search

aws-amplify / amplify-cli

The AWS Amplify CLI is a toolchain for simplifying serverless web and mobile development.
Apache License 2.0
2.81k stars 821 forks source link

GraphQL @auth transformer not working #142

Closed daaru00 closed 6 years ago

daaru00 commented 6 years ago

Hi,

I added API in my project with command amplify add api, then I choose "GraphQL" as service and "Amazon Cognito User Pool" as authorization type. When CLI ask me what type of application I'm designed I select the "blog post" template for model relationship, it create the GraphQL schema, resolvers, DynamoDB tables and so on.

Then I decide to add auth role in order to allow user to get/create/update only their objects, so I add the @auth(rules: [{allow: owner}]) transformer to the schema like this:

type Widget
  @model 
  @auth(rules: [{allow: owner}])
{
  id: ID!
  name: String!
  hashtags: [Hashtag] @connection(name: "WidgetHashtags")
}

type Hashtag 
  @model 
  @auth(rules: [{allow: owner}])
{
  id: ID!
  hashtag: String!
  widget: Widget @connection(name: "WidgetHashtags")
  images: [Image] @connection(name: "HashtagImages")
}

type Image 
  @model
  @auth(rules: [{allow: owner}])
{
  id: ID!
  src: String
  hashtag: Hashtag @connection(name: "HashtagImages")
}

and I run amplify push command but at the end of update nothing happens.. resolvers are not updated, tables are not update, "owner" field is not created and the auth logic not working (every user can still update/list/delete every object).

I did something wrong? I need to run a command to rebuild the GraphQL resolvers?

daaru00 commented 6 years ago

I found the command amplify api gql-compile, when I edit/create models it generate the resolvers but auth transformer still not working, not even for the new models..

About system:

amplify: 0.1.18
node: v8.10.0
npm: 3.5.2
chrisco512 commented 6 years ago

Make sure your AppSync API is pointing to the correct Cognito User Pool by checking under AppSync settings in the AWS Console.

daaru00 commented 6 years ago

Hi @chrisco255,

Make sure your AppSync API is pointing to the correct Cognito User Pool by checking under AppSync settings in the AWS Console. yep, I check it and is correct, I'm testing the API directly from AppSync console using query editor.

I think the problem reside in the resolvers generator, for example the createImage request

## START: Prepare DynamoDB PutItem Request. ** 
$util.qr($context.args.input.put("createdAt", $util.time.nowISO8601())) 
$util.qr($context.args.input.put("updatedAt", $util.time.nowISO8601())) 
$util.qr($context.args.input.put("__typename", "Image")) 
{ 
  "version": "2017-02-28", 
  "operation": "PutItem", 
  "key": { 
      "id": { 
          "S": "$util.autoId()" 
    } 
  }, 
  "attributeValues": $util.dynamodb.toMapValuesJson($context.args.input), 
  "condition": { 
      "expression": "attribute_not_exists(#id)", 
      "expressionNames": { 
          "#id": "id" 
    } 
  } 
} 
## END: Prepare DynamoDB PutItem Request. **

does not store the "owner" field, inside DynamoDB the situation is the same, every object stored does not have "owner".. so I think is impossible to detect it.

jaxondu commented 6 years ago

A week ago @auth transformer injected authentication codes into the resolver but with bugs as reported here https://github.com/aws-amplify/amplify-cli/issues/100. I tried today and all the authentication codes are gone!

mikeparisstuff commented 6 years ago

This bug has been fixed. You can fix this in current builds by explicitly passing mutations:[create,update,delete] and queries:[get,list] to @auth. This was fixed in https://github.com/aws-amplify/amplify-cli/pull/153

kaustavghosh06 commented 6 years ago

We just published to npm with a fix for this. Please use the version -> 0.1.19. Closing the issue, feel free to re-open if the issue persists.

daaru00 commented 6 years ago

Awesome! I will try ASAP both solutions (specifying mutation and update the CLI) just to provide you an accurate feedback.

ps: congratulations for the excellent work :wink:

fullStackDataSolutions commented 5 years ago

Hello I'm still having this issue. I added @auth(rules: [{ allow: owner }]) to an existing type. Ran "amplify update api" and then "amplify push".

The code in appsync does not update to account for @auth and no column is created to store the user in the DynamoDB table. I am using the correct Cognito App client.

The follow code is added to the resolvers file on my local computer: "## Authorization rule: { allow: "owner", ownerField: "owner", identityField: "cognito:username" } **"

dubscode commented 4 years ago

Hello @blazestudios23 did you ever get this working? I am running into the same problem. Thanks!

fullStackDataSolutions commented 4 years ago

No I switched to Prisma and Nexus.

github-actions[bot] commented 3 years ago

This issue has been automatically locked since there hasn't been any recent activity after it was closed. Please open a new issue for related bugs.

Looking for a help forum? We recommend joining the Amplify Community Discord server *-help channels for those types of questions.