Graphdb.js Node.js - Node Server Authentication with GraphDB

Question

I am aware that GraphDB itself provides several ways of authentication. Let's say I lock access to the GraphDB server and let only users with credentials access it. Let's say I create an authorized user with username and password.

I am using Node.js and in particular graphdb.js to establish an insecure connection. But how do I add the authentication between the communication from node server and graphdb server ? The documentation says:

If the library is going to be used against a secured server, then all API calls must be authenticated by sending an http authorization header with a token which is obtained after a call to rest/login/user_name with a password provided as a specific header. In case the server requires that requests should be authenticated, then in the ServerClientConfig and RepositoryClientConfig must be configured the username and password which to be used for the authentication. If those are provided, then the client assumes that authentication is mandatory and the login with the provided credentials is performed automatically before the first API call. After a successful login, user details which are received and the auth token are stored in the AuthenticationService. From that moment on, with every API call is sent also an authorization header with the token as value. If the token expires, then the first API call will be rejected with an http error with status 401. The client handles this automatically by re-login the user with the same credentials, updates the stored token and retries the API call. This behavior is the default and can be changed if the ServerClientConfig or RepositoryClientConfig are configured with keepAlive=false.

So what are the coding steps with sample code that need to be followed. I have not seen an example somewhere doing so. Can someone help please ?

factor5 · Accepted Answer · 2019-11-07T11:15:54.783

2

Apart from what @Konstantin Petrov said, I'd mention also that native authentication with graphdbjs is a feature which is still work in progress. You can follow the PR There will be added examples as well. Until then, one can workaround this by issuing a login request and use the authorization token returned with the response to create a RDFRepositoryClient instance configured with the authorization header and the token. An example for this is given below.

const {RepositoryClientConfig, RDFRepositoryClient} = require('graphdb').repository;
const {RDFMimeType} = require('graphdb').http;
const {SparqlJsonResultParser} = require('graphdb').parser;
const {GetQueryPayload, QueryType} = require('graphdb').query;
const axios = require('axios');

axios.post('http://localhost:7200/rest/login/admin', null, {
    headers: {
        'X-GraphDB-Password': 'root'
    }
}).then(function(token) {
    const readTimeout = 30000;
    const writeTimeout = 30000;
    const repositoryClientConfig = new RepositoryClientConfig(['http://localhost:7200/repositories/testrepo'], {
        'authorization': token.headers.authorization
    }, '', readTimeout, writeTimeout);
    const repositoryClient = new RDFRepositoryClient(repositoryClientConfig);
    repositoryClient.registerParser(new SparqlJsonResultParser());

    const payload = new GetQueryPayload()
        .setQuery('select * where {?s ?p ?o}')
        .setQueryType(QueryType.SELECT)
        .setResponseType(RDFMimeType.SPARQL_RESULTS_JSON)
        .setLimit(100);
    return repositoryClient.query(payload);
})    
.then(function(stream) {
    // here is the query response stream
})
.catch(function(error) {
    console.log('error', error);
});

edited Nov 07 '19 at 11:15

answered Nov 06 '19 at 15:04

factor5

321
2
12

I just commented there what is the status or a way to do it outside graphdbjs. But I m not sure I fully understand how to transform curl commands to node.js commands – GGEv Nov 06 '19 at 15:15
so inside the "//use the token to configure...." I should put something like the below code and do what I want insdie there ? router.get('/getallids', (req, res) => { const repositoryClientConfig = new RepositoryClientConfig(['localhost:7200/repositories/V2'], {'Authorization': token}, '', readTimeout, writeTimeout); server.getRepository('V2',repositoryClientConfig).then(repository => { repository.registerParser(new SparqlJsonResultParser()); const payload = new GetQueryPayload() – GGEv Nov 07 '19 at 08:22
I get an error by doing so: (node:14014) UnhandledPromiseRejectionWarning: Error: Request failed with status code 401 (node:14014) UnhandledPromiseRejectionWarning: Unhandled promise rejection. This error originated either by throwing inside of an async function without a catch block, or by rejecting a promise which was not handled with .catch(). (rejection id: 2) (node:14014) [DEP0018] DeprecationWarning: Unhandled promise rejections are deprecated. In the future, promise rejections that are not handled will terminate the Node.js process with a non-zero exit code. – GGEv Nov 07 '19 at 08:49
I connect to server and repository with the token but shouldn't I send it somehow within the query I want to perform when security is on and free access is off ? – GGEv Nov 07 '19 at 10:10
Hi @Evan I did some investigation on the topic and here is what I found. Currently it's not possible to configure the ServerClient with some headers and have them passed with the requests. I have created an issue about that [here](https://github.com/Ontotext-AD/graphdb.js/issues/66) and I've to thank you for pointing me to that direction :). Now on your problem. If you don't need the ServerClient for anything else than obtaining RDFRepositoryClient instance, then I'd suggest you to just create it directly. – factor5 Nov 07 '19 at 10:49
I think it might be a return statement I never had instead I started a stream inside. Your latest suggestion works like a charm with security on and free access off. Thank you Svilen (?) – GGEv Nov 07 '19 at 13:06
and what If I wanted to handle SSL connections with axios ? I already have configured my graphdb instance – GGEv Nov 08 '19 at 13:53

score 1 · Answer 2 · answered Nov 06 '19 at 13:56

When security is enabled you have to authorize the request by passing JWT token. To receive a JWT token you can send a request as user admin. All examples are with curl for simplicity, but the idea would be the same.

POST 'http://localhost:7200/rest/login/admin' -H 'X-GraphDB-Password: root' --compressed

the returned header includes the JWT token:

-H 'Authorization: GDB eyJ1c2VybmFtZSI6ImFkbWluIiwiYXV0aGVudGljYXRlZEF0IjoxNTQwODA1MTQ2MTE2fQ==.K0mo2dSa/Gw+AR995qTrsA1zJGwlfOVEaIokZnhINh0='

You can use the token in the next requests:

curl 'http://localhost:7200/rest/monitor/query/count' -H 'Authorization: GDB eyJ1c2VybmFtZSI6ImFkbWluIiwiYXV0aGVudGljYXRlZEF0IjoxNTQwODA1MTQ2MTE2fQ==.K0mo2dSa/Gw+AR995qTrsA1zJGwlfOVEaIokZnhINh0=' -H 'X-GraphDB-Repository: news' --compressed

I m not familiar with how to transform curl commands into nodejs commands, although I get the mentality of your commands. Maybe a native js code or node.js code would make it clearer to me. I am a nodejs newcomer and event the common things are not quite common for me — GGEv, Nov 06 '19 at 15:18

Graphdb.js Node.js - Node Server Authentication with GraphDB

2 Answers2