Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Authentication #26

Open
RihanArfan opened this issue Jun 18, 2024 · 7 comments
Open

Authentication #26

RihanArfan opened this issue Jun 18, 2024 · 7 comments

Comments

@RihanArfan
Copy link

When using AI bindings, wrangler requires logging in to run the AI models on Cloudflare even during local development. However, no link is shown to authenticate in the Nuxt console.

I'm not sure whether wrangler via getPlatformProxy even exposes a way to get the link to authenticate. If you can pass wrangler's console through to the Nuxt one it should suffice.

The current workaround is to use C3 to create Workers template, add the AI binding and launch it directly through Wrangler to authenticate wrangler system wide to your Cloudflare account.

Potentially blocks nuxt-hub/core#173

 ERROR  [nuxt] [request error] [unhandled] [500] Error: Not logged in.
    at requireLoggedIn (/workspaces/nuxt-hub-core/node_modules/.pnpm/[email protected]_@[email protected]/node_modules/wrangler/src/cfetch/internal.ts:133:9)
    at performApiFetch (/workspaces/nuxt-hub-core/node_modules/.pnpm/[email protected]_@[email protected]/node_modules/wrangler/src/cfetch/internal.ts:29:2)
    at fetchInternal (/workspaces/nuxt-hub-core/node_modules/.pnpm/[email protected]_@[email protected]/node_modules/wrangler/src/cfetch/internal.ts:69:19)
    at fetchPagedListResult (/workspaces/nuxt-hub-core/node_modules/.pnpm/[email protected]_@[email protected]/node_modules/wrangler/src/cfetch/index.ts:120:16)
    at getAccountChoices (/workspaces/nuxt-hub-core/node_modules/.pnpm/[email protected]_@[email protected]/node_modules/wrangler/src/user/choose-account.tsx:19:21)
    at getAccountId (/workspaces/nuxt-hub-core/node_modules/.pnpm/[email protected]_@[email protected]/node_modules/wrangler/src/user/user.ts:1130:19)
    at AIFetcher (/workspaces/nuxt-hub-core/node_modules/.pnpm/[email protected]_@[email protected]/node_modules/wrangler/src/ai/fetcher.ts:17:20)
    at Miniflare2.#handleLoopbackCustomService (/workspaces/nuxt-hub-core/node_modules/.pnpm/[email protected]/node_modules/miniflare/src/index.ts:819:21)
    at Server.#handleLoopback (/workspaces/nuxt-hub-core/node_modules/.pnpm/[email protected]/node_modules/miniflare/src/index.ts:878:16)
  at requireLoggedIn (/workspaces/nuxt-hub-core/node_modules/.pnpm/[email protected]_@[email protected]/node_modules/wrangler/src/cfetch/internal.ts:133:9)  
  at performApiFetch (/workspaces/nuxt-hub-core/node_modules/.pnpm/[email protected]_@[email protected]/node_modules/wrangler/src/cfetch/internal.ts:29:2)  
  at fetchInternal (/workspaces/nuxt-hub-core/node_modules/.pnpm/[email protected]_@[email protected]/node_modules/wrangler/src/cfetch/internal.ts:69:19)  
  at fetchPagedListResult (/workspaces/nuxt-hub-core/node_modules/.pnpm/[email protected]_@[email protected]/node_modules/wrangler/src/cfetch/index.ts:120:16)  
  at getAccountChoices (/workspaces/nuxt-hub-core/node_modules/.pnpm/[email protected]_@[email protected]/node_modules/wrangler/src/user/choose-account.tsx:19:21)  
  at getAccountId (/workspaces/nuxt-hub-core/node_modules/.pnpm/[email protected]_@[email protected]/node_modules/wrangler/src/user/user.ts:1130:19)  
  at AIFetcher (/workspaces/nuxt-hub-core/node_modules/.pnpm/[email protected]_@[email protected]/node_modules/wrangler/src/ai/fetcher.ts:17:20)  
  at Miniflare2.#handleLoopbackCustomService (/workspaces/nuxt-hub-core/node_modules/.pnpm/[email protected]/node_modules/miniflare/src/index.ts:819:21)  
  at Server.#handleLoopback (/workspaces/nuxt-hub-core/node_modules/.pnpm/[email protected]/node_modules/miniflare/src/index.ts:878:16)  
  at process.processTicksAndRejections (node:internal/process/task_queues:95:5)  
  at Object.handler (./server/api/ai.ts:3:1)  
  at async /workspaces/nuxt-hub-core/node_modules/.pnpm/[email protected]/node_modules/h3/dist/index.mjs:1962:19  
  at async Object.callAsync (/workspaces/nuxt-hub-core/node_modules/.pnpm/[email protected]/node_modules/unctx/dist/index.mjs:72:16)  
  at async Server.toNodeHandle (/workspaces/nuxt-hub-core/node_modules/.pnpm/[email protected]/node_modules/h3/dist/index.mjs:2249:7)
@pi0
Copy link
Member

pi0 commented Jun 18, 2024

Intresting issue. /cc @dario-piotrowicz do you have some ideas?

@RihanArfan
Copy link
Author

RihanArfan commented Jun 18, 2024

When starting an application with AI bindings, it notifies about billing but doesn't prompt to authenticate until the first call to AI.run(). It seems like it does the same thing as npx wrangler login, so an idea if their SDK exposes login is to programatically do that upon Error: Not logged in exceptions.

image

Upon authenticating with the link, wrangler has an interactive CLI to choose an account.
image

@dario-piotrowicz
Copy link
Collaborator

Hey @pi0 and @RihanArfan 👋

The Ai authentication with getPlatformProxy has been on my radar for a while and it is something that we need to document better and as @RihanArfan put it, something that could actually hopefully be improved

I suspect that getting getPlatformProxy to inherit the wrangler login behavior should be possible, but on the top of my head I am not sure how complex implementing that will be

If it works for you I will look into that in the following few days and let you know what the situation is and eventually a possible ETA for that 🙂

@pi0
Copy link
Member

pi0 commented Jun 18, 2024

Thanks! Let me know if i could help on anything.

(Btw just some idea, if tty access is the issue for prompt, maybe getPlatformProxy can accept an option like prompt like onAuth to let the integration add it somehow? )

@dario-piotrowicz
Copy link
Collaborator

Thanks! Let me know if i could help on anything.

Sure, I'll let you know if I'll need help, thanks 😄

(Btw just some idea, if tty access is the issue for prompt, maybe getPlatformProxy can accept an option like prompt like onAuth to let the integration add it somehow? )

That's a possible idea, but as I mentioned what I have in mind is to see if and how much we can just reuse from wrangler itself, ideally I'd love it if we could just write in the parent process' stdout and read from its stdin and just simply use the same exact flow that wrangler has... WDYT? that shouldn't be problematic for users of getPlatformProxy right? the nitro-cloudflare-dev module does not suppress any stdin/stdout related to getPlatformProxy right?

@dario-piotrowicz
Copy link
Collaborator

@pi0 I've looked into this and in a standard node.js program the above works as expected.
If you run getPlatformProxy and try to use AI in the terminal you'll see the various links and interactive prompts.

So I am thinking that this is an issue in regards on how nitro/nuxt calls getPlatformProxy, I am guessing that whatever way you're running the function doesn't allow it to access the stdin/stdout of the terminal and/or doesn't make it look like the terminal is interactive.

This issue could be fixed by making getPlatformProxy able to interact with the terminal as it should, but I am guessing that that could be not possible due to the nitro's dev isolation strategy? what do you think?

if the above is not possible then I can only think, as you mentioned, of us defining some sort of API in getPlatformProxy that would make it possible to programmatically get the links and prompts, etc... but I can see it not being 100% straightforward and me getting pushbacks from the team since this API is only needed/requested by nitro/nuxt 🤔

@pi0
Copy link
Member

pi0 commented Jun 22, 2024

Thanks for investigating. Yes indeed it is specific to Nitro because we use Node.js Worker Threads and while they have access to studio, they don't have an interactive TTY and proxy needs custom hooks.

Let me think more about it also next steps when directly using miniflare/workerd (on positive side, miniflare is initialized on main thread so i guess that won't have this limit)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants