Hello i want to configure my PWA app.
My app works fine except dynamic content api. When online it working fine but when i go offline i get status 503 from serviceWorker.
My config file:
ngsw-manifest.json
{
"dynamic": {
"group": [{
"name": "api",
"urls": {
"https:url": {
"match": "prefix"
}
},
"cache": {
"optimizeFor": "freshness",
"maxAgeMs": 3600000,
"maxEntries": 20,
"strategy": "lru"
}
}]
},
"external": {
"urls": [{
"url": "https://fonts.googleapis.com/icon?family=Material+Icons"
}]
}
}
If you are hosting your app on Firebase you might want to look into using the new Firestore database. It's is designed for offline data. Firebase had issues with PWAs in Offline Mode. Also, the core of PWAs (ServiceWorker) has been rewritten in Angular 5.
Related
I have a Flexible Sync app in MongoDB App Services (formerly MongoDB Realm).
The main model object is an Activity, which should be readable and writable by its owner, but also read-only by a supervisor.
These are the sync roles I have set up:
{
"rules": {
"Activity": [
{
"name": "owner_supervisor_activity_permission",
"applyWhen": {},
"read": {
"$or": [
{
"ownerID": "%%user.id"
},
{
"supervisorID": "%%user.id"
}
]
},
"write": {
"ownerID": "%%user.id"
}
}
]
},
"defaultRoles": [
{
"name": "owner-read-write",
"applyWhen": {},
"read": {
"ownerID": "%%user.id"
},
"write": {
"ownerID": "%%user.id"
}
}
]
}
Although sync seems to work just fine, I get the following error message in the logs for both roles:
Using sync incompatible role "owner_supervisor_activity_permission" for table "Activity". this role will default to deny all access. consider changing this role to be sync compatible (ProtocolErrorCode=201)
I do not know what to do here and I’m wondering if it could be a bug.
Do I need to set the per-collection rules? I thought sync roles overrode those.
Is it a matter of using the applyWhen field?
Thanks
Could really use some help here. I have a GAE NodeJS app in the standard environment. Until a few days ago (09/23) it was running just fine, it would respond to requests as expected, etc.
Today, the app responds with 403's when I try to make any request to my appspot url. I'm 100% certain this is not a code issue, as if I deploy the same code to GAE in another project, it works fine. Furthermore, the only firewall rule is a wildcard to allow all traffic.
Edit: adding the only relevant-looking log entry I see from the project:
{
"protoPayload": {
"#type": "type.googleapis.com/google.cloud.audit.AuditLog",
"status": {},
"authenticationInfo": {
"principalEmail": "address#domain.com"
},
"requestMetadata": {
"callerIp": "x.x.x.x",
"requestAttributes": {
"time": "2021-09-23T15:04:05.198927Z",
"auth": {}
},
"destinationAttributes": {}
},
"serviceName": "appengine.googleapis.com",
"methodName": "google.appengine.v1.Services.UpdateService",
"authorizationInfo": [
{
"resource": "apps/my-google-cloud-project-id/services/default",
"permission": "appengine.services.update",
"granted": true,
"resourceAttributes": {}
}
],
"resourceName": "apps/my-google-cloud-project-id/services/default",
"serviceData": {
"#type": "type.googleapis.com/google.appengine.v1.AuditData",
"updateService": {
"request": {
"name": "apps/my-google-cloud-project-id/services/default",
"service": {
"networkSettings": {
"ingressTrafficAllowed": "INGRESS_TRAFFIC_ALLOWED_INTERNAL_AND_LB"
}
},
"updateMask": "networkSettings"
}
}
},
"resourceLocation": {
"currentLocations": [
"us-east1"
]
}
},
"insertId": "an-id",
"resource": {
"type": "gae_app",
"labels": {
"project_id": "my-google-cloud-project-id",
"zone": "",
"module_id": "default",
"version_id": ""
}
},
"timestamp": "2021-09-23T15:04:05.131761Z",
"severity": "NOTICE",
"logName": "projects/my-google-cloud-project-id/logs/cloudaudit.googleapis.com%2Factivity",
"operation": {
"id": "some-operation-uuid",
"producer": "appengine.googleapis.com/admin",
"first": true
},
"receiveTimestamp": "2021-09-23T15:04:05.495890906Z"
}
I don't recall making this change, and I'm not sure what the ingressTrafficAllowed value was before.
Somehow the ingress setting on the GAE service got changed. I believe that issue was fixed by going to GCP console > App Engine > Services > select affected service(s) -> Edit ingress setting from the top, and select the appropriate value.
I say I believe this fixed the issue as I was still getting 403's on my appspot url after doing this, and ultimately I ended up deleting and re-creating the project from scratch, which got everything working again. Clearly there was some misconfiguration somewhere in my project, but GCP does not make it easy to diagnose what the issue might be.
I'am evaluating a Quarkus application on App Engine.
The application needs a Postgres DB on Cloud SQL, where I named the instance 'quarkus'.
But I'am stuck getting these access error:
Not authorized to access instance: addlogic-foodiefnf-1:quarkus
The serviceAccount:addlogic-foodiefnf-1#appspot.gserviceaccount.com has these roles:
Cloud SQL Admin
Cloud SQL Service Agent
Editor
What I'am missing?
{
"protoPayload": {
"#type": "type.googleapis.com/google.cloud.audit.AuditLog",
"status": {
"code": 7,
"message": "Not authorized to access instance: addlogic-foodiefnf-1:quarkus "
},
"authenticationInfo": {
"principalEmail": "addlogic-foodiefnf-1#appspot.gserviceaccount.com",
"serviceAccountDelegationInfo": [
{
"firstPartyPrincipal": {
"principalEmail": "app-engine-appserver#prod.google.com"
}
}
],
"principalSubject": "serviceAccount:addlogic-foodiefnf-1#appspot.gserviceaccount.com"
},
"requestMetadata": {
"callerIp": "107.178.230.54",
"requestAttributes": {
"time": "2021-09-27T06:18:33.283490Z",
"auth": {}
},
"destinationAttributes": {}
},
"serviceName": "cloudsql.googleapis.com",
"methodName": "cloudsql.instances.connect",
"authorizationInfo": [
{
"resource": "instances/quarkus ",
"permission": "cloudsql.instances.connect",
"granted": true,
"resourceAttributes": {
"service": "sqladmin.googleapis.com",
"name": "projects/addlogic-foodiefnf-1/instances/quarkus ",
"type": "sqladmin.googleapis.com/Instance"
}
}
],
"resourceName": "instances/quarkus ",
"request": {
"#type": "type.googleapis.com/google.cloud.sql.v1beta4.SqlInstancesCreateEphemeralCertRequest",
"instance": "europe-west3~quarkus ",
"project": "addlogic-foodiefnf-1",
"body": {}
},
"response": {}
},
"insertId": "-il5zyxe1b1rn",
"resource": {
"type": "cloudsql_database",
"labels": {
"project_id": "addlogic-foodiefnf-1",
"database_id": "addlogic-foodiefnf-1:quarkus ",
"region": "europe-west3"
}
},
"timestamp": "2021-09-27T06:18:33.270158Z",
"severity": "ERROR",
"logName": "projects/addlogic-foodiefnf-1/logs/cloudaudit.googleapis.com%2Factivity",
"receiveTimestamp": "2021-09-27T06:18:33.799357464Z"
}
Background story:
I've set up my quarkus application regarding to
https://quarkus.io/guides/deploying-to-google-cloud
but class 'PostgreSQL10Dialect'failed to load:
See Why is class PostgreSQL10Dialect not found on Quarkus in Google App Engine java11?
At this current post here I like to learn how to debug the access error at Google App Engine to Cloud SQL.
Cloud SQL instance is set up with public IP. Is there anymore setup needed at Cloud SQL instance?
As said above, service account at standard app engine has role 'Cloud SQL Admin' as required by
https://cloud.google.com/sql/docs/postgres/connect-app-engine-standard#java
Any help appreciated.
I understand that using ´quarkus.datasource.db-kind=postgresql´ triggers hibernate to do auto configuration. And therefore the connection can not be established.
I have to use quarkus.datasource.db-kind=other to prevent Quarkus auto-configuration and access problems.
(As this solves this question here, my issue at Why is class PostgreSQL10Dialect not found on Quarkus in Google App Engine java11? is still open.)
Before getting into the issue, let me tell you what I am trying to achieve.
I need to implement sort of SSO in all of my applications. For which I want to use ASP.NET Zero solutions as
SSO Provider as well as Clients.
Is it possible or am I overthinking?
I am using ASP.NET Zero template: ASP.NET Core - MVC & jQuery
I am very new to IdentityServer and OpenId so please excuse for my silly mistakes if I have made.
In one of ABP project, I have added a static client to IdentityServer AppSettings like below.
First project's AppSettings - Hosted application
{
"ClientId": "localhost",
"ClientName": "MVC Client Demo",
"AllowedGrantTypes": [
"implicit"
],
"RequireConsent": "true",
"ClientSecrets": [
{
"Value": "test"
}
],
"RedirectUris": [
"https://localhost:44302/signin-oidc"
],
"PostLogoutRedirectUris": [
"https://localhost:44302/Account/Login"
],
"AllowedScopes": [
"openid",
"profile",
"email",
"phone",
"default-api"
],
"AllowOfflineAccess": "true"
}
Now from my second ABP project (localhost), I am trying to enable OpenId to authenticated through above server.
Second project's AppSettings - Running on localhost
"OpenId": {
"IsEnabled": "true",
"Authority": "https://[applicationname].azurewebsites.net/",
"ClientId": "localhost",
"ClientSecret": "test",
"ValidateIssuer": "true",
"ClaimsMapping": [
{
"claim": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier",
"key": "http://schemas.microsoft.com/identity/claims/objectidentifier"
}
]
}
However I am not getting any error, in logs I can see there is a message that says:
AuthenticationScheme: Identity.External signed in.
And a cookie is being created with key "Identity.External" but login-is not happening successfully.
Inside AccountController below line returns null and that resulting into unsuccessful login.
**var externalLoginInfo = await _signInManager.GetExternalLoginInfoAsync();**
if (externalLoginInfo == null)
{
Logger.Warn("Could not get information from external login.");
return RedirectToAction(nameof(Login));
}
Try adding
JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();
JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Add("sub", ClaimTypes.NameIdentifier);
before services.AddAuthentication()
This will map sub claim to NameIdentifier claim so GetExternalLoginInfoAsync will not return null.
I'm receiving the error when deploying the flex version .net core app to GCP.
I've additionally tested via gcloud app deploy and getting the exact same issue. In the logs there are multiple errors all with audit_log, method: "google.appengine.v1.Versions.CreateVersion", with status { code: 13 }, added below.
There doesn't seem to be any other logs to help investigation.
Any advice please?
{
"protoPayload": {
"#type": "type.googleapis.com/google.cloud.audit.AuditLog",
"status": {
"code": 13
},
"authenticationInfo": {
"principalEmail": "xxxx.iam.gserviceaccount.com",
"serviceAccountKeyName": "//iam.googleapis.com/projects/xxxxxx/serviceAccounts/xxxx.iam.gserviceaccount.com/keys/xxxxxxxxxxxx"
},
"requestMetadata": {
"callerIp": "xx.xx.xx.xx",
"requestAttributes": {
"time": "2021-01-21T15:32:15.695398Z",
"auth": {}
},
"destinationAttributes": {}
},
"serviceName": "appengine.googleapis.com",
"methodName": "google.appengine.v1.Versions.CreateVersion",
"authorizationInfo": [
{
"resource": "apps/xxxxxxxx/services/default/versions/XYZ",
"permission": "appengine.versions.create",
"granted": true,
"resourceAttributes": {}
}
],
"resourceName": "apps/xxxxxxxx/services/default/versions/XYZ",
"serviceData": {
"#type": "type.googleapis.com/google.appengine.v1.AuditData",
"createVersion": {
"request": {
"parent": "apps/xxxxxxxx/services/default",
"version": {
"id": "XYZ",
"automaticScaling": {
....
},
"resources": {
....
},
"runtime": "aspnetcore",
"env": "flex",
"servingStatus": "SERVING",
"envVariables": {
"GCLOUD_PROJECT_NUMBER": "xxxxxxx"
},
"readinessCheck": {
....
},
"livenessCheck": {
....
}
}
}
}
},
"resourceLocation": {
"currentLocations": [
....
]
}
},
"insertId": "crndlud361i",
"resource": {
"type": "gae_app",
"labels": {
....
}
},
"timestamp": "2021-01-21T15:32:15.695398Z",
"severity": "ERROR",
"logName": "projects/xxxxxxxx/logs/cloudaudit.googleapis.com%2Factivity",
"receiveTimestamp": "2021-01-21T15:32:15.683297004Z"
}
Raised a ticket with Google to advise on the issue. I'm not sure the guys got to the bottom of it, however what sorted it in the end was this recommendation:
Can you try to disable and enable again App Engine Admin API in
Console->Api & Services section and try to deploy again? If it doesn't
help try to also disable/enable Google App Engine Flexible Environment API and try again.
Update: G guys got to the bottom of it. It was a permission removed for a App Engine Flexible Environment Service Agent role.
Google engineers confirmed they will look into improving an error details.