PRISMA：身份验证令牌无效：未提供“授权”标头

Question

在没有秘密的情况下在我的本地运行 Prisma 运行良好..现在我正在尝试为生产运行它我总是在我的服务器和本地遇到此错误 ERROR: Authentication token is invalid: 'Authorization' header not provided。我肯定错过了一些东西，但不知道是什么。请帮助以下是我的 prisma.yml 和 docker-compose.yml 文件。

Prisma.yml

# This service is based on the type definitions in the two files
# databasetypes.prisma` and `database/enums.prisma`
datamodel:
          - ./packages/routes/index.directives.graphql
          - ./packages/routes/index.scalar.graphql
          - ./packages/routes/account/index.enum.graphql
          - ./packages/routes/account/index.prisma
          ...

# Generate a Prisma client in JavaScript and store in
# a folder called `generated/prisma-client`.
# It also downloads the Prisma GraphQL schema and stores it
# in `generated/prisma.graphql`.
generate:
  - generator: javascript-client
    output: ./prisma

# The endpoint represents the HTTP endpoint for your Prisma API.
# It encodes several pieces of information:
# * Prisma server (`localhost:4466` in this example)
# * Service name (`myservice` in this example)
# * Stage (`dev` in this example)
# NOTE: When service name and stage are set to `default`, they
# can be omitted.
# Meaning http://myserver.com/default/default can be written
# as http://myserver.com.
endpoint: 'http://127.0.0.1:4466/soul/dev'

# The secret is used to create JSON web tokens (JWTs). These
# tokens need to be attached in the `Authorization` header
# of HTTP requests made against the Prisma endpoint.
# WARNING: If the secret is not provided, the Prisma API can
# be accessed without authentication!
secret: ${env:SECRET}

Docker-compose.yml

version: '3'
services:
  server:
    container_name: soul
    restart: always
    build: .
    command: 'npm run dev'
    links:
      - redis
      - prisma
    env_file:
      - ./.env
    volumes:
      - .:/node/soul/
    working_dir: /node/soul/
    ports:
      - '3000:3000'
  redis:
    container_name: "redisserver"
    image: redis:latest
    restart: always
    command: ["redis-server", "--bind", "redis", "--port", "6379"]
  prisma:
    image: prismagraphql/prisma:1.34
    restart: always
    ports:
      - '4466:4466'
    environment:
      PRISMA_CONFIG: |
        managementApiSecret: ${SECRET}
        port: 4466
        databases:
          default:
            connector: mysql
            host: mysql
            port: 3306
            user: root
            password: ******
  mysql:
    image: mysql:5.7
    restart: always
    environment:
      MYSQL_ROOT_PASSWORD: ******
    volumes:
      - mysql:/var/lib/mysql
volumes:
  mysql: ~

Answer 1

您似乎正在使用 API 管理密钥，而您应该使用服务密钥。

根据 Prisma 文档，Service Secret 和 API Management Secret 是两个不同的东西。

对于 Prisma v1.34，您可以在此处了解不同之处： https://v1.prisma.io/docs/1.34/prisma-server/authentication-and-security-kke4/#prisma-server

来自该页面的引用：

Prisma 服务器为一个或多个 Prisma 服务提供运行时环境。要在 Prisma 服务器上创建、删除和修改 Prisma 服务，需要使用 Management API。部署 Prisma 服务器时，管理 API 受到 Docker Compose 文件中指定的管理 API 机密的保护。在此处了解更多信息。

Prisma 服务通过您的 prisma.yml 中指定的服务密钥进行保护。 Prisma 服务通常提供与特定数据模型相关的应用程序数据。在此处了解更多信息。

const db = new Prisma({
    typeDefs: 'src/generated/prisma.graphql',
    endpoint: process.env.PRISMA_ENDPOINT,
    secret: <YOUR_PRISMA_SERVICE_SECRET>, // Note: This must match what is in your prisma.yml
});

# prisma.yml

endpoint: ${env:PRISMA_ENDPOINT}
datamodel: mydatamodel.graphql
secret: <YOUR_PRISMA_SERVICE_SECRET>

在他们的 Prisma 1.34 文档中，Prsima 建议使用环境变量将秘密放入 prisma.yml 文件中。 this 存在相关风险，但这就是他们的文档中的内容。

见：https://v1.prisma.io/docs/1.34/prisma-cli-and-configuration/prisma-yml-5cy7/#environment-variable

来自该页面的引用：

在以下示例中，引用环境变量来确定 Prisma 服务机密：

# prisma.yml (as per the docs in the above link)
secret: ${env:PRISMA_SECRET}