[Alpha] Problems with --auth_token

Report a Dgraph Bug

What version of Dgraph are you using?

Docker - dgraph/dgraph:latest

Have you tried reproducing the issue with the latest release?

Yes

What is the hardware spec (RAM, OS)?

W10, docker for windows, 32gb RAM, i7-9700k

Steps to reproduce the issue (command/config used to run Dgraph).

version: "3.2"
services:
  zero:
    image: dgraph/dgraph:latest
    volumes:
      - ./src/dgraph:/dgraph
    ports:
      - 5080:5080
      - 6080:6080
    restart: on-failure
    command: dgraph zero --my=zero:5080
  alpha:
    image: dgraph/dgraph:latest
    volumes:
      - ./src/dgraph:/dgraph
    ports:
      - 8080:8080
      - 9080:9080
    restart: on-failure
    command: dgraph alpha --auth_token=123 --my=alpha:7080 --zero=zero:5080 --whitelist 192.168.10.0/29

Expected behaviour and actual result.

POST -> localhost:8080/admin/schema

Header:

X-Dgraph-AuthToken: 123

Data-binary:

// /dgraph/schemas/schema.graphql

type User {
  id: ID!
  username: String!
}

Expected Return:

{
  "data": {
    "code": "Success",
    "message": "Done"
  }
}

Actual Return:

{
  "errors": [
    {
      "message": "resolving updateGQLSchema failed because No Auth Token found. Token needed for Admin operations. (Locations: [{Line: 3, Column: 4}])",
      "extensions": {
        "code": "Error"
      }
    }
  ]
}

When using wrong Token Header returns expected answer: [X-Dgraph-AuthToken: 1234]

{
  "errors": [
    {
      "message": "Invalid X-Dgraph-AuthToken",
      "extensions": {
        "code": "ErrorUnauthorized"
      }
    }
  ]
}

When posting to localhost:8080/alter it works as expected: Header: [X-Dgraph-AuthToken: 123]

{
  "drop_all":true
}

Response:

{
  "data": {
    "code": "Success",
    "message": "Done"
  }
}

As far as I know, Poor man’s Auth just covers DQL admin endpoints. We have tickets to cover more endpoints like GraphQL Admin. The ideal for now is to not expose your Dgraph instance - Actually it should never be exposed, you should put it behind a firewall or reverse proxy and use GraphQL or create an API.

Thanks for the quick response.

Hey @FellipeFreire

Could you check and share the version of Dgraph that you are using?