symfony/mercure

Authorization does not seems to be working with LcobucciFactory

zspine opened this issue ยท 4 comments

zspine commented

Everything works fine with anonymous mode enabled, with private mode I am getting a strange authorization error from mercure hub. ' cannot unmarshal number 1689617856.599472 into Go struct field claims.exp of type int64 '

# config/packages/mercure.yaml
mercure:
    enable_profiler: '%kernel.debug%'
    hubs:
        default:
            url: '%env(MERCURE_URL)%'
            public_url: '%env(MERCURE_PUBLIC_URL)%'
            jwt:
                secret: '%env(MERCURE_JWT_SECRET)%'
<?php

namespace App\Controller;

use App\Mercure\Authorization;
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
use Symfony\Component\HttpFoundation\Cookie;
use Symfony\Component\HttpFoundation\JsonResponse;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\Mercure\Discovery;
use Symfony\Component\Routing\Annotation\Route;

class DiscoverController extends AbstractController
{
    /**
     * @Route("/discover/publish")
     */
    public function publish(Request $request, Discovery $discovery, Authorization $authorization): Response
    {
        $discovery->addLink($request);

        $response = new JsonResponse([
            '@id' => '/greetings/6',
            'availability' => 'https://schema.org/InStock'
        ]);

        $response->headers->setCookie(
            $authorization->createCookie($request,  ["https://localhost/greetings/6"])
        );

        return $response;
    }
}

Caddy config

        mercure {
            transport_url {$MERCURE_TRANSPORT_URL:bolt:///data/mercure.db}
            publisher_jwt {env.MERCURE_PUBLISHER_JWT_KEY} {env.MERCURE_PUBLISHER_JWT_ALG}
            subscriber_jwt {env.MERCURE_SUBSCRIBER_JWT_KEY} {env.MERCURE_SUBSCRIBER_JWT_ALG}
            subscriptions
            {$MERCURE_EXTRA_DIRECTIVES}
        }

Caddy log (api platform docker)

{
  "level": "info",
  "ts": 1626545861.1293569,
  "logger": "http.handlers.mercure",
  "msg": "Subscriber unauthorized",
  "subscriber": {
    "id": "urn:uuid:a4b84639-dac8-4f0f-9970-cdfa93d8affb",
    "last_event_id": "",
    "remote_addr": "172.20.0.1:36244"
  },
  "error": "unable to parse JWT: json: cannot unmarshal number 1689617856.599472 into Go struct field claims.exp of type int64"
}
dunglas commented

Are you using the latest version of the Mercure hub? It should fix the problem.

  • ๐Ÿ‘1
zspine commented

Thank you very much for the quick response :) . It seems I am running the v11 and I just tried to upgrade with docker and I am getting the following error:

FROM caddy:${CADDY_VERSION}-builder-alpine AS api_platform_caddy_builder

RUN xcaddy build \
    --with github.com/dunglas/mercure/caddy \
    --with github.com/dunglas/vulcain/caddy

FROM caddy:${CADDY_VERSION} AS api_platform_caddy

WORKDIR /srv/api

COPY --from=dunglas/mercure:v0.12 /srv/public /srv/mercure-assets/
COPY --from=api_platform_caddy_builder /usr/bin/caddy /usr/bin/caddy
COPY --from=api_platform_php /srv/api/public public/
COPY docker/caddy/Caddyfile /etc/caddy/Caddyfile

ERROR: Service 'caddy' failed to build: COPY failed: stat srv/public: file does not exist

also tried the following:

FROM caddy:${CADDY_VERSION}-builder-alpine AS api_platform_caddy_builder

RUN xcaddy build \
	--with github.com/dunglas/mercure \
	--with github.com/dunglas/mercure/caddy \
	--with github.com/dunglas/vulcain \
	--with github.com/dunglas/vulcain/caddy

FROM caddy:${CADDY_VERSION} AS api_platform_caddy

WORKDIR /srv/api

COPY --from=dunglas/mercure:v0.12 /srv/public /srv/mercure-assets/
COPY --from=api_platform_caddy_builder /usr/bin/caddy /usr/bin/caddy
COPY --from=api_platform_php /srv/api/public public/
COPY docker/caddy/Caddyfile /etc/caddy/Caddyfile
go: downloading github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7
go: downloading github.com/alecthomas/repr v0.0.0-20180818092828-117648cd9897
go: downloading github.com/jmespath/go-jmespath v0.3.0
2021/07/17 20:25:33 [INFO] exec (timeout=0s): /usr/local/go/bin/go build -o /usr/bin/caddy -ldflags -w -s -trimpath 
/go/pkg/mod/github.com/dunglas/mercure@v0.12.0/demo.go:4:2: package embed is not in GOROOT (/usr/local/go/src/embed)
/go/pkg/mod/github.com/dunglas/mercure@v0.12.0/handler.go:7:2: package io/fs is not in GOROOT (/usr/local/go/src/io/fs)
2021/07/17 20:25:38 [INFO] Skipping cleanup as requested; leaving folder intact: /tmp/buildenv_2021-07-17-2023.870195854
2021/07/17 20:25:38 [FATAL] exit status 1
ERROR: Service 'caddy' failed to build: The command '/bin/sh -c xcaddy build    --with github.com/dunglas/mercure       --with github.com/dunglas/mercure/caddy     --with github.com/dunglas/vulcain/caddy' returned a non-zero code: 1
dunglas commented

I need to upgrade the Dockerfile of API Platform.
The line COPY --from=api_platform_php /srv/api/public public/ is now useless and must be deleted.

  • ๐Ÿ‘1
zspine commented

Thank you very much for the quick update.... it seems to be working now, no more 'cannot unmarshal number' error! I am still getting the 'Unauthorized' error but it must be something to do with my configuration.

Cheers

  • ๐ŸŽ‰1