感谢您提交错误报告。 请填写下面的模板,否则我们将无法处理此错误报告。
概括
用几句话总结一下问题:我正在尝试在同一个 lorawan-stack 实例上创建:
- 用于生产环境的第一个应用程序 + webhook(标准数据交换)
- 用于微控制器设备固件更新的 2'd 应用程序 + webhook
- 相同的终端设备属于两个应用程序(相同的名称/eui - 其他应用程序 eui/keys)
在对一个应用程序执行完全初始化后,它看起来会覆盖先前 webhook 的访问权限(它报告没有访问权限 - 服务器控制台上的状态 403)
重现步骤
我们如何重现问题?为固件升级创建 ap2 并为其创建 webhook:
ttn-lw-cli end-devices create ap2 dv1 \
--dev-eui 00217E00000003FF \
--app-eui 800000000000008C \
--frequency-plan-id EU_863_870 \
--root-keys.app-key.key 852BAEC23EAE7964AF27C325F4C23C9A \
--lorawan-version 1.0.2 \
--lorawan-phy-version 1.0.2-b
{
"ids": {
"device_id": "dv1",
"application_ids": {
"application_id": "ap2"
},
"dev_eui": "00217E00000003FF",
"join_eui": "800000000000008C"
},
"created_at": "2019-06-26T07:49:08.966Z",
"updated_at": "2019-06-26T07:49:09.197889667Z",
"attributes": {
},
"network_server_address": "localhost",
"application_server_address": "localhost",
"join_server_address": "localhost",
"lorawan_version": "1.0.2",
"lorawan_phy_version": "1.0.2-b",
"frequency_plan_id": "EU_863_870",
"supports_join": true,
"root_keys": {
"app_key": {
"key": "852BAEC23EAE7964AF27C325F4C23C9A"
}
}
}
ttn-lw-cli applications api-keys create \
--name link \
--application-id ap2 \
--right-application-link
INFO API key ID: LHUIKUKWZ62A2LXUYP4ZFC54423D3A3J36G33JY
INFO API key value: NNSXS.LHUIKUKWZ62A2LXUYP4ZFC54423D3A3J36G33JY.NGYQQRDUJW36KJC3UP6PZYP2DNUYZTGISDJEXACL2TB5BB5EWQCA
WARN The API key value will never be shown again
WARN Make sure to copy it to a safe place
{
"id": "LHUIKUKWZ62A2LXUYP4ZFC54423D3A3J36G33JY",
"key": "NNSXS.LHUIKUKWZ62A2LXUYP4ZFC54423D3A3J36G33JY.NGYQQRDUJW36KJC3UP6PZYP2DNUYZTGISDJEXACL2TB5BB5EWQCA",
"name": "link",
"rights": [
"RIGHT_APPLICATION_LINK"
]
}
ttn-lw-cli applications link set ap2 --api-key NNSXS.LHUIKUKWZ62A2LXUYP4ZFC54423D3A3J36G33JY.NGYQQRDUJW36KJC3UP6PZYP2DNUYZTGISDJEXACL2TB5BB5EWQCA
{
"api_key": "NNSXS.LHUIKUKWZ62A2LXUYP4ZFC54423D3A3J36G33JY.NGYQQRDUJW36KJC3UP6PZYP2DNUYZTGISDJEXACL2TB5BB5EWQCA"
}
ttn-lw-cli applications api-keys create --name wh-client --application-id ap2 --right-application-link --right-application-all --right-application-delete --right-application-devices-read --right-application-devices-read-keys --right-application-devices-write --right-application-devices-write-keys --right-application-info --right-application-link --right-application-settings-api-keys --right-application-settings-basic --right-application-settings-collaborators --right-application-traffic-down-write --right-application-traffic-read --right-application-traffic-up-write
INFO API key ID: CLCIYOYYEDPLJSSWRNMYS5KCDI45HOE6M3WZIDY
INFO API key value: NNSXS.CLCIYOYYEDPLJSSWRNMYS5KCDI45HOE6M3WZIDY.E6DXAAZ4HSX2V6VL7C3244HGNKBO24SEROTXOZURJHWWOMWZQSPA
WARN The API key value will never be shown again
WARN Make sure to copy it to a safe place
{
"id": "CLCIYOYYEDPLJSSWRNMYS5KCDI45HOE6M3WZIDY",
"key": "NNSXS.CLCIYOYYEDPLJSSWRNMYS5KCDI45HOE6M3WZIDY.E6DXAAZ4HSX2V6VL7C3244HGNKBO24SEROTXOZURJHWWOMWZQSPA",
"name": "wh-client",
"rights": [
"RIGHT_APPLICATION_DEVICES_WRITE",
"RIGHT_APPLICATION_DEVICES_READ",
"RIGHT_APPLICATION_TRAFFIC_DOWN_WRITE",
"RIGHT_APPLICATION_SETTINGS_BASIC",
"RIGHT_APPLICATION_DEVICES_WRITE_KEYS",
"RIGHT_APPLICATION_INFO",
"RIGHT_APPLICATION_SETTINGS_API_KEYS",
"RIGHT_APPLICATION_SETTINGS_COLLABORATORS",
"RIGHT_APPLICATION_TRAFFIC_READ",
"RIGHT_APPLICATION_TRAFFIC_UP_WRITE",
"RIGHT_APPLICATION_DELETE",
"RIGHT_APPLICATION_LINK",
"RIGHT_APPLICATION_ALL",
"RIGHT_APPLICATION_DEVICES_READ_KEYS"
]
}
ttn-lw-cli applications webhooks set \
--application-id ap2 \
--webhook-id fwup \
--format json \
--base-url http://192.168.0.8/IoT/ \
--join-accept.path lorafw.php \
--uplink-message.path lorafw.php
{
"ids": {
"application_ids": {
"application_id": "ap2"
},
"webhook_id": "fwup"
},
"created_at": "2019-06-26T07:54:51.099460917Z",
"updated_at": "2019-06-26T07:54:51.099460917Z",
"base_url": "http://192.168.0.8/IoT/",
"format": "json",
"uplink_message": {
"path": "lorafw.php"
},
"join_accept": {
"path": "lorafw.php"
}
}
测试:
curl http://localhost:1885/api/v3/as/applications/ap2/webhooks/fwup/devices/dv1/down/push -X POST -H 'Authorization: Bearer NNSXS.CLCIYOYYEDPLJSSWRNMYS5KCDI45HOE6M3WZIDY.E6DXAAZ4HSX2V6VL7C3244HGNKBO24SEROTXOZURJHWWOMWZQSPA' --data '{"downlinks":[{"frm_payload":"vu8=","f_port":15,"priority":"NORMAL"}]}'
Webhooks 现在可以正常工作
为生产环境创建ap3:
*正常工作*
**ttn-lw-cli applications create ap3 --user-id admin**
{
"ids": {
"application_id": "ap3"
},
"created_at": "2019-07-06T09:45:28.540Z",
"updated_at": "2019-07-06T09:45:28.540Z"
}
**ttn-lw-cli end-devices create ap3 dv1 \
--dev-eui 00217E00000003FF \
--app-eui 100000000000001C \
--frequency-plan-id EU_863_870 \
--root-keys.app-key.key 152BAEC23EAE7964AF27C325F4C23C9A \
--lorawan-version 1.0.2 \
--lorawan-phy-version 1.0.2-b**
{
"ids": {
"device_id": "dv1",
"application_ids": {
"application_id": "ap3"
},
"dev_eui": "00217E00000003FF",
"join_eui": "100000000000001C"
},
"created_at": "2019-07-06T09:46:16.897Z",
"updated_at": "2019-07-06T09:46:17.144655816Z",
"attributes": {
},
"network_server_address": "localhost",
"application_server_address": "localhost",
"join_server_address": "localhost",
"lorawan_version": "1.0.2",
"lorawan_phy_version": "1.0.2-b",
"frequency_plan_id": "EU_863_870",
"supports_join": true,
"root_keys": {
"app_key": {
"key": "852BAEC23EAE7964AF27C325F4C23C9A"
}
}
}
**ttn-lw-cli applications api-keys create \
--name link \
--application-id ap3 \
--right-application-link**
INFO API key ID: 77EPVZXEKOCAD7G6G4UGAKERJGNL3MHNYIWA7YI
INFO API key value: NNSXS.77EPVZXEKOCAD7G6G4UGAKERJGNL3MHNYIWA7YI.UFJ2Y5ITTD6DKTMIPSH3UOUMVGPAIOGBQGF547KWPCAZ6WZE6VXQ
WARN The API key value will never be shown again
WARN Make sure to copy it to a safe place
{
"id": "77EPVZXEKOCAD7G6G4UGAKERJGNL3MHNYIWA7YI",
"key": "NNSXS.77EPVZXEKOCAD7G6G4UGAKERJGNL3MHNYIWA7YI.UFJ2Y5ITTD6DKTMIPSH3UOUMVGPAIOGBQGF547KWPCAZ6WZE6VXQ",
"name": "link",
"rights": [
"RIGHT_APPLICATION_LINK"
]
}
**ttn-lw-cli applications link set ap3 --api-key NNSXS.77EPVZXEKOCAD7G6G4UGAKERJGNL3MHNYIWA7YI.UFJ2Y5ITTD6DKTMIPSH3UOUMVGPAIOGBQGF547KWPCAZ6WZE6VXQ**
{
"api_key": "NNSXS.77EPVZXEKOCAD7G6G4UGAKERJGNL3MHNYIWA7YI.UFJ2Y5ITTD6DKTMIPSH3UOUMVGPAIOGBQGF547KWPCAZ6WZE6VXQ"
}
**ttn-lw-cli applications api-keys create --name wh-client --application-id ap3 --right-application-link --right-application-all --right-application-delete --right-application-devices-read --right-application-devices-read-keys --right-application-devices-write --right-application-devices-write-keys --right-application-info --right-application-link --right-application-settings-api-keys --right-application-settings-basic --right-application-settings-collaborators --right-application-traffic-down-write --right-application-traffic-read --right-application-traffic-up-write**
INFO API key ID: JIXW5XX3UITDZASY4L4A3FZ4Z53YF2S63ZASO3Y
INFO API key value: NNSXS.JIXW5XX3UITDZASY4L4A3FZ4Z53YF2S63ZASO3Y.7TDNWLRAKDETDFJXHVWHYQ3J47CDD7SRQR66FGT7F72BHTZMSYGQ
WARN The API key value will never be shown again
WARN Make sure to copy it to a safe place
{
"id": "JIXW5XX3UITDZASY4L4A3FZ4Z53YF2S63ZASO3Y",
"key": "NNSXS.JIXW5XX3UITDZASY4L4A3FZ4Z53YF2S63ZASO3Y.7TDNWLRAKDETDFJXHVWHYQ3J47CDD7SRQR66FGT7F72BHTZMSYGQ",
"name": "wh-client",
"rights": [
"RIGHT_APPLICATION_TRAFFIC_READ",
"RIGHT_APPLICATION_SETTINGS_API_KEYS",
"RIGHT_APPLICATION_DEVICES_READ",
"RIGHT_APPLICATION_SETTINGS_BASIC",
"RIGHT_APPLICATION_DEVICES_READ_KEYS",
"RIGHT_APPLICATION_TRAFFIC_DOWN_WRITE",
"RIGHT_APPLICATION_ALL",
"RIGHT_APPLICATION_INFO",
"RIGHT_APPLICATION_LINK",
"RIGHT_APPLICATION_SETTINGS_COLLABORATORS",
"RIGHT_APPLICATION_TRAFFIC_UP_WRITE",
"RIGHT_APPLICATION_DEVICES_WRITE_KEYS",
"RIGHT_APPLICATION_DELETE",
"RIGHT_APPLICATION_DEVICES_WRITE"
]
}
**ttn-lw-cli applications webhooks set \
--application-id ap3 \
--webhook-id production \
--format json \
--base-url http://192.168.0.8/IoT/ \
--join-accept.path join.php \
--uplink-message.path up.php**
{
"ids": {
"application_ids": {
"application_id": "ap3"
},
"webhook_id": "production"
},
"created_at": "2019-07-06T09:57:36.729241177Z",
"updated_at": "2019-07-06T09:57:36.729241177Z",
"base_url": "http://192.168.0.8/IoT/",
"format": "json",
"uplink_message": {
"path": "up.php"
},
"join_accept": {
"path": "join.php"
}
}
**ttn-lw-cli applications api-keys create --name wh-prod --application-id ap3 --right-application-link --right-application-all --right-application-delete --right-application-devices-read --right-application-devices-read-keys --right-application-devices-write --right-application-devices-write-keys --right-application-info --right-application-link --right-application-settings-api-keys --right-application-settings-basic --right-application-settings-collaborators --right-application-traffic-down-write --right-application-traffic-read --right-application-traffic-up-write**
INFO API key ID: SC626ESUGY3E5RO2NB6NOMCPKT6SDR3MJWTAQZA
INFO API key value: NNSXS.SC626ESUGY3E5RO2NB6NOMCPKT6SDR3MJWTAQZA.VCUMNMSQQFDNBD7BSKKXEXCCMJH77254DEVTDCUICO45RDAT2TVA
WARN The API key value will never be shown again
WARN Make sure to copy it to a safe place
{
"id": "SC626ESUGY3E5RO2NB6NOMCPKT6SDR3MJWTAQZA",
"key": "NNSXS.SC626ESUGY3E5RO2NB6NOMCPKT6SDR3MJWTAQZA.VCUMNMSQQFDNBD7BSKKXEXCCMJH77254DEVTDCUICO45RDAT2TVA",
"name": "wh-prod",
"rights": [
"RIGHT_APPLICATION_DELETE",
"RIGHT_APPLICATION_LINK",
"RIGHT_APPLICATION_DEVICES_WRITE",
"RIGHT_APPLICATION_TRAFFIC_READ",
"RIGHT_APPLICATION_TRAFFIC_UP_WRITE",
"RIGHT_APPLICATION_SETTINGS_COLLABORATORS",
"RIGHT_APPLICATION_DEVICES_WRITE_KEYS",
"RIGHT_APPLICATION_TRAFFIC_DOWN_WRITE",
"RIGHT_APPLICATION_DEVICES_READ_KEYS",
"RIGHT_APPLICATION_SETTINGS_API_KEYS",
"RIGHT_APPLICATION_SETTINGS_BASIC",
"RIGHT_APPLICATION_DEVICES_READ",
"RIGHT_APPLICATION_ALL",
"RIGHT_APPLICATION_INFO"
]
}
a) AP2 应用 webhook 下行链路停止工作(下行链路 - 有访问权限问题)b) AP3 应用网络钩子开始工作c) 当修改 AP1 api-key 并在 webhook php 文件上交换它并重新启动网络服务器时 AP2 恢复工作,AP3 停止下行链路工作(下行链路 - 有访问权限问题)
操作API
你现在看到了什么?
...
你想看什么?
...
环境
不相关 Ubuntu 16/kerlink/Telit/1.0.2 Class A
...
您建议如何实施?
...
你能自己做这个并提交一个拉取请求吗?
...
ecities
所有5条评论
我可以确认我已经能够在v3.0.3上重现这个错误。 我的跑步可以在这里找到。 我会调查并返回结果。
adriansmares
于 2019-07-09
👍2
@adriansmares谢谢。
ecities
于 2019-07-09
我已经将我的v3.0.3设置迁移到最新的master并且显然在此期间该错误已得到修复。
adriansmares<strong i="8">@A98BCD2222F1</strong>:~/go/src/go.thethings.network/lorawan-stack$ git checkout master
Previous HEAD position was e8450dac8 all: Bump to version 3.0.3
Switched to branch 'master'
Your branch is up to date with 'ttn/master'.
adriansmares<strong i="9">@A98BCD2222F1</strong>:~/go/src/go.thethings.network/lorawan-stack$ curl http://localhost:1885/api/v3/as/applications/app1/webhooks/wh1/devices/dev1/down/push -X POST -H 'Authorization: Bearer NNSXS.PRF4BDQMASLMRWXTV5HRM4TQUROQAHNTDR7EZTY.JK6XNLQYXQSNCAWZHFOXG6LCBINIEMVSDPR3OIORDVQF5FJCI6YA' --data '{"downlinks":[{"frm_payload":"vu8=","f_port":15,"priority":"NORMAL"}]}'
adriansmares<strong i="10">@A98BCD2222F1</strong>:~/go/src/go.thethings.network/lorawan-stack$ curl http://localhost:1885/api/v3/as/applications/app2/webhooks/wh1/devices/dev1/down/push -X POST -H 'Authorization: Bearer NNSXS.V3ZM2DMCSFK4YEBB55WA6MMY34YXQ6SARLJS4TQ.OILYCKNO5R25HYYZB6BPOJN5XLKWQZFXOIB77TJ464IDQBQ2YI7A' --data '{"downlinks":[{"frm_payload":"vu8=","f_port":15,"priority":"NORMAL"}]}'
adriansmares<strong i="11">@A98BCD2222F1</strong>:~/go/src/go.thethings.network/lorawan-stack$ git checkout v3.0.3
Note: checking out 'v3.0.3'.
...
HEAD is now at e8450dac8 all: Bump to version 3.0.3
adriansmares<strong i="12">@A98BCD2222F1</strong>:~/go/src/go.thethings.network/lorawan-stack$ curl http://localhost:1885/api/v3/as/applications/app1/webhooks/wh1/devices/dev1/down/push -X POST -H 'Authorization: Bearer NNSXS.PRF4BDQMASLMRWXTV5HRM4TQUROQAHNTDR7EZTY.JK6XNLQYXQSNCAWZHFOXG6LCBINIEMVSDPR3OIORDVQF5FJCI6YA' --data '{"downlinks":[{"frm_payload":"vu8=","f_port":15,"priority":"NORMAL"}]}'
adriansmares<strong i="13">@A98BCD2222F1</strong>:~/go/src/go.thethings.network/lorawan-stack$ curl http://localhost:1885/api/v3/as/applications/app2/webhooks/wh1/devices/dev1/down/push -X POST -H 'Authorization: Bearer NNSXS.V3ZM2DMCSFK4YEBB55WA6MMY34YXQ6SARLJS4TQ.OILYCKNO5R25HYYZB6BPOJN5XLKWQZFXOIB77TJ464IDQBQ2YI7A' --data '{"downlinks":[{"frm_payload":"vu8=","f_port":15,"priority":"NORMAL"}]}'
error:pkg/auth/rights:no_application_rights (no rights for application `app2`)
但是我确实查看了哪些提交解决了这个问题,它们是 a2e7e4c6b8929dfd52ba62046cc70d4529c4f25e 和 fe95aafb9959e841e920eaad39eb2e39b6ed24e6
adriansmares<strong i="17">@A98BCD2222F1</strong>:~/go/src/go.thethings.network/lorawan-stack$ git checkout v3.0.3
...
HEAD is now at e8450dac8 all: Bump to version 3.0.3
adriansmares<strong i="18">@A98BCD2222F1</strong>:~/go/src/go.thethings.network/lorawan-stack$ git cherry-pick a2e7e4c6b8929dfd52ba62046cc70d4529c4f25e
[detached HEAD d8f1ee6fc] as: Use request context in webhook downlink
Author: Johan Stokking <[email protected]>
Date: Mon May 27 14:39:05 2019 +0200
4 files changed, 27 insertions(+), 4 deletions(-)
adriansmares<strong i="19">@A98BCD2222F1</strong>:~/go/src/go.thethings.network/lorawan-stack$ git cherry-pick fe95aafb9959e841e920eaad39eb2e39b6ed24e6
[detached HEAD dce35a353] as: Fill Webhook downlink queue request context
Date: Tue Jul 2 11:44:10 2019 +0200
1 file changed, 1 insertion(+), 1 deletion(-)
adriansmares<strong i="20">@A98BCD2222F1</strong>:~/go/src/go.thethings.network/lorawan-stack$ curl http://localhost:1885/api/v3/as/applications/app1/webhooks/wh1/devices/dev1/down/push -X POST -H 'Authorization: Bearer NNSXS.PRF4BDQMASLMRWXTV5HRM4TQUROQAHNTDR7EZTY.JK6XNLQYXQSNCAWZHFOXG6LCBINIEMVSDPR3OIORDVQF5FJCI6YA' --data '{"downlinks":[{"frm_payload":"vu8=","f_port":15,"priority":"NORMAL"}]}'
adriansmares<strong i="21">@A98BCD2222F1</strong>:~/go/src/go.thethings.network/lorawan-stack$ curl http://localhost:1885/api/v3/as/applications/app2/webhooks/wh1/devices/dev1/down/push -X POST -H 'Authorization: Bearer NNSXS.V3ZM2DMCSFK4YEBB55WA6MMY34YXQ6SARLJS4TQ.OILYCKNO5R25HYYZB6BPOJN5XLKWQZFXOIB77TJ464IDQBQ2YI7A' --data '{"downlinks":[{"frm_payload":"vu8=","f_port":15,"priority":"NORMAL"}]}'
由于我们没有master docker 镜像,我们是否应该有一个包含这些修复程序的v3.0.3b版本? @johanstokking @htdvisser
adriansmares
于 2019-07-09
我调查了_why_ 两次提交实际上解决了这个问题,并发现真正的原因实际上与它们没有直接关系,而是与在v3.0.3中用于权限检查的上下文在请求之间共享的事实.
在v3.0.3 ,Webhooks 组件用来检查请求权限的上下文是w.ctx ,如果我们跟进它的创建,它就是Component的上下文,然后使用FillContext填充。
https://github.com/TheThingsNetwork/lorawan-stack/blob/e8450dac84c1d7ec685121957d7e8cd4ef67c013/pkg/applicationserver/applicationserver.go#L163
这看起来无害(或至少直到今天才看到),直到您意识到其中一个上下文填充器是权限缓存,_在第一次使用后保留在上下文中_。
https://github.com/TheThingsNetwork/lorawan-stack/blob/e8450dac84c1d7ec685121957d7e8cd4ef67c013/pkg/identityserver/entity_access.go#L46 -L69
https://github.com/TheThingsNetwork/lorawan-stack/blob/e8450dac84c1d7ec685121957d7e8cd4ef67c013/pkg/identityserver/identityserver.go#L146 -L150
发生的情况是第一个请求(通过app1或app2 - 并不重要)设置了 Webhooks 上下文( w.ctx )的缓存。 w.ctx在创建时是FillContext ed,并包含身份验证缓存 - 因此在第一个请求完成后,权限保存在上下文中。
https://github.com/TheThingsNetwork/lorawan-stack/blob/e8450dac84c1d7ec685121957d7e8cd4ef67c013/pkg/identityserver/entity_access.go#L64 -L68
后续请求不再由 IS 数据库提供服务,而是从缓存中填充。 但由于发出第一个请求的 API 密钥对第二个应用程序没有权限,因此第二个请求失败。 推论是,默认情况下,不是由第一个 API 密钥发出的任何进一步请求都将失败。
TLDR:可能https://github.com/TheThingsNetwork/lorawan-stack/pull/902/commits/e6ab950fa76bc8cdbe6dc519ec71b9deed2e7231 也应该在 quickfix 版本中合并。
adriansmares
于 2019-07-09
👍1
johanstokking
于 2019-07-10
此页面是否有帮助?
0 / 5 - 0 等级
相关问题
thinkOfaNumber
·
4评论
adamsondelacruz
·
7评论
kschiffer
·
4评论
ZeroSum24
·
3评论
johanstokking
·
5评论
最有用的评论
我可以确认我已经能够在
v3.0.3上重现这个错误。 我的跑步可以在这里找到。 我会调查并返回结果。