Hacker News new | ask | show | jobs
by jitl 330 days ago
> just so a secret (of any kind) is never required on the client

This is how web clients usually work though not NextJS special at all. You have a HTTP only cookie for authentication and proxy requests through your backend to authorize client to perform actions that depend on secrets.

I’m not a NextJS proponent and have experienced frustrations running into its limitations but I think in this case it’s unfair to malign it.

If anything NextJS makes this easier, you just move your function call that uses a secret to a “use server” file and add an authorization check but your client code doesn’t need to change you keep importing it and calling it like a regular async function.
1 comments
ashwinsundar 330 days ago
Here's the thing - the other frameworks I work in don't encourage me to require secrets on the client-side, so you're exactly right. The client-server split that is enforced by Next.js's App Router paradigm is not an abstraction, but more like a rift through the center of the web development universe. I don't want to send env variables to the client, but sometimes they have to be shipped with the bundle to cross this great chasm. It's like that scene in Interstellar when Coop and his team gets sucked into the black hole. Him returning to see Murph is like a client issuing a fetch request to the server, as far as Next.js is concerned

And I already know what the answer is, it's "anticipate every possible future scenario that your web program might encounter, and design your server/client structure perfectly the first time! What's so hard about that?"

This experience with Next.js has made me quit the Javascript/Typescript communities of web frameworks entirely. Burned by Gatsby and GraphQL once, shame on them. Burned by Next.js though...

link
jitl 329 days ago
it’s so much easier to fix this in NextJS compared to other stacks though, I have done it a few times where I end up w secret using code in the client while prototyping but it’s just a single line of text at the top of a file to make it server and keep the existing async call sites. NextJS is not great at some stuff but moving code from client to server it’s like second to none
link