Skip to content

feat: make handleFetch a shared hook #13755

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 8 commits into
base: main
Choose a base branch
from
Open

feat: make handleFetch a shared hook #13755

wants to merge 8 commits into from

Conversation

SomaticIT
Copy link
Contributor

@SomaticIT SomaticIT commented Apr 30, 2025
edited
Loading

Hello Svelte Team,

I send you this PR to make handleFetch a shared hook that can be used on both client and server side.

Motivation

I'm working a hybrid client/server administration portal where authentication is done using OAuth/OIDC + JWT tokens. I'm trying to create a secure and performant authentication process and I noticed that we could create something very powerful with SvelteKit by improving some features.

Indeed, a good practice when working on a SSR environment is:

  1. Make all requests to auth server on the server side
  2. Transmit access token and refresh token to client
  3. Keep only the refresh token on a cookie (not the access token)
  4. When a new request is done using the server, refresh the token and transmit the new refresh token to the client.

However, on a very hybrid scenarios where requests are done sometimes on the client, sometimes on the server, it multiplies the numbers of refresh token requests and create a bottleneck on the auth server.

So a good improvement would be to constantly pass the access token from the client to the server to allow reusing during the session. I noticed that we can take control of fetch requests on the server side but not on the client side.

Other use cases

I see some scenarios where controling the client-side fetch would be useful:

  • Automatically exchange token information (like explained above)
  • Automatically exchange headers with server-side load and action functions
  • Automatically includes credentials to requests to API
  • Logging and monitoring fetch requests

Implementation

This PR replicates the behavior of the server-side handleFetch hook with one difference: the hook does not have access to event.

Notes

I wanted to include a test similar to the server-side handleFetch. However I did not find any tests for server-side handleFetch.
I'm open to any idea to create tests for both hooks.

Edit : I finally found my way and included some tests, do not hesitate to review them!

Please don't delete this checklist! Before submitting the PR, please make sure you do the following:

  • It's really useful if your PR references an issue where it is discussed ahead of time. In many cases, features are absent for a reason. For large changes, please create an RFC: https://github.com/sveltejs/rfcs
  • This message body should clearly illustrate what problems it solves.
  • Ideally, include a test that fails without this PR but passes with it.

Tests

  • Run the tests with pnpm test and lint the project with pnpm lint and pnpm check

Changesets

  • If your PR makes a change that should be noted in one or more packages' changelogs, generate a changeset by running pnpm changeset and following the prompts. Changesets that add features should be minor and those that fix bugs should be patch. Please prefix changeset messages with feat:, fix:, or chore:.

Edits

  • Please ensure that 'Allow edits from maintainers' is checked. PRs without this option may be closed.

@changeset-bot changeset-bot
Copy link

changeset-bot bot commented Apr 30, 2025
edited
Loading

🦋 Changeset detected

Latest commit: 767c555

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package
Name Type
@sveltejs/kit Minor

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@svelte-docs-bot
Copy link

Preview: https://svelte-dev-git-preview-kit-13755-svelte.vercel.app/

@SomaticIT SomaticIT force-pushed the @feat/client-handle-fetch branch 3 times, most recently from 195ccbd to 9b4bb44 Compare May 7, 2025 10:19
@SomaticIT
Copy link
Contributor Author

Nobody wants to review ?

@eltigerchino eltigerchino added the feature / enhancement New feature or request label May 14, 2025
@eltigerchino
Copy link
Member

eltigerchino commented May 14, 2025
edited
Loading

Thanks for the PR! The team will have to discuss this first and it might be better to do so in an issue beforehand.

@SomaticIT SomaticIT force-pushed the @feat/client-handle-fetch branch from 9b4bb44 to 0b0bfc9 Compare May 26, 2025 21:05
@SomaticIT SomaticIT force-pushed the @feat/client-handle-fetch branch from 0b0bfc9 to 767c555 Compare May 26, 2025 21:08
@SomaticIT
Copy link
Contributor Author

Hi,

@eltigerchino, I understand your will to discuss about this feature first. In fact, I was blocked on a project for this reason and I thought that it would be the most reliable solution to encapsulate fetch on the client-side, so I quickly built a POC and since I prefer to share my work, I finalized the integration and submitted here.

I still think that making handleFetch a shared hook is a good design choice because it creates a single place (in fact two :)) to manage the application request behavior.

I'm welcome to open discussion and see how I can help.

PS: I rebased my branch on top of main to resolve conflicts

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
feature / enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@SomaticIT @eltigerchino