Update package for dgraph-js-http

gotjoshua · September 12, 2020, 3:33pm

I am trying to setup @auth directives and it seems that master is updated at:

but even when i do:
yarn add https://github.com/dgraph-io/dgraph-js-http
I still get errors when trying to run the suggested command to register the auth token:
dgraphClient.setAlphaAuthToken("My secret token value");

The version in my yarn.lock is

"[email protected]://github.com/dgraph-io/dgraph-js-http":
  version "20.7.1-rc1"

which is not in the list of tags nor releases

Is master usable?

Why does the version tag format keep changing? (eg: 20.07.0 → 20.7.1-rc1)

chewxy · September 14, 2020, 3:06am

I’ve just merged the latest dependencies (thanks to @catherineluse for the PR) Can you check if it works?

gotjoshua · September 14, 2020, 2:49pm

i updated the package and i was able to call that function and successfully do an alter operation on an alpha that is set up for securing alter operations !

That much is great! Will you correct the tag and make an official release soon?

However i was only able to succeed from node.js as the browser fails due to cors errors, reported here:

chewxy · September 14, 2020, 9:39pm

@Paras wondering if this is something you could look at? (re: release and auth)

Paras · September 14, 2020, 9:48pm

@paulftw owns this client. tagged him.

gotjoshua · September 15, 2020, 7:28am

Guys, I think the auth part is fine from the client side (except maybe documentation), the main repo needs to add the allowed header…

Perhaps you could use an additional function for setting for X-CSRF-Token in the client (as this is already allowed by the backend) - but all this can also be done without specialized functions just by setting the headers when creating the clientStub:

const headers = {
    ['X-CSRF-Token']:X_USER_AUTH_TOKEN,
    // ['X-Dgraph-AuthToken']:X_DGRAPH_AUTH_TOKEN, // this is not permitted by alpha cors - and does exactly the same as setAlphaAuthToken()
    ['X-Auth-Token']:X_USER_AUTH_TOKEN // this is allowed but doesn't do anything related to alter restriction - but can be used with GraphQL @auth rules
  }
  const newStub = await new DgraphClientStub(DGRAPH_URL,undefined,{headers})

paulftw · September 21, 2020, 10:07am

@gotjoshua I’ve published the latest version to npm, you should be able to yarn add dgraph-js-http and get a working version of the library.

Let me know if you see any other issues

gotjoshua · September 27, 2020, 7:49pm

thanks @paulftw! Looks good so far…