New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
403 forbidden even when user is allowed #344
Comments
Hi, If I were you, I would add a console.log in the Something like: allowApiUpdate: () =>{
const result = !!remult.user?.roles?.length && AdminRoles.includes(remult.user.roles[0] as UserRole),
console.log({result})
return result This will help you see the result of your expression, you'll also be able to add other peices of information that can help you investigate. Also please make sure that the One last thing, you can simplify your code by saying: allowApiUpdate: ()=> remult.isAllowed(AdminRoles) Or even shorter: allowApiUpdate:AdminRoles |
You where right, there's a chance that you've some example of how to fetch the userInfo from the db in next js (pages version)? |
I'll prepare something for tomorrow morning |
Hi @YeudaBy, Here's how to do that:
import { Entity, Fields, Remult, UserInfo } from 'remult'
@Entity('users', {
allowApiCrud: true,
})
export class User {
@Fields.cuid()
id = ''
@Fields.string()
name = ''
@Fields.boolean()
admin = false
}
// Signs in a user by its name (you can add password etc...)
export async function signIn(remult: Remult, name: string) {
const user = await remult.repo(User).findFirst({ name })
if (user) return buildUserInfo(user)
}
// Finds a user by its id
export async function findUserById(remult: Remult, id: string) {
const user = await remult.repo(User).findFirst({ id })
if (user) return buildUserInfo(user)
}
// Translates a User entity to a UserInfo object
function buildUserInfo(u: User): UserInfo {
return { id: u.id, name: u.name, roles: u.admin ? ['admin'] : [] }
} Adjust the import NextAuth from 'next-auth'
import Credentials from 'next-auth/providers/credentials'
import api from '../[...remult]'
import { signIn, findUserById } from '../../../shared/user'
export default NextAuth({
providers: [
Credentials({
credentials: {
name: {
placeholder: 'Try Steve or Jane',
},
},
authorize: async (info) => {
if (!info?.name) return null
// This route doesn't pass through `remultNext` so we need to get the remult instance manually
const remult = await api.getRemult({} as any)
return (await signIn(remult, info.name)) || null
},
}),
],
callbacks: {
// this callback is called by the `useSession` hook in the frontend code
session: async ({ session, token }) => {
if (!token?.sub) return session
// This route doesn't pass through `remultNext` so we need to get the remult instance manually
const remult = await api.getRemult({} as any)
return {
...session,
user: await findUserById(remult, token.sub),
}
},
},
}) Finally, adjust the import { remultNext } from 'remult/remult-next'
import { getToken } from 'next-auth/jwt'
import { Task } from '../../shared/task'
import { TasksController } from '../../shared/tasksController'
import { User, findUserById } from '../../shared/user'
import { remult } from 'remult'
const api = remultNext({
entities: [Task, User],
controllers: [TasksController],
getUser: async (req) => {
const jwtToken = await getToken({ req })
if (!jwtToken?.sub) return undefined
return findUserById(remult, jwtToken.sub)
},
admin: true,
})
export default api Check it out and let me know if it works for you or if you have any questions |
If you're feeling experimental, There's an easier way of writing that, in the next version that'll release, let me know if you want an example |
OFC!! i still facing some errors but i think this is more relateable to next-auth and not remult. |
Cool - in the current exp version ( Here's how that code would look - the sign in and find user functions would not require a export async function signIn(name: string) {
const user = await repo(User).findFirst({ name })
if (user) return buildUserInfo(user)
}
// Finds a user by its id
export async function findUserById(id: string) {
const user = await repo(User).findFirst({ id })
if (user) return buildUserInfo(user)
} And in import NextAuth from 'next-auth'
import Credentials from 'next-auth/providers/credentials'
import api from '../[...remult]'
import { signIn, findUserById } from '../../../shared/user'
export default NextAuth({
providers: [
Credentials({
credentials: {
name: {
placeholder: 'Try Steve or Jane',
},
},
authorize: async (info) =>
// This route doesn't pass through `remultNext` so we need to get the remult instance manually
api.withRemult(undefined, async () => {
{
if (!info?.name) return null
return (await signIn(info.name)) || null
}
}),
}),
],
callbacks: {
// this callback is called by the `useSession` hook in the frontend code
session: async ({ session, token }) =>
// This route doesn't pass through `remultNext` so we need to get the remult instance manually
api.withRemult(undefined, async () => {
if (!token?.sub) return session
return {
...session,
user: await findUserById(token.sub),
}
}),
},
}) Try it out and let me know what you think |
Checkout this video - I think you'll like it |
Describe the bug
Hey!
i'm trying to edit something, but even when the user is clearly are allowed, it gives me 403 error, here is the code example:
here the entity declarition:
and here a screenshot:
i don't know if it's a bug or maybe i just do not understand how to do that...
To Reproduce
Steps to reproduce the behavior:
Expected behavior
A clear and concise description of what you expected to happen.
Screenshots
If applicable, add screenshots to help explain your problem.
Desktop (please complete the following information):
Smartphone (please complete the following information):
Additional context
Add any other context about the problem here.
The text was updated successfully, but these errors were encountered: