fix: serialisation nextjs requests

[ErnoW]

---

name: 'Pull request'
about: A new pull request

New Pull Request

Checklist

• I am not disclosing a vulnerability.
• My code is conform the code style
• I have made corresponding changes to the documentation
• I have updated Typescript definitions when needed

Issue Description

JSONs get double serialised before sending it to the api without deserialising the request

Related issue: #FILL_THIS_OUT

Solution Description

• Serialise requests only once
• Deserialise request before sending it to the api

[changeset-bot]

🦋 Changeset detected

Latest commit: 56d4751

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 27 packages

Name	Type
@moralisweb3/next	Patch
@moralisweb3/api-utils	Patch
@moralisweb3/auth	Patch
@moralisweb3/codegen	Patch
@moralisweb3/evm-api	Patch
@moralisweb3/evm-utils	Patch
@moralisweb3/parse-server	Patch
@moralisweb3/sol-api	Patch
@moralisweb3/sol-utils	Patch
@moralisweb3/streams	Patch
@moralisweb3/test-utils	Patch
@moralisweb3/common-auth-utils	Patch
@moralisweb3/common-core	Patch
@moralisweb3/common-evm-utils	Patch
@moralisweb3/common-sol-utils	Patch
@moralisweb3/common-streams-utils	Patch
@moralisweb3/client-api-utils	Patch
@moralisweb3/client-evm-api	Patch
@moralisweb3/client-firebase-api-utils	Patch
@moralisweb3/client-firebase-auth-utils	Patch
@moralisweb3/client-firebase-evm-api	Patch
@moralisweb3/client-firebase-evm-auth	Patch
@moralisweb3/client-firebase-sol-api	Patch
@moralisweb3/client-firebase-sol-auth	Patch
@moralisweb3/client-sol-api	Patch
moralis	Patch
create-moralis-dapp	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[github-actions]

Test coverage

Title	Lines	Statements	Branches	Functions
api-utils		26.2% (49/187)	19.14% (9/47)	22.85% (8/35)
auth		92.77% (77/83)	81.81% (18/22)	90% (18/20)
evm-api		100% (81/81)	66.66% (6/9)	100% (49/49)
common-evm-utils		64.67% (974/1506)	19.44% (127/653)	35.25% (208/590)
sol-api		96.66% (29/30)	66.66% (6/9)	91.66% (11/12)
common-sol-utils		73.77% (135/183)	60% (12/20)	65.67% (44/67)
common-streams-utils		94% (1066/1134)	81.42% (399/490)	86.74% (373/430)
streams		89.35% (512/573)	68.05% (49/72)	88.98% (105/118)

[FedericoAmura]

The parameter should be interface Module?
We can use Required or something similar to not use the class and derive a type

[b4rtaz]

Do you suggest something like this?

interface ModuleDescriptor {
    name: string;
    baseUrl: string;
    operations: UnknownOperation[];
}

class Module {

public constructor(private readonly descriptor: ModuleDescriptor) {

}

I think this is better than the current approach. The current approach wastes the memory only for a better readability.

[FedericoAmura]

No, I just wanted to type the constructor input

type ModuleType = Required<Module>;

class Module {
    name: string;
    baseUrl: string;
    operations: UnknownOperation[];

    public constructor({ name, baseUrl, operations }: ModuleType) {
        this.name = name;
        this.baseUrl = baseUrl;
        this.operations = operations;
    }
}

---

That approach wouldn't be vulnerable to this?:

const descriptor = { name: 'aModule', baseUrl: 'https://myurl.com', operations: [] };
const module = new Module(descriptor);

descriptor.baseUrl = 'https://someOtherUrlThatIsNotReadonly';
// And now the module has a different baseUrl because the `readonly` only affects `descriptor`

I would prefer an object to not depend anymore on the things it received in its constructor if possible

[b4rtaz]

No, I just wanted to type the constructor input

I don't like this one. I cannot add a public property, without influencing on the constructor arguments. I think this breaks the SRP principle.

That approach wouldn't be vulnerable to this?:

You may add the readonly keyword to any interface.

interface ModuleDescriptor {
    readonly name: string;
    readonly baseUrl: string;
    readonly operations: UnknownOperation[];
}

I would prefer an object to not depend anymore on the things it received in its constructor if possible

I agree, so you need to clearly describe which property is mutable or immutable. This is why we should use the readonly keyword for classes and interfaces.

[ErnoW]

@b4rtaz @FedericoAmura I continued on fixing another bug, included it in this PR as it relates to the previous discussion.

This change allow us to remove the number of arguments to 2, so I removed the object interface now. I do agree with the suggestion @FedericoAmura to have a typed interface before implementing (but it is not needed anymore now).

See commit cf2a8e3 for changes related to the other bug. It is about that we do not account for Nullable/Paginated resolvers. Now we resolve the operations based on the EvmApi/SolApi/Auth definitions so that we have a single source of truth for the resolving logic.

[Y0moo]

Why do we pass here the "core" argument? The Moralis instance is the same across the whole application, so we can import it into any part of the application instead of passing it as an argument. Especially when we use this instance in the same file. Or is there something I don't get? @ErnoW

[ErnoW]

It's a better design pattern to include these dependencies as argument (see Dependency injection)

In this case it does not make too much of a difference as in NextJs we also use directly imported instances of the 'core', like you say. But it's a good habit to include it as a dependency wherever we can. But it results in more predictable code.

This is also why we pass around the core instance within all the modules/functions within the SDK.