https://cerbos.dev logo
Join Slack
Powered by
Hi team! I am using '@cerbos/embedded' in react ap...
# help
t
Hi team! I am using '@cerbos/embedded' in react app. Currently I have difficulties to check the resource and hence couldn't check if user is allowed to perform certain action. The console didn't display any output. Can anyone help with this?
Copy code
import { useCerbos } from '@cerbos/react';
       
        const cerbos = useCerbos();        
        const check = await cerbos.checkResource({
            resource: {
                kind: 'test',
                id: testID ?? '',
            },
            actions: ['view'],
        });
        console.log('check',JSON.stringify(check))
        const isAuthorized = check.isAllowed('view');
o
Hey @test-cerbos-nestjs! Not a keen JS user but I think there is no problem with the snippet you’ve shared. Would you mind sharing the part where you create the client and pass it to the CerbosProvider? (Ex)
t
Copy code
export const getCerbosClient = () => {
	const client = new Cerbos(
		new AutoUpdatingLoader(
			'...cerbos embeded PDP url'
		)
	);
	return client;
};

const client = getCerbosClient();

<CerbosProvider
            client={client}
            principal={{
                id: currentUser?.id ?? '',
                roles: ['owner'],
            }}
        >
Copy code
const cerbos = useCerbos();
fyi I can read principle properties from this code above 🙂 and I used this repo as reference.
not sure if this is the root cause
and I didnt install this package @cerbos/core is it mandatory to install this package?
h
could you please share your package.json file?
o
I will ask about that error to one of our @cerbos/embedded devs and get back to you
🙂 1
t
Copy code
"@cerbos/embedded": "^0.7.3",
        "@cerbos/grpc": "^0.18.1",
        "@cerbos/react": "^0.1.3",
these are the three cerbos packages i installed
👍 1
a
Hi, you shouldn't need to explicitly install 
@cerbos/core
because it is a dependency of the other packages. Could you share a more complete example please? Your initial snippet seems like it is executing outside a component but that would mean the 
useCerbos
hook wouldn't work. I would suggest trying one of the higher-level hooks (e.g. 
useIsAllowed
) because then you don't have to deal with promises. The readme has an example.
t
hi I have tried with useIsAllowed and useCheckResource
Copy code
const check = useCheckResource({
        resource: {
            kind: 'project1',
            id: projectID ?? '',
        },
        actions: ['read']
    });

    console.log('check',check);
and it always returns 
isLoading: true
a
Can you check in the network tab and see if it is fetching the embedded bundle from Cerbos Hub successfully?
t
yes it fetched the bundle successfully and about the 
useCerbos
hook, if I am able to retrieve the principal property from it, that means that hook works right?
Copy code
const cerbos = useCerbos();
console.log(cerbos.principal)
Copy code
const checkAccess = useCallback(async () => {
        console.log('checkAccess...');

        try {
            console.log(cerbos.principal)
            const check = await cerbos.checkResource({
                resource: {
                    kind: 'test',
                    id: 'testId' ?? '',
                },
                actions: ['view', 'update', 'delete'],
            });
            console.log('check', check);
            const isAuthorized = check.isAllowed('read');
            console.log(isAuthorized, 'isAuthorized');

            if (!isAuthorized) {
                window.location.href = '/dashboard';
            }
        } catch (error) {
            console.error('Error during course retrieval or authorization check:', error);
        }
    }, [cerbos]);

    useEffect(() => {
        checkAccess();
    }, [checkAccess]);
this is the function that i used to call checkResource method
fyi I tested with google chrome and it worked as expected. but it returned nothing in firefox👀
😮 1
fyi I'm using Firefox Developer Edition Thanks for all the support!
I tested it with a normal Linux Firefox browser and the result was the same as Firefox Developer Edition, checkResource didn't work as expected.
@Andrew Haines (Cerbos) do you have any ideas why the function behaved differently in different browser?
or do you have any ideas that I can debug this checkResource? it looked like 
checkResource
function started and never finished..
a
It's surprising! I would've expected it to work in all modern browsers. We don't do any browser-based testing at the moment but it sounds like we might need to 😕 As far as debugging goes, I would be tempted to dig into 
node_modules/@cerbos/embedded/lib/bundle.js
and chuck some 
console.log
statements into the 
checkResources
method there. Maybe the 
download
and 
instantiateStreaming
functions as well. Hopefully that might narrow down where it is hanging.
t
thanks for the tips lets me check it
I tried to add logs in this repo and my own repo but nothing was printed in the console I've restarted both app as well Is there anything I might have overlooked
h
you can try running it with 
--force
flag so that vite ignores the build cache
1
t
the log stopped before line 31
a
Interesting, so 
instantiate
is hanging?
1
t
the last log was from line 134
yes it hung at 
instantiate
a
Very strange. I'll see if the same thing happens for me in Firefox (I am on macOS but hopefully it behaves the same as on Linux)
🙏 1
t
fyi this is the version of Firefox I'm using
with this firefox, there is no issue with this cerbos repo all work fine the issue only happened in my own repo, not sure what is the root cause..
a
Ok so, I created a minimal script to check that the browser can download and instantiate the wasm module.
Copy code
bundleUrl = "<https://lite.cerbos.cloud/bundle?workspace=P2L30LRNW40G&label=5cd4136b20fda5d37a12aad519a745dcac21758883dc5ca23ab6394f7002c225>"
response = fetch(bundleUrl)
await WebAssembly.instantiateStreaming(response, { env: { now: () => 0 } })
(you can use your own bundle URL or borrow mine 🙂) I pasted that in the devtools console in both Chrome and Firefox, and it works in both browsers. Does that script work for you or does it also hang? You'll need to have the console open on a site that doesn't have a content security policy blocking the request (google.com works).
t
it does not hang i've tried with your bundle url and mine
😮 1
and these are the 3 cerbos packages i installed not sure if it gives any impact as I noticed that this cerbos repo used different version...
so it hung at line 135..
a
Hmmm... how close together are those log lines in your screenshot above? Is it possibly stuck in a loop? Maybe it is actually getting aborted rather than hanging. You could add
Copy code
signal.addEventListener("abort", () => { console.log("aborted") });
to the 
download
method of 
AutoUpdatingLoader
in 
lib/loader.js
to check
t
I've added the console.log in 
download
method, but no log was printed
these are the logs no log was printed after line 134
I tried again with your script in the console. It seems to be hanging.
now it finally works in firefox developer edition version🎆 not sure why it still fails in normal firefox browser
I will remove all the console.log statement and test again
@Andrew Haines (Cerbos) Does this mean that WebAssembly.instantiateStreaming() will only work on some pages? Without correct CSP(Content Security Policy), cerbos may not work?
ksnip_20240920-085513.png
a
Yes, that's correct; the CSP must be correct to allow both fetching bundles (
connect-src <https://lite.cerbos.cloud>
) and executing them (
script-src 'wasm-unsafe-eval'
).
4 Views
Open in Slack
PreviousNext
Powered by