Improve auth types and API

Author: ericallam

packages/core/src/v3/apiClient/index.ts

@@ -187,7 +187,7 @@ export class ApiClient {
           secretKey: this.accessToken,
           payload: {
             ...claims,
-            permissions: [data.id],
+            permissions: [`read:runs:${data.id}`],
           },
           expirationTime: requestOptions?.jwt?.expirationTime ?? "1h",
         });

packages/core/src/v3/runMetadata/index.ts

@@ -75,7 +75,7 @@ export class RunMetadataAPI {
     this.store = nextStore;
   }
 
-  public deleteKey(key: string, requestOptions?: ApiRequestOptions) {
+  public deleteKey(key: string) {
     const runId = taskContext.ctx?.run.id;
 
     if (!runId) {
@@ -92,21 +92,18 @@ export class RunMetadataAPI {
     this.store = nextStore;
   }
 
-  public async update(
-    metadata: Record<string, DeserializedJson>,
-    requestOptions?: ApiRequestOptions
-  ): Promise<void> {
+  public update(metadata: Record<string, DeserializedJson>): void {
     const runId = taskContext.ctx?.run.id;
 
     if (!runId) {
       return;
     }
 
-    const apiClient = apiClientManager.clientOrThrow();
-
-    const response = await apiClient.updateRunMetadata(runId, { metadata }, requestOptions);
+    if (!dequal(this.store, metadata)) {
+      this.hasChanges = true;
+    }
 
-    this.store = response.metadata;
+    this.store = metadata;
   }
 
   public async flush(requestOptions?: ApiRequestOptions): Promise<void> {

packages/trigger-sdk/src/v3/auth.ts

@@ -24,16 +24,48 @@ export function configure(options: ApiClientConfiguration) {
 
 export const auth = {
   configure,
-  generateJWT,
-  context,
+  createPublicToken,
+  withAuth,
 };
 
-export type GenerateJWTOptions = {
-  permissions?: string[];
+type PublicTokenPermissionAction = "read"; // Add more actions as needed
+
+type PublicTokenPermissionProperties = {
+  tags?: string | string[];
+  runs?: string | string[];
+};
+
+export type PublicTokenPermissions = {
+  [key in PublicTokenPermissionAction]?: PublicTokenPermissionProperties | true;
+};
+
+export type CreatePublicTokenOptions = {
+  permissions?: PublicTokenPermissions;
   expirationTime?: number | Date | string;
 };
 
-async function generateJWT(options?: GenerateJWTOptions): Promise<string> {
+/**
+ * Creates a public token using the provided options.
+ *
+ * @param options - Optional parameters for creating the public token.
+ * @param options.permissions - An array of permissions to be included in the token.
+ * @param options.expirationTime - The expiration time for the token.
+ * @returns A promise that resolves to a string representing the generated public token.
+ *
+ * @example
+ *
+ * ```typescript
+ * import { auth } from "@trigger.dev/sdk/v3";
+ *
+ * const publicToken = await auth.createPublicToken({
+ *  permissions: {
+ *   read: {
+ *     tags: ["file:1234"]
+ *   }
+ * });
+ * ```
+ */
+async function createPublicToken(options?: CreatePublicTokenOptions): Promise<string> {
   const apiClient = apiClientManager.clientOrThrow();
 
   const claims = await apiClient.generateJWTClaims();
@@ -42,15 +74,47 @@ async function generateJWT(options?: GenerateJWTOptions): Promise<string> {
     secretKey: apiClient.accessToken,
     payload: {
       ...claims,
-      permissions: options?.permissions,
+      permissions: options?.permissions ? flattenPermissions(options.permissions) : undefined,
     },
     expirationTime: options?.expirationTime,
   });
 }
 
-async function context<R extends (...args: any[]) => Promise<any>>(
+/**
+ * Executes a provided asynchronous function with a specified API client configuration.
+ *
+ * @template R - The type of the asynchronous function to be executed.
+ * @param {ApiClientConfiguration} config - The configuration for the API client.
+ * @param {R} fn - The asynchronous function to be executed.
+ * @returns {Promise<ReturnType<R>>} A promise that resolves to the return type of the provided function.
+ */
+async function withAuth<R extends (...args: any[]) => Promise<any>>(
   config: ApiClientConfiguration,
   fn: R
 ): Promise<ReturnType<R>> {
   return apiClientManager.runWithConfig(config, fn);
 }
+
+function flattenPermissions(permissions: PublicTokenPermissions): string[] {
+  const flattenedPermissions: string[] = [];
+
+  for (const [action, properties] of Object.entries(permissions)) {
+    if (properties) {
+      if (typeof properties === "boolean" && properties) {
+        flattenedPermissions.push(action);
+      } else if (typeof properties === "object") {
+        for (const [property, value] of Object.entries(properties)) {
+          if (Array.isArray(value)) {
+            for (const item of value) {
+              flattenedPermissions.push(`${action}:${property}:${item}`);
+            }
+          } else if (typeof value === "string") {
+            flattenedPermissions.push(`${action}:${property}:${value}`);
+          }
+        }
+      }
+    }
+  }
+
+  return flattenedPermissions;
+}

packages/trigger-sdk/src/v3/metadata.ts

@@ -23,6 +23,7 @@ export const metadata = {
   set: setMetadataKey,
   del: deleteMetadataKey,
   save: saveMetadata,
+  replace: replaceMetadata,
   flush: flushMetadata,
 };
 
@@ -88,34 +89,24 @@ function deleteMetadataKey(key: string) {
  * This function allows you to replace the entire metadata object with a new one.
  *
  * @param {RunMetadata} metadata - The new metadata object to set for the run.
- * @param {ApiRequestOptions} [requestOptions] - Optional API request options.
- * @returns {Promise<void>} A promise that resolves when the metadata is updated.
+ * @returns {void}
  *
  * @example
- * await metadata.save({ progress: 0.6, user: { name: "Alice", id: "user_5678" } });
+ * metadata.replace({ progress: 0.6, user: { name: "Alice", id: "user_5678" } });
  */
-async function saveMetadata(
-  metadata: RunMetadata,
-  requestOptions?: ApiRequestOptions
-): Promise<void> {
-  const $requestOptions = mergeRequestOptions(
-    {
-      tracer,
-      name: "metadata.save()",
-      icon: "code-plus",
-      attributes: {
-        ...flattenAttributes(metadata),
-      },
-    },
-    requestOptions
-  );
+function replaceMetadata(metadata: RunMetadata): void {
+  runMetadata.update(metadata);
+}
 
-  await runMetadata.update(metadata, $requestOptions);
+/**
+ * @deprecated Use `metadata.replace()` instead.
+ */
+function saveMetadata(metadata: RunMetadata): void {
+  runMetadata.update(metadata);
 }
 
 /**
- * Flushes metadata by merging the provided request options with default options
- * and then executing the flush operation.
+ * Flushes metadata to the Trigger.dev instance
  *
  * @param {ApiRequestOptions} [requestOptions] - Optional request options to customize the API request.
  * @returns {Promise<void>} A promise that resolves when the metadata flush operation is complete.

references/nextjs-realtime/src/app/api/uploadthing/core.ts

@@ -35,12 +35,16 @@ export const ourFileRouter = {
         tags: [`user:${metadata.userId}`, fileTag],
       });
 
-      const jwt = await auth.generateJWT({ permissions: [`read:tags:${fileTag}`] });
+      const publicAccessToken = await auth.createPublicToken({
+        permissions: {
+          read: { tags: fileTag },
+        },
+      });
 
-      console.log("Generated JWT:", jwt);
+      console.log("Generated access token:", publicAccessToken);
 
       // !!! Whatever is returned here is sent to the clientside `onClientUploadComplete` callback
-      return { uploadedBy: metadata.userId, jwt, fileId: file.key };
+      return { uploadedBy: metadata.userId, publicAccessToken, fileId: file.key };
     }),
 } satisfies FileRouter;
 

references/nextjs-realtime/src/app/uploads/[id]/ClientUploadDetails.tsx

@@ -60,9 +60,17 @@ function UploadDetailsWrapper({ fileId }: { fileId: string }) {
   );
 }
 
-export default function ClientUploadDetails({ fileId, jwt }: { fileId: string; jwt: string }) {
+export default function ClientUploadDetails({
+  fileId,
+  publicAccessToken,
+}: {
+  fileId: string;
+  publicAccessToken: string;
+}) {
   return (
-    <TriggerAuthContext.Provider value={{ accessToken: jwt, baseURL: "http://localhost:3030" }}>
+    <TriggerAuthContext.Provider
+      value={{ accessToken: publicAccessToken, baseURL: "http://localhost:3030" }}
+    >
       <UploadDetailsWrapper fileId={fileId} />
     </TriggerAuthContext.Provider>
   );

references/nextjs-realtime/src/app/uploads/[id]/page.tsx

@@ -8,15 +8,15 @@ export default async function UploadPage({
   params: { id: string };
   searchParams: { [key: string]: string | string[] | undefined };
 }) {
-  const jwt = searchParams.jwt;
+  const publicAccessToken = searchParams.publicAccessToken;
 
-  if (typeof jwt !== "string") {
+  if (typeof publicAccessToken !== "string") {
     notFound();
   }
 
   return (
     <main className="flex min-h-screen items-center justify-center p-4 bg-gray-100">
-      <ClientUploadDetails fileId={params.id} jwt={jwt} />
+      <ClientUploadDetails fileId={params.id} publicAccessToken={publicAccessToken} />
     </main>
   );
 }

references/nextjs-realtime/src/components/ImageUploadButton.tsx

@@ -15,7 +15,9 @@ export function ImageUploadButton() {
 
         const firstFile = res[0];
 
-        router.push(`/uploads/${firstFile.serverData.fileId}?jwt=${firstFile.serverData.jwt}`);
+        router.push(
+          `/uploads/${firstFile.serverData.fileId}?publicAccessToken=${firstFile.serverData.publicAccessToken}`
+        );
       }}
       onUploadError={(error: Error) => {
         // Do something with the error.
@@ -37,7 +39,9 @@ export function ImageUploadDropzone() {
 
         const firstFile = res[0];
 
-        router.push(`/uploads/${firstFile.serverData.fileId}?jwt=${firstFile.serverData.jwt}`);
+        router.push(
+          `/uploads/${firstFile.serverData.fileId}?publicAccessToken=${firstFile.serverData.publicAccessToken}`
+        );
       }}
       onUploadError={(error: Error) => {
         // Do something with the error.

references/nextjs-realtime/src/trigger/images.ts

@@ -1,4 +1,4 @@
-import { logger, metadata, schemaTask } from "@trigger.dev/sdk/v3";
+import { idempotencyKeys, logger, metadata, schemaTask } from "@trigger.dev/sdk/v3";
 import { FalResult, GridImage, UploadedFileData } from "@/utils/schemas";
 import { z } from "zod";
 
@@ -14,35 +14,39 @@ export const handleUpload = schemaTask({
   run: async (file, { ctx }) => {
     logger.info("Handling uploaded file", { file });
 
-    await Promise.all([
-      runFalModel.trigger(
-        {
+    const results = await runFalModel.batchTriggerAndWait([
+      {
+        payload: {
           model: "fal-ai/image-preprocessors/canny",
           url: file.url,
           input: {
             low_threshold: 100,
             high_threshold: 200,
           },
         },
-        { tags: ctx.run.tags }
-      ),
-      runFalModel.trigger(
-        {
+        options: {
+          tags: ctx.run.tags,
+        },
+      },
+      {
+        payload: {
           model: "fal-ai/aura-sr",
           url: file.url,
           input: {},
         },
-        { tags: ctx.run.tags }
-      ),
-      runFalModel.trigger(
-        {
+        options: { tags: ctx.run.tags },
+      },
+      {
+        payload: {
           model: "fal-ai/imageutils/depth",
           url: file.url,
           input: {},
         },
-        { tags: ctx.run.tags }
-      ),
+        options: { tags: ctx.run.tags },
+      },
     ]);
+
+    return results;
   },
 });
 

references/v3-catalog/src/clientUsage.ts

@@ -2,16 +2,21 @@ import { runs, tasks, auth, AnyTask, Task } from "@trigger.dev/sdk/v3";
 import type { task1, task2 } from "./trigger/taskTypes.js";
 
 async function main() {
-  const anyHandle = await tasks.trigger<typeof task1>("types/task-1", {
-    foo: "baz",
-  });
+  const anyHandle = await tasks.trigger<typeof task1>(
+    "types/task-1",
+    {
+      foo: "baz",
+    },
+    {
+      tags: ["user:1234"],
+    }
+  );
 
-  const jwt = await auth.generateJWT({ permissions: [anyHandle.id] });
+  const jwt = await auth.createPublicToken({ permissions: { read: { tags: "user:1234" } } });
 
   console.log("Generated JWT:", jwt);
 
-  // The JWT will be passed to the client
-  await auth.context({ accessToken: jwt }, async () => {
+  await auth.withAuth({ accessToken: jwt }, async () => {
     const subscription = runs.subscribeToTag<typeof task1 | typeof task2>("user:1234");
 
     for await (const run of subscription) {

references/v3-catalog/src/trigger/runMetadata.ts

@@ -21,19 +21,19 @@ export const runMetadataChildTask = task({
   run: async (payload: any, { ctx }) => {
     logger.info("metadata", { metadata: metadata.current() });
 
-    await metadata.set("child", "task");
+    metadata.set("child", "task");
 
     logger.info("metadata", { metadata: metadata.current() });
 
-    await metadata.set("child-2", "task-2");
+    metadata.set("child-2", "task-2");
 
     logger.info("metadata", { current: metadata.current() });
 
-    await metadata.del("hello");
+    metadata.del("hello");
 
     logger.info("metadata", { metadata: metadata.current() });
 
-    await metadata.save({
+    metadata.replace({
       there: {
         is: {
           something: "here",