security headers from Helmet to Next
* Add a 404 page
* Relax CSP in local development
* Set up Next-Auth for server components
It still doesn't work at the moment because the correct redirect
URL hasn't yet been set up on FxA.
* Apply Prettier to Next.js files on commit
* Enable Sass
* feat: Port existing landing page
* fix: Set hibp footer as html
* Wire up Next.js to FxA using iron-session
* feat: Port main layout for authenticated pages
* chore: Get session in layout
* Set up Prettier for VSCode users
* fix: Provide fxa user menu with data
* chore: Format Create Next App template
* Make Next-Auth work with FxA
To test, add the following two variables to your .env:
NEXTAUTH_URL=http://localhost:6060
NEXTAUTH_SECRET=<generate using `openssl rand -base64 32`>
You can then add <SignInButton/> to e.g. the landing page to kick
off authentication.
* Port breach-detail page to Next.js
* Add pending translations
* Access session data in React components
* Use Prettier as the formatter in VSCode
* Port Nebula & Protocol tokens into tokens file
* merge: Resolve conflicts
* fix: Move hr into li element
* feat: Handle authenticated users
* chore: Add todo note
* chore: Don’t use default exports for SignInButton and UserMenu
* chore: Move site navigation to client-side component
* Make mozlog work with Next.js
Unfortunately, this required patching the `intel` package. That
said, since that package hasn't been updated in six years, this
should be relatively safe.
The problem is that `intel` was trying to dynamically determine
which modules to load based on which files were present in its
directory. However, since Next.js moves (and presumably bundles)
Node modules into the `.next` folder, it was unable to find the
modules that `mozlog` was expecting to use.
The patch fixes this by simply explicitly importing those four
modules.
* Add back a couple of authentication logs
* add woff files and metropolis css file
* add right font path
* format scss file to include camelcase
* chore: Move components into (nextjs_migration) and remove redundant layout file
* chore: Remove redirect landing page -> dashboard
* chore: Redirect to dashboard upon signin
* add title and body copy variables
* use token variables in landing scss file instead of old variables from variables.css
* feat: Add basic dashboard page elements
* chore: Add circle chart web component
* chore: Add custom select web component
* breaches get and put calls
* cleanup
* get rid of debug logs
* Add sentry to nextJS branch (#3075)
MNTOR-1641 - enable Sentry for NextJS, for front- and back-end code
* chore: Render user breaches
* feat: Port breach resolution api
* fix: Check breach resolution filter by default
* chore: Add redirect /user/dashboard -> /user/breaches
* feat: Add breach page types
* chore: Remove breach resolution API call headers
* fix: Rename changed API response data key
* add template button component
* remove assets
* add button styling
* chore: Trigger auto signIn for pages that require authentication
* chore: Update breach types
* chore: Repurpose HIBP BreachDataTypes
* chore: Don’t capitalize first letter of chart label
* chore: Remove duplicate font size
* chore: Rename BreachResolutionApiBody -> BreachResolutionRequest
* Add a redirect from /security-tips for Next.js
This was already present in the Express-based website.
* Add the app shell for the React-based website
* chore: Re-enable gtag
* use old font code and add status pill component
* remove unnecessary package additions and style status pills
* lint
* test exposurecard data func
* MNTOR-1765 - set title, favicon, and meta tag correctly for nextjs app (#3082)
* Port unsubscribe-monthly page to Next.js
* add toggle to exposurecard accordion
* add icons to exposure type
* Ease transition from `getMessage`
This adds a `getStringLookup` API to ease the transition from old
Fluent functions (which depend on the user's locale being stored in
AsyncLocalStorage). It will behave the same as the old getMessage()
when called as-is, but when passed an instance of ReactLocalization
(which we have access to in Next.js routes), it will retrieve the
localised string from that.
* Add preliminary Subscriber table type definition
* Process new user sign-in
This does a couple of things:
- It updates the code that sends the breach check email on
first sign-in to pass an instance of ReactLocalization.
- It splits session data and JWT properties to separate data
provided to use by FxA from data we store in our own database.
- It checks if the user that signs in is already known in our
database, and if not, it adds them. It does so using mostly the
same code as in /src/controllers/auth.js's `confirmed` function.
* dockerflow endpoints
* remove introduction.mdx for now, refine button states
* apply some changes
* Move new components out of migration dir
* Delete .bash_profile
* Delete storybook.log
* Delete main.js
* Delete preview.js
* remove use of inter for now
* feat: add email api
* feat: remove email api
* verify email
* update comms options
* light refactoring
* take shared function out to util
* send verification email
* add another property to EmailRow
* add some types
* rename route
* fix review comment
* Fix MNTOR-1634: Stub /settings page (auth)
* Remove commented code, add CSS, match HTML markup from previous iterations
* Remove/comment out logic dependent on session info
* Wire up settings page and new APIs
* Work around radio button unchecking on page load
* Adding a catch all 404
Not ideal but the best solution at the moment
Co-authored-by: Vincent <Vinnl@users.noreply.github.com>
* version route
* remove log
* Port admin pages to Next.js
The Notification email doesn't work yet, because it's not clear yet
how to trigger the Cloud Function.
* Add Storybook build output folder to gitignore
* Set up Netlify
* Group Storybook ignores together
* add node env
Co-authored-by: Vincent <Vinnl@users.noreply.github.com>
* fix test
* fix npm test
* fix css lint
* fix lint js
* exclude sentry.*
* Set up the actual linting we'll use
* Prettier-ignore appropriate files, format the rest
* Fix/ignore ESLint and TypeScript errors
* Make tests work with getStringLookup
* Remove now-unused dependencies and build scripts
* Update CI scripts for Next.js
* Add missing Next.js dependencies to the lockfile
These were added when running `next build`.
* Tag Next.js migration TODOs
* Make "add email" dialog work on dashboard
* Load client-side scripts as modules
This is the same the old website did, and avoids e.g. different
`init` functions overriding each other.
* Fix loading of FxA avatar
* Use <BreachLogo> component
* Allow Next.js's inline scripts/styles in prod
For `style-src`, the current website already enables
'unsafe-inline'. For script-src, it looks like we currently cannot
avoid that: https://github.com/vercel/next.js/discussions/51039
* Debug Playwright (#3118)
---------
Co-authored-by: Florian Zia <zia.florian@gmail.com>
Co-authored-by: Kaitlyn <kandres@mozilla.com>
Co-authored-by: Joey Zhou <jozhou@mozilla.com>
Co-authored-by: Robert Helmer <rhelmer@mozilla.com>
Co-authored-by: maxxcrawford <maxx.crawford@gmail.com>
2023-06-12 23:35:35 +03:00
- [React usage, State of JavaScript ](https://2022.stateofjs.com/en-US/libraries/front-end-frameworks/ )
- [Previous ADR for Native Templating ](https://github.com/mozilla/blurts-server/blob/main/docs/adr/0001-native-templating.md )
- [Additional context for previous Native Templating decision ](https://javarome.medium.com/design-noframework-bbc00a02d9b3 )
