[Bug]: Managed Supabase issues

QuivrHQ / quivr

Open-source RAG Framework for building GenAI Second Brains 🧠 Build productivity assistant (RAG) ⚡️🤖 Chat with your docs (PDF, CSV, ...) & apps using Langchain, GPT 3.5 / 4 turbo, Private, Anthropic, VertexAI, Ollama, LLMs, Groq that you can share with users ! Efficient retrieval augmented generation framework

Other

34.06k stars 3.34k forks source link

worker | [2024-06-14 19:44:00,287: ERROR/ForkPoolWorker-2] Task check_if_is_premium_user[f650d8b3-6e0c-4e14-a758-25648f02b519] raised unexpected: UnpickleableExceptionWrapper('postgrest.exceptions', 'APIError', ("{'code': '42501', 'details': None, 'hint': None, 'message': 'permission denied for foreign table subscriptions'}",), 'Error 42501:\nMessage: permission denied for foreign table subscriptions') worker | Traceback (most recent call last): worker | File "/usr/local/lib/python3.11/site-packages/celery/app/trace.py", line 453, in trace_task worker | R = retval = fun(*args, **kwargs) worker | ^^^^^^^^^^^^^^^^^^^^ worker | File "/usr/local/lib/python3.11/site-packages/celery/app/trace.py", line 736, in __protected_call__ worker | return self.run(*args, **kwargs) worker | ^^^^^^^^^^^^^^^^^^^^^^^^^ worker | File "/code/celery_worker.py", line 200, in check_if_is_premium_user worker | .execute() worker | ^^^^^^^^^ worker | File "/usr/local/lib/python3.11/site-packages/postgrest/_sync/request_builder.py", line 78, in execute worker | raise APIError(r.json()) worker | celery.utils.serialization.UnpickleableExceptionWrapper: Error 42501: worker | Message: permission denied for foreign table subscriptions backend-core | INFO: 172.21.0.1:63026 - "GET /chat HTTP/1.1" 401 Unauthorized backend-core | INFO: 172.21.0.1:63024 - "GET /user/identity HTTP/1.1" 401 Unauthorized backend-core | INFO: 172.21.0.1:63022 - "GET /onboarding HTTP/1.1" 401 Unauthorized backend-core | INFO: 172.21.0.1:63034 - "GET /brains/ HTTP/1.1" 401 Unauthorized backend-core | INFO: 172.21.0.1:63040 - "GET /brains/ HTTP/1.1" 401 Unauthorized backend-core | INFO: 172.21.0.1:63028 - "GET /user HTTP/1.1" 401 Unauthorized backend-core | INFO: 172.21.0.1:63026 - "OPTIONS /user/credits HTTP/1.1" 200 OK backend-core | INFO: 172.21.0.1:63022 - "GET /chat HTTP/1.1" 401 Unauthorized backend-core | INFO: 172.21.0.1:63024 - "GET /user/identity HTTP/1.1" 401 Unauthorized backend-core | INFO: 172.21.0.1:63040 - "GET /brains/ HTTP/1.1" 401 Unauthorized backend-core | INFO: 172.21.0.1:63026 - "GET /user/credits HTTP/1.1" 401 Unauthorized backend-core | INFO: 172.21.0.1:63034 - "GET /onboarding HTTP/1.1" 401 Unauthorized backend-core | INFO: 172.21.0.1:63028 - "GET /user HTTP/1.1" 401 Unauthorized backend-core | INFO: 172.21.0.1:63024 - "GET /onboarding HTTP/1.1" 401 Unauthorized backend-core | INFO: 172.21.0.1:63026 - "GET /user HTTP/1.1" 401 Unauthorized backend-core | INFO: 172.21.0.1:63028 - "GET /user/identity HTTP/1.1" 401 Unauthorized

Hey there, @aarmandas! I'm here to help you with any bugs, questions, or contributions you have. Let's tackle this issue together while we wait for a human maintainer.

To address the issues you're encountering with the managed Supabase service, you can follow these steps:

Foreign Tables Errors:

Ensure that the necessary permissions are granted for the foreign tables. The error message indicates a permission denial for the table wrappers_fdw_stats. You need to grant the appropriate permissions to the roles accessing these tables.

GRANT SELECT, INSERT, UPDATE, DELETE ON FOREIGN TABLE public.customers TO anon;
GRANT SELECT, INSERT, UPDATE, DELETE ON FOREIGN TABLE public.customers TO authenticated;
GRANT SELECT, INSERT, UPDATE, DELETE ON FOREIGN TABLE public.customers TO service_role;

GRANT SELECT, INSERT, UPDATE, DELETE ON FOREIGN TABLE public.products TO anon;
GRANT SELECT, INSERT, UPDATE, DELETE ON FOREIGN TABLE public.products TO authenticated;
GRANT SELECT, INSERT, UPDATE, DELETE ON FOREIGN TABLE public.products TO service_role;

GRANT SELECT, INSERT, UPDATE, DELETE ON FOREIGN TABLE public.subscriptions TO anon;
GRANT SELECT, INSERT, UPDATE, DELETE ON FOREIGN TABLE public.subscriptions TO authenticated;
GRANT SELECT, INSERT, UPDATE, DELETE ON FOREIGN TABLE public.subscriptions TO service_role;

Permission Issues on the Home Page:

The 401 Unauthorized errors suggest that the authentication tokens or API keys are either missing or invalid. Ensure that the tokens are correctly passed in the requests and that they are valid.
The AuthBearer class in the backend-core service handles authentication. It checks the token scheme and verifies the token or API key. Make sure the tokens are correctly formatted as "Bearer" tokens and are valid.

def check_scheme(self, credentials):
    if credentials and credentials.scheme != "Bearer":
        raise HTTPException(status_code=401, detail="Token must be Bearer")
    elif not credentials:
        raise HTTPException(
            status_code=403, detail="Authentication credentials missing"
        )

async def authenticate(
    self,
    token: str,
) -> UserIdentity:
    if os.environ.get("AUTHENTICATE") == "false":
        return self.get_test_user()
    elif verify_token(token):
        return decode_access_token(token)
    elif await api_key_service.verify_api_key(
        token,
    ):
        return await api_key_service.get_user_from_api_key(
            token,
        )
    else:
        raise HTTPException(status_code=401, detail="Invalid token or api key.")

Specific Missing Permissions:
- The error permission denied for foreign table subscriptions indicates that the necessary permissions are not granted for the subscriptions table. Ensure that the permissions are correctly set as shown in the first step.

By validating the foreign key constraints and ensuring the correct permissions are granted, you should be able to resolve the issues with managed Supabase ^[1]^[2].

To continue talking to Dosu, mention @dosu.

QuivrHQ / quivr

[Bug]: Managed Supabase issues #2678

What happened?

Relevant log output

Twitter / LinkedIn details