Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

graphql unauthenticated #27

Closed
alaamh opened this issue Mar 11, 2022 · 10 comments
Closed

graphql unauthenticated #27

alaamh opened this issue Mar 11, 2022 · 10 comments

Comments

@alaamh
Copy link

alaamh commented Mar 11, 2022
edited
Loading

getting below error in graphql studio while query objects, even with verifySession({ sessionRequired: false })

{
  "errors": [
    {
      "message": "Unauthenticated. Please try logging in again.",
      "locations": [
        {
          "line": 2,
          "column": 3
        }
      ],
      "path": [
        "users"
      ],
      "extensions": {
        "code": "UNAUTHENTICATED",
        "data": {
          "$errorId": "c684dd6d-f810-4ce8-b0a8-8d2f68259e00"
        },
        "stacktrace": "ErrorID: c684dd6d-f810-4ce8-b0a8-8d2f68259e00\nError: Unauthenticated. Please try logging in again.\n    at checkAuthentication (/usr/src/app/src/modules/auth/helpers/check-authentication.ts:7:11)\n    at getUsersUseCase (/usr/src/app/src/modules/user/use-cases/get-users.use-case.ts:18:28)\n    at Object.usersResolver [as users] (/usr/src/app/src/modules/user/graphql/resolvers/users.query.ts:8:39)\n    at field.resolve (/usr/src/app/node_modules/apollo-server-core/src/utils/schemaInstrumentation.ts:106:18)\n    at executeField (/usr/src/app/node_modules/graphql/execution/execute.js:479:20)\n    at executeFields (/usr/src/app/node_modules/graphql/execution/execute.js:411:20)\n    at executeOperation (/usr/src/app/node_modules/graphql/execution/execute.js:342:14)\n    at execute (/usr/src/app/node_modules/graphql/execution/execute.js:136:20)\n    at execute (/usr/src/app/node_modules/apollo-server-core/src/requestPipeline.ts:497:34)\n    at processGraphQLRequest (/usr/src/app/node_modules/apollo-server-core/src/requestPipeline.ts:403:28)"
      }
    }
  ],
  "data": null
}

I have comment checkAuthentication temporarily then got this error:
image
@cerinoligutom
Copy link
Owner

Hello again @alaamh , this might be a bit long but bear with my explanation.

Regarding the unauthenticated requests

I'll assume familiarity dealing with sessions and cookies.

Regarding the verifySession() middleware, that's from Supertokens (those folks know what they are doing 🙂) and I'm using that to handle session management because security is hard. If the sessionRequired is set to true, Supertokens would throw an error but I don't want that since in practice, some graphql queries/mutations or REST endpoints wouldn't need protection so you'd want to selectively check authentication somewhere. In this case, I placed it on the use cases so that your interface layer (e.g. REST, GraphQL) can share this logic.

image

In your case, since you're querying users which makes use of the get-users use case, here's where the check is being done. That function is just a simple check of whether the current request context has a user attached to it which is populated by the createContextMiddleware. req.session gets populated by Supertokens' middlewares. So you'll need to get a session first so you can make authenticated request, implementation details are on Supertokens' site 🙂

But if you want something quick and dirty, here's an idea:

Add this snippet to src/modules/auth/routes/index.ts

import { env } from '@/config/environment';
import { loginUseCase } from '../use-cases/login.use-case';

if (!env.isProduction) {
  router.get('/api/v1/auth/logout', asyncHandler(logoutHandler));

  router.get(
    '/api/v1/auth/login/superadmin',
    asyncHandler(async (req, res) => {
      await loginUseCase(
        {
          email: 'superadmin@app.com',
          password: 'password',
        },
        req.context,
      );
      res.send('superadmin logged in');
    }),
  );
}

And then hit the newly registered REST GET endpoint via http://localhost:8080/api/v1/auth/login/superadmin on the browser. The server should then set up the cookies on your browser after a successful login.

image

If somehow your session expires, just remove the cookies and hit that endpoint again (the frontend supertokens client knows how to refresh the session 🙂). But yea, the idea is to acquire a session so you can make authenticated requests.

As for the DATABASE_ERROR

I'll investigate but this seems like an upstream issue. I tried looking at what the SQL query is being generated (on knexfile.ts, you can set debug to true for verbose logs on what knex does) and this part looks weird:

image

@alaamh
Copy link
Author

alaamh commented Mar 12, 2022
edited
Loading

Thank you for your time and detail explanation.

As you know we usually develop the frontend and backend side by side for that I use postman to authenticate and generate the token, as you highlighted I went to SuperTokens to find away to add the token front-token to the header of the graphql studio but no luck.

@cerinoligutom
Copy link
Owner

@alaamh Can you try changing the knex version on package.json to 0.95.14 and see if you don't get the database error anymore?

@cerinoligutom
Copy link
Owner

Thank you for your time and detail explanation.

As you know we usually develop the frontend and backend side by side for that I use postman to authenticate and generate the token, as you highlighted I went to SuperTokens to find away to add the token front-token to the header of the graphql studio but no luck.

As for the playground issue, just to make sure, do you mean the playground on http://localhost:8080/graphql? or Apollo's GraphQL Studio?

@alaamh
Copy link
Author

alaamh commented Mar 12, 2022

Thank you for your time and detail explanation.
As you know we usually develop the frontend and backend side by side for that I use postman to authenticate and generate the token, as you highlighted I went to SuperTokens to find away to add the token front-token to the header of the graphql studio but no luck.

As for the playground issue, just to make sure, do you mean the playground on http://localhost:8080/graphql? or Apollo's GraphQL Studio?

yes, this what I mean.

@alaamh
Copy link
Author

alaamh commented Mar 12, 2022

knex version on package.json to 0.95.14

confirm, knex version 0.95.14 works fine. Thanks

@cerinoligutom
Copy link
Owner

Thank you for your time and detail explanation.
As you know we usually develop the frontend and backend side by side for that I use postman to authenticate and generate the token, as you highlighted I went to SuperTokens to find away to add the token front-token to the header of the graphql studio but no luck.

As for the playground issue, just to make sure, do you mean the playground on http://localhost:8080/graphql? or Apollo's GraphQL Studio?

yes, this what I mean.

Which one? xD

knex version on package.json to 0.95.14

confirm, knex version 0.95.14 works fine. Thanks

Downgraded to 0.95.14 for the meantime. Pushed on main branch. Thanks for confirming.

@alaamh
Copy link
Author

alaamh commented Mar 12, 2022

The authentication issue is with the playground on http://localhost:8080/graphql

@cerinoligutom
Copy link
Owner

Have you tried the snippet and hitting the endpoint? It should work.

@alaamh
Copy link
Author

alaamh commented Mar 13, 2022

confirm, the snippet works as expected.

@alaamh alaamh closed this as completed Mar 13, 2022
@cerinoligutom cerinoligutom mentioned this issue May 23, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@alaamh @cerinoligutom