I created a new feathersjs app with npm create feathers#pre vdb-b.
"feathers": {
"language": "ts",
"packager": "npm",
"database": "mssql",
"framework": "koa",
"transports": [
"rest"
],
"schema": "typebox"
},
After successful running the migration task, which created the users table in my MSSQL database, I received the following error message while trying to create a first user via CURL:
error: GeneralError: The "config.server" property is required and must be of type string.
at errorHandler (C:\Users\xyz\Workspaces\node\vdb\vdb-b\node_modules\#feathersjs\knex\src\error-handler.ts:91:21)
at processTicksAndRejections (node:internal/process/task_queues:95:5)
at async UserService._create (C:\Users\xyz\Workspaces\node\vdb\vdb-b\node_modules\#feathersjs\knex\src\adapter.ts:232:23)
at async UserService.logError (C:\Users\xyz\Workspaces\node\vdb\vdb-b\src\hooks\log-error.ts:7:5)
at async C:\Users\xyz\Workspaces\node\vdb\vdb-b\node_modules\#feathersjs\koa\src\rest.ts:36:21
at async bodyParser (C:\Users\xyz\Workspaces\node\vdb\vdb-b\node_modules\koa-bodyparser\index.js:95:5)
at async C:\Users\xyz\Workspaces\node\vdb\vdb-b\node_modules\#feathersjs\koa\src\handlers.ts:6:5
at async serve (C:\Users\xyz\Workspaces\node\vdb\vdb-b\node_modules\koa-static\index.js:53:9)
at async cors (C:\Users\xyz\Workspaces\node\vdb\vdb-b\node_modules\#koa\cors\index.js:108:16)
I tried to removed authentication for the users service, which gave a correct Not Authorized on GET /users before, but that resulted in receiving the above message for all service methods.
I searched in all generated files, but failed to identify, where config.server could be maintained directly or indirectly.
Related
I am trying to invoke an HTTP triggered Azure function built on with a GET request. I setup the linked service as per the recommended steps and the function itself works with a query string through POSTMAN or internet browser, but fails when I try to invoke through Data factory.
{
"errorCode": "3608",
"message": "Call to provided Azure function '' failed with status-'NotFound' and message - 'Invoking Azure function failed with HttpStatusCode - NotFound.'.",
"failureType": "UserError",
"target": "Azure Function1",
"details": []
}
I came across another stackoverflow post https://stackoverflow.com/a/54497119/4212430 where there was a mention of a JSON response for ADF.
I have since changed my python code to provide an HTTP response as a JSON object as below
def main(req: func.HttpRequest) -> func.HttpResponse:
logging.info('Python HTTP trigger function processed a request.')
statename = req.params.get('statename')
if not statename:
try:
req_body = req.get_json()
except ValueError:
pass
else:
statename = req_body.get('statename')
if statename:
initiate_main(statename)
host.close()
function_message = {"Response":"Successfully trasnferred BOM files"}
return func.HttpResponse(
json.dumps(function_message),
mimetype="application/json",
status_code=200)
else:
function_message = {"Response":"Error in transferring files"}
return func.HttpResponse(
json.dumps(function_message),
mimetype="application/json",
status_code=400)
But that hasn't helped either.
It turns out that I was using the wrong URI with an api added at the end while I should have just been giving the plain function name
My Feathers application needs to be able to have two JWT authentication strategies. For the users service, I need to have, for example, all: [authenticate('carrier')] instead of all: [authenticate('jwt')] in my hooks. For the rest of the services, authenticate['jwt'] is needed.
For this, I have registered a custom strategy in authentication.js called CarrierStrategy as following:
module.exports = function auth(app) {
const authentication = new AuthenticationService(app)
// register all of the strategies with authentication service
authentication.register('carrier', new CarrierStrategy())
authentication.register('jwt', new JWTStrategy())
// register the authentication service with your app
app.use('/api/authentication', authentication)
}
In config/default.json, I have also registered this strategy as following:
authStrategies: ["carrier", "jwt"]
The CarrierStrategy needs to handle the incoming Authorization header a little differently with some custom logic.
When I use Postman to send requests for this service, i.e., localhost:3030/users with a JWT token in the header, I get the following error.
Invalid authentication information (strategy not allowed in authStrategies)'
Please guide me if this is the right way to add a custom strategy to the application.
I had a similar problem to this. I wanted both Stateful and Stateless JWT authentication. The problem being that if you just do this in authentication.js
authentication.register('jwt', new JWTStrategy());
authentication.register('jwt-stateless', new JWTStrategy());
Then when you submit a request with a JWT token it will match on either one and you'll end up with a problem in one of your services somewhere.
I ended up creating a custom strategy like this in authentication.js:
class StatelessJWTStrategy extends JWTStrategy {
get configuration () {
const authConfig = this.authentication.configuration;
const config = super.configuration;
return {
...config,
entity: authConfig.entity,
service: authConfig.service,
header: 'Authorization',
schemes: [ 'STATELESS' ]
};
}
}
which is basically a slightly modified JWTStrategy that uses STATELESS in the Authorization header instead of Bearer or JWT. It's not a great solution, but it works.
Then I did this also in authentication.js
authentication.register('jwt', new JWTStrategy());
authentication.register('jwt-stateless', new StatelessJWTStrategy());
Then you need to modify your config.json file. In the authentication section add this:
"jwt-stateless": {
"entity": null
},
"jwt": {
"entity": "user",
"service": "users"
},
"entity": "user",
"service": "users",
"authStrategies": [
"jwt-stateless",
"jwt",
"local"
],
Now you should be able to use the jwt-stateless auth mechanism in your hooks like this:
authenticate('jwt-stateless')
Head over to here to create your stateless JWT. Fill in iss with the issuer and aud with audience details from your config.json, and add a user ID to the sub field. Pop your secret from config.json in the bottom signature verification field and the token on the left should authenticate.
I am using this code in Apps script
function getUserObjByEmail(email){
// Same as using AdminDirectory class.
var apiUrl = "https://www.googleapis.com/admin/directory/v1/users/"+email+"?fields=id";
var token = ScriptApp.getOAuthToken();
var header = {"Authorization":"Bearer " + token};
var options = {
"method": "GET",
"headers": header
};
var response = JSON.parse(UrlFetchApp.fetch(apiUrl, options));
return response;
}
which I run as a function from App Maker project. Things go smoothly when I use the app since I have an admin role( I guess, not sure ) but the problem arises when other normal users in our domain start using the deployed app maker app. I checked the server logs and its full of this message:
Exception: Request failed for
https://www.googleapis.com/admin/directory/v1/users/email#domain.com?fields=id
returned code 403.
Truncated server response: { "error": { "errors": [ { "domain": "global",
"reason": "forbidden", "message": "Not Authorized to access this
resource/api" ... (use muteHttpExceptions option to examine full response)
Any idea how to fix this? I have manually added the required scopes for the apps script library, I added the following:
"https://www.googleapis.com/auth/script.external_request",
"https://www.googleapis.com/auth/admin.directory.user"
The reason this happens is because YOU have admin rights, otherwise you'd be getting the same error message. The other users don't have admin rights hence they get the error. To solve this problem, you can either deploy the application running it as the developer or you can use a service account to impersonate an admin and do the process.
Regarding the first approach, you can find more info here https://developers.google.com/appmaker/security/identity.
Regarding the second approach, you can use the following app script library https://github.com/gsuitedevs/apps-script-oauth2#using-service-accounts
Moreover, if you do not require to get custom schemas information, then you can simply use a directory model and that should work for all users. Check the reference here: https://developers.google.com/appmaker/models/directory
I'm trying to create a cloud function listening to cloudbuilds topic and making an API call to trigger the build. I think I'm missing something in my index.js file (I'm new to Node.js). Can you provide a sample example of a Cloud Function making an API call to the Cloud Build API?
Here is my function:
const request = require('request')
const accessToken = '$(gcloud config config-helper --format='value(credential.access_token)')';
request({
url: 'https://cloudbuild.googleapis.com/v1/projects/[PROJECT_ID]/builds',
auth: {
'bearer': accessToken
},
method: 'POST',
json: {"steps": [{"name":"gcr.io/cloud-builders/gsutil", "args": ['cp','gs://adolfo-test-cloudbuilds/cloudbuild.yaml', 'gs://adolfo-test_cloudbuild/cloudbuild.yaml']}]},
},
module.exports.build = (err, res) => {
console.log(res.body);
});
I was executing the command gcloud config config-helper --format='value(credential.access_token)', copying the token, and putting it as a value to the variable accessToken. But this didn't work for me.
Here is the error: { error: { code: 403, message: 'The caller does not have permission', status: 'PERMISSION_DENIED' } }
I had the same exact problem and I have solved it by writing a small package, you can use it or read the source code.
https://github.com/MatteoGioioso/google-cloud-build-trigger
With this package you can run a pre-configured trigger from cloud build.
You can also extend to call other cloud build API endpoints.
As my understanding cloud build API requires either OAuth2 or a service account. Make sure you gave the right permission to cloud build in the gcp console under IAM. After that you should be able to download the service-account.json file.
I have a problem. My cosmos gui application crashes after trying to authorize with keystone.
Horizon application is running on https://192.168.4.33:443,
while cosmos-gui is running on http://192.168.4.180:81.
My gui config file looks like this:
"oauth2": {
"idmURL": "https://192.168.4.33",
"client_id": "***********************************",
"client_secret": "*********************************",
"callbackURL": "http://192.168.4.180:81/auth",
"response_type": "code"
},
and inside horizon i registered application Cosmos Big data
with parameters:
Description
Cosmos Big data
URL
https://192.168.4.33
Callback URL
http://192.168.4.180:81/auth
So afterwards i start cosmos-gui application and after clicking on login it redirects me to this url:
https://192.168.4.33/oauth2/authorize/?response_type=code&client_id=0434fdf60897479588c3c31cfc957b6d&state=xyz&redirect_uri=http://192.168.4.180:81/auth
And that is ok.But then, when i click on button authorize it leads me to this url:
http://192.168.4.180:81/auth?state=xyz&code=NVfyZUov1KuQ8yTw498oItHgYC2l9Z
and at that moment cosmos-gui application crashes and everything that i get from the log is this:
/home/cosmos-gui/fiware-cosmos/cosmos-gui/src/app.js:138
req.session.access_token = results.access_token;
^
TypeError: Cannot read property 'access_token' of undefined
at /home/cosmos-gui/fiware-cosmos/cosmos-gui/src/app.js:138:43
at /home/cosmos-gui/fiware-cosmos/cosmos-gui/src/oauth2.js:168:22
at ClientRequest.<anonymous> (/home/cosmos-gui/fiware-cosmos/cosmos- gui/src/oauth2.js:140:9)
at ClientRequest.emit (events.js:95:17)
at CleartextStream.socketErrorListener (http.js:1548:9)
at CleartextStream.emit (events.js:95:17)
at SecurePair.<anonymous> (tls.js:1400:19)
at SecurePair.emit (events.js:92:17)
at SecurePair.maybeInitFinished (tls.js:980:10)
at CleartextStream.read [as _read] (tls.js:472:13)
On the side of keystone everything looks ok.This is from keystones log:
2015-08-24 16:34:02.604 27693 INFO keystone.contrib.oauth2.controllers [-] OAUTH2: Created Authorization Code to consumer 0434fdf60897479588c3c31cfc957b6d for user idm with scope [u'all_info']. Redirecting to http://192.168.4.180:81/auth?state=xyz&code=NVfyZUov1KuQ8yTw498oItHgYC2l9Z
2015-08-24 16:34:02.606 27693 INFO eventlet.wsgi.server [-] 127.0.0.1 - - [24/Aug/2015 16:34:02] "POST /v3/OS-OAUTH2/authorize HTTP/1.1" 302 208 0.121336
When you authorize the Cosmos app in Keystone, the callback URL is called and this piece of software is executed:
// Handles requests from IDM with the access code
app.get('/auth', function(req, res) {
// Using the access code goes again to the IDM to obtain the access_token
oa.getOAuthAccessToken(req.query.code, function (e, results){
// Stores the access_token in a session cookie
req.session.access_token = results.access_token;
res.redirect('/');
});
});
I.e. Keystone calls the callback with an access code (a soft piece of security) that can be used to retrieve the final access token (a hard security element).
It seems your Keystone is generating the access code but it is not returning the access token when asked for it. Can you check the Keystone logs in order to find the access token request? May you print any error returned by this call?
oa.getOAuthAccessToken(req.query.code, function (e, results)
After a bit of debugging and printing arguments that were going into the app.get('/auth', function(req, res)
i found this Error: DEPTH_ZERO_SELF_SIGNED_CERT
It seems it doesn't recognize self signed certificates as valid.
Anyway as first line in file:
cosmos-gui/src/app.js
i added
process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0';
and now it is working.