feat: Next.js SSR Improvements

[bcbogdan]

Summary of change

The following PR improves SSR support in Next.js applications.
To get the session data in the context of server side rendering you now have to call getSSRSession either inside a Server Component, or in getServerSideProps (for older next applications).
There's two parts to this change:

Fetching the session during SSR

The logic for this is kept in the ssr.ts file. The function reads the active tokens and has 3 possible outcomes:

• redirect to the login page if there was an issue (unable to read the tokens, token payload was invalid)
• redirect to the refresh api if the tokens have expired or if the front token payload is different from the access token payload
• return the session value

Refreshing a session

The getSSRSession function redirects to a refresh endpoint that we do not expose from our existing API.
Hence, this change adds logic inside the next.js middleware to handle such a request. The custom middleware calls the backend API using a fetch and updates the response with the new tokens.

This part is now kept mostly in the middleware.ts file, in the react library. It's there just to make it easy to review during this stage. It should be moved in the node SDK package as a separate, Nextjs specific API.

Test Plan

(Write your test plan here. If you changed any code, please provide us with clear instructions on how you verified your changes work. Bonus points for screenshots and videos!)

Documentation changes

(If relevant, please create a PR in our docs repo, or create a checklist here highlighting the necessary changes)

Checklist for important updates

• Changelog has been updated
• frontendDriverInterfaceSupported.json file has been updated (if needed)
• Changes to the version if needed
  • In package.json
  • In package-lock.json
  • In lib/ts/version.ts
• Had run npm run build-pretty
• Had installed and ran the pre-commit hook
• Issue this PR against the latest non released version branch.
  • To know which one it is, run find the latest released tag (git tag) in the format vX.Y.Z, and then find the latest branch (git branch --all) whose X.Y is greater than the latest released tag.
  • If no such branch exists, then create one from the latest released branch.
• If added a new recipe interface, then make sure that the implementation of it uses NON arrow functions only (like someFunc: function () {..}).
• If I added a new recipe, I also added the recipe entry point into the size-limit section of package.json with the size limit set to the current size rounded up.
• If I added a new recipe, I also added the recipe entry point into the rollup.config.mjs
• If I added a new login method, I modified the list in lib/ts/types.ts
• If I added a factor id, I modified the list in lib/ts/recipe/multifactorauth/types.ts

Remaining TODOs for this PR

• Item1
• Item2

[github-actions]

size-limit report 📦

Path	Size
lib/build/index.js	24.58 KB (+0.25% 🔺)
recipe/session/index.js	25.29 KB (+0.31% 🔺)
recipe/session/prebuiltui.js	30 KB (+0.2% 🔺)
recipe/thirdparty/index.js	32.37 KB (+0.19% 🔺)
recipe/emailpassword/index.js	11.74 KB (+0.68% 🔺)
recipe/emailverification/index.js	8.03 KB (+0.67% 🔺)
recipe/passwordless/index.js	15.64 KB (+0.55% 🔺)
recipe/emailverification/prebuiltui.js	34.73 KB (+0.37% 🔺)
recipe/thirdparty/prebuiltui.js	53.91 KB (+0.25% 🔺)
recipe/emailpassword/prebuiltui.js	40.91 KB (+0.3% 🔺)
recipe/passwordless/prebuiltui.js	128.89 KB (+0.12% 🔺)
recipe/multitenancy/index.js	6.9 KB (+1.05% 🔺)
recipe/multifactorauth/index.js	11.68 KB (+0.72% 🔺)
recipe/multifactorauth/prebuiltui.js	33.7 KB (+0.36% 🔺)
recipe/oauth2provider/index.js	7.65 KB (+0.74% 🔺)
recipe/oauth2provider/prebuiltui.js	32.07 KB (+0.29% 🔺)

[porcellus]

Why do we need to merge it into getSSRSession? At first glance this works well as both the usecase and the impl is different enough.

[porcellus]

getRefreshLocation?

[porcellus]

I don't think we do, that only comes up with really old tokens IIRC

[porcellus]

This should be cached/moved into a global location.

[porcellus]

Do we check if redirectTo is relative?

[porcellus]

As a TODO: let's review if we could raise our build-target

[porcellus]

I think this can be removed.

[porcellus]

I think this can be removed.

[porcellus]

I think this can be removed.

[porcellus]

You might want to remove this or move it into the with-typescript folder (that's what we use to "test" typings in ci/scripts as well as a scratch file)

[porcellus]

I'd say it handles redirections on the client side.