Resgate not only push notic realtime

zerotn3 · May 28, 2019, 7:10am

Hi Supporter,

Im working with Resgate and Nats. I already finished with example and working with my project. However, I have big issue with realtime push notify. After push first notify and client can received mess, but then, maybe, after 50 seconds. Clien show error, {code: “system.accessDenied”, message: “Access denied”}. From server log: msg {“token”:null,“cid”:“bjmavsjbb0tu85mem3k0”}.

Im researching about issue, maybe relate to timeout or expire token resgate. Please help me about issue.

Thank you

Jirenius · May 28, 2019, 6:12am

Welcome to the forum!

The problem is not about an expired token. You can only get system.accessDenied when subscribing to a resource, not 50 seconds after you started to subscribe.
Tokens only expires on disconnect, or when replaced with another token.

Maybe the problem it is in your service?
Can you post the server log here? Remember to remove sensitive data, such as e-mails and passwords. Then I can help you better.

Are you using ResClient?
If you get a resource, and you stop listen for events ( e.g. model.off("change", callback) ), ResClient will automatically unsubscribe after 5 seconds.

zerotn3 · May 28, 2019, 7:18am

yes, you right, i get message when subscribing to a resource. I mean after 50 seconds or more. some reason I don’t know, i get log: code: “system.accessDenied”, message: “Access denied”…
-> I will post short code below, pls help me check. Thank
-> Client:

try {
    const token = localStorage.getItem(ACCESS_TOKEN_KEY);
    const logged = await client.authenticate(
        `${VUE_APP_CHANNEL}.${VUE_APP_EMAIL_MODEL}`,
        'login',
        {
            token
        }
    );
    if (logged.isLogged) {
        client
            .get(
               `${VUE_APP_CHANNEL}.${VUE_APP_EMAIL_MODEL}.${VUE_APP_PUSH_METHOD}`
            )
            .then((model: any) => {
                const onChange = () => {
                    console.log(`begin test....`);
                    const { message, eventPushCompleted, data, error } = model;
                    if (eventPushCompleted && data) {
                    EventBus.$emit('onNotify');
                    } else {
                    console.log('error', error);
                    }
                };
                // Always listen
                model.on('change', onChange);
            })
            .catch(err => {
               throw err;
            });
    }
} catch (error) {
    throw error;
}
``

zerotn3 · May 28, 2019, 7:04am

=============
-> Server : 
/**
   * Register model
   * @param channel channel name
   * @param model model name
   * @param method method name
   */
  @Method
  registerListener(channel: string, model: string, method: string) {
    nats.subscribe(`get.${channel}.${model}.${method}`, (msg: string, reply: string) => {
      console.log('registerListener', msg);
      nats.publish(reply, JSON.stringify({ result: { model: { message: `Model: ${model} register completed!` } } }));
    });
  }

  @Action()
  pushEventChange(ctx: Context) {
    const { channel, model, method, message } = ctx.params;
    nats.publish(
      `event.${channel}.${model}.${method}.change`,
      JSON.stringify({
        values: message,
      }),
    );
  }

  @Method
  authorizeRequest(channel: string, model: string) {
    nats.subscribe(`auth.${channel}.${model}.login`, async (msg: string, reply: string) => {
      const { params, cid } = JSON.parse(msg);
      const checkTokenExistQuery = checkExistedToken(params.token);
      const resultQuery = await knex.schema.raw(checkTokenExistQuery).then((result: any) => {
        return result.rows[0];
      });
      if (params && resultQuery.token && params.token === resultQuery.token) {
        // Set a token
        nats.publish(`conn.${cid}.token`, <any>JSON.stringify({
          token: { loggedIn: true },
        }));
        // Send successful response
        nats.publish(reply, <any>JSON.stringify({
          result: { message: 'Login successfully!', isLogged: true },
        }));
      } else {
        // Send an custom error response
        nats.publish(reply, <any>JSON.stringify({
          error: {
            code: 'system.accessDenied',
            message: 'Invalid request',
          },
        }));
      }
    });
  }

  @Method
  accessControlForModel(channel: string, model: string, method: string, allowedMethods?: string[]) {
    nats.subscribe(`access.${channel}.${model}.${method}`, (msg: string, reply: string, subject: string) => {
      const { token } = JSON.parse(msg);
      // Validate we have logged in
      if (token && token.loggedIn) {
        if (allowedMethods && allowedMethods.length > 0) {
          // Grant access for allowed methods
          nats.publish(reply, <any>JSON.stringify({
            result: { get: true, call: allowedMethods.join(',') },
          }));
        } else {
          // Grant full access
          nats.publish(reply, <any>JSON.stringify({
            result: { get: true, call: '*' },
          }));
        }
      } else {
        // Deny all access except login method
        nats.publish(reply, <any>JSON.stringify({
          result: { get: false },
        }));
      }
    });
  }

Jirenius · May 28, 2019, 7:40am

I have read your code. I don’t see anything obviously wrong in it.
You are using models as a message stream, which is a bit unusual. But it isn’t wrong.

Try running Resgate in debug mode by editing the config:

{
   .
   .
   .
   "debug": true
}

Now Resgate will log all traffic.
If you copy the debug server log, I can probably see why it is giving you an error.

zerotn3 · May 28, 2019, 7:56am

This is logs of Nats server bro !. Please focus where row have token = null. is it issue ?

[1] 2019/05/28 07:51:26.926217 [TRC] 210.245.33.182:56146 - cid:110 - ->> MSG_PAYLOAD: [{“result”:{“get”:false}}]
[1] 2019/05/28 07:51:26.926235 [TRC] 172.17.0.1:59936 - cid:1 - <<- [MSG _INBOX.rm7yHuju08Xh1EY7ZNvVhv 26878 24]
[1] 2019/05/28 07:51:26.926932 [TRC] 172.17.0.1:59936 - cid:1 - ->> [UNSUB 26878 ]
[1] 2019/05/28 07:51:26.926943 [TRC] 172.17.0.1:59936 - cid:1 - <-> [DELSUB 26878]
[1] 2019/05/28 07:51:28.558128 [TRC] 172.17.0.1:59936 - cid:1 - ->> [SUB _INBOX.rm7yHuju08Xh1EY7ZNvVm8 26879]
[1] 2019/05/28 07:51:28.558180 [TRC] 172.17.0.1:59936 - cid:1 - ->> [PUB access.dev.email_model.push _INBOX.rm7yHuju08Xh1EY7ZNvVm8 43]
[1] 2019/05/28 07:51:28.558192 [TRC] 172.17.0.1:59936 - cid:1 - ->> MSG_PAYLOAD: [{“token”:null,“cid”:“bjme9ijbb0tu85mem4d0”}]
[1] 2019/05/28 07:51:28.558201 [TRC] 210.245.33.182:42584 - cid:106 - <<- [MSG access.dev.email_model.push 6 _INBOX.rm7yHuju08Xh1EY7ZNvVm8 43]
[1] 2019/05/28 07:51:28.558206 [TRC] 210.245.33.182:41826 - cid:107 - <<- [MSG access.dev.email_model.push 6 _INBOX.rm7yHuju08Xh1EY7ZNvVm8 43]
[1] 2019/05/28 07:51:28.581156 [TRC] 210.245.33.182:42584 - cid:106 - ->> [PUB _INBOX.rm7yHuju08Xh1EY7ZNvVm8 24]
[1] 2019/05/28 07:51:28.581176 [TRC] 210.245.33.182:42584 - cid:106 - ->> MSG_PAYLOAD: [{“result”:{“get”:false}}]
[1] 2019/05/28 07:51:28.581215 [TRC] 172.17.0.1:59936 - cid:1 - <<- [MSG _INBOX.rm7yHuju08Xh1EY7ZNvVm8 26879 24]
[1] 2019/05/28 07:51:28.581290 [TRC] 210.245.33.182:41826 - cid:107 - ->> [PUB _INBOX.rm7yHuju08Xh1EY7ZNvVm8 24]
[1] 2019/05/28 07:51:28.581296 [TRC] 210.245.33.182:41826 - cid:107 - ->> MSG_PAYLOAD: [{“result”:{“get”:false}}]
[1] 2019/05/28 07:51:28.581302 [TRC] 172.17.0.1:59936 - cid:1 - <<- [MSG _INBOX.rm7yHuju08Xh1EY7ZNvVm8 26879 24]
[1] 2019/05/28 07:51:28.581909 [TRC] 172.17.0.1:59936 - cid:1 - ->> [UNSUB 26879 ]
[1] 2019/05/28 07:51:28.581937 [TRC] 172.17.0.1:59936 - cid:1 - <-> [DELSUB 26879]
[1] 2019/05/28 07:51:29.706619 [TRC] 172.17.0.1:59936 - cid:1 - ->> [SUB _INBOX.rm7yHuju08Xh1EY7ZNvVqL 26880]
[1] 2019/05/28 07:51:29.706652 [TRC] 172.17.0.1:59936 - cid:1 - ->> [PUB access.dev.email_model.push _INBOX.rm7yHuju08Xh1EY7ZNvVqL 43]
[1] 2019/05/28 07:51:29.706673 [TRC] 172.17.0.1:59936 - cid:1 - ->> MSG_PAYLOAD: [{“token”:null,“cid”:“bjmbcd3bb0tu85mem3rg”}]
[1] 2019/05/28 07:51:29.706682 [TRC] 210.245.33.182:42584 - cid:106 - <<- [MSG access.dev.email_model.push 6 _INBOX.rm7yHuju08Xh1EY7ZNvVqL 43]
[1] 2019/05/28 07:51:29.706687 [TRC] 210.245.33.182:41826 - cid:107 - <<- [MSG access.dev.email_model.push 6 _INBOX.rm7yHuju08Xh1EY7ZNvVqL 43]
[1] 2019/05/28 07:51:29.729497 [TRC] 210.245.33.182:41826 - cid:107 - ->> [PUB _INBOX.rm7yHuju08Xh1EY7ZNvVqL 24]
[1] 2019/05/28 07:51:29.729517 [TRC] 210.245.33.182:41826 - cid:107 - ->> MSG_PAYLOAD: [{“result”:{“get”:false}}]
[1] 2019/05/28 07:51:29.729555 [TRC] 172.17.0.1:59936 - cid:1 - <<- [MSG _INBOX.rm7yHuju08Xh1EY7ZNvVqL 26880 24]
[1] 2019/05/28 07:51:29.730138 [TRC] 172.17.0.1:59936 - cid:1 - ->> [UNSUB 26880 ]
[1] 2019/05/28 07:51:29.730150 [TRC] 172.17.0.1:59936 - cid:1 - <-> [DELSUB 26880]
[1] 2019/05/28 07:51:29.826343 [TRC] 172.17.0.1:59936 - cid:1 - ->> [SUB _INBOX.rm7yHuju08Xh1EY7ZNvVuY 26881]
[1] 2019/05/28 07:51:29.826395 [TRC] 172.17.0.1:59936 - cid:1 - ->> [PUB access.localhost.email_model.push _INBOX.rm7yHuju08Xh1EY7ZNvVuY 43]
[1] 2019/05/28 07:51:29.826408 [TRC] 172.17.0.1:59936 - cid:1 - ->> MSG_PAYLOAD: [{“token”:null,“cid”:“bjmbte3bb0tu85mem400”}]
[1] 2019/05/28 07:51:29.826416 [TRC] 210.245.33.182:56146 - cid:110 - <<- [MSG access.localhost.email_model.push 6 _INBOX.rm7yHuju08Xh1EY7ZNvVuY 43]
[1] 2019/05/28 07:51:29.889334 [TRC] 210.245.33.182:56146 - cid:110 - ->> [PUB _INBOX.rm7yHuju08Xh1EY7ZNvVuY 24]
[1] 2019/05/28 07:51:29.889354 [TRC] 210.245.33.182:56146 - cid:110 - ->> MSG_PAYLOAD: [{“result”:{“get”:false}}]
[1] 2019/05/28 07:51:29.889392 [TRC] 172.17.0.1:59936 - cid:1 - <<- [MSG _INBOX.rm7yHuju08Xh1EY7ZNvVuY 26881 24]
[1] 2019/05/28 07:51:29.889999 [TRC] 172.17.0.1:59936 - cid:1 - ->> [UNSUB 26881 ]
[1] 2019/05/28 07:51:29.890010 [TRC] 172.17.0.1:59936 - cid:1 - <-> [DELSUB 26881]
[1] 2019/05/28 07:51:29.950500 [TRC] 210.245.33.182:42584 - cid:106 - ->> [PUB _INBOX.rm7yHuju08Xh1EY7ZNvVqL 24]
[1] 2019/05/28 07:51:29.950519 [TRC] 210.245.33.182:42584 - cid:106 - ->> MSG_PAYLOAD: [{“result”:{“get”:false}}]
[1] 2019/05/28 07:51:30.610386 [TRC] 172.17.0.1:59936 - cid:1 - ->> [SUB _INBOX.rm7yHuju08Xh1EY7ZNvVyl 26882]
[1] 2019/05/28 07:51:30.610420 [TRC] 172.17.0.1:59936 - cid:1 - ->> [PUB access.dev.email_model.push _INBOX.rm7yHuju08Xh1EY7ZNvVyl 43]
[1] 2019/05/28 07:51:30.610453 [TRC] 172.17.0.1:59936 - cid:1 - ->> MSG_PAYLOAD: [{“token”:null,“cid”:“bjme9ijbb0tu85mem4d0”}]
[1] 2019/05/28 07:51:30.610469 [TRC] 210.245.33.182:42584 - cid:106 - <<- [MSG access.dev.email_model.push 6 _INBOX.rm7yHuju08Xh1EY7ZNvVyl 43]
[1] 2019/05/28 07:51:30.610478 [TRC] 210.245.33.182:41826 - cid:107 - <<- [MSG access.dev.email_model.push 6 _INBOX.rm7yHuju08Xh1EY7ZNvVyl 43]
[1] 2019/05/28 07:51:30.633173 [TRC] 210.245.33.182:42584 - cid:106 - ->> [PUB _INBOX.rm7yHuju08Xh1EY7ZNvVyl 24]
[1] 2019/05/28 07:51:30.633191 [TRC] 210.245.33.182:42584 - cid:106 - ->> MSG_PAYLOAD: [{“result”:{“get”:false}}]
[1] 2019/05/28 07:51:30.633230 [TRC] 172.17.0.1:59936 - cid:1 - <<- [MSG _INBOX.rm7yHuju08Xh1EY7ZNvVyl 26882 24]
[1] 2019/05/28 07:51:30.634008 [TRC] 210.245.33.182:41826 - cid:107 - ->> [PUB _INBOX.rm7yHuju08Xh1EY7ZNvVyl 24]
[1] 2019/05/28 07:51:30.634016 [TRC] 210.245.33.182:41826 - cid:107 - ->> MSG_PAYLOAD: [{“result”:{“get”:false}}]
[1] 2019/05/28 07:51:30.634026 [TRC] 172.17.0.1:59936 - cid:1 - <<- [MSG _INBOX.rm7yHuju08Xh1EY7ZNvVyl 26882 24]
[1] 2019/05/28 07:51:30.634208 [TRC] 172.17.0.1:59936 - cid:1 - ->> [UNSUB 26882 ]
[1] 2019/05/28 07:51:30.634217 [TRC] 172.17.0.1:59936 - cid:1 - <-> [DELSUB 26882]

Jirenius · May 28, 2019, 8:06am

token: null means your are not logged in.
It should be:

MSG_PAYLOAD: [{“token”:{"isLogged":true},“cid”:“bjme9ijbb0tu85mem4d0”}]

Your login must have failed. Do you have the NATS log for the login?

zerotn3 · May 28, 2019, 8:19am

I see, you can review my code, i already login and have log :

 {message: "Login successfully!", isLogged: true}

, and subscribe model -> and Client already received mess push from server. In my case, client received first push notic from server => waiting next push ( about 55 second -> 1 minute) => Server reply error <{ “system.accessDenied”, message: “Access denied”}> , and log Nats server: MSG_PAYLOAD: [{“token”:null,“cid”:“bjmbcd3bb0tu85mem3rg”}].

in this case we can’t pass condition in function above : accessControlForModel…that’s mean, i dont know why miss token (token= null) while i still flow connect and subscribe model …

Jirenius · May 28, 2019, 9:01am

The only way a token can be reset to null is by a reconnect (or by explicitly setting it to null).

It is probably because your client reconnects for some reason.
In the client, you should change the login to:

client.setOnConnect(() => client.authenticate(
        `${VUE_APP_CHANNEL}.${VUE_APP_EMAIL_MODEL}`,
        'login',
        {
            token
        }
    ).catch(() => {})
);

This way, the client will reauthenticate whenever it reconnects.

You can see the JWT token example for reference:

github.com

resgateio/resgate/blob/master/examples/jwt-authentication/index.html

<!DOCTYPE html>
<html>
	<head>
		<meta charset="UTF-8" />
		<title>Resgate - JWT Authentication Example</title>
		<script src="https://unpkg.com/resclient@latest/dist/resclient.min.js"></script>
	</head>
	<body>
		<h3>Resgate JWT Authentication Example</h3>
		<p>The client is the same as the Edit Text Example, with the addition of the <i>setOnConnect</i> callback, which makes an attempt of authenticating the client using a jwt token. Without the token, model access will be denied.</p>
		<ul>
			<li><a href="/login">/login</a> - Sets the jwt token cookie</li>
			<li><a href="/logout">/logout</a> - Clears the jwt token cookie</li>
		</ul>
		<p>The model can also be <a href="http://localhost:8080/api/example/model">accessed via REST</a>, if Resgate is configured with:
			<ul><li><pre>"headerAuth": "auth.jwtHeader"</pre></li></ul>
		</p>
		<hr>
		<div id="root"></div>
		<script>

This file has been truncated. show original

zerotn3 · May 28, 2019, 10:20am

Wow, It’s working…
I were flow you as above code and add function client.setOnConnect().

Thank you so much,