I am using symfony and fosuserbundle. my login fails at "login_check". I have tried re writting my security.yaml
security:
access_denied_url: /login
encoders:
FOS\UserBundle\Model\UserInterface: bcrypt
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: ROLE_ADMIN
ROLE_BROKER: ROLE_BROKER
providers:
fos_userbundle:
id: fos_user.user_provider.username
firewalls:
main:
pattern: ^/
form_login:
provider: fos_userbundle
csrf_token_generator: security.csrf.token_manager
login_path: /login
check_path: /login_check
always_use_default_target_path: true
default_target_path: /dashboard
use_referer: true
logout: true
anonymous: true
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/apply, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/, role: ROLE_USER }
Here is my screen
Related
After a lot of tries I'm surrendering and asking this
this is my serverless.yml
console: true
service: notifications
frameworkVersion: '3'
useDotenv: true
plugins:
- serverless-offline
- serverless-dotenv-plugin
- serverless-plugin-typescript
- serverless-middleware
custom:
middleware:
folderName: middleware # defaults to '.middleware'
cleanFolder: false # defaults to 'true'
provider:
name: aws
runtime: nodejs14.x
versionFunctions: false
region: ${opt:region, 'sa-east-1'}
functions:
findAllLeads:
handler: src/server.findAllLeads
events:
- http:
path: leads
method: get
cors: true # <-- CORS!
findLead:
handler: src/server.findLead
middleware:
pre:
- middleware/middleware.myF
events:
- http:
path: leads/{id}
method: get
cors:
origin: "*"
createLead:
handler: src/server.createLead
middleware:
pre:
- middleware/middleware.myF
events:
- http:
path: leads
method: post
cors: true # <-- CORS!
and my project strcucture is something like
middleware/
middleware.ts
src/
servers.ts // with handlers
and my middleware.ts is
// export const middleware = (event: any) => {
// console.log(event.body);
// };
export const myF = (event) => {
// will do some logic if I make it work
console.log(event.body);
};
and ALL im getting is
{"message": "Internal server error"}
as a response and in the logs
Does anyone know how to fix this?
I am using serverless framework to deploy a graphql nodejs package to lambda function.
My current serverless.yml file involves with a POST method for all communication and also another one for playground which looks like below.
functions:
graphql:
handler: handler.server
events:
- http:
path: /
method: post
cors: true
playground:
handler: handler.playground
events:
- http:
path: /
method: get
cors: true
And my handler.ts looks like this.
const { GraphQLServerLambda } = require("graphql-yoga");
const {documentSubmissionMutation} = require('./mutations/documentMutation');
const {signUpMutation, whatever} = require('./mutations/signUpMutation');
const typeDefs = `
type Query {
hello(name: String): String!
},
type Mutation {
signUp(
email: String!
password: String!
): String
sendDocuments(
user_id: String!
documents: String!
): String!
}
`
const resolvers = {
Query : {
hello : whatever
},
Mutation: {
sendDocuments: documentSubmissionMutation,
signUp: signUpMutation,
}
}
const lambda = new GraphQLServerLambda({
typeDefs,
resolvers
});
exports.server = lambda.graphqlHandler;
exports.playground = lambda.playgroundHandler;
What I would like to do now is have 3 different paths.
1 for secure and 1 for public and 1 for admin.
So basically the URL would be something like.
localhost/public localhost/secre localhost/admin
The secure path will use aws cognito pool to identify the API user api and and the other one would be open. The admin will use another aws cognito admin pool.
So first what I did was add it like this for a secure one.
const lambda = new GraphQLServerLambda({
typeDefs,
resolvers,
context: req => ({ ...req })
});
const lambdaSecure = new GraphQLServerLambda({
typeDefsSecure,
resolversSecure,
context: req => ({ ...req })
});
exports.server = lambda.graphqlHandler;
exports.playground = lambda.playgroundHandler;
exports.serverSecure = lambdaSecure.graphqlHandler;
exports.playgroundSecure = lambdaSecure.playgroundHandler;
Then in my serverless.yml file tried to put it like this.
functions:
graphql:
handler: handler.server
events:
- http:
path: /
method: post
cors: true
graphql:
handler: handler.serverSecure
events:
- http:
path: /
method: post
cors: true
playground:
handler: handler.playground
events:
- http:
path: /
method: get
cors: true
playground:
handler: handler.playgroundSecure
events:
- http:
path: /
method: get
cors: true
It din't work and threw an error
duplicated mapping key in "/Users/nihit/Desktop/serverless/cvtre/serverless.yml" at line 50, column -135:
graphql:
I tried it in different ways but I am not really sure which one is the right way to get two different URL paths.
The problem appears to be in your serverless.yml. In particular in the functions specification. The combination of path and method as well as the function name must be unique for each function.
So, the serverless.yml should look like:
functions:
graphqlServer:
handler: handler.server
events:
- http:
path: server/public
method: post
cors: true
graphqlServerSecure:
handler: handler.serverSecure
events:
- http:
path: server/secure
method: post
cors: true
playground:
handler: handler.playground
events:
- http:
path: playground/public
method: get
cors: true
playgroundSecure:
handler: handler.playgroundSecure
events:
- http:
path: playground/secure
method: get
cors: true
So I'm trying to run a lambda on amazon and narrowed down the error finally by testing the lambda in amazons testing console.
The error I got is this.
{
"errorMessage": "Please install mysql2 package manually",
"errorType": "Error",
"stackTrace": [
"new MysqlDialect (/var/task/node_modules/sequelize/lib/dialects/mysql/index.js:14:30)",
"new Sequelize (/var/task/node_modules/sequelize/lib/sequelize.js:234:20)",
"Object.exports.getSequelizeConnection (/var/task/src/twilio/twilio.js:858:20)",
"Object.<anonymous> (/var/task/src/twilio/twilio.js:679:25)",
"__webpack_require__ (/var/task/src/twilio/twilio.js:20:30)",
"/var/task/src/twilio/twilio.js:63:18",
"Object.<anonymous> (/var/task/src/twilio/twilio.js:66:10)",
"Module._compile (module.js:570:32)",
"Object.Module._extensions..js (module.js:579:10)",
"Module.load (module.js:487:32)",
"tryModuleLoad (module.js:446:12)",
"Function.Module._load (module.js:438:3)",
"Module.require (module.js:497:17)",
"require (internal/module.js:20:19)"
]
}
Easy enough, so I have to install mysql2. So I added it to my package.json file.
{
"name": "test-api",
"version": "1.0.0",
"description": "",
"main": "handler.js",
"scripts": {
"test": "echo \"Error: no test specified\" && exit 0"
},
"keywords": [],
"author": "",
"license": "ISC",
"devDependencies": {
"aws-sdk": "^2.153.0",
"babel-core": "^6.26.0",
"babel-loader": "^7.1.2",
"babel-plugin-transform-runtime": "^6.23.0",
"babel-preset-es2015": "^6.24.1",
"babel-preset-stage-3": "^6.24.1",
"serverless-domain-manager": "^1.1.20",
"serverless-dynamodb-autoscaling": "^0.6.2",
"serverless-webpack": "^4.0.0",
"webpack": "^3.8.1",
"webpack-node-externals": "^1.6.0"
},
"dependencies": {
"babel-runtime": "^6.26.0",
"mailgun-js": "^0.13.1",
"minimist": "^1.2.0",
"mysql": "^2.15.0",
"mysql2": "^1.5.1",
"qs": "^6.5.1",
"sequelize": "^4.31.2",
"serverless": "^1.26.0",
"serverless-plugin-scripts": "^1.0.2",
"twilio": "^3.10.0",
"uuid": "^3.1.0"
}
}
I noticed when I do sls deploy however, it seems to only be packaging some of the modules?
Serverless: Package lock found - Using locked versions
Serverless: Packing external modules: babel-runtime#^6.26.0, twilio#^3.10.0, qs#^6.5.1, mailgun-js#^0.13.1, sequelize#^4.31.2, minimi
st#^1.2.0, uuid#^3.1.0
Serverless: Packaging service...
Serverless: Uploading CloudFormation file to S3...
Serverless: Uploading artifacts...
Serverless: Validating template...
Serverless: Updating Stack...
Serverless: Checking Stack update progress...
................................
Serverless: Stack update finished...
I think this is why it's not working. In short, how do I get mysql2 library to be packaged correctly with serverless so my lambda function will work with the sequelize library?
Please note that when I test locally my code works fine.
My serverless file is below
service: testapi
# Use serverless-webpack plugin to transpile ES6/ES7
plugins:
- serverless-webpack
- serverless-plugin-scripts
# - serverless-domain-manager
custom:
#Define the Stage or default to Staging.
stage: ${opt:stage, self:provider.stage}
webpackIncludeModules: true
#Define Databases Here
databaseName: "${self:service}-${self:custom.stage}"
#Define Bucket Names Here
uploadBucket: "${self:service}-uploads-${self:custom.stage}"
#Custom Script setup
scripts:
hooks:
#Script below will run schema changes to the database as neccesary and update according to stage.
'deploy:finalize': node database-schema-update.js --stage ${self:custom.stage}
#Domain Setup
# customDomain:
# basePath: "/"
# domainName: "api-${self:custom.stage}.test.com"
# stage: "${self:custom.stage}"
# certificateName: "*.test.com"
# createRoute53Record: true
provider:
name: aws
runtime: nodejs6.10
stage: staging
region: us-east-1
environment:
DOMAIN_NAME: "api-${self:custom.stage}.test.com"
DATABASE_NAME: ${self:custom.databaseName}
DATABASE_USERNAME: ${env:RDS_USERNAME}
DATABASE_PASSWORD: ${env:RDS_PASSWORD}
UPLOAD_BUCKET: ${self:custom.uploadBucket}
TWILIO_ACCOUNT_SID: ""
TWILIO_AUTH_TOKEN: ""
USER_POOL_ID: ""
APP_CLIENT_ID: ""
REGION: "us-east-1"
IDENTITY_POOL_ID: ""
RACKSPACE_API_KEY: ""
#Below controls permissions for lambda functions.
iamRoleStatements:
- Effect: Allow
Action:
- dynamodb:DescribeTable
- dynamodb:UpdateTable
- dynamodb:Query
- dynamodb:Scan
- dynamodb:GetItem
- dynamodb:PutItem
- dynamodb:UpdateItem
- dynamodb:DeleteItem
Resource: "arn:aws:dynamodb:us-east-1:*:*"
functions:
create_visit:
handler: src/visits/create.main
events:
- http:
path: visits
method: post
cors: true
authorizer: aws_iam
get_visit:
handler: src/visits/get.main
events:
- http:
path: visits/{id}
method: get
cors: true
authorizer: aws_iam
list_visit:
handler: src/visits/list.main
events:
- http:
path: visits
method: get
cors: true
authorizer: aws_iam
update_visit:
handler: src/visits/update.main
events:
- http:
path: visits/{id}
method: put
cors: true
authorizer: aws_iam
delete_visit:
handler: src/visits/delete.main
events:
- http:
path: visits/{id}
method: delete
cors: true
authorizer: aws_iam
twilio_send_text_message:
handler: src/twilio/twilio.send_text_message
events:
- http:
path: twilio/sendtextmessage
method: post
cors: true
authorizer: aws_iam
#This function handles incoming calls and where to route it to.
twilio_incoming_call:
handler: src/twilio/twilio.incoming_calls
events:
- http:
path: twilio/calls
method: post
twilio_failure:
handler: src/twilio/twilio.twilio_failure
events:
- http:
path: twilio/failure
method: post
twilio_statuschange:
handler: src/twilio/twilio.statuschange
events:
- http:
path: twilio/statuschange
method: post
twilio_incoming_message:
handler: src/twilio/twilio.incoming_message
events:
- http:
path: twilio/messages
method: post
twilio_whisper:
handler: src/twilio/twilio.whisper
events:
- http:
path: twilio/whisper
method: post
- http:
path: twilio/whisper
method: get
twilio_start_call:
handler: src/twilio/twilio.start_call
events:
- http:
path: twilio/startcall
method: post
- http:
path: twilio/startcall
method: get
resources:
Resources:
uploadBucket:
Type: AWS::S3::Bucket
Properties:
BucketName: ${self:custom.uploadBucket}
RDSDatabase:
Type: AWS::RDS::DBInstance
Properties:
Engine : mysql
MasterUsername: ${env:RDS_USERNAME}
MasterUserPassword: ${env:RDS_PASSWORD}
DBInstanceClass : db.t2.micro
AllocatedStorage: '5'
PubliclyAccessible: true
#TODO: The Value of Stage is also available as a TAG automatically which I may use to replace this manually being put here..
Tags:
-
Key: "Name"
Value: ${self:custom.databaseName}
DeletionPolicy: Snapshot
DNSRecordSet:
Type: AWS::Route53::RecordSet
Properties:
HostedZoneName: test.com.
Name: database-${self:custom.stage}.test.com
Type: CNAME
TTL: '300'
ResourceRecords:
- {"Fn::GetAtt": ["RDSDatabase","Endpoint.Address"]}
DependsOn: RDSDatabase
UPDATE:: So I confirmed that running sls package --stage dev seems to create this in the zip folder that would eventually upload to AWS. This confirms that serverless is not creating the package correctly with the mysql2 reference for some reason? Why is this?
webpack config file as requested
const slsw = require("serverless-webpack");
const nodeExternals = require("webpack-node-externals");
module.exports = {
entry: slsw.lib.entries,
target: "node",
// Since 'aws-sdk' is not compatible with webpack,
// we exclude all node dependencies
externals: [nodeExternals()],
// Run babel on all .js files and skip those in node_modules
module: {
rules: [
{
test: /\.js$/,
loader: "babel-loader",
include: __dirname,
exclude: /node_modules/
}
]
}
};
Thanks to dashmugs comment after some investigation on this page (https://github.com/serverless-heaven/serverless-webpack), there is a section on Forced Inclusion. I'll paraphrase it here.
Forced inclusion Sometimes it might happen that you use dynamic
requires in your code, i.e. you require modules that are only known at
runtime. Webpack is not able to detect such externals and the compiled
package will miss the needed dependencies. In such cases you can force
the plugin to include certain modules by setting them in the
forceInclude array property. However the module must appear in your
service's production dependencies in package.json.
# serverless.yml
custom:
webpackIncludeModules:
forceInclude:
- module1
- module2
So I simply did this...
webpackIncludeModules:
forceInclude:
- mysql
- mysql2
Now it works! Hope this helps someone else with the same issue.
None of the previous helped me, I used this solution: https://github.com/sequelize/sequelize/issues/9489#issuecomment-493304014
The trick is to use dialectModule property and override sequelize.
import Sequelize from 'sequelize';
import mysql2 from 'mysql2'; // Needed to fix sequelize issues with WebPack
const sequelize = new Sequelize(
process.env.DB_NAME,
process.env.DB_USER,
process.env.DB_PASSWORD,
{
dialect: 'mysql',
dialectModule: mysql2, // Needed to fix sequelize issues with WebPack
host: process.env.DB_HOST,
port: process.env.DB_PORT
}
)
export async function connectToDatabase() {
console.log('Trying to connect via sequelize')
await sequelize.sync()
await sequelize.authenticate()
console.log('=> Created a new connection.')
// Do something
}
The previous so far works on MySql but is not working with Postgres
I need help to configure the access control part of my symfony website.
I want the access for everyone for :
/ : the homepage
/login : the login page
/login_check : the check login page for FOSUserBundle
/register : the register page of FOSUserBundle
/resetting/request : the resetting password page of FOSUserBundle
And I want the user authenticated for all the rest, for example : /abc, /xxx, /yy/xx ...etc
I put this in security.yml, but it don't work, the user have full access to all in all case :
access_control:
- { path: /_wdt/.*, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: /_profiler/.*, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: /login, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: /login_check, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: /resetting/request, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: /register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: /, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: /*, role: IS_AUTHENTICATED_FULLY }
What's the problem ?
Thanks ;)
Strange using of acls. acl regex is much more simpler. ^ marks the beginning of the url. $ marks the end of the matching url. if no $ is present, all after the "regex" matches. no asterisk at all. Oh, and login_check should be secured
access_control:
- { path: ^/$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/_wdt, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/_profiler, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/, role: IS_AUTHENTICATED_FULLY }
the problem is that you're missing a period in the last line:
- { path: /*, role: IS_AUTHENTICATED_FULLY }
^^^^^
/* means zero or more slashes (/) .. .it should be /.* to indicate anything followed by a slash
Correct entry should be something like:
- { path: /.*, role: IS_AUTHENTICATED_FULLY }
I'm uasing symfony2 and FOSUserBundle.
I have one firewall for login, one for assets and a main one catching everything.
Still i get the "no security.context" Exception thrown when a route is not covered by any firewall and you try to access it with "is_granted" (Seen and solved here).
The route is mydomain/de_DE/area where the de_DE part obviously is my {_locale}.
Here's my FOSUserBundle configuration from my config.yml.
firewalls:
login_firewall:
pattern: ^/(de_DE|de_CH)/(login|resetting)$
anonymous: true
form_login:
provider: fos_userbundle
login_path: fos_user_security_login
check_path: fos_user_security_check
csrf_provider: form.csrf_provider
logout:
path: fos_user_security_logout
assets_localeless:
pattern: ^/(compiled|web|js|css|_wdt|_profiler)/$
anonymous: true
main:
pattern: ^/$
anonymous: false
form_login:
provider: fos_userbundle
login_path: fos_user_security_login
check_path: fos_user_security_check
csrf_provider: form.csrf_provider
logout:
path: fos_user_security_logout
access_control:
- { path: ^/(compiled|web|js|css|_wdt|_profiler)$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/(de_DE|de_CH)/(login|resetting)$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/(de_DE|de_CH)/(my-admin|admin), role: ROLE_ADMIN }
- { path: ^/(de_DE|de_CH)/$, role: ROLE_USER }
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: ROLE_ADMIN
EDIT / SOLUTION: My Problem was teh RegEx. I had a misunderstanding with the tutorial on that one.
So the Pattern is in plain RegEx, which is why my firewalls all didn't work (see answer).
The new setting is this:
firewalls:
main:
pattern: .
anonymous: true
form_login:
provider: fos_userbundle
login_path: fos_user_security_login
check_path: fos_user_security_check
csrf_provider: form.csrf_provider
logout:
path: fos_user_security_logout
access_control:
- { path: '^/(compiled|web|js|css|_wdt|_profiler)([\w\d/_-]{0,})', role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: '^/([\w]{0,})/(login|resetting|sale|imprint|contact)([\w\d/_-]{0,})', role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: '^/([\w]{0,})/(my-admin|admin)([\w\d/_-]{0,})', role: ROLE_ADMIN }
- { path: '^/([\w]{0,})/([\w\d/_-]{0,})', role: IS_AUTHENTICATED_FULLY }
There is no firewall for mydomain/de_DE/area configured ... that's why you have no security.context for that route.
$ means end in a regex. That's why..
- { path: ^/(de_DE|de_CH)/$, role: ROLE_USER }
... will only match exactly ...
yourdomain/de_DE/
yourdomain/de_CH/
... and no other route.