unleash: no auth is not working for frontend endpoint

Describe the bug

when using locally the unleash-server:v4.20.0 with the environment AUTH_TYPE:NONE the /api/client/... endpoints work fine with no auth needed, this allows us to run locally unleash and test stuff without the need to provide a valid API token but the /api/frontend for the client SDK still needs to pass auth header with a valid frontend API key.

this makes using unleash for local mode client testing very inconvenient, as each developer will need to spin up a local unleash server, login, and create a frontend token. we wanted to reduce those steps by providing AUTH_TYPE:NONE

Steps to reproduce the bug

sping unleash up with docker compose:

    unleash-db:
        container_name: unleash-db
        image: postgres:13.5-alpine3.14
        environment:
            POSTGRES_PASSWORD: "unleash"
            POSTGRES_USER: "unleash"
            POSTGRES_DB: "unleash"
            PGUSER: "unleash"
        healthcheck:
            test: [ "CMD", "pg_isready", "--username=unleash", "--host=127.0.0.1", "--port=5432" ]
            interval: 2s
            timeout: 1m
            retries: 5
            start_period: 5s

    unleash:
        container_name: unleash
        image: unleashorg/unleash-server:4.20.0
        ports:
            - "4242:4242"
        environment:
            DATABASE_HOST: "unleash-db"
            DATABASE_NAME: "unleash"
            DATABASE_USERNAME: "unleash"
            DATABASE_PASSWORD: "unleash"
            DATABASE_SSL: "false"
            LOG_LEVEL: "debug"
            ENABLED_ENVIRONMENTS: "default"
            AUTH_TYPE: "NONE"
        healthcheck:
            test: [ "CMD", "nc",  "-z", "unleash-db", "5432" ]
            interval: 1s
            timeout: 1m
            retries: 5
            start_period: 10s
        depends_on:
            - unleash-db

simple curl that works fine:

curl http://localhost:4242/api/client/features

curl the frontend endpoint to see the error:

curl 'http://localhost:4242/api/frontend?appName=dima&environment=default'

this endpoint is not working and also there are errors on the unleash server:

[2023-01-27T06:47:47.709] [WARN] controller/ProxyController - Cannot destructure property 'type' of 'undefined' as it is undefined.
[2023-01-27T06:47:47.709] [ERROR] controller/ProxyController - Server failed executing request TypeError: Cannot destructure property 'type' of 'undefined' as it is undefined.
    at Function.assertExpectedTokenType (/unleash/node_modules/unleash-server/dist/lib/services/proxy-service.js:78:38)
    at ProxyService.clientForProxyToken (/unleash/node_modules/unleash-server/dist/lib/services/proxy-service.js:52:22)
    at ProxyService.getProxyFeatures (/unleash/node_modules/unleash-server/dist/lib/services/proxy-service.js:25:35)
    at ProxyController.getProxyFeatures (/unleash/node_modules/unleash-server/dist/lib/routes/proxy-api/index.js:99:56)
    at /unleash/node_modules/unleash-server/dist/lib/routes/controller.js:37:23
    at Layer.handle [as handle_request] (/unleash/node_modules/express/lib/router/layer.js:95:5)
    at next (/unleash/node_modules/express/lib/router/route.js:144:13)
    at validateMiddleware (/unleash/node_modules/@unleash/express-openapi/lib/validate.js:105:14)
    at validSchemaMiddleware (/unleash/node_modules/@unleash/express-openapi/index.js:71:14)
    at Layer.handle [as handle_request] (/unleash/node_modules/express/lib/router/layer.js:95:5)
    at next (/unleash/node_modules/express/lib/router/route.js:144:13)
    at /unleash/node_modules/unleash-server/dist/lib/routes/controller.js:13:16
    at Layer.handle [as handle_request] (/unleash/node_modules/express/lib/router/layer.js:95:5)
    at next (/unleash/node_modules/express/lib/router/route.js:144:13)
    at Route.dispatch (/unleash/node_modules/express/lib/router/route.js:114:3)
    at Layer.handle [as handle_request] (/unleash/node_modules/express/lib/router/layer.js:95:5) {
  isJoi: true
}

Expected behavior

when making AUTH_TYPE:OPEN_SOURCE and making the curl command (with the frontend auth token) it works fine and returns the toggles the expected behavior is when using AUTH_TYPE:NONE the frontend endpoint should not require a token

Logs, error output, etc.

No response

Screenshots

No response

Additional context

No response

Unleash version

No response

Subscription type

Open source

Hosting type

Self-hosted

SDK information (language and version)

No response

About this issue

Original URL
State: closed
Created a year ago
Comments: 22 (12 by maintainers)

Commits related to this issue

docs: describe frontend API tokens This change adds a mention of frontend API tokens to the docs. We've had this functionality for a while, but it appears not to have been documented. Realized this ... — committed to Unleash/unleash by thomasheartman 6 months ago
docs: describe frontend API tokens (#5784) This change adds a mention of frontend API tokens to the docs. We've had this functionality for a while, but it appears not to have been documented. Re... — committed to Unleash/unleash by thomasheartman 6 months ago

Most upvoted comments

Little update: @daveleek has opened #5806, which should fix this when it’s ready, so you can check in with that issue to know what’s up 😄

thomasheartman on Jan 9, 2024