Comments (3)
When I modified SurrealQL as follows, the ResponseError did not occur.
- DEFINE SCOPE user SESSION 1d SIGNIN (SELECT * FROM $id)
+ DEFINE SCOPE user SESSION 1d SIGNIN (SELECT * FROM type::thing($id))
SurrealDB automatically converts strings that meet certain formats into special values. Record ID is one of those special values. For example, quoting from the official documentation, the following query returns Record ID:
-- Interpreted as a record ID, because of the structure with the semicolon:
RETURN "5:20";
reference: Strings | SurrealQL | SurrealDB Docs
I don't know much about SurrealDB, but I think it probably only interprets it as a Record ID when parsing a query. Therefore, after $id
in FROM $id
is identified as a parameter by the query parser, the actual variable "users:12345" is treated as a string.
I actually ran the following query to check:
const db = new Surreal() // surreal.js v1.0.0-beta.5
// connect ....
await db.query(`
RETURN $id;
RETURN "users:12345";
RETURN type::thing($id);
`, { id: "users:12345" })
// [
// "users:12345",
// RecordId { tb: "users", id: 12345 },
// RecordId { tb: "users", id: 12345 }
// ]
By the way, I looked into it and it seems that the id
property as a variable is one of the valid properties.
The variables are validated with zod on the client side. Zod's .catchall(<ZodType>)
is a function that validates <ZodType>
against all properties except those of object
. And <ZodType>
is .unknown
in this case, which is the same as .any
except that it becomes an unknown type in TypeScript (Reference), so the variable containing the id
property is sent to server.
On the server side, the variables are probably being validated here. PROTECTED_PARAM_NAMES
is defined as [ "auth", "scope", "token", "session" ] in the current version (v1.4.2). id
is not in this.
If you actually try to use a variable that contains the auth
property, you will get an error:
await db.query("RETURN $auth", { auth: "users:12345" })
// ResponseError: There was a problem with the database: 'auth' is a protected variable and cannot be set
However, I haven't really started looking into SurrealDB for a while, so I don't really know much about it. There may be major errors in what I have said here. I would be happy if I could help you.
from surrealdb.js.
(property) auth?: string | {
username: string;
password: string;
namespace?: undefined;
database?: undefined;
scope?: undefined;
} | {
namespace: string;
username: string;
password: string;
database?: undefined;
scope?: undefined;
} | {
...;
} | objectOutputType<...> | undefined
id
is not valid property so you are not authenticated because SurrealDB do not get any correct data. If you provide username
and password
then sign in should work correctly, but of course you need to update schema as well to something like this:
DEFINE TABLE users
PERMISSIONS
FOR select FULL;
DEFINE FIELD username ON TABLE users;
DEFINE FIELD password ON TABLE users;
CREATE users:12345 SET username = 'demo_user', password = '123';
DEFINE SCOPE user SESSION 1d
SIGNIN ( SELECT * FROM users WHERE username = $username AND password = $password )
;
- the above schema do not encrypt password
...and then you can:
db = new Surreal()
await db.connect('https://[urlHere].com', {
namespace: 'test',
database: 'test',
auth: {
scope: 'user',
username: 'demo_user',
password: '123'
}
}
)
PS. For most use cases I think that way to authenticate scope user is not the best. I think you will want to use db.signin
+ db.authenticate
PS2. I'm not pretty sure, but I think you can also pass a token to authenticate user like this:
await db.connect('https://[urlHere].com', {
namespace: 'test',
database: 'test',
auth: <token>
}
)
from surrealdb.js.
Thank you @tai-kun ! I made the change that you suggest above and it seems to be working now. Very helpful explanation!
from surrealdb.js.
Related Issues (20)
- Feature: Parse object- and array based record ID HOT 5
- Bug: Using docker compose networking causes TypeError: t.mask is not a function or connection to hang when running .wait() or .query() HOT 2
- [BUG]: Path is ignored in the Connenction URL HOT 1
- Documentation: Further define `thing` on db.create/merge/delete/select HOT 2
- Bug: Argument of type 'TemplateStringsArray' is not assignable to parameter of type 'string[]' HOT 1
- Bug: JS Sdk disconnected and couldn't authenticate again
- Bug: node_js_1.default is not a constructor at SurrealSocket.open HOT 1
- Bug: HOT 1
- Bug: Missing typing on `.query` method
- Feature: Implement toString and fromString for RecordId class HOT 1
- Feature: RecordId class should error if passing a RecordId as parameter
- Bug: Connection Unavailable with HTTP protocol in v1.0.0-beta.5 HOT 6
- Bug: problems in v1.0.0-beta.5 with select, delete and update functions when providing ID and inconsistency when returning JSON results from select and create functions. HOT 2
- Bug: CBORError: Remaining bytes HOT 10
- Feature: support custom fetch functions HOT 4
- Bug: WS connection does not work using node 22 HOT 3
- Bug: Type mismatch in geometries HOT 5
- Bug: create does not work with 1.0.0-beta.6 HOT 2
- Feature: Allow for setting the auth token on a per request basis
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from surrealdb.js.