quivr [Bug]:管理Supabase问题

wfsdck30  于 2个月前  发布在  其他
关注(0)|答案(1)|浏览(41)

发生了什么?
本地的Supabase Docker运行良好。然而,在推送所有迁移并填充Supabase管理的服务后,我发现了三个问题。
首先,所有的外部表——客户、产品和订阅——都抛出相同的错误。

其次,我可以登录,但在登陆主页时,遇到了一些权限问题,全部源于后端核心。

第三,我发现了特定的缺失权限。

有什么办法可以解决这些问题吗?

相关的日志输出

worker        | [2024-06-14 19:44:00,287: ERROR/ForkPoolWorker-2] Task check_if_is_premium_user[f650d8b3-6e0c-4e14-a758-25648f02b519] raised unexpected: UnpickleableExceptionWrapper('postgrest.exceptions', 'APIError', ("{'code': '42501', 'details': None, 'hint': None, 'message': 'permission denied for foreign table subscriptions'}",), 'Error 42501:\nMessage: permission denied for foreign table subscriptions')
worker        | Traceback (most recent call last):
worker        |   File "/usr/local/lib/python3.11/site-packages/celery/app/trace.py", line 453, in trace_task
worker        |     R = retval = fun(*args, **kwargs)
worker        |                  ^^^^^^^^^^^^^^^^^^^^
worker        |   File "/usr/local/lib/python3.11/site-packages/celery/app/trace.py", line 736, in __protected_call__
worker        |     return self.run(*args, **kwargs)
worker        |            ^^^^^^^^^^^^^^^^^^^^^^^^^
worker        |   File "/code/celery_worker.py", line 200, in check_if_is_premium_user
worker        |     .execute()
worker        |      ^^^^^^^^^
worker        |   File "/usr/local/lib/python3.11/site-packages/postgrest/_sync/request_builder.py", line 78, in execute
worker        |     raise APIError(r.json())
worker        | celery.utils.serialization.UnpickleableExceptionWrapper: Error 42501:
worker        | Message: permission denied for foreign table subscriptions
backend-core  | INFO:     172.21.0.1:63026 - "GET /chat HTTP/1.1" 401 Unauthorized
backend-core  | INFO:     172.21.0.1:63024 - "GET /user/identity HTTP/1.1" 401 Unauthorized
backend-core  | INFO:     172.21.0.1:63022 - "GET /onboarding HTTP/1.1" 401 Unauthorized
backend-core  | INFO:     172.21.0.1:63034 - "GET /brains/ HTTP/1.1" 401 Unauthorized
backend-core  | INFO:     172.21.0.1:63040 - "GET /brains/ HTTP/1.1" 401 Unauthorized
backend-core  | INFO:     172.21.0.1:63028 - "GET /user HTTP/1.1" 401 Unauthorized
backend-core  | INFO:     172.21.0.1:63026 - "OPTIONS /user/credits HTTP/1.1" 200 OK
backend-core  | INFO:     172.21.0.1:63022 - "GET /chat HTTP/1.1" 401 Unauthorized
backend-core  | INFO:     172.21.0.1:63024 - "GET /user/identity HTTP/1.1" 401 Unauthorized
backend-core  | INFO:     172.21.0.1:63040 - "GET /brains/ HTTP/1.1" 401 Unauthorized
backend-core  | INFO:     172.21.0.1:63026 - "GET /user/credits HTTP/1.1" 401 Unauthorized
backend-core  | INFO:     172.21.0.1:63034 - "GET /onboarding HTTP/1.1" 401 Unauthorized
backend-core  | INFO:     172.21.0.1:63028 - "GET /user HTTP/1.1" 401 Unauthorized
backend-core  | INFO:     172.21.0.1:63024 - "GET /onboarding HTTP/1.1" 401 Unauthorized
backend-core  | INFO:     172.21.0.1:63026 - "GET /user HTTP/1.1" 401 Unauthorized
backend-core  | INFO:     172.21.0.1:63028 - "GET /user/identity HTTP/1.1" 401 Unauthorized

Twitter/LinkedIn详细信息

  • 无响应*
quivr

1条答案

按热度按时间
rekjcdws

rekjcdws1#

嘿,@aarmandas!我在这里帮助你解决任何bug、问题或贡献。在我们等待人工维护者时,让我们一起解决这个问题。
要解决你在托管的Supabase服务中遇到的问题,你可以按照以下步骤操作:

  • 外键表错误:
  • 确保为外键表授予必要的权限。错误消息表明 wrappers_fdw_stats 表的权限被拒绝。你需要为访问这些表的角色授予适当的权限。
GRANT SELECT, INSERT, UPDATE, DELETE ON FOREIGN TABLE public.customers TO anon;
GRANT SELECT, INSERT, UPDATE, DELETE ON FOREIGN TABLE public.customers TO authenticated;
GRANT SELECT, INSERT, UPDATE, DELETE ON FOREIGN TABLE public.customers TO service_role;

GRANT SELECT, INSERT, UPDATE, DELETE ON FOREIGN TABLE public.products TO anon;
GRANT SELECT, INSERT, UPDATE, DELETE ON FOREIGN TABLE public.products TO authenticated;
GRANT SELECT, INSERT, UPDATE, DELETE ON FOREIGN TABLE public.products TO service_role;

GRANT SELECT, INSERT, UPDATE, DELETE ON FOREIGN TABLE public.subscriptions TO anon;
GRANT SELECT, INSERT, UPDATE, DELETE ON FOREIGN TABLE public.subscriptions TO authenticated;
GRANT SELECT, INSERT, UPDATE, DELETE ON FOREIGN TABLE public.subscriptions TO service_role;
  • 主页权限问题:
  • 401 Unauthorized 错误表明认证令牌或API密钥要么缺失,要么无效。确保在请求中正确传递令牌,并确保它们是有效的。
  • backend-core 服务中的 AuthBearer 类负责处理认证。它检查令牌方案并验证令牌或API密钥。请确保令牌以“Bearer”令牌格式正确且有效。
def check_scheme(self, credentials):
    if credentials and credentials.scheme != "Bearer":
        raise HTTPException(status_code=401, detail="Token must be Bearer")
    elif not credentials:
        raise HTTPException(
            status_code=403, detail="Authentication credentials missing"
        )

async def authenticate(
    self,
    token: str,
) -> UserIdentity:
    if os.environ.get("AUTHENTICATE") == "false":
        return self.get_test_user()
    elif verify_token(token):
        return decode_access_token(token)
    elif await api_key_service.verify_api_key(
        token,
    ):
        return await api_key_service.get_user_from_api_key(
            token,
        )
    else:
        raise HTTPException(status_code=401, detail="Invalid token or api key.")
  • 特定缺失的权限:
  • 错误 permission denied for foreign table subscriptions 表示 subscriptions 表没有授予必要的权限。请确保权限如第一步所示正确设置。

通过验证外键约束并确保正确授予权限,你应该能够解决托管Supabase 1(https://github.com/QuivrHQ/quivr/blob/main/backend/supabase/migrations/20240103173626_init.sql)2(https://github.com/QuivrHQ/quivr/blob/main/backend/middlewares/auth/auth_bearer.py)的问题。

  • 要继续与 Dosu 交谈,请提及 @dosu。
赞(0)分享  回复(0)举报  2个月前
我来回答

相关问题

    查看更多

    热门标签

    更多
    JavaquerypythonNode开发语言requestUtil数据库Table后端算法LoggerMessageElementParser

    最新问答

    更多
    • 蜀ICP备2022004421号-2 NULL123 https://www.null123.com © All rights reserved
    • 本站内容来源互联网,如果侵犯您的权益请联系我们删除, 联系方式:448109455@qq.com