在我的本地上运行Prisma而不使用秘密运行很好。。现在我正在尝试为生产运行它,我在服务器和本地总是遇到这个错误ERROR: Authentication token is invalid: 'Authorization' header not provided。我肯定错过了什么,但不知道是什么。请帮助以下是我的prisma.yml和docker-compose.yml文件。
Prisma.yml
# This service is based on the type definitions in the two files
# databasetypes.prisma` and `database/enums.prisma`
datamodel:
- ./packages/routes/index.directives.graphql
- ./packages/routes/index.scalar.graphql
- ./packages/routes/account/index.enum.graphql
- ./packages/routes/account/index.prisma
...
# Generate a Prisma client in JavaScript and store in
# a folder called `generated/prisma-client`.
# It also downloads the Prisma GraphQL schema and stores it
# in `generated/prisma.graphql`.
generate:
- generator: javascript-client
output: ./prisma
# The endpoint represents the HTTP endpoint for your Prisma API.
# It encodes several pieces of information:
# * Prisma server (`localhost:4466` in this example)
# * Service name (`myservice` in this example)
# * Stage (`dev` in this example)
# NOTE: When service name and stage are set to `default`, they
# can be omitted.
# Meaning http://myserver.com/default/default can be written
# as http://myserver.com.
endpoint: 'http://127.0.0.1:4466/soul/dev'
# The secret is used to create JSON web tokens (JWTs). These
# tokens need to be attached in the `Authorization` header
# of HTTP requests made against the Prisma endpoint.
# WARNING: If the secret is not provided, the Prisma API can
# be accessed without authentication!
secret: ${env:SECRET}
Docker-compose.yml
version: '3'
services:
server:
container_name: soul
restart: always
build: .
command: 'npm run dev'
links:
- redis
- prisma
env_file:
- ./.env
volumes:
- .:/node/soul/
working_dir: /node/soul/
ports:
- '3000:3000'
redis:
container_name: "redisserver"
image: redis:latest
restart: always
command: ["redis-server", "--bind", "redis", "--port", "6379"]
prisma:
image: prismagraphql/prisma:1.34
restart: always
ports:
- '4466:4466'
environment:
PRISMA_CONFIG: |
managementApiSecret: ${SECRET}
port: 4466
databases:
default:
connector: mysql
host: mysql
port: 3306
user: root
password: ******
mysql:
image: mysql:5.7
restart: always
environment:
MYSQL_ROOT_PASSWORD: ******
volumes:
- mysql:/var/lib/mysql
volumes:
mysql: ~
看起来您使用的是API管理机密,而您应该使用的是服务机密。
根据Prisma文档,服务秘密和API管理秘密是两种不同的东西。
对于Prisma v1.34,您可以在此处阅读有关差异的信息:https://v1.prisma.io/docs/1.34/prisma-server/authentication-and-security-kke4/#prisma-服务器
该页面的报价:
Prisma服务器为一个或多个Prisma服务提供运行时环境。要在Prisma服务器上创建、删除和修改Prisma服务,请使用管理API。部署Prisma服务器时,管理API受Docker Compose文件中指定的管理API机密保护。点击此处了解更多信息。
Prisma服务通过您的Prisma.yml中指定的服务机密进行保护。Prisma服务器通常提供与特定数据模型相关的应用程序数据。点击此处了解更多信息。
const db = new Prisma({
typeDefs: 'src/generated/prisma.graphql',
endpoint: process.env.PRISMA_ENDPOINT,
secret: <YOUR_PRISMA_SERVICE_SECRET>, // Note: This must match what is in your prisma.yml
});
# prisma.yml
endpoint: ${env:PRISMA_ENDPOINT}
datamodel: mydatamodel.graphql
secret: <YOUR_PRISMA_SERVICE_SECRET>
在他们的Prisma 1.34文档中,Prsima建议使用环境变量将秘密获取到Prisma.yml文件中。这是有风险的,但这就是他们的文档中的内容。
请参阅:https://v1.prisma.io/docs/1.34/prisma-cli-and-configuration/prisma-yml-5cy7/#environment-可变
该页面的报价:
在以下示例中,引用环境变量来确定Prisma服务机密:
# prisma.yml (as per the docs in the above link)
secret: ${env:PRISMA_SECRET}