Appwrite Ssr Svelte Kit
Almost SSR - Svelte Kit
Demo application with authorized server-side and client-side rendering.
π Looking for Different Framework?
- π¦ Next.js | next-js.ssr.almostapps.eu
- π¦ Nuxt | nuxt.ssr.almostapps.eu
- π¦ Astro | astro.ssr.almostapps.eu
- π¦ Qwik | qwik.ssr.almostapps.eu
- π¦ Remix | remix.ssr.almostapps.eu
π So How Does It Work?
Appwrite uses 1st party secure cookies for authorization. For legacy reasons, there are two such cookies. They are both very similar, but one's name ends with _legacy and is configured a tiny bit differently. It's also possible to use a fallback cookie, but that is not secure for production, and we will not be using that.
To ensure server-side rendering works, we need to set those cookies on our SSR server hostname instead of the Appwrite hostname. Let's say our Appwrite instance is on cloud.appwrite.io, and our app is on myapp.com. SSR server on domain myapp.com won't receive appwrite.io cookies. This is expected behavior, as browsers keep 1st party cookies securely scoped to specific domains.
To set those cookies on the SSR server, we need a special API endpoint in our SSR server. This endpoint will send a request to create a session, proxying email/password or other credentials. This endpoint next parses the response set-cookie header, replaces domain configuration on the cookies, and set's it's own set-cookie on the response to the client.
When a client calls this endpoint, the cookie will now be set on the SSR server hostname instead of the Appwrite hostname.
This makes server-side rendering work, but now client-side rendering is broken. Since set-cookieΒ coming to the browser only includes a cookie for the SSR server, talking to the Appwrite server directly won't have a proper cookie - there is no auth cookie on the Appwrite hostname. To overcome this problem, we ensure the Appwrite hostname is a subdomain of the SSR hostname. For example, if our SSR server runs on myapp.com, Appwrite needs a custom domain configured on appwrite.myapp.com. With this setup, all requests to the Appwrite server will include auth cookies, and the user will be properly authorized. This is possible thanks to Appwrite prefixing the cookie domain with ., meaning all subdomains can also access the cookie.
π§° Tech Stack
π οΈ Setup Server
- Setup Appwrite server
- Create project
almostSsr
π Setup Client
- Install libarries
npm install - Update
AppwriteEndpointinsrc/lib/AppwriteService.ts - Start server
npm run dev
π Deployment
- Deploy the frontend on your production domain. For example,
myapp.com. - Add the frontend domain as a trusted platform in your Appwrite project.
- Add a custom domain to your Appwrite project, which is a subdomain of your frontend. For example,
appwrite.myapp.com. - Update
SsrHostnameandAppwriteHostnameinsrc/lib/AppwriteService.tswith proper domains.
π€ Contributing
To contribute to frontend, make sure to use the Pink Design design system. Ensure both dark and light theme work properly, as well as responsivity on mobile, tablet and desktop.
When contributing with static files, ensure all images are in WEBP or SVG format.
πΌοΈ Screenshots
π€ Auto-generated documentation
Everything you need to build a Svelte project, powered by create-svelte.
Creating a project
If you're seeing this, you've probably already done this step. Congrats!
# create a new project in the current directory
npm create svelte@latest
# create a new project in my-app
npm create svelte@latest my-app
Developing
Once you've created a project and installed dependencies with npm install (or pnpm install or yarn), start a development server:
npm run dev
# or start the server and open the app in a new browser tab
npm run dev -- --open
Building
To create a production version of your app:
npm run build
You can preview the production build with npm run preview.
To deploy your app, you may need to install an adapter for your target environment.
