Merge pull request #1588 from nhost/changeset-release/main

chore: update versions

dashboard/CHANGELOG.md

@@ -1,5 +1,12 @@
 # @nhost/dashboard
 
+## 0.11.3
+
+### Patch Changes
+
+- @nhost/react-apollo@4.13.3
+- @nhost/nextjs@1.13.3
+
 ## 0.11.2
 
 ### Patch Changes

dashboard/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@nhost/dashboard",
-  "version": "0.11.2",
+  "version": "0.11.3",
   "private": true,
   "scripts": {
     "preinstall": "npx only-allow pnpm",

examples/react-apollo/cypress.config.ts

@@ -9,6 +9,8 @@ export default defineConfig({
     mailHogUrl: 'http://127.0.0.1:8025',
     env: {
       backendUrl: 'http://localhost:1337'
-    }
+    },
+    defaultCommandTimeout: 20000,
+    requestTimeout: 20000
   }
 } as Cypress.ConfigOptions)

integrations/apollo/CHANGELOG.md

@@ -1,5 +1,11 @@
 # @nhost/apollo
 
+## 4.13.2
+
+### Patch Changes
+
+- @nhost/nhost-js@1.13.2
+
 ## 4.13.1
 
 ### Patch Changes

integrations/apollo/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@nhost/apollo",
-  "version": "4.13.1",
+  "version": "4.13.2",
   "description": "Nhost Apollo Client library",
   "license": "MIT",
   "keywords": [

integrations/react-apollo/CHANGELOG.md

@@ -1,5 +1,12 @@
 # @nhost/react-apollo
 
+## 4.13.3
+
+### Patch Changes
+
+- @nhost/apollo@4.13.2
+- @nhost/react@1.13.3
+
 ## 4.13.2
 
 ### Patch Changes

integrations/react-apollo/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@nhost/react-apollo",
-  "version": "4.13.2",
+  "version": "4.13.3",
   "description": "Nhost React Apollo client",
   "license": "MIT",
   "keywords": [

integrations/react-urql/CHANGELOG.md

@@ -1,5 +1,11 @@
 # @nhost/react-urql
 
+## 1.0.3
+
+### Patch Changes
+
+- @nhost/react@1.13.3
+
 ## 1.0.2
 
 ### Patch Changes

integrations/react-urql/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@nhost/react-urql",
-  "version": "1.0.2",
+  "version": "1.0.3",
   "description": "Nhost React URQL client",
   "license": "MIT",
   "keywords": [

packages/hasura-auth-js/CHANGELOG.md

@@ -1,5 +1,17 @@
 # @nhost/hasura-auth-js
 
+## 1.12.2
+
+### Patch Changes
+
+- 12ff6313: Set limits to refreshing the token on error
+
+  When starting, the client was trying to refresh the token five times every second, then indefinitely every five seconds.
+  It is now limited to 5 attempts at the following intervals: 5, 10, 20, 40, and 80 seconds. If all these attempts fail, the user state is signed out.
+
+  Similarly, when refreshing the token failed, the client was attempting to refresh the token every second.
+  It is now limited to 5 attempts at the following intervals: 5, 10, 20, 40, and 80 seconds.
+
 ## 1.12.1
 
 ### Patch Changes

packages/hasura-auth-js/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@nhost/hasura-auth-js",
-  "version": "1.12.1",
+  "version": "1.12.2",
   "description": "Hasura-auth client",
   "license": "MIT",
   "keywords": [

packages/hasura-auth-js/src/constants.ts

@@ -9,5 +9,4 @@ export const MIN_PASSWORD_LENGTH = 3
  */
 export const TOKEN_REFRESH_MARGIN = 300 // five minutes
 
-/** Number of seconds before retrying a token refresh after an error */
-export const REFRESH_TOKEN_RETRY_INTERVAL = 5
+export const REFRESH_TOKEN_MAX_ATTEMPTS = 5

packages/hasura-auth-js/src/machines/authentication/machine.ts

@@ -10,7 +10,7 @@ import { assign, createMachine, InterpreterFrom, send } from 'xstate'
 import {
   NHOST_JWT_EXPIRES_AT_KEY,
   NHOST_REFRESH_TOKEN_KEY,
-  REFRESH_TOKEN_RETRY_INTERVAL,
+  REFRESH_TOKEN_MAX_ATTEMPTS,
   TOKEN_REFRESH_MARGIN
 } from '../../constants'
 import {
@@ -331,19 +331,7 @@ export const createAuthMachine = ({
                               actions: ['saveSession', 'resetTimer', 'reportTokenChanged'],
                               target: 'pending'
                             },
-                            onError: [
-                              { actions: 'saveRefreshAttempt', target: 'pending' }
-                              // ? stop trying after x attempts?
-                              // {
-                              //   actions: 'retry',
-                              //   cond: 'canRetry',
-                              //   target: 'pending'
-                              // },
-                              // {
-                              //   actions: ['sendError', 'resetToken'],
-                              //   target: '#timer.stopped'
-                              // }
-                            ]
+                            onError: [{ actions: 'saveRefreshAttempt', target: 'pending' }]
                           }
                         }
                       }
@@ -644,9 +632,13 @@ export const createAuthMachine = ({
             return false
           }
           if (ctx.refreshTimer.lastAttempt) {
-            // * If a refesh previously failed, only try to refresh every `REFRESH_TOKEN_RETRY_INTERVAL` seconds
+            // * If the refresh timer reached the maximum number of attempts, we should not try again
+            if (ctx.refreshTimer.attempts > REFRESH_TOKEN_MAX_ATTEMPTS) {
+              return false
+            }
             const elapsed = Date.now() - ctx.refreshTimer.lastAttempt.getTime()
-            return elapsed > REFRESH_TOKEN_RETRY_INTERVAL * 1_000
+            // * Exponential backoff
+            return elapsed > Math.pow(2, ctx.refreshTimer.attempts - 1) * 5_000
           }
           if (refreshIntervalTime) {
             // * If a refreshIntervalTime has been passed on as an option, it will notify
@@ -663,9 +655,12 @@ export const createAuthMachine = ({
           return remaining <= 0
         },
         // * Untyped action payload. See https://github.com/statelyai/xstate/issues/3037
-        /** Shoud retry to import the token on network error or any internal server error */
-        shouldRetryImportToken: (_, e: any) =>
-          e.data.error.status === NETWORK_ERROR_CODE || e.data.error.status >= 500,
+        /** Shoud retry to import the token on network error or any internal server error.
+         * Don't retry more than REFRESH_TOKEN_MAX_ATTEMPTS times.
+         */
+        shouldRetryImportToken: (ctx, e: any) =>
+          ctx.importTokenAttempts < REFRESH_TOKEN_MAX_ATTEMPTS &&
+          (e.data.error.status === NETWORK_ERROR_CODE || e.data.error.status >= 500),
         // * Authentication errors
         // * Untyped action payload. See https://github.com/statelyai/xstate/issues/3037
         unverified: (_, { data: { error } }: any) =>
@@ -924,10 +919,8 @@ export const createAuthMachine = ({
       },
       delays: {
         RETRY_IMPORT_TOKEN_DELAY: ({ importTokenAttempts }) => {
-          if (importTokenAttempts < 5) {
-            return 1000
-          }
-          return 5000
+          // * Exponential backoff
+          return Math.pow(2, importTokenAttempts - 1) * 5_000
         }
       }
     }

packages/hasura-auth-js/tests/refreshToken.test.ts

@@ -471,7 +471,7 @@ describe(`Auto sign-in`, () => {
     const state = await waitFor(authService, (state) => state.context.importTokenAttempts === 2)
 
     expect(state.context.importTokenAttempts).toEqual(2)
-  })
+  }, 20000)
 
   test(`should retry a token refresh if server returns an error`, async () => {
     server.use(authTokenInternalErrorHandler)
@@ -486,7 +486,7 @@ describe(`Auto sign-in`, () => {
     const state = await waitFor(authService, (state) => state.context.importTokenAttempts === 2)
 
     expect(state.context.importTokenAttempts).toEqual(2)
-  })
+  }, 20000)
 
   test(`should wait for the server to be online when starting offline`, async () => {
     server.use(authTokenInternalErrorHandler)
@@ -511,7 +511,7 @@ describe(`Auto sign-in`, () => {
       state.matches('authentication.signedIn')
     )
     expect(signedInState.context.user).not.toBeNull()
-  })
+  }, 20000)
 
   test(`should automatically sign in if "refreshToken" was in the URL`, async () => {
     vi.stubGlobal('location', {

packages/nextjs/CHANGELOG.md

@@ -1,5 +1,11 @@
 # @nhost/nextjs
 
+## 1.13.3
+
+### Patch Changes
+
+- @nhost/react@1.13.3
+
 ## 1.13.2
 
 ### Patch Changes

packages/nextjs/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@nhost/nextjs",
-  "version": "1.13.2",
+  "version": "1.13.3",
   "description": "Nhost NextJS library",
   "license": "MIT",
   "keywords": [

packages/nhost-js/CHANGELOG.md

@@ -1,5 +1,12 @@
 # @nhost/nhost-js
 
+## 1.13.2
+
+### Patch Changes
+
+- Updated dependencies [12ff6313]
+  - @nhost/hasura-auth-js@1.12.2
+
 ## 1.13.1
 
 ### Patch Changes

packages/nhost-js/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@nhost/nhost-js",
-  "version": "1.13.1",
+  "version": "1.13.2",
   "description": "Nhost JavaScript SDK",
   "license": "MIT",
   "keywords": [

packages/react/CHANGELOG.md

@@ -1,5 +1,11 @@
 # @nhost/react
 
+## 1.13.3
+
+### Patch Changes
+
+- @nhost/nhost-js@1.13.2
+
 ## 1.13.2
 
 ### Patch Changes

packages/react/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@nhost/react",
-  "version": "1.13.2",
+  "version": "1.13.3",
   "description": "Nhost React library",
   "license": "MIT",
   "keywords": [

packages/vue/CHANGELOG.md

@@ -1,5 +1,11 @@
 # @nhost/vue
 
+## 1.13.3
+
+### Patch Changes
+
+- @nhost/nhost-js@1.13.2
+
 ## 1.13.2
 
 ### Patch Changes

packages/vue/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@nhost/vue",
-  "version": "1.13.2",
+  "version": "1.13.3",
   "description": "Nhost Vue library",
   "license": "MIT",
   "keywords": [