search

typesense / firestore-typesense-search

Firebase Extension to automatically push Firestore documents to Typesense for full-text search with typo tolerance, faceting, and more
https://extensions.dev/extensions/typesense/firestore-typesense-search
Apache License 2.0
150 stars 27 forks source link

Fresh plugin installation fails with 401 - a valid `x-typesense-api-key` header must be sent. #73

Closed jsancho closed 5 months ago

jsancho commented 5 months ago

Description

I have just set up a new cluster in Typesense cloud and configured the plugin for a firestore collection. The process has gone without any issues, it's actually been surprisingly simple.

However, documents are failing to sync due to an authorization issue. It seems that the GCF is not setting the header, as the TypeSense host rejects the upsert with the following message

RequestUnauthorized: Request failed with HTTP code 401 | Server said: Forbidden - a validx-typesense-api-keyheader must be sent

image

The secret with the API key has been created during the setup, as it can be seen on the GCF variables tab.

image

image

I have reviewed the function source and watched for typos for anything related to the typesenseAPIKey, that is configured on the client. It all seems fine to me. I was wondering if there might be a little extra to be done when reading secrets from process.env. But if that were the case this would have failed for many others as well.

Do you have any ideas on why this might be failing?

Steps to reproduce

Expected Behavior

I would expect the document to sync to Typesense.

Actual Behavior

The upsert is rejected with a 401 indicated that the x-typesense-api-key has not been provided.

Metadata

Typesense Version: 0.25.2

OS: cloud

jsancho commented 5 months ago

here's the full stack trace in case this helps

image

jasonbosco commented 5 months ago

Could you make sure that you're using your Typesense Admin API key (and not your search-only api key) when configuring the extension?

You can verify your API keys' permissions by going to the API Keys section in your Typesense Cloud cluster dashboard (on the right side pane at the bottom).

jsancho commented 5 months ago

Could you make sure that you're using your Typesense Admin API key (and not your search-only api key) when configuring the extension?

You can verify your API keys' permissions by going to the API Keys section in your Typesense Cloud cluster dashboard (on the right side pane at the bottom).

Yes, the key is one with access to all actions but a restricted set of collections. image

I have actually used that key to populate the collections initially from a local node project, so it should be fine.

image

jasonbosco commented 5 months ago

Looks like the collections permission is configured incorrectly in Typesense Cloud.

It either has to be a full verbatim match, or a regex. So if you intend for that API key to allow access to all collections that start with jsancho_ you want to set it up as jsanco_.* in the API key collections key

jsancho commented 5 months ago

It either has to be a full verbatim match, or a regex. So if you intend for that API key to allow access to all collections that start with jsancho_ you want to set it up as jsanco_.* in the API key collections key

Yikes! that was pretty daft of me.

I'll create some new keys and reconfigure the function. I would have sworn that's the key I used to initially populate the collection, but I must have used on of the auto-generated ones at the beginning.

thanks! 🙏🏻

jasonbosco commented 5 months ago

Happy to help!