[SOLVED] Server SDK SSR -- Using accounts.get() unauthorized with session cookie | Appwrite | Page 1

teal quail May 15, 2024, 10:48 PM

#

So using the Server SDK and Astro, I have set the cookie session and I have this function that sets an API key or a session and returns a client, but for whatever reason I'm getting a general_unauthorized_scope for accounts.get() in the server SDK regardless of if I initiate it with a token or not

  async getUser(): Promise<APIResponse<AuthUser>> {
    try {
      const user = await this.accounts.get();
      console.log(user);
      return {
        status: 200,
        data: user,
        message: "User retrieved successfully",
      };
    } catch (error) {
      // console.log("Error retrieving user:", error);
      return {
        status: 500,
        message: "Error retrieving user",
      };
    }
  }

export const getUserAppwriteClient = (request: AstroCookies): Client => {
  const sessionToken = request.has("session") ? request.get("session") : null;
  const client = new Client()
    .setEndpoint(import.meta.env.PUBLIC_APPWRITE_ENDPOINT)
    .setProject(import.meta.env.PUBLIC_APPWRITE_PROJECT_ID);
  if (sessionToken) {
    client.setSession(sessionToken.value);
  } else {
    client.setKey(import.meta.env.APPWRITE_SESSION_API_KEY);
  }
  return client;
};

but yeah I can't get it to work, just unauthorized over and over. Is this wrong for some reason?

nova canopy May 15, 2024, 11:08 PM

#

teal quail So using the Server SDK and Astro, I have set the cookie `session` and I have th...

what is this request.get("session")? Where did it come from?

teal quail May 15, 2024, 11:18 PM

#

nova canopy what is this `request.get("session")`? Where did it come from?

It's the Astro request, you can use their API endpoint to create pages that are endpoints too e.g.

#

import { UserApi } from "@/server/actions/userApi";
import { makeResponse } from "@/server/utils/helpers";
import type { APIRoute } from "astro";

export const GET: APIRoute = async ({
  request,
  cookies,
}): Promise<Response> => {
  try {
    const userApi = new UserApi(cookies);
    const userResponse = await userApi.getUser();

    if (userResponse.status !== 200) {
      console.log("Error retrieving user: ", userResponse.message);
      return new Response(makeResponse(userResponse.message), {
        status: userResponse.status,
        headers: {
          "Content-Type": "application/json",
        },
      });
    }

    return new Response(
      makeResponse("User retrieved successfully", userResponse.data),
      {
        status: 200,
        headers: {
          "Content-Type": "application/json",
        },
      }
    );
  } catch (error: any) {
    return new Response(makeResponse(error.message), {
      status: 500,
      headers: {
        "Content-Type": "application/json",
      },
    });
  }
};

#

This is an endpoint I have

#

/auth/me.json

#

which should just use the current cookies, which I have confirmed are there and correct, to get the session

nova canopy May 15, 2024, 11:19 PM

#

teal quail It's the Astro request, you can use their API endpoint to create pages that are ...

right, but what did you put in there?

teal quail May 15, 2024, 11:19 PM

#

wdym? The request?

#

oh the session?

#

one sec

nova canopy May 15, 2024, 11:20 PM

#

teal quail oh the session?

ya the sessionToken.value

teal quail May 15, 2024, 11:20 PM

#

#

I logged my client @nova canopy I'm gonna DM it to you

#

oh actually

#

it worked and set the session in this last one, but it didn't work when I did this.accounts.get()

#

'x-appwrite-session': '66452c355224565(missingsomenumbersbecausesecurity)'
  },
  selfSigned: false
}

#

I do this to initialize the class

/**
   * Initializes the UserApi class with session-based client.
   * @param request The incoming HTTP request containing the session cookie.
   */
  constructor(request: APIContext["cookies"]) {
    this.sessionClient = getUserAppwriteClient(request);
    this.databases = new Databases(this.sessionClient);
    this.users = new Users(this.sessionClient);
    this.accounts = new Account(this.sessionClient);
    this.storage = new Storage(this.sessionClient);
    try {
      this.accounts
        .get()
        .then((user) => {
          this.userId = user.$id;
        })
        .catch(() => {
          this.userId = undefined;
        });
    } catch (error) {
      this.userId = undefined;
    }
  }

#

I could change the word request to Cookies but you get the point

nova canopy May 15, 2024, 11:26 PM

#

teal quail I could change the word request to Cookies but you get the point

i still don't quite follow what you've put into sessionToken.value

#

loginResponse.data? that's probably not right

teal quail May 15, 2024, 11:27 PM

#

it's a session ID

nova canopy May 15, 2024, 11:27 PM

#

teal quail it's a session ID

it should be the session secret

teal quail May 15, 2024, 11:27 PM

#

Ohhhhhhhhhhh

nova canopy May 15, 2024, 11:27 PM

#

see https://appwrite.io/docs/products/auth/server-side-rendering#creating-sessions

teal quail May 15, 2024, 11:27 PM

#

that would do it

#

yeah I must've gotten confused and assumed Appwrite would pull by $id for security

#

awesome ty ❤️

#

[Closed] Server SDK SSR -- Using accounts.get() unauthorized with session cookie

#[SOLVED] Server SDK SSR -- Using accounts.get() unauthorized with session cookie