search

meilisearch / meilisearch-js-plugins

The search client to use Meilisearch with InstantSearch.
https://www.meilisearch.com
MIT License
460 stars 55 forks source link

Instantsearch and meilisearch tokens #1031

Open sabatale opened 1 year ago

sabatale commented 1 year ago

While running an app with ExpressJS, we started generating tokens for instant-meilisearch from the backend.

However the API key is never recognized as valid. Can you please confirm tokens work the same for instantsearch?

E.g.,

app.get("/mysearch", function (req, res) {
    const client = new MeiliSearch({ host: host, apiKey: key });
    const expiresAt = new Date(new Date().getTime() + (24 * 60 * 60 * 1000)); // Today + 24hrs

    const token = client.generateTenantToken(uuidv4(), {
      apiKey: key,
      expiresAt: expiresAt,
    })

    res.status(200).send({ token: token });
});
  const search = instantsearch({
    indexName: 'indexname',
    searchClient: instantMeiliSearch(
      host,
      token,
      {
        finitePagination: true,
      }
    ),
  })
oluademola commented 1 year ago

Hello @sabatale,

Could you please provide the code snippet used in generating your tokens? I see the one above, but it doesn't contain a search rule; the search rule is a required parameter you must pass to generate a valid tenant token.

sabatale commented 1 year ago

Hey there,

We tried using basic rules:

  /*const searchRules = {
    indexName: {
      filter: '*'
    }
  };*/

  const searchRules = {
    indexName: {
      filter: 'type = 1 AND rating = "Warning"'
    }
  };

  const token = client.generateTenantToken(uuidv4(), searchRules, {
      apiKey: meilikey,
      expiresAt: expiresAt,
    })

Generating an authorization header similar to: authorization: Bearer [36characs].[143characs].[43characs]

Resulting in:

The provided API key is invalid.

oluademola commented 1 year ago

@sabatale thank you for the additional information. Sorry if I wasn't clear with my question earlier. To help me identify the source of the problem, I need to see how the token is generated in your codebase and how you search using the token. However, here are a few possibilities you could look into:

1) The API key used to generate the token must be a valid Meilisearch API key with access to the search action. 2) The generated token has access to only the index specified in the search rule. For example, if you have specified patient_medical_records as the index name in your search rule, you should remember that the token generated will only be valid for this index. 3) Verify that you're searching on the correct index as mentioned above in your front end.

Let me know your thoughts. Thanks.

revskill10 commented 1 year ago

How to use with normal meilisearch.js like this ?

React.useEffect(() => {
        setLoading(true)
        searchClient.index(index).getDocument(productId)
        .then(res => {
            setLoading(false)
            setProduct(res)
        })
        .catch(err => {
            setLoading(false)
            setProduct(null)
        })
    }, [index, productId])