đź’ş Introducing Bask: A VS Code extension for building plugins

Hello Bubblers!
In case you missed it, you can now develop Bubble plugins in VS Code. This extension drastically improves the developer experience around making plugins by instantly synchronizing code between your local code editor and Bubble.

In addition to code-sync, Bask also gives us:

  • File names for humans™ - rename files from Bubble’s native random-string format to the actual names you gave your actions or elements so you always know which file you’re working in.
  • Function names for robots™ - we convert function (instance, properties, context) to function update (instance, properties, context) so linters and build tools just work.
  • Automated bundling - sync your code as is or bundle it to make actions run faster. Treeshaking and deploying with ES6 modules has never been easier.
  • Git decoupling - you’re no longer chained to developing in main branch. Practical version control is back, baby!
  • Improved organization Which commit was related to an official release of my plugin? Never wonder again thanks to Bask Publish.

Motivation

While building Omnisearch, I ended up having to rely on several javascript libraries to make switching between Algolia and Typesense as easy as possible. The weight of these made it so my SSAs took 14 seconds to execute.

That was never gonna fly with users so I needed a way to drastically reduce execution time. Luckily, I found that tree-shaking my codebase reduced that time from 14 seconds down to 2 seconds on average. This was great but it created a whole new challenge:

Every time I wanted to test a plugin change, I needed to rebuild my code with esbuild and then copy and paste the bundled function into Bubble’s plugin editor.

This became far too tedious so I built Bask. Bubble themselves ended up liking it so much they partnered with me to feature it as a core Bubble integration. May we suffer no more! To date I’ve launched Omnisearch with SSAs that take on average 1 second to execute and users like @rico.trevisan are already using Bask to ship better plugins faster.

Costs and getting started

We offer a trial for folks to try Bask for free and charge $9 monthly or $85 annually thereafter to cover support and improvements. See here to get started!

12 Likes

Hello all, we’ve confirmed reports that Bask isn’t functioning 100% as expected. The exact cause is still unclear but is potentially related to some changes Bubble has made internally, recently. Looking at pushing a fix as soon as possible. Updates to follow

As reported earlier, the issue with Bask is now confirmed to be the result of a change in Bubble’s infrastructure. Specifically, at some point over the last week (or two?), Bubble changed the format of the auth_token returned from it’s https://bubble.io/api/1.1/wf/generate-user-token endpoint.

The way this endpoint works is exactly as described in Bubble’s manual entry here (Oddly, we used to be able to introspect this endpoint by looking at bubble’s public Swagger spec, but that’s no longer available at https://bubble.io/api/1.1/meta/swagger.json)… By hitting that endpoint like:

curl --location 'https://bubble.io/api/1.1/wf/generate-user-token' \
--form 'email="your@email.com"' \
--form 'password="your_bubble_password"'

you get back a response that used to look like this:

{
    "status": "success",
    "response": {
        "token": "1714423022372x495316453461721000",
        "user_id": "1532946738452x195464432190731100",
        "expires": 31536000
    }
}

With this token, we could authenticate into bubble.io to see what plugins a user owns as well as perform any action a signed in user could perform through the web interface.

As of the recent change, the format we now get back for this response is:

{
    "status": "success",
    "response": {
        "token": "bus|1532046738452x794314432119549562|1714423022372x49531645156984672",
        "user_id": "1532046738452x794314432119549562",
        "expires": 31536000
    }
}

Observer the change of token’s value from "1714423022372x495316453461721000" to "bus|1532046738452x794314432119549562|1714423022372x49531645156984672".

It appears that with this change, we can no longer sign Bask into Bubble on behalf of a user to perform actions on their Bubble account. At this point, the token only appears to grant Bask access to read a user’s plugin list, leaving the VS Code extension unable to perform crucial operations such as syncing plugin updates to a Bubble user’s account. Attempts to log Bask in using a parsed version of the new token (using any one of the two bubble_thing_ids listed between bars |) has not been successful.

Given bubble’s API versioning system:

https://bubble.io/api/1.1/wf/generate-user-token

I, and I think the community, would have expected a breaking change like this to take place under a new API version like:

https://bubble.io/api/2.0/wf/generate-user-token

so betting this was an accident. This post is both a notice to Bask users as well as an initial bug report I’m filing to get this fixed. I look forward to fixing this is soon as possible so the users who’ve grown to depend on Bask can get back to plugin development as soon as possible.

6 Likes

Uh! That’s bad news! Looking forward to any news on this.

My Bubble DB Diagram is again broken because Bubble updated something. I guess they’re tightening up some of the “holes” on their side.

3 Likes

@zelus_pudding you would definitely think this would be under a new api version… but it probably got lumped in with one of those “risky” changes recently mentioned. I think Bubble’s Development Workflow looks like this (disclaimer I am a huge fan of Bubble):

  1. Rapidly iterate over new features daily
  2. Quickly do a brief Test/QA so that we can push out as many deployments as possible every day Releases | Bubble
  3. Release a Change (Deploy breaking (“risky”) code).
  4. Realize (or don’t) a risky change was released.
  5. Wait for the forum to explode with posts about issues/downtime with said deployments
  6. Take a moment to note that we added more colors to our uptime calendar:
  7. Make a post-mortem post that a post-mortem is forth coming
  8. Make the forth coming post-mortem post which always claims that they are committed to “doing better”
  9. GOTO 1.

@payam.azadi I’ll anticipate many more “post-mortem” posts from you until you finally convince your team to stop using the main cluster as your testing/QA group.

5 Likes

You should modify 3: Release a change.
4.realized it was a risky change

Too often this happen too. They think it’s just a simple fix but finally this create a lot of issues.

2 Likes

@Jici noted and updated

@rico.trevisan You should compare your code with this code: SQL DBML Schema Plugin | Bubble It seems to be working still (at a quick glance)

2 Likes

In Bubble’s defense, these are private APIs.

On the other hand, if these exploits are blocked extending the Bubble ecosystem will suck.

2 Likes

okay man… you just made my night.

Following up that this issue has been brought to Bubble’s attention and I’m told engineering resources are looking into it. Will keep updating as I hear back!

Hello all - I’ve just heard back from Bubble and we have two options for restoring Bask access. Looking at being able to restore functionality by Tuesday afternoon if all goes well but as late as the following week if plan A doesn’t pan out. Thank you for your patience and hoping/swinging for a successful plan A. Details to come.

1 Like

Still in communication with Bubble. Bubble/Bask’s joint plan A for authenticating Bask fell through so we’re on to plan B. It’s been about a week since I’ve last heard from Bubble and have followed up with them in terms of getting the endpoint setup on their end to make this possible. Will update this thread as soon as we have plan B in motion. Thank you again for your patience.

3 Likes

I think this has wider implications for all API workflows that uses authentication and generated token from Log In User action.

I reported the bug here: CRITICAL! Breaking Changes in API caused by User Token Format

2 Likes

No news is good news?

Anyway, just wanted to nudge this topic to rescue my fallen boy.

1 Like

Rico, I wish there was! It’s been two weeks since I’ve heard back from Bubble in regards to us implementing Plan B to get Bask fixed. I reached out to them again this morning and will follow up again this evening if I don’t hear back today. If there was more I could do, I would :confused:

2 Likes

Just nudging this topic :melting_face:

3 Likes

Rico, I did finally hear back from Bubble early last week - had thought I left a message here but didn’t press submit :melting_face:. After testing a few things over the weekend, it’s clear we do have a path to fixing this. Am working on it right now and we’ll have it out this evening if we’re lucky!

3 Likes

Ended up finding a few more issues that I’ve been working on resolving over the weekend. It’s late now so am hoping to wrap up and deploy by tomorrow. Fingers crossed.

2 Likes

Still no news?

Coming today!

1 Like