I am setting up Apple Login in a nestjs backend application and the application is live on render.com using github codepipeline.
I have completed the Apple Login configuration, and I want to push it to github so that render can update the deployment; however, there is a folder apple_secret that contains my apple_secret_key.p8 in the root directory that I am pointing to in my AppleStrategy configuration that I don't think is safe for me to push to github.
constructor(configService: ConfigService) {
super({
clientID: configService.get<string>('APPLE_CLIENT_ID'),
teamID: configService.get<string>('APPLE_TEAM_ID'),
keyID: configService.get<string>('APPLE_KEY_ID'),
key: readFileSync(
__dirname + '/../../../apple_secret/apple_secret_key.p8',
),
callbackURL: configService.get<string>('APPLE_CALLBACK_URL'),
scope: ['name', 'email'],
});
}
How do I make this folder and the content (apple_secret/apple_secret_key.p8) available for render.com to read?
Related
Strapi Version: 4.1.5
Operating System: Debian GNU/Linux 9
Database: PostgreSQL 13
Node Version: v14.16.0
NPM Version: 6.14.11
Yarn Version: v1.22.5
Hi everyone, I can’t seem to find consistent information on how to use permissions with a custom plugin in Strapi. I want to make an endpoint available to my front-end (Next.JS) application, but only when the front-end application has authenticated as a user and using the JWT that is returned from authenticating with Strapi. I keep getting a 401 returned.
Here’s what I’m doing:
I used this page to set up authentication in Strapi. I have a user created in Strapi, and from the front-end, I can authenticate and it returns a JWT token. When I set up collection types to only be accessible with the “authenticated” role, I can access those collection types in the api using this JWT token. So all of that works. The problem is that I can’t get this to work with my custom plugin, and I’m not sure why. I still get a 401 error instead.
Here’s how I set up the permissions:
Based on this page, I initially tried to leverage the isAuthenticated permission that the Users & Permissions plugin provides:
{
method: "GET",
path: "/progress",
handler: "memberProgress.getProgress",
config: {
policies: ['plugins::users-permissions.isAuthenticated']
},
},
Unfortunately, this did not work. The server raised an error, saying that this could not be found. So back on the document linked above, I decided to take the approach of creating my own gloabl permission. I created src/policies/is-authenticated.js with the following contents:
module.exports = (policyContext, config, { strapi }) => {
if (policyContext.state.user) { // if a session is open
// go to next policy or reach the controller's action
return true;
}
return false; // If you return nothing, Strapi considers you didn't want to block the request and will let it pass
};
Then, I modified my plugin’s route as follows:
{
method: "GET",
path: "/progress",
handler: "memberProgress.getProgress",
config: {
policies: ['global::is-authenticated']
},
},
This is all based on that document I linked to. Unfortunately, this still does not work. It seems to find the permission (server doesn’t raise an error about it), but when I try to access my plugin’s endpoint with the JWT token, I just get a 401 error.
Here is how I’m trying to access the endpoint on the front-end:
// VERIFIED, auth works and I get the expected jwt
const strapiAuth = await strapiApiAuth();
if ( strapiAuth && strapiAuth.hasOwnProperty("jwt") ) {
try {
const response = await axios.get(
`${process.env.STRAPI_BACKEND_URL}/member-progress/progress?year=2022&name=&pageSize=10&page=1`,
{
headers: {
Accept: "application/json",
Authorization: `Bearer ${strapiAuth.jwt}`
},
timeout: 500,
}
);
console.log(response);
} catch (error) {
// This is where I land with the 401 error
console.log(error);
}
}
Strapi check if you have a valid jwt by default with "authenticated" role, but you must mark the permission to your custom endpoint in "Settings→User & Permission Plugin→Roles" of admin panel also.
I'm actually trying to use nuxt-mail in a personnal project,
During my development phase, I receive all my testing mails. And from there I did the following adjustments to do the exact same request from my builded site :
//nuxt.config.js
env: {
baseUrl:
process.env.NODE_ENV === 'dev'
? 'http://localhost:3000'
: 'https://my-domain.netlify.app'
},
My code when using the 'send' function :
this.$axios.$post(process.env.baseUrl + "/mail/send", {
config: 'contact',
from: document.getElementById('input-2').value,
subject: document.getElementById('subject').value,
text: "This is a text message",
})
It continues to work well with localhost/3000/mail/send but I have a 404 error once I build my site and using https:/ /my-domain.netlify.app/mail/send :
POST https://my-domain.netlify.app/mail/send [HTTP/2 404 Not Found 186ms]
Uncaught (in promise) Error: Request failed with status code 404
I'm actually struggling to solve this problem, am I missing something ?
Alright, so if your target is static, you can only do yarn generate.
If you do have the default, aka target: server, you can only yarn build.
Then, as talked about it a bit here: Sending mail in Nuxt.js with nuxt-mail
You cannot use a Node.js package in a static environment, so neither yarn generate nor Netlify will help you here. You need to yarn build and host it on something like Heroku.
One last step that you can do, is to try it locally with the following:
target: server
yarn build
yarn start
make your POST call with Postman or alike
If it does not work here, it is a code issue and you can look into the hosting one.
If it does work locally, you can proceed to the hosting issue that you'll face.
Well you just misunderstood the env field in the nuxt.config.js file.
That env field is passed to the $config Object of the Nuxt App and not passed to process.env.
What you want is to set the BaseUrl for the Axios Module
// nuxt.config.js
axios: {
baseURL: process.env.NODE_ENV === 'dev'
? 'http://localhost:3000'
: 'https://my-domain.netlify.app'
},
// or provide a runtime config
// server and clientside
publicRuntimeConfig: {
axios: {
browserBaseURL: process.env.BROWSER_BASE_URL
}
},
// serverside only
privateRuntimeConfig: {
axios: {
baseURL: process.env.BASE_URL
}
},
Edit:
Also when calling axios just do it like that if you implement the above changes
this.$axios.$post("/mail/send", {
// ... the rest of your code
I'm currently developping an API with aws-cdk and I'm testing it locally with aws-sam-cli and docker. I wanted to add the requirement of an API Key to call the API.
Here is the code inside my stack:
const api = new apigw.RestApi(this, "MyAPI", {
restApiName: "My API",
description: "BLABLABLA API",
});
const myLambdaIntegration = new apigw.LambdaIntegration(myLambda, {
proxy: false,
});
// Endpoints of the API
api.root.addResource("test").addMethod("GET", myLambdaIntegration, {
apiKeyRequired: true,
});
Then I build this stack and synth it (npm run build ; cdk synth --no-staging myStack > template.yaml
And try to test it locally
sam local start-api
When I request my api without any API KEY, the API returns me the result of my lambda. 😭
I expected it to return me an error like {"message":"Missing Authentication Token"}
Does anyone have an idea of what is going on?
I suspect it's because authorizations are ignored locally but didn't find anything about that...
Thanks in advance! 😁
Edit: After deploying this stack, the API correctly asks me for a token.
When trying to get the details for a specific pull request (via a call to ocktokit.pulls.get, I get the error "Resource not accessible by integration". Doing the exact same thing for an issue (octokit.issues.get) works as expected. I'm using the createAppAuth authorization strategy:
const octokit = new Octokit({
authStrategy: createAppAuth,
auth: {
id: APP_ID,
privateKey: PRIVATE_KEY,
installationId: INSTALLATION_ID,
clientId: CLIENT_ID,
clientSecret: CLIENT_SECRET,
},
})
Authorization can't be the issue since I can get details for a (non-PR) issue. How can I get details for a pull request?
I've deployed an app to Heroku, however once you click 'log in with facebook', you are redirected to http://localhost:3000/#=. I've tried the following (the first is where it is at the moment):
passport.use(new FacebookStrategy({
clientID: FACEBOOK_APP_ID,
clientSecret: FACEBOOK_APP_SECRET,
callbackURL: "http://localhost:3000/auth/facebook/callback"
},
function(accessToken, refreshToken, profile, done) {
process.nextTick(function () {
return done(null, profile);
});
}
));
but when I deploy using:
passport.use(new FacebookStrategy({
clientID: FACEBOOK_APP_ID,
clientSecret: FACEBOOK_APP_SECRET,
callbackURL: "/auth/facebook/callback"
},
or
passport.use(new FacebookStrategy({
clientID: FACEBOOK_APP_ID,
clientSecret: FACEBOOK_APP_SECRET,
callbackURL: "https://fivemincatchup.herokuapp.com/auth/facebook/callback"
},
it directs to facebook with the following error:
Given URL is not permitted by the Application configuration: One or
more of the given URLs is not permitted by the App's settings. It must
match the Website URL or Canvas URL, or the domain must be a subdomain
of one of the App's domains.
Am I missing something really obvious?!
Did you add the callback URL to the app's settings? You have to add the site URL as that in the facebook developer app settings for it to allow facebook to make callbacks to any particular website.
Should be under either basic settings on site URL or advanced settings on "Valid OAuth redirect URIs"
(see also here)