Code Monkey home page Code Monkey logo

Comments (3)

tai-kun avatar tai-kun commented on June 9, 2024 1

When I modified SurrealQL as follows, the ResponseError did not occur.

- DEFINE SCOPE user SESSION 1d SIGNIN (SELECT * FROM $id)
+ DEFINE SCOPE user SESSION 1d SIGNIN (SELECT * FROM type::thing($id))

SurrealDB automatically converts strings that meet certain formats into special values. Record ID is one of those special values. For example, quoting from the official documentation, the following query returns Record ID:

-- Interpreted as a record ID, because of the structure with the semicolon:
RETURN "5:20";

reference: Strings | SurrealQL | SurrealDB Docs

I don't know much about SurrealDB, but I think it probably only interprets it as a Record ID when parsing a query. Therefore, after $id in FROM $id is identified as a parameter by the query parser, the actual variable "users:12345" is treated as a string.

I actually ran the following query to check:

const db = new Surreal() // surreal.js v1.0.0-beta.5
// connect ....
await db.query(`
  RETURN $id;
  RETURN "users:12345";
  RETURN type::thing($id);
`, { id: "users:12345" })
// [
//   "users:12345",
//   RecordId { tb: "users", id: 12345 },
//   RecordId { tb: "users", id: 12345 }
// ]

By the way, I looked into it and it seems that the id property as a variable is one of the valid properties.

The variables are validated with zod on the client side. Zod's .catchall(<ZodType>) is a function that validates <ZodType> against all properties except those of object. And <ZodType> is .unknown in this case, which is the same as .any except that it becomes an unknown type in TypeScript (Reference), so the variable containing the id property is sent to server.

On the server side, the variables are probably being validated here. PROTECTED_PARAM_NAMES is defined as [ "auth", "scope", "token", "session" ] in the current version (v1.4.2). id is not in this.

If you actually try to use a variable that contains the auth property, you will get an error:

await db.query("RETURN $auth", { auth: "users:12345" })
// ResponseError: There was a problem with the database: 'auth' is a protected variable and cannot be set

However, I haven't really started looking into SurrealDB for a while, so I don't really know much about it. There may be major errors in what I have said here. I would be happy if I could help you.

from surrealdb.js.

oskar-gmerek avatar oskar-gmerek commented on June 9, 2024 
(property) auth?: string | {
    username: string;
    password: string;
    namespace?: undefined;
    database?: undefined;
    scope?: undefined;
} | {
    namespace: string;
    username: string;
    password: string;
    database?: undefined;
    scope?: undefined;
} | {
    ...;
} | objectOutputType<...> | undefined

For scope auth:
Zrzut ekranu 2024-04-24 o 11 49 09

id is not valid property so you are not authenticated because SurrealDB do not get any correct data. If you provide username and password then sign in should work correctly, but of course you need to update schema as well to something like this:

DEFINE TABLE users
   PERMISSIONS
      FOR select FULL;
DEFINE FIELD username ON TABLE users;
DEFINE FIELD password ON TABLE users;
CREATE users:12345 SET username = 'demo_user', password = '123';

DEFINE SCOPE user SESSION 1d
	SIGNIN ( SELECT * FROM users WHERE username = $username AND password = $password )
;
  • the above schema do not encrypt password

...and then you can:

db = new Surreal()

await db.connect('https://[urlHere].com', {
      namespace: 'test',
      database: 'test',
      auth: {
        scope: 'user',
        username: 'demo_user',
        password: '123'
      }
    }
)

PS. For most use cases I think that way to authenticate scope user is not the best. I think you will want to use db.signin + db.authenticate

PS2. I'm not pretty sure, but I think you can also pass a token to authenticate user like this:

await db.connect('https://[urlHere].com', {
     namespace: 'test',
     database: 'test',
     auth: <token>
   }
)

from surrealdb.js.

ntorrey avatar ntorrey commented on June 9, 2024

Thank you @tai-kun ! I made the change that you suggest above and it seems to be working now. Very helpful explanation!

from surrealdb.js.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.