Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Laravel Passport keys not available in Lambda #1667

Open
Rezrazi opened this issue Oct 17, 2023 · 10 comments
Open

Laravel Passport keys not available in Lambda #1667

Rezrazi opened this issue Oct 17, 2023 · 10 comments
Labels

Comments

@Rezrazi
Copy link

Rezrazi commented Oct 17, 2023

Description:

Having Passport installed, and following the instructions described here https://bref.sh/docs/laravel/passport
I'm unable to get Passport working, throwing an exception: Invalid key supplied

Investigation so far:

  • serverless.yml is updated to include oauth keys into the bundle
  • Downloading the zip manually from S3 does indeed show the keys being included in the bundle (cf. screenshot)
  • Dumping the contents from inside the Lambda
        $tmp = Storage::build('/tmp');

        dd(
            $tmp->allFiles(),
            $tmp->allDirectories(),
            storage_path(),
            shell_exec(
                'ls -la ' . storage_path()
            )
        );

CleanShot 2023-10-17 at 22 00 41@2x

CleanShot 2023-10-17 at 21 54 16@2x

How to reproduce:

  • Install Laravel
  • Install laravel/passport
  • Generate passport keys and persist them in serverless.yml
  • Deploy
@Rezrazi Rezrazi added the bug label Oct 17, 2023
@GrahamCampbell
Copy link
Contributor

Probably you should not try to store the private key in plain text in the lambda image, but instead load it via secrets manager into an env variable at runtime.

@mnapoli
Copy link
Member

mnapoli commented Oct 20, 2023

Note that this is indeed a regression with the Bref bridge v2.

It's because the BrefServiceProvider sets storage_path to /tmp/storage now. We may want to copy any file in storage/ being deployed into /tmp/storage (that's what we do in the Symfony bridge for example). Or maybe there's a better alternative to imagine.

@Rezrazi
Copy link
Author

Rezrazi commented Oct 20, 2023

@GrahamCampbell Yeah, I did end up doing that. I was experimenting with an existing app when I noticed this behavior

@mnapoli sorry if I'm not too knowledgeable with Bref v1, but was there any particular reason to put internals in a /tmp/storage path?

@mnapoli
Copy link
Member

mnapoli commented Oct 22, 2023

@Rezrazi anything outside /tmp is read-only, so it was creating problems when using the Laravel cache.

@wojo1206
Copy link
Contributor

wojo1206 commented Jan 9, 2024

Probably you should not try to store the private key in plain text in the lambda image, but instead load it via secrets manager into an env variable at runtime.

Please remember that lambda ENV has 4K limit! RSA keypair generated by php artisan passport:keys could easily meet the limit.

@wojo1206
Copy link
Contributor

wojo1206 commented Jan 10, 2024

I followed the documentation for Laravel Passport setup. I think the documentation isn't clear or the solution for this still work in progress. My setup (as described in docs):

# serverless.yml

package:
    patterns:
        - ...
        # Exclude the 'storage' directory
        - '!storage/**'
        # Except the public and private keys required by Laravel Passport
        - 'storage/oauth-private.key'
        - 'storage/oauth-public.key' 

On serverless deploy they keys are being copied into storage/ path not to /tmp/storage as one might expect! Luckily, Passport can adjust the path with Passport::loadKeysFrom('storage');

@mnapoli
Copy link
Member

mnapoli commented Jan 10, 2024

Thanks for sharing the workaround! If you have the time for a pull request (https://github.com/brefphp/bref/blob/master/docs/laravel/passport.mdx) that would be awesome!

@wojo1206
Copy link
Contributor

I don't know if the behavior I observed is expected. Maybe on deploy bref could copy contents of package (as defined in serverless.yml) into /tmp/storage and never use storage? Right now, bref maintains two storage paths.

@mnapoli
Copy link
Member

mnapoli commented Jan 11, 2024

Ideally it should copy the files, yes. But that's not implemented right now, so in the meantime mentioning the trick in the documentation is the best option I think.

@maulikpatelbtech
Copy link

@mnapoli Please let me know if you've discovered a method to copy any file located in storage/ to be deployed into /tmp/storage.

Note that this is indeed a regression with the Bref bridge v2.

It's because the BrefServiceProvider sets storage_path to /tmp/storage now. We may want to copy any file in storage/ being deployed into /tmp/storage (that's what we do in the Symfony bridge for example). Or maybe there's a better alternative to imagine.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

5 participants