your_spotify icon indicating copy to clipboard operation
your_spotify copied to clipboard
verified publisher icon Yooooomi

Server wants admin rights on mongo db server after update

Open duracell opened this issue 2 years ago • 3 comments

Describe the bug

After updating to the current version, the server docker is not starting because of problems with authorization at the mongo db instance. I set up a specific db and user for your_spotify and I'm not sure why it wants to write at the admin db (as far as I understand). Is there anything to prevent this or fix it, hopefully without granting complete admin right to the whole mongodb instance.

Expected behavior

Don't request admin rights on the mongo db instance.

Additional context

spotify_server  | yarn run v1.22.19
spotify_server  | $ node ./lib/migrations.js
spotify_server  | [info]  Trying to connect to database at mongodb://your_spotify:password@mongo:27017/your_spotify
spotify_server  | [info]  Connected to database !
spotify_server  | /app/node_modules/mongodb/lib/cmap/connection.js:202
spotify_server  |                 callback(new error_1.MongoServerError(document));
spotify_server  |                          ^
spotify_server  |
spotify_server  | MongoServerError: not authorized on admin to execute command { getParameter: 1, featureCompatibilityVersion: 1, lsid: { id: UUID("265785cd-3a84-48ac-9f39-14900f86ea1e") }, $db: "admin" }
spotify_server  |     at Connection.onMessage (/app/node_modules/mongodb/lib/cmap/connection.js:202:26)
spotify_server  |     at MessageStream.<anonymous> (/app/node_modules/mongodb/lib/cmap/connection.js:61:60)
spotify_server  |     at MessageStream.emit (node:events:513:28)
spotify_server  |     at processIncomingData (/app/node_modules/mongodb/lib/cmap/message_stream.js:124:16)
spotify_server  |     at MessageStream._write (/app/node_modules/mongodb/lib/cmap/message_stream.js:33:9)
spotify_server  |     at writeOrBuffer (node:internal/streams/writable:391:12)
spotify_server  |     at _write (node:internal/streams/writable:332:10)
spotify_server  |     at MessageStream.Writable.write (node:internal/streams/writable:336:10)
spotify_server  |     at Socket.ondata (node:internal/streams/readable:754:22)
spotify_server  |     at Socket.emit (node:events:513:28) {
spotify_server  |   ok: 0,
spotify_server  |   code: 13,
spotify_server  |   codeName: 'Unauthorized',
spotify_server  |   [Symbol(errorLabels)]: Set(0) {}
spotify_server  | }
spotify_server  | error Command failed with exit code 1.

It seems midly similiar to #242.

duracell avatar Oct 28 '23 01:10 duracell

Hello! You need admin rights to auto upgrade mongo. I will implement a way to bypass the upgrade process through env variable.

Yooooomi avatar Nov 01 '23 20:11 Yooooomi

and how to configure it to with admin rights? even if temporarily?

glensc avatar Jan 23 '24 19:01 glensc

I got it working this way:

  • remove MONGO_INITDB_ROOT_USERNAME, MONGO_INITDB_ROOT_PASSWORD for mongo docker container
  • set MONGO_ENDPOINT=mongodb://mongo:27017/your_spotify for application container

as mongo container readme says:

Security By default Mongo's configuration requires no authentication for access, even for the administrative user. See the "MONGO_INITDB_ROOT_USERNAME, MONGO_INITDB_ROOT_PASSWORD" section below for information on how to begin securing Mongo and the MongoDB Security documentation for more detail.

  • https://hub.docker.com/_/mongo/

glensc avatar Jan 23 '24 21:01 glensc