meilisearch-js-plugins icon indicating copy to clipboard operation
meilisearch-js-plugins copied to clipboard
verified publisher icon meilisearch

Instantsearch and meilisearch tokens

Open sabatale opened this issue 2 years ago • 4 comments

While running an app with ExpressJS, we started generating tokens for instant-meilisearch from the backend.

However the API key is never recognized as valid. Can you please confirm tokens work the same for instantsearch?

E.g.,

app.get("/mysearch", function (req, res) {
    const client = new MeiliSearch({ host: host, apiKey: key });
    const expiresAt = new Date(new Date().getTime() + (24 * 60 * 60 * 1000)); // Today + 24hrs

    const token = client.generateTenantToken(uuidv4(), {
      apiKey: key,
      expiresAt: expiresAt,
    })

    res.status(200).send({ token: token });
});

  const search = instantsearch({
    indexName: 'indexname',
    searchClient: instantMeiliSearch(
      host,
      token,
      {
        finitePagination: true,
      }
    ),
  })

sabatale avatar Mar 13 '23 19:03 sabatale

Hello @sabatale,

Could you please provide the code snippet used in generating your tokens? I see the one above, but it doesn't contain a search rule; the search rule is a required parameter you must pass to generate a valid tenant token.

oluademola avatar Mar 15 '23 14:03 oluademola

Hey there,

We tried using basic rules:

  /*const searchRules = {
    indexName: {
      filter: '*'
    }
  };*/

  const searchRules = {
    indexName: {
      filter: 'type = 1 AND rating = "Warning"'
    }
  };

  const token = client.generateTenantToken(uuidv4(), searchRules, {
      apiKey: meilikey,
      expiresAt: expiresAt,
    })

Generating an authorization header similar to: authorization: Bearer [36characs].[143characs].[43characs]

Resulting in:

The provided API key is invalid.

sabatale avatar Mar 15 '23 16:03 sabatale

@sabatale thank you for the additional information. Sorry if I wasn't clear with my question earlier. To help me identify the source of the problem, I need to see how the token is generated in your codebase and how you search using the token. However, here are a few possibilities you could look into:

  1. The API key used to generate the token must be a valid Meilisearch API key with access to the search action.
  2. The generated token has access to only the index specified in the search rule. For example, if you have specified patient_medical_records as the index name in your search rule, you should remember that the token generated will only be valid for this index.
  3. Verify that you're searching on the correct index as mentioned above in your front end.

Let me know your thoughts. Thanks.

oluademola avatar Mar 21 '23 08:03 oluademola

How to use with normal meilisearch.js like this ?

React.useEffect(() => {
        setLoading(true)
        searchClient.index(index).getDocument(productId)
        .then(res => {
            setLoading(false)
            setProduct(res)
        })
        .catch(err => {
            setLoading(false)
            setProduct(null)
        })
    }, [index, productId])
    ```

revskill10 avatar Apr 02 '23 10:04 revskill10