-
Environment
Description of issueFollowing the pre-request example in the docs - I cannot seem to access the CREATE OR REPLACE FUNCTION _api.login_auth()
RETURNS void
LANGUAGE plpgsql VOLATILE
AS
$pgsql$
DECLARE
_hdrs JSON;
_claims JSON;
_err TEXT := '';
_txt TEXT;
BEGIN
_hdrs := CURRENT_SETTING('request.headers', TRUE)::JSON;
IF _hdrs IS NULL THEN
_err := _err || ' headers are NULL';
END IF;
_claims := CURRENT_SETTING('request.jwt.claims', TRUE)::JSON;
IF _claims IS NULL THEN
_err := _err || ' claims are NULL';
END IF;
_txt := CURRENT_SETTING('role', TRUE);
IF _txt IS NULL THEN
_err := _err || ' role is NULL';
ELSE
_err := _err || ' role is ' || _txt;
END IF;
_txt := CURRENT_SETTING('search_path', TRUE);
IF _txt IS NULL THEN
_err := _err || ' search_path is NULL';
ELSE
_err := _err || ' search_path is ' || _txt;
END IF;
IF _err <> '' THEN
RAISE WARNING 'Oops,%', _err;
END IF;
END
$pgsql$;
GRANT EXECUTE ON FUNCTION _api.login_auth()
TO public, anon, rest_user_max; and my default.conf file has When accessing an endpoint with a valid JWT:
the pre-request function is called and the exception raised shows:
|
Beta Was this translation helpful? Give feedback.
Replies: 5 comments
-
Since you're using PostgreSQL v13, then PostgREST may be using the old way of accessing the GUCs. Try deactivating it in your config file by adding |
Beta Was this translation helpful? Give feedback.
-
Well that certainly changed something. Now no requests work, regardless of whether pre-request script is enabled or not. It is raising an error whenever our code is accessing the custom JWT claims:
Weirdly I note that inside the pre-request script the supposed unrecognized claim IS THERE AND USABLE when the legacy GUCs setting is |
Beta Was this translation helpful? Give feedback.
-
Maybe there are some other functions (maybe triggers or RLS?) that are using the old configuration. If it's too much to migrate right now, you could return everything as it was before (remove the |
Beta Was this translation helpful? Give feedback.
-
I updated my pre-request script to use the old-style settings access method - same thing happens that I originally reported. All the settings are NULL inside the script. It seems clear to me that (at least in PostgreSQL 13) you simply cannot access the settings in the pre-request script AND ALSO the regular views/trigger functions. You can only access the settings in one or the other based on the db-use-legacy-gucs value (false = can access inside pre-request only, true = can access outside pre-request only). Pre-request script: CREATE OR REPLACE FUNCTION _api.login_auth()
RETURNS void
LANGUAGE plpgsql VOLATILE
AS
$pgsql$
DECLARE
_txt TEXT;
_err TEXT := '';
BEGIN
_txt := CURRENT_SETTING('request.headers.authorization', TRUE);
IF _txt IS NULL THEN
_err := _err || ' authorization is NULL';
ELSE
RAISE WARNING 'Request authorization: %', _txt;
END IF;
_txt := CURRENT_SETTING('request.headers.postman-token', TRUE);
IF _txt IS NULL THEN
_err := _err || ' postman-token is NULL';
ELSE
RAISE WARNING 'Request postman-token: %', _txt;
END IF;
_txt := CURRENT_SETTING('request.jwt.claims.xxxxxxx_user_id', TRUE);
IF _txt IS NULL THEN
_err := _err || ' user id is NULL';
ELSE
RAISE WARNING 'Request user_id: %', _txt;
END IF;
IF _err <> '' THEN
RAISE WARNING 'Oops,%', _err;
END IF;
END
$pgsql$; Resulting exception:
|
Beta Was this translation helpful? Give feedback.
-
I discovered that as you suggested, if I do migrate all my code to the new settings access method and use |
Beta Was this translation helpful? Give feedback.
I discovered that as you suggested, if I do migrate all my code to the new settings access method and use
db-use-legacy-gucs=false
- then I can access the settings in both the pre-request script and the regular code. It's apparently just not possible using the old access method. That's fine we will be upgrading PostgreSQL soon anyway. So thank you for the hints @laurenceisla. I think this can be considered closed.