How to get the authenticated user info on the server side after the signin?

[dodanex]

Hello @sandros94 ,

Because the documentation is missing the information on how to get the authenticated user info (or the info method is broken) I tried the following:

// ./server/api/auth.ts

export default defineEventHandler(async (event) => {
	const data = {
		NS: config.SURREALDB_NAMESPACE,
		DB: config.SURREALDB_DATABASE,
		SC: config.SURREALDB_SCOPE,

		email: '[email protected]',
		password: 'secret'
	}

        // the signup method works fine !
	const sessionToken = await useSurrealRPC(event, { method: 'signin', params: [data] })
        console.log(sessionToken) // <- returns the token
        
        // the info method does not work !!!
        const result = await useSurrealRPC(event, { method: 'info' })
        console.log(result) // <- returns null

        // I've also tried this, but it's not working on the server side !
        // const { info } = useSurrealDB()
	// const result = await info()

        return result
})

So how can I get the user information after the signin?
Thanks

[sandros94]

Hi @dodanex
first off, sorry if I still haven't created official docs. I'm working on it tho 🙏

Any methods that do require user's authentication are mainly for client-side usage, since SurrealDB can handle them.
But this server-side only use case is something I need to simplify, since it is already usable but not as simple as I would like it to be.

It is not working because you need to pass the sessionToken to the next useSurrealRPC call

-  const result = await useSurrealRPC(event, { method: 'info' })
+  const result = await useSurrealRPC(event,
+    { method: 'info' },
+    {
+      database: {
+        NS: config.SURREALDB_NAMESPACE,
+        DB: config.SURREALDB_DATABASE,
+        SC: config.SURREALDB_SCOPE,
+      },
+      token: sessionToken,
+    },
+  )
  console.log(result)

useSurrealRPC accepts a third parameter where you can specify the database preset and a valid session token. It is important to note that you should be using the same database preset, otherwise SurrealDB will try to use that token in a different database preset and error out the request since that session is invalid as long as you call the same db preset.

Thanks for pointing this out. I should investigate server-side operations a bit more, in particular authenticated operations.

P.S.:

        // I've also tried this, but it's not working on the server side !
        // const { info } = useSurrealDB()
	// const result = await info()

This isn't working because the useSurrealDB server util still lacks most of the other methods (in fact currently it supports only the query method).

[dodanex]

Thanks @sandros94 , this worked !

[sandros94]

Thanks @sandros94 , this worked !

Glad to help!

useSurrealRPC is the main composable/server-util that handles all the underline logic of this module. So if something isn't yet directly available via a dedicated composable or server-util you can fallback to that. But, as you have noticed, manual operations are required.

I do plan to add server side utils for authentication, but ideally I would like to make them compatible with other modules like nuxt-auth-utils. This will make client-side and server-side auth somewhat incompatible between each other, but will open up things like secure sessions and such