-
-
Notifications
You must be signed in to change notification settings - Fork 129
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Could not find JWT type '"my_private_schema"."jwt_token"' #69
Comments
Excellent quality bug report 👌 So it seems that because of the way the code is written currently the JWT type has to be in a public schema. However I can't think of a good reason for this to be the case, so I'll have a look at fixing it. |
Hi @sloansparger, Thanks for spotting this - it is now fixed in the latest postgraphile; the example needs a tweak - -- ADDED NEXT LINE
create extension if not exists "pgcrypto";
create schema my_public_schema;
create schema my_private_schema;
create table my_private_schema.person_account (
person_id integer primary key,
email text not null unique check (email ~* '^.+@.+\..+$'),
password_hash text not null,
username text,
-- ADDED NEXT LINE
is_admin boolean
);
/* added as from what is currently in example */
create type my_private_schema.jwt_token as (
role text,
exp integer,
person_id integer,
is_admin boolean,
username varchar
);
/* changed forum_example.person_account to my_private_schema.person_account */
create function my_public_schema.authenticate(
email text,
password text
) returns my_private_schema.jwt_token as $$
declare
account my_private_schema.person_account;
begin
select a.* into account
from my_private_schema.person_account as a
where a.email = authenticate.email;
if account.password_hash = crypt(password, account.password_hash) then
return (
'person_role',
86400,
account.person_id,
account.is_admin,
account.username
)::my_private_schema.jwt_token;
else
return null;
end if;
end;
$$ language plpgsql strict security definer; Then by doing insert into my_private_schema.person_account values(1, 'example@example.com', crypt('123456', gen_salt('bf'))); I can log in: mutation {
authenticate(input:{email:"example@example.com", password:"123456"}) {
jwtToken
}
} Do you want to make the relevant mods to the website? It would be good if the examples were fully runnable like this; if they add too much bulk to the page you can always use the 🙏 |
Awesome, thanks @benjie! I will make the changes needed on the website either tonight or tomorrow. I was just thinking about proposing a way to have abbreviated or long form examples in the docs, I'll create an issue on the website soon to discuss more. |
Linking out to full schemas is probably a good idea; we can then incorporate a test suite for the examples. I started thinking about this sort of thing in the examples directory which are plugins from some of the articles. Looking forward to hearing your thoughts 👍 |
I'm trying to take care of the TODO on https://github.com/graphile/graphile.github.io/blob/8d5948feaa251303ff2d98294394bd726e6a7189/src/pages/postgraphile/security.md but while going through it I'm getting an error that I think has to do with graphile-build.
First, I'm spinning up a postgres docker container:
docker run --name postgres -p 5432:5432 -d postgres
Secondly, I'm running:
psql -h localhost -U postgres -w -a -f jwt-example.sql
with the contents of the file being:This all runs fine.
Thirdly, I'm running:
postgraphile -e super-secret -c postgres://postgres@localhost:5432/postgres -s my_public_schema -t my_private_schema.jwt_token
which is giving me the following outputI looked around in the PgJWTPlugin file to try to debug if there was an issue there, not sure if there's something wrong with these lines here: https://github.com/graphile/graphile-build/blob/415acd145992f25db492dab778cec0e7bc34eda8/packages/graphile-build-pg/src/plugins/PgJWTPlugin.js#L36-L45
I couldn't figure out where there pgIntrospectionResultsByKind comes from/what it does so couldn't take my debugging further tonight.
I would super appreciate any direction that you can give! Thanks a ton for your work 👍
The text was updated successfully, but these errors were encountered: