How to use AWS Amplify Authentication with Next.js Server Actions

No next-auth required:

// amplifyServerUtils.ts

import { createServerRunner } from '@aws-amplify/adapter-nextjs';
import config from '@/amplifyconfiguration.json';

export const { runWithAmplifyServerContext } = createServerRunner({
  config
});

// actions.ts

"use server";
import { cookies } from "next/headers";
import { runWithAmplifyServerContext } from "@/amplifyServerUtils";
import { getCurrentUser } from "aws-amplify/auth/server";

export const getAuthData = async () => {
  const authData = await runWithAmplifyServerContext({
    nextServerContext: { cookies },
    operation: (contextSpec) => getCurrentUser(contextSpec),
  });

  console.log("authData", authData);
  return authData;
};

// page.tsx

"use client";
import { getAuthData } from "./actions";

export default function GetCurrentUser() {
  const onClick = async () => {
    const authData = await getAuthData();
    console.log("authData", authData);
  };

  return (
    <div>
      <button onClick={onClick}>Click me</button>
    </div>
  );
}

This code is mostly based on Amplify Docs.

Don't forget to first set up authentication as described here.

Bonus: How I debugged AmplifyServerContextError

When I first wrote this code I got this error:

⨯ ../node_modules/@aws-amplify/core/dist/esm/adapterCore/serverContext/serverContext.mjs (31:10) @ getAmplifyServerContext ⨯ AmplifyServerContextError: Attempted to get the Amplify Server Context that may have been destroyed.

I still don't know what's causing this but the solution is to drop the '@' from the import declaration:

// This throws an error
import { getCurrentUser } from "@aws-amplify/auth/server";

// This works
import { getCurrentUser } from "aws-amplify/auth/server";

Explore related topics

programming aws amplify next.js amplify v6 cognito

How I fixed @aws-crypto build error

I've been getting the following error when building my Next.js app:

Failed to compile.

./node_modules/.pnpm/@aws-crypto+sha256-js@5.2.0/node_modules/@aws-crypto/sha256-js/build/module/index.js + 12 modules Cannot get final name for export 'fromUtf8' of ./node_modules/.pnpm/@smithy+util-utf8@2.0.2/node_modules/@smithy/util-utf8/dist-es/index.js

I narrowed the source down to the following piece of code:

import { createServerRunner } from "@aws-amplify/adapter-nextjs";
import { AWS_AMPLIFY_CONFIG } from "./utils";
import { cookies } from "next/headers";
import { getCurrentUser } from "aws-amplify/auth/server";

export const { runWithAmplifyServerContext } = createServerRunner({
  config: AWS_AMPLIFY_CONFIG,
});

aws next.js @aws-crypto amplify programming

How I built a chat app using Streams API, Next.JS, Redis and Vercel

Last week I added a chat feature to Sanity. In this article, I'll guide through how I built it using Streams API, Next.js, Redis and Vercel.

Sanity chat

Before we start, a quick disclaimer: there are much better ways to build a chat application, for example by using WebSockets. Vercel unfortunately doesn't support WebSockets and I didn't want to spin a dedicated server, which is why I used Streams API. Using Streams API the way I use it here is most likely not the best use of resources but it works and is a good enough solution for my small scale use. If you're on the same boat, keep reading.

If the chat takes off, I'll have to move it to a dedicated Socket.io server, a serverless WebSocket on AWS, or something similar to reduce costs.

Storing messages in Redis

I use the KV (Redis) database from Vercel to store the last 100 messages. Here is the code used to send and read messages.

import { MAX_CHAT_MESSAGE_LENGTH } from "@/utils";

const MAX_MESSAGES = 100;

export const addChatMessage = async ({

programming vercel streams api backend next.js react redis javascript

How to implement AI vector search and related posts with pgvector

At the end of this tutorial, you should be able to set up your own vector search with text embeddings in a Next.js app. This is a tutorial that mostly consists of coding samples taken directly from the Sanity codebase.

You can see the results right here on Sanity. The related posts section underneath each post is generated with pgvector. So is the search.

The stack I used:

Open AI's text-embedding-ada-002 model
Next.js
Prisma
PostgreSQL

Start by setting up the Prisma client:

This step is needed to get Prisma to cooperate with Next.js.

// Setting up prisma

programming pgvector ai building in public sql

How I struggled to fix votes on Sanity

Ever since I implemented upvotes a few months ago, I had been struggling with user upvotes/downvotes request occasionly timing out. The bug persisted for a few months and the few times I tried to debug it, I had no success. Is it the database schema? Nope, I use similar schemas for other collections and they work fine. An inefficient MongoDB query? Same thing. No indexing? I indexed the DB even though there are barely any votes in the collection. An issue with Vercel cold start? Also not it, everything within the norm.

Last Friday the rest of the app was finally ready and I wanted to start inviting some users, so I gave up and decided to pay $20/month for Vercel Pro to increase the timeout from 10 to 60 seconds and worry about the bug another day. And then I checked the logs on Vercel Pro...

Unhandled error: MongooseError: Operation `userVotes.findOne()` buffering timed out after 10000ms
    at Timeout.<anonymous> (/var/task/sanity_client/node_modules/mongoose/lib/drivers/node-mongodb-native/collection.js:175:23)
    at listOnTimeout (node:internal/timers:569:17)
    at process.processTimers (node:internal/timers:512:7)

Because Mongoose timeout is 10000ms and Vercel's timeout is also 10000ms but this includes the cold start time, this error never popped up on my free plan....

sanity programming vercel mongodb building in public

How I implemented slugs on Sanity - a TypeScript code sample

The lack of human-readable slugs on Sanity had bothered me for a while and I finally got around to fixing them last Sunday. The old, slugless URL structure probably wasn't doing me any favors in terms of SEO and user experience. I'm hoping the new format can give Sanity a much needed SEO boost. Plus, I can finally tell which post is which in Google Search Console and Vercel Analytics.

The Result

Before

https://www.sanity.media/p/64c375049f5d6b05859f10c6

After

https://www.sanity.media/p/64c375049f5d6b05859f10c6-delicious-post-workout-milkshake-recipe

Isn't this much clearer?

The Code

When writing the code I had the following goals in mind:

programming javascript mongoose building in public mongodb

1 comment

How I fixed a sticky element not working in my Next.js / Tailwind CSS app with a grid layout

I started with the following Tailwind CSS / React code and sticky positioning didn't work:

      <div className="grid grid-cols-12 gap-4 min-h-screen mt-16 pt-3">
        <main className="flex flex-col col-start-2 col-span-8">{children}</main>

        <aside className="sticky mt-14 top-20">ASIDE CONTENT</aside>
      </div>

After reading this article I realized I need to apply align-self: start; to my aside element so I added the self-start class to:

      <div className="grid grid-cols-12 gap-4 min-h-screen mt-16 pt-3">
        <main className="flex flex-col col-start-2 col-span-8">{children}</main>

next.js tailwind css css html programming react css grid web development

Debugging AWS Backup Error

My S3 backups, automated and on-demand, were failing with this error:

IAM Role arn:aws:iam::<role-id>:role/service-role/AWSBackupDefaultServiceRole does not have sufficient permissions to execute the backup

This happened even when using the default role, which should automatically receive the required permissions:

Eventually, I realized that the default role should receive all of the following permissions:

AWSBackupServiceRolePolicyForRestores
AWSBackupServiceRolePolicyForBackup
AWSBackupServiceRolePolicyForS3Backup
AWSBackupServiceRolePolicyForS3Restore

In my case, the last two permissions, that is AWSBackupServiceRolePolicyForS3Backup and AWSBackupServiceRolePolicyForS3Restore were, for reasons that are unknown to me, missing. I manually created these missing permissions and assigned them to a new role:

aws backup amazon web services programming s3 devops aws software engineering

2 comments

Is there a secure way to use Redis with Vercel?

I spent a couple of hours yesterday trying to find a way to use Redis with Sanity, which currently runs on Vercel. According to Redis docs on security, it is not a good idea to expose a Redis instance directly to the internet:

Redis is designed to be accessed by trusted clients inside trusted environments. This means that usually it is not a good idea to expose the Redis instance directly to the internet or, in general, to an environment where untrusted clients can directly access the Redis TCP port or UNIX socket.

I wanted to use Digital Ocean's trusted sources to restrict the incoming connections to those coming from my Vercel server but looks like that won't be possible because of Vercel's use of dynamic IP addresses. According to Vercel docs:

To ensure your Vercel deployment is able to access the external resource, you should allow connections from all IP addresses. Typically this can be achieved by entering an IP address of (0.0.0.0).

While allowing connections from all IP addresses may be a concern, relying on IP allowlisting for security is generally ineffective and can lead to poor security practices.

To properly secure your database, we recommend using a randomly generated password, stored as an environment variable, at least 32 characters in length, and to rotate this password on a regular basi...

1 comment