Server-side Auth with Remix, Prisma, and the Web Platform

Rate this content
Bookmark

In this talk, we'll get a live coded demo of building custom hand-rolled authentication. When you have the right tools (and we do), authentication can be quite simple and secure. This is more (and better) than just: "Install this library and you're good to go." When we're done we'll have our own auth code that can evolve with our ever-changing requirements without a need to learn some library-specific APIs. We'll be leveraging the Web Platform the way it was meant to be done to give us simple and secure server-side authentication for the web.


You can check the slides for Kent's talk here as well as demo code.

This talk has been presented at Node Congress 2022, check out the latest edition of this JavaScript Conference.

FAQ

Kent C. Dodds is the Director of Developer Experience at Remix and the creator of epicreact.dev and testingjavascript.com. You can visit his website at kentcdodds.com.

The focus of Kent C. Dodds' talk at Node Congress is on server-side authentication using Remix, Prisma, and the web platform.

Remix is a web framework that runs on Node.js and is designed to make web development simpler and more efficient. It is known for its excellent developer and end-user experience.

The primary use case discussed in Kent's talk is adding user authentication to a jokes app using Remix and Prisma.

Prisma is an open-source database toolkit that makes it easier to work with databases in JavaScript and TypeScript applications.

Remix handles user authentication in the jokes app by using Prisma to create user models, store hashed passwords, and manage user sessions with cookies.

Using cookies for sessions in Remix ensures secure and efficient user authentication by storing session data on the client side, signed with a secret to prevent tampering.

Yes, Remix is ready for production. It is actively maintained and used in production environments, including Kent C. Dodds' own website, which serves thousands of users.

Remix is suitable for enterprise applications due to its simple mental model, excellent developer experience, and robust handling of state management and user authentication.

Unique features of Remix include its solid foundation over the network chasm between front end and back end, true nested routing, and optimized performance for both developers and end-users.

Kent C. Dodds
Kent C. Dodds
34 min
18 Feb, 2022

Comments

Sign in or register to post your comment.

Video Summary and Transcription

This Talk is about server-side authentication with Remix, Prisma, and the web platform. It covers adding authentication to a Remix app, troubleshooting and login setup, handling user login and session creation, creating user sessions and redirects, handling user ID retrieval and validation, and working with cookies in Remix. The speaker emphasizes that Remix is ready for production and suitable for enterprise apps. Remix simplifies the mental model and improves performance by bridging the network gap between the front end and back end.

1. Introduction to Server-side Auth with Remix

Short description:

Hey Node Congress, my name is Kent C. Dodds and I'm really excited to give this talk, server-side auth with Remix, Prisma and web platform. We're working in Node because Node is awesome and Remix runs on Node and I love Remix. This talk is a live code demo of adding auth to an existing app based on the tutorial from Remix. It's a condensed version, but it should give you a good idea of how Remix approaches authentication.

Hey Node Congress, my name is Kent C. Dodds and I'm really excited to give this talk, server-side auth with Remix, Prisma and web platform. We're working in Node because Node is awesome and Remix runs on Node and I love Remix.

So if you aren't familiar with me, I work at Remix as the director of developer experience, so if you've tried Remix and your developer experience wasn't good, it's my bad, sorry. I'm working on making all that better. I'm also the creator of epicreact.dev and testingjavascript.com and you can check out my website kentcdodds.com because it's pretty legit.

What this talk is is a live code demo of adding auth to an existing app and we're actually basing this off of part of the tutorial from Remix. So if you've gone through the jokes tutorial in Remix, that's kind of what we're going through here. This is not complete. I only get about 20 minutes with you, and so it's not going to have everything, but it should give you the right idea of how Remix approaches authentication, and I think it's in a really good way.

2. Adding Authentication to Remix App

Short description:

Let's start by adding authentication to our Remix app. Currently, anyone can add jokes without authentication, and we want to prevent that. We'll begin by adding a user model in the schema.prisma file and associate jokes with specific users. We'll store hashed passwords for security. After updating Prisma, we'll create a jokester named Cody and use their ID to associate jokes with them. Finally, we'll push the changes to the database and resolve any type errors caused by seeding jokes without associated jokesters.

So let's go ahead and get started since we don't have a lot of time, let's jump right into the coding. So here we're actually going to take the full screen off, get rid of this, Remix you can find at Remix.run and you can read all about it and scroll through this, it's actually a pretty cool scrolling experience to go through that and get an idea of what Remix is.

This is the app that we're going to be working on, Remix, so great it's funny. It's a jokes app where you can get random jokes and it'll just have a bunch of different jokes for you. It's pretty fun and then you have permalinks and stuff and in the tutorial we add the ability to delete the jokes, you can add your own, and this actually works right now, but the problem is that there's no authentication going on right here so anybody in the world could add their own jokes, we'd never know who did it and people who add jokes they can't remove those jokes and we don't want to add that capability until they can log in because we don't want people removing other people's jokes.

So that is what we're going to be adding to our app, it's just the ability to authenticate. So we're going to start out in our schema.prisma file, so we've already got Prisma up and running that's holding all of our jokes and we have a seed to get all of these jokes put into the database already, but we want to add user authentication and so to do that we're going to need a user model so we can associate jokes to specific users. So let's go say model user and Copilot is going to help us out with this stuff. Not all this is what we want though, so we get an ID, I like the UUID personally, thanks a lot Copilot. We do want the created app, we want the updated app, and then we're going to have a username, not just a name and this needs to be unique. And then we don't really need an email here so we'll get rid of that, we do want a password though, but we're not storing like raw passwords, we're going to store a hash of the passwords to make it nice and secure. And then we have a relationship with the joke model inside of this user so we'll have jokes and that is an array of jokes. And it looks like my datetime, or Copilot didn't quite get this right so this is going to default to now, and there we go. So now we're getting a red underline here because the joke model is not associated to the user model and, whew, that was a close call, we had two N's right there. So now we want to add a jokester ID, and this is going to be a string, and then we'll have the jokester, which in this case is going to be a user, and we're going to add a relation with the fields for this relation is just the jokester ID, there we go, thank you, and the references is just the ID, and then on delete we'll cascade. So when we delete the jokester all their jokes are going to be gone. And let's make sure we spell this correctly. There we go. Okay, cool, so we've gotten Prisma updated, let's go ahead and run a couple of Prisma scripts, so we'll run npx Prisma db push, to push all of these changes. Yes, we were going to delete all of the things, and now we should have some type errors right in here, because we're now seeding the database with jokes that don't have jokesters associated. So let's go ahead and make our first jokester. And this is going to be Cody, we're going to await Prisma user create, and the data for this is going to have the username of Cody. And the password hash, is actually going to be twixrocks. And I have this pasted over here, because I, you don't want to watch me type that out. But this is basically twixrocks, hashed. And so that's going to be our password for our Cody user. So now that we have Cody, we can use Cody for generating or creating all of these jokes. So we'll say our data is going to be all the joke properties plus the jokester ID of Cody.ID. And so that can be our data. And now our TypeScript stuff, hopefully it will go away.

QnA