| Data Fetching: Server Actions and Mutations | 您所在的位置:网站首页 › Functions generateStaticParams Nextjs › Data Fetching: Server Actions and Mutations |
|
Server Actions and Mutations Server Actions are asynchronous functions that are executed on the server. They can be used in Server and Client Components to handle form submissions and data mutations in Next.js applications. 🎥 Watch: Learn more about forms and mutations with Server Actions → YouTube (10 minutes). ConventionA Server Action can be defined with the React "use server" directive. You can place the directive at the top of an async function to mark the function as a Server Action, or at the top of a separate file to mark all exports of that file as Server Actions. Server ComponentsServer Components can use the inline function level or module level "use server" directive. To inline a Server Action, add "use server" to the top of the function body: app/page.tsxTypeScript// Server Component export default function Page() { // Server Action async function create() { 'use server' // ... } return ( // ... ) } Client ComponentsClient Components can only import actions that use the module-level "use server" directive. To call a Server Action in a Client Component, create a new file and add the "use server" directive at the top of it. All functions within the file will be marked as Server Actions that can be reused in both Client and Server Components: app/actions.tsTypeScript'use server' export async function create() { // ... } app/ui/button.tsxTypeScriptimport { create } from '@/app/actions' export function Button() { return ( // ... ) }You can also pass a Server Action to a Client Component as a prop: app/client-component.jsx'use client' export default function ClientComponent({ updateItem }) { return {/* ... */} } Behavior Server actions can be invoked using the action attribute in a element: Server Components support progressive enhancement by default, meaning the form will be submitted even if JavaScript hasn't loaded yet or is disabled. In Client Components, forms invoking Server Actions will queue submissions if JavaScript isn't loaded yet, prioritizing client hydration. After hydration, the browser does not refresh on form submission. Server Actions are not limited to and can be invoked from event handlers, useEffect, third-party libraries, and other form elements like . Server Actions integrate with the Next.js caching and revalidation architecture. When an action is invoked, Next.js can return both the updated UI and new data in a single server roundtrip. Behind the scenes, actions use the POST method, and only this HTTP method can invoke them. The arguments and return value of Server Actions must be serializable by React. See the React docs for a list of serializable arguments and values. Server Actions are functions. This means they can be reused anywhere in your application. Server Actions inherit the runtime from the page or layout they are used on. Server Actions inherit the Route Segment Config from the page or layout they are used on, including fields like maxDuration. Examples FormsReact extends the HTML element to allow Server Actions to be invoked with the action prop. When invoked in a form, the action automatically receives the FormData object. You don't need to use React useState to manage fields, instead, you can extract the data using the native FormData methods: app/invoices/page.tsxTypeScriptexport default function Page() { async function createInvoice(formData: FormData) { 'use server' const rawFormData = { customerId: formData.get('customerId'), amount: formData.get('amount'), status: formData.get('status'), } // mutate data // revalidate cache } return ... }Good to know: Example: Form with Loading & Error States When working with forms that have many fields, you may want to consider using the entries() method with JavaScript's Object.fromEntries(). For example: const rawFormData = Object.fromEntries(formData). One thing to note is that the formData will include additional $ACTION_ properties. See React documentation to learn more. Passing Additional ArgumentsYou can pass additional arguments to a Server Action using the JavaScript bind method. app/client-component.tsxTypeScript'use client' import { updateUser } from './actions' export function UserProfile({ userId }: { userId: string }) { const updateUserWithId = updateUser.bind(null, userId) return ( Update User Name ) }The Server Action will receive the userId argument, in addition to the form data: app/actions.js'use server' export async function updateUser(userId, formData) { // ... }Good to know: An alternative is to pass arguments as hidden input fields in the form (e.g. ). However, the value will be part of the rendered HTML and will not be encoded. .bind works in both Server and Client Components. It also supports progressive enhancement. Pending statesYou can use the React useFormStatus hook to show a pending state while the form is being submitted. useFormStatus returns the status for a specific , so it must be defined as a child of the element. useFormStatus is a React hook and therefore must be used in a Client Component. app/submit-button.tsxTypeScript'use client' import { useFormStatus } from 'react-dom' export function SubmitButton() { const { pending } = useFormStatus() return ( Add ) }can then be nested in any form: app/page.tsxTypeScriptimport { SubmitButton } from '@/app/submit-button' import { createItem } from '@/app/actions' // Server Component export default async function Home() { return ( ) } Server-side validation and error handlingWe recommend using HTML validation like required and type="email" for basic client-side form validation. For more advanced server-side validation, you can use a library like zod to validate the form fields before mutating the data: app/actions.tsTypeScript'use server' import { z } from 'zod' const schema = z.object({ email: z.string({ invalid_type_error: 'Invalid Email', }), }) export default async function createUser(formData: FormData) { const validatedFields = schema.safeParse({ email: formData.get('email'), }) // Return early if the form data is invalid if (!validatedFields.success) { return { errors: validatedFields.error.flatten().fieldErrors, } } // Mutate data }Once the fields have been validated on the server, you can return a serializable object in your action and use the React useFormState hook to show a message to the user. By passing the action to useFormState, the action's function signature changes to receive a new prevState or initialState parameter as its first argument. useFormState is a React hook and therefore must be used in a Client Component. app/actions.tsTypeScript'use server' export async function createUser(prevState: any, formData: FormData) { // ... return { message: 'Please enter a valid email', } }Then, you can pass your action to the useFormState hook and use the returned state to display an error message. app/ui/signup.tsxTypeScript'use client' import { useFormState } from 'react-dom' import { createUser } from '@/app/actions' const initialState = { message: '', } export function Signup() { const [state, formAction] = useFormState(createUser, initialState) return ( Email {/* ... */} {state?.message} Sign up ) }Good to know: Before mutating data, you should always ensure a user is also authorized to perform the action. See Authentication and Authorization. Optimistic updatesYou can use the React useOptimistic hook to optimistically update the UI before the Server Action finishes, rather than waiting for the response: app/page.tsxTypeScript'use client' import { useOptimistic } from 'react' import { send } from './actions' type Message = { message: string } export function Thread({ messages }: { messages: Message[] }) { const [optimisticMessages, addOptimisticMessage] = useOptimistic(messages, (state, newMessage) => [...state, { message: newMessage }]) return ( {optimisticMessages.map((m, k) => ( {m.message} ))} { const message = formData.get('message') addOptimisticMessage(message) await send(message) }} > Send ) } Nested elementsYou can invoke a Server Action in elements nested inside such as , , and . These elements accept the formAction prop or event handlers. This is useful in cases where you want to call multiple server actions within a form. For example, you can create a specific element for saving a post draft in addition to publishing it. See the React docs for more information. Programmatic form submissionYou can trigger a form submission using the requestSubmit() method. For example, when the user presses ⌘ + Enter, you can listen for the onKeyDown event: app/entry.tsxTypeScript'use client' export function Entry() { const handleKeyDown = (e: React.KeyboardEvent) => { if ( (e.ctrlKey || e.metaKey) && (e.key === 'Enter' || e.key === 'NumpadEnter') ) { e.preventDefault() e.currentTarget.form?.requestSubmit() } } return ( ) }This will trigger the submission of the nearest ancestor, which will invoke the Server Action. Non-form ElementsWhile it's common to use Server Actions within elements, they can also be invoked from other parts of your code such as event handlers and useEffect. Event HandlersYou can invoke a Server Action from event handlers such as onClick. For example, to increment a like count: app/like-button.tsxTypeScript'use client' import { incrementLike } from './actions' import { useState } from 'react' export default function LikeButton({ initialLikes }: { initialLikes: number }) { const [likes, setLikes] = useState(initialLikes) return ( Total Likes: {likes} { const updatedLikes = await incrementLike() setLikes(updatedLikes) }} > Like ) }To improve the user experience, we recommend using other React APIs like useOptimistic and useTransition to update the UI before the Server Action finishes executing on the server, or to show a pending state. You can also add event handlers to form elements, for example, to save a form field onChange: app/ui/edit-post.tsx'use client' import { publishPost, saveDraft } from './actions' export default function EditPost() { return ( { await saveDraft(e.target.value) }} /> Publish ) }For cases like this, where multiple events might be fired in quick succession, we recommend debouncing to prevent unnecessary Server Action invocations. useEffectYou can use the React useEffect hook to invoke a Server Action when the component mounts or a dependency changes. This is useful for mutations that depend on global events or need to be triggered automatically. For example, onKeyDown for app shortcuts, an intersection observer hook for infinite scrolling, or when the component mounts to update a view count: app/view-count.tsxTypeScript'use client' import { incrementViews } from './actions' import { useState, useEffect } from 'react' export default function ViewCount({ initialViews }: { initialViews: number }) { const [views, setViews] = useState(initialViews) useEffect(() => { const updateViews = async () => { const updatedViews = await incrementViews() setViews(updatedViews) } updateViews() }, []) return Total Views: {views} }Remember to consider the behavior and caveats of useEffect. Error HandlingWhen an error is thrown, it'll be caught by the nearest error.js or boundary on the client. We recommend using try/catch to return errors to be handled by your UI. For example, your Server Action might handle errors from creating a new item by returning a message: app/actions.tsTypeScript'use server' export async function createTodo(prevState: any, formData: FormData) { try { // Mutate data } catch (e) { throw new Error('Failed to create task') } }Good to know: Aside from throwing the error, you can also return an object to be handled by useFormState. See Server-side validation and error handling. Revalidating dataYou can revalidate the Next.js Cache inside your Server Actions with the revalidatePath API: app/actions.tsTypeScript'use server' import { revalidatePath } from 'next/cache' export async function createPost() { try { // ... } catch (error) { // ... } revalidatePath('/posts') }Or invalidate a specific data fetch with a cache tag using revalidateTag: app/actions.tsTypeScript'use server' import { revalidateTag } from 'next/cache' export async function createPost() { try { // ... } catch (error) { // ... } revalidateTag('posts') } RedirectingIf you would like to redirect the user to a different route after the completion of a Server Action, you can use redirect API. redirect needs to be called outside of the try/catch block: app/actions.tsTypeScript'use server' import { redirect } from 'next/navigation' import { revalidateTag } from 'next/cache' export async function createPost(id: string) { try { // ... } catch (error) { // ... } revalidateTag('posts') // Update cached posts redirect(`/post/${id}`) // Navigate to the new post page } CookiesYou can get, set, and delete cookies inside a Server Action using the cookies API: app/actions.tsTypeScript'use server' import { cookies } from 'next/headers' export async function exampleAction() { // Get cookie const value = cookies().get('name')?.value // Set cookie cookies().set('name', 'Delba') // Delete cookie cookies().delete('name') }See additional examples for deleting cookies from Server Actions. Security Authentication and authorizationYou should treat Server Actions as you would public-facing API endpoints, and ensure that the user is authorized to perform the action. For example: app/actions.ts'use server' import { auth } from './lib' export function addItem() { const { user } = auth() if (!user) { throw new Error('You must be signed in to perform this action') } // ... } Closures and encryptionDefining a Server Action inside a component creates a closure where the action has access to the outer function's scope. For example, the publish action has access to the publishVersion variable: app/page.tsxTypeScriptexport default function Page() { const publishVersion = await getLatestVersion(); async function publish(formData: FormData) { "use server"; if (publishVersion !== await getLatestVersion()) { throw new Error('The version has changed since pressing publish'); } ... } return Publish; }Closures are useful when you need to capture a snapshot of data (e.g. publishVersion) at the time of rendering so that it can be used later when the action is invoked. However, for this to happen, the captured variables are sent to the client and back to the server when the action is invoked. To prevent sensitive data from being exposed to the client, Next.js automatically encrypts the closed-over variables. A new private key is generated for each action every time a Next.js application is built. This means actions can only be invoked for a specific build. Good to know: We don't recommend relying on encryption alone to prevent sensitive values from being exposed on the client. Instead, you should use the React taint APIs to proactively prevent specific data from being sent to the client. Overwriting encryption keys (advanced)When self-hosting your Next.js application across multiple servers, each server instance may end up with a different encryption key, leading to potential inconsistencies. To mitigate this, you can overwrite the encryption key using the process.env.NEXT_SERVER_ACTIONS_ENCRYPTION_KEY environment variable. Specifying this variable ensures that your encryption keys are persistent across builds, and all server instances use the same key. This is an advanced use case where consistent encryption behavior across multiple deployments is critical for your application. You should consider standard security practices such key rotation and signing. Good to know: Next.js applications deployed to Vercel automatically handle this. Allowed origins (advanced)Since Server Actions can be invoked in a element, this opens them up to CSRF attacks. Behind the scenes, Server Actions use the POST method, and only this HTTP method is allowed to invoke them. This prevents most CSRF vulnerabilities in modern browsers, particularly with SameSite cookies being the default. As an additional protection, Server Actions in Next.js also compare the Origin header to the Host header (or X-Forwarded-Host). If these don't match, the request will be aborted. In other words, Server Actions can only be invoked on the same host as the page that hosts it. For large applications that use reverse proxies or multi-layered backend architectures (where the server API differs from the production domain), it's recommended to use the configuration option serverActions.allowedOrigins option to specify a list of safe origins. The option accepts an array of strings. next.config.js/** @type {import('next').NextConfig} */ module.exports = { experimental: { serverActions: { allowedOrigins: ['my-proxy.com', '*.my-proxy.com'], }, }, }Learn more about Security and Server Actions. Additional resourcesFor more information on Server Actions, check out the following React docs: "use server" useFormStatus useFormState useOptimistic |
| CopyRight 2018-2019 实验室设备网 版权所有 |