Upgrade react-router to v6

[nickclyde]

Related Issue or Background Info

• Continuing Dependency updates: React #2908

Changes Proposed

• Update react-router-dom to version 6.2.1. The major version upgrade from v5 to v6 introduced a number of breaking changes that touch a lot of different parts of the app. I followed this upgrade guide, making the following changes:
  • Switch to the hooks API introduced in v5.1 so that we don't have to pass the match prop down to child routes to access things like location and params. This is a huge improvement for code cleanliness!
  • <Route component={SomeComponent}> /> now becomes <Route element={<SomeComponent />} />, which allows us to easily pass props into routes! More info on the benefits of this here
  • Replace all uses of withRouter with hooks
  • Convert all <Redirect> components into <Navigate> components
  • Refactor the <GuardedRoute> and <ProtectedRoute> components into ones that get passed into an element prop of a <Route />, rather than returning a <Route /> component themselves. You can read a little more about why this change was made here.
  • Upgrade all <Switch> elements to <Routes> - see here, but the new <Routes> component allows relative routing!
  • Start using relative routes and links. You may have noticed before that some of our app components like PatientApp used to include an additional <Router> component with a basename prop so that we didn't have to prefix every route with /pxp. With v6 that's no longer needed because <Route> components can now be nested and the paths always include the parent route's path! The same goes for <Link> and <Navigate> components.
  • <Route> paths no longer need a leading slash, and can end in a wildcard * to match all subpaths. More info
  • Convert all uses of useHistory to useNavigate. More info
  • Related to the above, since useHistory is no longer available, we can't pass history into our Application Insights config. However, I don't think it was needed in the first place according to this comment. Since we have enableAutoRouteTracking: true set, it should already record any route changes automatically (see docs here)
  • Remove activeClassName and activeStyle props from Links
  • Last, the react-router team removed support for the <Prompt> component from this release in order to expedite the release. However, I was able to use a reimplementation found in this GH issue to keep that functionality since we use it in a couple places in the app. However, the team plans to readd it at some point, so I will keep an eye out and be sure to switch to the official API when it comes back.
• These changes broke a lot of our tests, so I had to change a bunch of the tests, especially the ones that use <MemoryRouter>
• Remove the react-router dependency. The react-router package includes everything from both react-router-dom and react-router-native, but we only use react-router-dom. Also updated all imports across the app to use react-router-dom
• Added a REACT_APP_DISABLE_MAINTENANCE_BANNER environment variable that disables the maintenance banner, because it was causing issues on the e2e tests.
• Added a /reload-app route which just redirects back to /. This allows us to retrigger the whoami query (for example after spoofing into an org) without actually refreshing the page and having to reload the bundle.

Additional Information

• Another change that would be interesting is to use the <Outlet> component (docs here). This would allow us to place all of our <Route> components into a single tree in index.tsx, and then use the <Outlet> component in <Route> elements to refer to the child routes. This would be another big win for code cleanliness!
  • I took a stab at implementing, but wasn't sure how to pass state back up to the parent component, so I'm going to skip this for now.

Screenshots / Demos

Checklist for Author and Reviewer

Infrastructure

• Consult the results of the terraform-plan job inside the "Terraform Checks" workflow run for this PR. Confirm that there are no unexpected changes!

Design

• Any UI/UX changes have a designer as a reviewer, and changes have been approved
• Any large-scale changes have been deployed to test, dev, or pentest and smoke-tested by both the engineering and design teams

Content

• Any content changes (including new error messages) have been approved by content team

Support

• Any changes that might generate new support requests have been flagged to the support team
• Any changes to support infrastructure have been demo'd to support team

Testing

• Includes a summary of what a code reviewer should verify

Changes are Backwards Compatible

• Database changes are submitted as a separate PR
  • Any new tables that do not contain PII are accompanied by a GRANT SELECT to the no-PHI user
  • Any changes to tables that have custom no-PHI views are accompanied by changes to those views
    (including re-granting permission to the no-PHI user if need be)
  • Liquibase rollback has been tested locally using ./gradlew liquibaseRollbackSQL or liquibaseRollback
  • Each new changeset has a corresponding tag
• GraphQL schema changes are backward compatible with older version of the front-end

Security

• Changes with security implications have been approved by a security engineer (changes to authentication, encryption, handling of PII, etc.)
• Any dependencies introduced have been vetted and discussed

Cloud

• DevOps team has been notified if PR requires ops support
• If there are changes that cannot be tested locally, this has been deployed to our Azure test, dev, or pentest environment for verification

[emmastephenson]

Overall LGTM, thanks for putting so much work into this! Just a couple questions and comments.

[emmastephenson]

I wonder if it's worth defining this protected route as a variable, since it's repeated under the regular patients route too.

[nickclyde]

Yeah not a bad idea! The reason I had to duplicate this route is because v5 supported optional URL params like /patients/:pageNumber? which would match both /patients and /patients/1, but v6 no longer supports that. Hence the need for two routes. But I will definitely DRY it up

[nickclyde]

Soooo I tried to do this, and for some reason it broke the patients page. It kept throwing "The operation is insecure", and I couldn't figure out why 🤔 so I reverted for now.

[emmastephenson]

nit: we may want to extract this data.whoami.permissions out to a variable

[nickclyde]

Same as above - moving to a shorter named const seemed to cause issues, so I reverted

[emmastephenson]

Can you deploy this to one of the lower environments and double-check that the telemetry still works as anticipated?

[nickclyde]

Good call, I will do that today.

[emmastephenson]

Thanks! Can you let me know what the outcome was?

[nickclyde]

Just messed around in dev and checked app insights, looks like we are still receiving everything, let me know if there's anything in particular I should look for, but it's still recording all requests and our custom events:

[emmastephenson]

so happy to see these gone!

[emmastephenson]

nice 👍

[emmastephenson]

I think we might be able to kill this route, AFAIK we removed the ability for patients to fill out the AoE.

[nickclyde]

That's true, but I think @zdeveloper may be working on cleaning these routes out in another PR IIRC.

[fzhao99]

thanks again for walking me through everything!

[sonarqubecloud]

Kudos, SonarCloud Quality Gate passed!   

0 Bugs
0 Vulnerabilities
0 Security Hotspots
3 Code Smells

81.4% Coverage
0.0% Duplication