[英]PRISMA: Authentication token is invalid: 'Authorization' header not provided
在没有秘密的情况下在我的本地运行 Prisma 运行良好..现在我正在尝试为生产运行它我总是遇到这个错误ERROR: Authentication token is invalid: 'Authorization' header not provided
。 我肯定错过了一些东西,但不知道是什么。 请帮助以下是我的 prisma.yml 和 docker-compose.yml 文件。
# This service is based on the type definitions in the two files
# databasetypes.prisma` and `database/enums.prisma`
datamodel:
- ./packages/routes/index.directives.graphql
- ./packages/routes/index.scalar.graphql
- ./packages/routes/account/index.enum.graphql
- ./packages/routes/account/index.prisma
...
# Generate a Prisma client in JavaScript and store in
# a folder called `generated/prisma-client`.
# It also downloads the Prisma GraphQL schema and stores it
# in `generated/prisma.graphql`.
generate:
- generator: javascript-client
output: ./prisma
# The endpoint represents the HTTP endpoint for your Prisma API.
# It encodes several pieces of information:
# * Prisma server (`localhost:4466` in this example)
# * Service name (`myservice` in this example)
# * Stage (`dev` in this example)
# NOTE: When service name and stage are set to `default`, they
# can be omitted.
# Meaning http://myserver.com/default/default can be written
# as http://myserver.com.
endpoint: 'http://127.0.0.1:4466/soul/dev'
# The secret is used to create JSON web tokens (JWTs). These
# tokens need to be attached in the `Authorization` header
# of HTTP requests made against the Prisma endpoint.
# WARNING: If the secret is not provided, the Prisma API can
# be accessed without authentication!
secret: ${env:SECRET}
version: '3'
services:
server:
container_name: soul
restart: always
build: .
command: 'npm run dev'
links:
- redis
- prisma
env_file:
- ./.env
volumes:
- .:/node/soul/
working_dir: /node/soul/
ports:
- '3000:3000'
redis:
container_name: "redisserver"
image: redis:latest
restart: always
command: ["redis-server", "--bind", "redis", "--port", "6379"]
prisma:
image: prismagraphql/prisma:1.34
restart: always
ports:
- '4466:4466'
environment:
PRISMA_CONFIG: |
managementApiSecret: ${SECRET}
port: 4466
databases:
default:
connector: mysql
host: mysql
port: 3306
user: root
password: ******
mysql:
image: mysql:5.7
restart: always
environment:
MYSQL_ROOT_PASSWORD: ******
volumes:
- mysql:/var/lib/mysql
volumes:
mysql: ~
看起来您正在使用 API 管理机密,而您应该在其中使用服务机密。
根据 Prisma 文档,Service Secret 和 API Management Secret 是两个不同的东西。
对于 Prisma v1.34,您可以在此处了解差异: https://v1.prisma.io/docs/1.34/prisma-server/authentication-and-security-kke4/#prisma-server
从该页面引用:
Prisma 服务器为一个或多个 Prisma 服务提供运行时环境。 要在 Prisma 服务器上创建、删除和修改 Prisma 服务,需要使用 Management API。 部署 Prisma 服务器时,Management API 受到 Docker Compose 文件中指定的 Management API 机密的保护。 在这里了解更多。
Prisma 服务通过在您的 prisma.yml 中指定的服务秘密来保护。 Prisma 服务通常提供与特定数据模型相关的应用程序数据。 在这里了解更多。
const db = new Prisma({
typeDefs: 'src/generated/prisma.graphql',
endpoint: process.env.PRISMA_ENDPOINT,
secret: <YOUR_PRISMA_SERVICE_SECRET>, // Note: This must match what is in your prisma.yml
});
# prisma.yml
endpoint: ${env:PRISMA_ENDPOINT}
datamodel: mydatamodel.graphql
secret: <YOUR_PRISMA_SERVICE_SECRET>
在他们的 Prisma 1.34 文档中,Prsima 建议使用环境变量将秘密获取到 prisma.yml 文件中。 存在与此相关的风险,但这就是他们的文档中的内容。
请参阅: https://v1.prisma.io/docs/1.34/prisma-cli-and-configuration/prisma-yml-5cy7/#environment-variable
从该页面引用:
在以下示例中,引用了一个环境变量来确定 Prisma 服务密码:
# prisma.yml (as per the docs in the above link)
secret: ${env:PRISMA_SECRET}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.