Update package for dgraph-js-http

gotjoshua · September 12, 2020, 3:33pm

I am trying to setup @auth directives and it seems that master is updated at:

but even when i do:
yarn add https://github.com/dgraph-io/dgraph-js-http
I still get errors when trying to run the suggested command to register the auth token:
dgraphClient.setAlphaAuthToken("My secret token value");

The version in my yarn.lock is

"dgraph-js-http@https://github.com/dgraph-io/dgraph-js-http":
  version "20.7.1-rc1"

which is not in the list of tags nor releases

Is master usable?

Why does the version tag format keep changing? (eg: 20.07.0 → 20.7.1-rc1)

chewxy · September 14, 2020, 3:06am

I’ve just merged the latest dependencies (thanks to @catherineluse for the PR) Can you check if it works?

gotjoshua · September 14, 2020, 2:49pm

i updated the package and i was able to call that function and successfully do an alter operation on an alpha that is set up for securing alter operations !

That much is great! Will you correct the tag and make an official release soon?

However i was only able to succeed from node.js as the browser fails due to cors errors, reported here:

chewxy · September 14, 2020, 9:39pm

@Paras wondering if this is something you could look at? (re: release and auth)

Paras · September 14, 2020, 9:48pm

@paulftw owns this client. tagged him.

gotjoshua · September 15, 2020, 7:28am

Guys, I think the auth part is fine from the client side (except maybe documentation), the main repo needs to add the allowed header…

Perhaps you could use an additional function for setting for X-CSRF-Token in the client (as this is already allowed by the backend) - but all this can also be done without specialized functions just by setting the headers when creating the clientStub:

const headers = {
    ['X-CSRF-Token']:X_USER_AUTH_TOKEN,
    // ['X-Dgraph-AuthToken']:X_DGRAPH_AUTH_TOKEN, // this is not permitted by alpha cors - and does exactly the same as setAlphaAuthToken()
    ['X-Auth-Token']:X_USER_AUTH_TOKEN // this is allowed but doesn't do anything related to alter restriction - but can be used with GraphQL @auth rules
  }
  const newStub = await new DgraphClientStub(DGRAPH_URL,undefined,{headers})

paulftw · September 21, 2020, 10:07am

@gotjoshua I’ve published the latest version to npm, you should be able to yarn add dgraph-js-http and get a working version of the library.

Let me know if you see any other issues

gotjoshua · September 27, 2020, 7:49pm

thanks @paulftw! Looks good so far…

Topic		Replies	Views
@auth, cors, securing alter operations, and request headers Dgraph kind:question , auth , area:security , ticket:created , cors	6	1512	January 15, 2021
Auth-token and updating schema - "Alter denied with error: No Auth Token found" Dgraph Clients	5	1161	August 24, 2020
Dgraph-js and auth-token problem - Error: Incorrect arguments passed Dgraph Clients	2	1272	October 9, 2020
Passing x-auth0-token while using dgraph-js-http Dgraph Clients kind:question	3	706	October 17, 2020
Update the library with new HTTP API Issues untagged , dgraph-js-http	1	520	July 11, 2020

Update package for dgraph-js-http

Related topics