by

Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • 16:25
    Jotschi synchronize #1108
  • 16:25

    Jotschi on dev-mdm

    Fix mock (compare)

  • 16:17
    Jotschi synchronize #1108
  • 16:17

    Jotschi on dev-mdm

    Fix demo dump generator (compare)

  • 15:35
    Jotschi opened #1108
  • 15:34

    Jotschi on dev-mdm

    Add HibUser Rework HibElement, HibCoreEleme… Add DAO Actions and 5 more (compare)

  • 15:34

    Jotschi on dev-mdm-dao-rework-merge

    Extract methods from Tag Extract methods from TagFamily Merge branch 'dev-mdm' of githu… (compare)

  • 15:23

    Jotschi on dev-mdm-dao-rework-merge

    Fix regressions (compare)

  • 15:11

    Jotschi on dev-mdm-dao-rework

    Fix last compile error. Pew.. (compare)

  • 14:38

    Jotschi on dev-mdm-dao-rework

    Use page instead of transformab… (compare)

  • 13:38

    philippguertler on dev-mdm

    Extract methods from TagFamily (compare)

  • 12:48

    Jotschi on dev-mdm-dao-rework

    Refactor dao actions (compare)

  • 10:33

    Jotschi on dev-mdm-dao-rework

    Add DAO Actions (compare)

  • 09:41

    philippguertler on dev-mdm

    Extract methods from Tag (compare)

  • 06:45
    Jotschi closed #1085
  • 06:45
    Jotschi commented #1107
  • 06:45

    Jotschi on dev

    add os check before unix utils … Merge pull request #1107 from j… (compare)

  • 06:45
    Jotschi closed #1107
  • 06:41
    jurbunic opened #1107
  • Aug 10 20:01

    Jotschi on dev-mdm-dao-rework

    Rework HibElement, HibCoreEleme… (compare)

kannangan
@kannangan
@Jotschi thanks a lot for your fast reply and valuable info.I''m so glad. So, i can link mesh as an API at back end using JSON if i'm not wrong?. https://getmesh.io/docs/api/# . Where and how can i use the JSON and these get and post requests. should i download any other softwares for writing JSON queries.
Johannes Schüth
@Jotschi
@kannangan This page contains a good introduction into the API and how to use it (including graphql and file uploads / downloads)
https://getmesh.io/docs/guides/mesh-api-intro/
I recommend to use https://insomnia.rest/ to communicate with Mesh. You can however also use pure CURL if you like.
We also have a ready to use workspace which you can import into insomnia: https://getmesh.io/docs/references/#_insomnia
René Calles
@ReneVolution
@Jotschi Absolutely. Where does that limitation actually come from? Is this to prevent validation cycles or the like?
Johannes Schüth
@Jotschi

@ReneVolution Actually I'm not 100% sure. Initially Mesh did not have GraphQL and I suspect we did not want to support ways to promote overfetching.

I'm not aware of any hard limitation towards nesting micronodes.
It could be as simple as removing the two case checks in https://github.com/gentics/mesh/blob/dev/core/src/main/java/com/gentics/mesh/core/data/node/impl/MicronodeImpl.java#L209

I suspect a few tests would and Elasticsearch index handling would need to be adapted.
But I have not looked into this in-depth.
As for binaries the limitation is purely because of the way how binaries are uploaded. You would need to specify the path to the binary field. I have however also ideas how to handle this.
If you need this feature you can always contact us for an extension request via https://getmesh.io/services/
René Calles
@ReneVolution
Thanks @Jotschi for these insights. That is very helpful.
Dan Opitz
@DanOpi
We're facing an issue with a custom plugin and was hoping someone may have some insight or debug steps to help get us further. We've been using a custom authentication plugin and it's been working in multiple environments just fine for 6+ months. Just recently one of our environments started to face issues even though, from what we can tell, the configurations are the exact same. We've double checked that the plugin folder has our jar as well as config.yml. Also checked that Mesh is using the correct plugin dir with MESH_PLUGIN_DIR. Checked that our custom public key is set as well in the public-keys.json file. Can see the plugin get loaded in the mesh logs at start up. When we try and login we get a Could not authenticate token. followed by a java.lang.RuntimeException: Signature verification failed and finally a Got failure with 401 code.
We also see the key printed out in the logs and that key matches what we have set in the public-keys.json and our auth providers public key. It doesn't seem like it's even getting to the custom auth plugin as I'm not seeing any of the log statements from the plugin that we see in other environments. Any ideas?
Anant Jain
@anantjain6
Screenshot (193).png
In my config when I set startServer to true. I get these error
Johannes Schüth
@Jotschi
@DanOpi Please be aware that the Could not authenticate token. message may be printed since the regular Mesh JWT handler is unable to validate the token. The token gets passed to a chain of auth handlers and one of those is resposible to validate the tokens which have been issued by Gentics Mesh itself. When you pass a JWT from keycloak this handler in the chain will fail and print the message. In this case the token will be validated next by the OAuth / Keycloak JWT handler. See https://getmesh.io/docs/plugin-types/auth-service-plugin/#_flow for a detailed description of this process. Please also check whether the public key is still valid. Some auth providers may generate dynamically new public keys.
@anantjain6 I suspect you have opened your mesh instance twice or have copied an already opened mesh instance.
René Calles
@ReneVolution
Hello, when using the event bus to listen for mesh.node.updated events, is there a way to identify the dirty fields? I am specifically interested in changes of a binary field update.
René Calles
@ReneVolution
Oh, just found this and seem to answer my question already. gentics/mesh#963
Dan Opitz
@DanOpi
@Jotschi yeah we're used to seeing the Could not authenticate token. message as the regular Mesh JWT handler isn't able to validate the token. We normally see this however it's quickly followed by the next JWT handler and then our custom auth plugin to do the mappings. However in this one environment it's not falling through to the next chain of auth handlers and therefore not getting to our custom auth plugin/mapping logic. We just see the Got failure with 401 code. Probably hard to debug without actually looking at everything but was curious if anyone here would have any ideas. We've double checked the public key matches our current configuration files. From what we can tell the configs are the same but this one environment is being finicky for whatever the reason.
Johannes Schüth
@Jotschi
@ReneVolution Exactly. Another option would be to include the cause of the mesh.node.updated event. I'm not sure whether it is included but we have something like this internally in use. Anyhow.. If it is not included it would need to be updated. Another option to solve your usecase would be the planned binary storage plugin API. This could be used to trigger operations whenever a binary gets updated. But so far I think this is still an open task.
@DanOpi Hm I see. Yes debugging JWT issues is currently a pita. I wanted to add extra log messages in various places to make this easier. We unfortunately have to prioritize other tasks at the moment. But my plan is still to throw in a bit more logs to make this easier when I get to it.
René Calles
@ReneVolution
@Jotschi I am at least not seeing anything like a cause in the mesh.node.updated event. But would definitely be interested :). What would be need to activate this on our instance? Is it like a config flag? Or a plugin?
Johannes Schüth
@Jotschi
@ReneVolution Ah sorry. I thought that origin would contain a root / reason. Instead that contains the name of the clustered node from which that event originates.
The event for binaries is dispatches here: https://github.com/gentics/mesh/blob/dev/core/src/main/java/com/gentics/mesh/core/endpoint/node/BinaryUploadHandler.java#L368
So the "new" event would also need to be added there for example. Or in the storage API. Both small tasks (thus the issue was tagges with quickwin).
Another option would be to just include a "reason" or "cause" flag in the mesh.node.updated event.
I think it would make sense to solve that task in combination with the S3 support task.
René Calles
@ReneVolution
@Jotschi Yes - I think that would be great. I think it is always helpful to know what changed as this can potentially used to trigger any downstream tasks very effectively. For the meantime I guess the best option would be track this just on my own.
Dan Opitz
@DanOpi
@Jotschi do you happen to know if the JWT Handlers pull directly from that public-keys.json file each time or is stored in cache/memory/DB somewhere? We're thinking it maybe pulling an older public key and not the updated one.
Johannes Schüth
@Jotschi
@DanOpi The public-keys.json file is only loaded at the start. A dedicated JWT decoder is created for each entry in the file. Via plugins you can update the list of public-keys and mesh will update the JWT decoder list whenever it detects changes in the internal list of public keys.
Plugins can thus dynamically alter the public keys list.
kannangan
@kannangan
@Jotschi maz i know how to link my frontend app with gentics mesh at back end and make it editable cms platform. should it be done by docker?
may
kannangan
@kannangan
@Jotschi i meant, I already have a front end website created using Groovy platform. i wanted to know how can i load the website in gentics mesh and communicate via API requestes from insomnia
Johannes Schüth
@Jotschi
@kannangan If you have a SPA or similar app I recommend to use either CORS and access the Gentics Mesh API this way or to use an nginx and proxy the Mesh API in a subpath of your webserver (e.g. /api/)
Johannes Schüth
@Jotschi
@/all We have just released Gentics Mesh 1.6.0 - https://getmesh.io/docs/changelog/#v1.6.0
domano
@domano

Hey guys! I am thinking about using gentics mesh for a new customer project of ours. I have a few questions:

  1. Do you have a process regarding security vulnerabilities?
  2. Is there some documented instance of you fixing vulnerabilities after they were reported?

Also wanted to say that i am very impressed with mesh so far! I'll be sure to give it a spin either way

Johannes Schüth
@Jotschi
@domano We have a policy for dealing with security issues: https://getmesh.io/docs/security/#_vulnerability_disclosure_policy - I have fixed a permission issue in the graphql perm handling which was reported here: gentics/mesh#1074
@flobauer I have fixed the permission issue in release 1.6.0 - The expected behaviour on node permissions is now also documented in our docs.
Johannes Schüth
@Jotschi
@domano Another issue that was fixed was the disclosure of server tokens. We added a setting in order to control whether server tokens should be included. https://getmesh.io/docs/changelog/#v1.4.7 - That issue was found and reported during a security review.
domano
@domano
Thanks! This should suffice. Also can i use your logo for an architecture diagram in which i propose your cms as part of our solution? This would be for our offer for said customer
Johannes Schüth
@Jotschi
Sure
domano
@domano
Cool, thanks for the quick response :) Looking forward to using mesh if all goes well
kannangan
@kannangan
@Jotschi do i need to structure my website or an application to same as demo project so that we can bind with Mesh APiäs or is it okay to be with any structure?
i mean structured in a way and bind the data structure to my own frontend components
Johannes Schüth
@Jotschi
@kannangan That depends on what tech stack your frontend is using.
kannangan
@kannangan
mine is grails tech stack @Jotschi
Johannes Schüth
@Jotschi
@kannangan I'm not familiar with grail. But I assume thats server side code and thus you would need a rest client to connect to Gentics Mesh.
tgnstr
@tillganster
@DanOpi Dont know if it helps but we had a similiar issue. Same behaviour as you stated: it worked for sometime and than eventually we got this Could not authenticate token. And the plugin was not invoked anymore. The problem was that the jwk-keys contained keys which where from other type than RSA. Gentics-Mesh ran into an error (unfortunatly the error was not logged and we had to debug with source to find the problem) and stopped the jwt handling. Filtering the keys for rsa keys solved the issue. Maybe this helps.
Philipp Gortan
@mephinet
@kannangan I'm not sure if I read your question correctly, but I'd put it this way: given that we're talking about a web application running on a server: for every request it receives, your application needs to have some way to calculate which request(s) it needs to make to Mesh. This method can contain any logic you like - but probably the simplest logic possible is to directly map request URLs to webroot paths and fetch data via GraphQL's path query or alternatively via REST. This approach requires you to create container nodes for every "directory" and a node for every "page" of your URL structure. Does this answer your question?