search

dunglas / mercure

🪽 An open, easy, fast, reliable and battery-efficient solution for real-time communications
https://mercure.rocks
GNU Affero General Public License v3.0
3.83k stars 278 forks source link

Anonymous access not working #917

Open alexz707 opened 3 weeks ago

alexz707 commented 3 weeks ago

Hello, I'm just digging into Mercure. I've set up the docker image and also a Symfony Service to publish a topic update. My docker config looks like that:

mercure:
        image: dunglas/mercure
        container_name: mercure
        environment:
            SERVER_NAME: ':80'
            MERCURE_PUBLISHER_JWT_KEY: 'THIS_IS_MY_SECRET_KEY'
            MERCURE_SUBSCRIBER_JWT_KEY: 'THIS_IS_MY_SECRET_KEY'
        command: /usr/bin/caddy run --config /etc/caddy/dev.Caddyfile
        ports:
            - "8080:80"

If added a JWT for the publisher with the key of the docker config and a * for the topics.

{
  "mercure": {
    "publish": [
      "tags"
    ],
    "subscribe": [
      "*"
    ],
    "payload": {
      "user": "alex",
      "remoteAddr": "localhost:8080"
    }
  }
}

It's working fine the topic update gets published. If I go to the UI and want to subscribe to the topic everything works as long as I provide a valid JWT token for the subscriber.

{
  "mercure": {
    "subscribe": [
      "*"
    ],
    "payload": {
      "user": "alex",
      "remoteAddr": "localhost:8080"
    }
  }
}

Now if I want to use the anonymous subscription I tried to remove the JWT token (made sure it's not sent) and I also tried to use the Token but with a wrong JWT secret. Both is not working - I always get back a 401 or in Firefox a NS_binding_abort with Unauthorized which is the same.

Maybe I understood something wrong but the anonymous mode should be enabled by the dev.Caddyfile. And anonymous means I do not need to know the JWT secret - so how can I then subscribe to it?

the only way I got it working is to comment out the MERCURE_SUBSCRIBER_JWT_KEY in the docker config.

Is that the right way to do it? It's not clearly described in the docu. Maybe someone can enlighten me ;-) Thanks!

sayou commented 2 weeks ago

As I understand from your topic, you can send special updates (a JWT Token is required to receive that update), and this is the point where I am facing an issue. Therefore, I would be grateful if you could give me more detailed and precise information (I am using Symfony 6 with API Platform).

As for your specific matter, in my Docker Compose file, I have this line, which might help you:

mercure:
        image: dunglas/mercure
        restart: unless-stopped
        ports:
            - 8082:8082
        networks:
            - dev
        environment:
            SERVER_NAME: ':8082'
            MERCURE_PUBLISHER_JWT_KEY: '!ChangeThisMercureHubJWTSecretKey!'
            MERCURE_SUBSCRIBER_JWT_KEY: '!ChangeThisMercureHubJWTSecretKey!'
            # Set the URL of your Symfony project (without trailing slash!) as value of the cors_origins directive
            MERCURE_EXTRA_DIRECTIVES: |
                cors_origins http://localhost
                anonymous
        # Comment the following line to disable the development mode
        #command: /usr/bin/caddy run --config /etc/caddy/Caddyfile.dev --adapter caddyfile
        volumes:
            - mercure_data:/data
            - mercure_config:/config