dbAuth on serve using ip address doesn’t work

imdev · May 8, 2024, 10:57am

Hi, when I run rw serve after build, and accessing the App using an IP address I can’t login or signup, the gettoken method doesn’t seem to work it’s return nothing, but with localhost works without problems, here is my redwood.toml:

[web]
  host = "0.0.0.0"
  title = "${APP_TITLE}"
  port = 8910
  apiUrl = "/api"
  includeEnvironmentVariables = ['APP_TITLE', 'LOG_LEVEL']
[api]
  port = 8911
[browser]
  open = false
[notifications]
  versionUpdates = ["latest"]

How can I resolve it, I’m using the latest version 7.4.3.
Thanks

Josh-Walker-GM · May 8, 2024, 6:13pm

Hey @imdev

I just tried to reproduce this error using our test project. The blog found here which can be generated with the following command from within the framework repository: yarn build:test-project ../test-dbauth-ip.

I used both http://localhost:8910 and http://127.0.0.1:8910 and I was able to signup, login and logout on both. Noting that because these are considered different sites I did have to separately login on each one - the underlying auth cookie is not transferable between localhost and 127.0.0.1 or any other site.

You said however that you just were not able to login or signup at all when not using localhost? Some quick questions that come to mind right now that might throw up some helpful details are:

Did the login or signup form throw any errors or did it complete successfully but getToken returns nothing afterwards?
Is there anything special or complicated about the way your accessing it via an ip? Was it just one like 127.0.0.1?
Do you see a cookie in your browsers inspector? In chrome that would be under Application, Storage, Cookies and then the site such as http://localhost:8910
There are no errors or otherwise helpful logs output from the serve process?

I’ll loop in @rob here as the dbauth expert.

imdev · May 9, 2024, 8:28am

Hey @Josh-Walker-GM

Thanks for your response, when I login I get the Welcome notification but the redirect has no effect and when I inspect the Network for example http://127.0.0.1:8910/api/auth?method=getToken, displays This request has no response data available.
I have tested also 192.168.1.36 & private browsing same problem.

Here is the log I get if I login successfully:

yarn rw serve --apiRootPath=/api
web | {"level":30,"time":1715242443089,"pid":23008,"hostname":"192.168.1.36","reqId":"req-5b","req":{"method":"POST","url":"/api/auth","hostname":"127.0.0.1:8910","remoteAddress":"127.0.0.1","remotePort":63856},"msg":"incoming request"}
web | {"level":30,"time":1715242443089,"pid":23008,"hostname":"192.168.1.36","reqId":"req-5b","source":"/api/auth","msg":"fetching from remote server"}
api | {"level":30,"time":1715242443091,"pid":23006,"hostname":"192.168.1.36","reqId":"req-f","req":{"method":"POST","url":"/api/auth","hostname":"127.0.0.1:8910","remoteAddress":"127.0.0.1","remotePort":63857},"msg":"incoming request"}
api | {"level":30,"time":1715242443154,"pid":23006,"hostname":"192.168.1.36","reqId":"req-f","res":{"statusCode":200},"responseTime":63.320519000291824,"msg":"request completed"}
web | {"level":30,"time":1715242443154,"pid":23008,"hostname":"192.168.1.36","reqId":"req-5b","msg":"response received"}
web | {"level":30,"time":1715242443155,"pid":23008,"hostname":"192.168.1.36","reqId":"req-5b","res":{"statusCode":200},"responseTime":65.86549699306488,"msg":"request completed"}
web | {"level":30,"time":1715242443161,"pid":23008,"hostname":"192.168.1.36","reqId":"req-5c","req":{"method":"GET","url":"/api/auth?method=getToken","hostname":"127.0.0.1:8910","remoteAddress":"127.0.0.1","remotePort":63856},"msg":"incoming request"}
web | {"level":30,"time":1715242443162,"pid":23008,"hostname":"192.168.1.36","reqId":"req-5c","source":"/api/auth","msg":"fetching from remote server"}
api | {"level":30,"time":1715242443162,"pid":23006,"hostname":"192.168.1.36","reqId":"req-g","req":{"method":"GET","url":"/api/auth?method=getToken","hostname":"127.0.0.1:8910","remoteAddress":"127.0.0.1","remotePort":63857},"msg":"incoming request"}
web | {"level":30,"time":1715242443164,"pid":23008,"hostname":"192.168.1.36","reqId":"req-5c","msg":"response received"}
api | {"level":30,"time":1715242443164,"pid":23006,"hostname":"192.168.1.36","reqId":"req-g","res":{"statusCode":200},"responseTime":1.6270320117473602,"msg":"request completed"}
web | {"level":30,"time":1715242443165,"pid":23008,"hostname":"192.168.1.36","reqId":"req-5c","res":{"statusCode":200},"responseTime":3.321384996175766,"msg":"request completed"}

And this for an incorrect login:

web | {"level":30,"time":1715242800345,"pid":23008,"hostname":"192.168.1.36","reqId":"req-5d","req":{"method":"POST","url":"/api/auth","hostname":"127.0.0.1:8910","remoteAddress":"127.0.0.1","remotePort":65316},"msg":"incoming request"}
web | {"level":30,"time":1715242800345,"pid":23008,"hostname":"192.168.1.36","reqId":"req-5d","source":"/api/auth","msg":"fetching from remote server"}
api | {"level":30,"time":1715242800347,"pid":23006,"hostname":"192.168.1.36","reqId":"req-h","req":{"method":"POST","url":"/api/auth","hostname":"127.0.0.1:8910","remoteAddress":"127.0.0.1","remotePort":65317},"msg":"incoming request"}
api | {"level":30,"time":1715242800403,"pid":23006,"hostname":"192.168.1.36","reqId":"req-h","res":{"statusCode":400},"responseTime":55.98428198695183,"msg":"request completed"}
web | {"level":30,"time":1715242800404,"pid":23008,"hostname":"192.168.1.36","reqId":"req-5d","msg":"response received"}
web | {"level":30,"time":1715242800404,"pid":23008,"hostname":"192.168.1.36","reqId":"req-5d","res":{"statusCode":400},"responseTime":59.18115100264549,"msg":"request completed"}
web | {"level":30,"time":1715242800409,"pid":23008,"hostname":"192.168.1.36","reqId":"req-5e","req":{"method":"GET","url":"/api/auth?method=getToken","hostname":"127.0.0.1:8910","remoteAddress":"127.0.0.1","remotePort":65316},"msg":"incoming request"}
web | {"level":30,"time":1715242800409,"pid":23008,"hostname":"192.168.1.36","reqId":"req-5e","source":"/api/auth","msg":"fetching from remote server"}
api | {"level":30,"time":1715242800412,"pid":23006,"hostname":"192.168.1.36","reqId":"req-i","req":{"method":"GET","url":"/api/auth?method=getToken","hostname":"127.0.0.1:8910","remoteAddress":"127.0.0.1","remotePort":65317},"msg":"incoming request"}
api | {"level":30,"time":1715242800414,"pid":23006,"hostname":"192.168.1.36","reqId":"req-i","res":{"statusCode":200},"responseTime":1.7096309959888458,"msg":"request completed"}
web | {"level":30,"time":1715242800414,"pid":23008,"hostname":"192.168.1.36","reqId":"req-5e","msg":"response received"}
web | {"level":30,"time":1715242800414,"pid":23008,"hostname":"192.168.1.36","reqId":"req-5e","res":{"statusCode":200},"responseTime":4.889096975326538,"msg":"request completed"}

And this from localhost:

From login successfully:

web | {"level":30,"time":1715242938739,"pid":23008,"hostname":"192.168.1.36","reqId":"req-5o","req":{"method":"POST","url":"/api/auth","hostname":"localhost:8910","remoteAddress":"127.0.0.1","remotePort":49481},"msg":"incoming request"}
web | {"level":30,"time":1715242938739,"pid":23008,"hostname":"192.168.1.36","reqId":"req-5o","source":"/api/auth","msg":"fetching from remote server"}
api | {"level":30,"time":1715242938740,"pid":23006,"hostname":"192.168.1.36","reqId":"req-k","req":{"method":"POST","url":"/api/auth","hostname":"localhost:8910","remoteAddress":"127.0.0.1","remotePort":49475},"msg":"incoming request"}
api | {"level":30,"time":1715242938798,"pid":23006,"hostname":"192.168.1.36","reqId":"req-k","res":{"statusCode":200},"responseTime":57.54288700222969,"msg":"request completed"}
web | {"level":30,"time":1715242938798,"pid":23008,"hostname":"192.168.1.36","reqId":"req-5o","msg":"response received"}
web | {"level":30,"time":1715242938798,"pid":23008,"hostname":"192.168.1.36","reqId":"req-5o","res":{"statusCode":200},"responseTime":59.39020299911499,"msg":"request completed"}
web | {"level":30,"time":1715242938803,"pid":23008,"hostname":"192.168.1.36","reqId":"req-5p","req":{"method":"GET","url":"/api/auth?method=getToken","hostname":"localhost:8910","remoteAddress":"127.0.0.1","remotePort":49481},"msg":"incoming request"}
web | {"level":30,"time":1715242938803,"pid":23008,"hostname":"192.168.1.36","reqId":"req-5p","source":"/api/auth","msg":"fetching from remote server"}
api | {"level":30,"time":1715242938803,"pid":23006,"hostname":"192.168.1.36","reqId":"req-l","req":{"method":"GET","url":"/api/auth?method=getToken","hostname":"localhost:8910","remoteAddress":"127.0.0.1","remotePort":49475},"msg":"incoming request"}
api | {"level":30,"time":1715242938810,"pid":23006,"hostname":"192.168.1.36","reqId":"req-l","res":{"statusCode":200},"responseTime":6.235600978136063,"msg":"request completed"}
web | {"level":30,"time":1715242938810,"pid":23008,"hostname":"192.168.1.36","reqId":"req-5p","msg":"response received"}
web | {"level":30,"time":1715242938810,"pid":23008,"hostname":"192.168.1.36","reqId":"req-5p","res":{"statusCode":200},"responseTime":7.381639003753662,"msg":"request completed"}
web | {"level":30,"time":1715242938816,"pid":23008,"hostname":"192.168.1.36","reqId":"req-5q","req":{"method":"POST","url":"/api/graphql","hostname":"localhost:8910","remoteAddress":"127.0.0.1","remotePort":49481},"msg":"incoming request"}
web | {"level":30,"time":1715242938816,"pid":23008,"hostname":"192.168.1.36","reqId":"req-5q","source":"/api/graphql","msg":"fetching from remote server"}
api | {"level":30,"time":1715242938817,"pid":23006,"hostname":"192.168.1.36","reqId":"req-m","req":{"method":"POST","url":"/api/graphql","hostname":"localhost:8910","remoteAddress":"127.0.0.1","remotePort":49475},"msg":"incoming request"}
api | {"level":20,"time":1715242938819,"pid":23006,"hostname":"192.168.1.36","msg":"Parsing request to extract GraphQL parameters"}
api | {"level":20,"time":1715242938819,"pid":23006,"hostname":"192.168.1.36","msg":"Processing GraphQL Parameters"}
api | {"level":20,"time":1715242938825,"pid":23006,"hostname":"192.168.1.36","name":"graphql-server","msg":"GraphQL execution started: __REDWOOD__AUTH_GET_CURRENT_USER"}
api | {"level":20,"time":1715242938827,"pid":23006,"hostname":"192.168.1.36","name":"graphql-server","msg":"GraphQL execution completed: __REDWOOD__AUTH_GET_CURRENT_USER"}
api | {"level":20,"time":1715242938828,"pid":23006,"hostname":"192.168.1.36","msg":"Processing GraphQL Parameters done."}
api | {"level":30,"time":1715242938829,"pid":23006,"hostname":"192.168.1.36","reqId":"req-m","res":{"statusCode":200},"responseTime":12.052922010421753,"msg":"request completed"}
web | {"level":30,"time":1715242938829,"pid":23008,"hostname":"192.168.1.36","reqId":"req-5q","msg":"response received"}
web | {"level":30,"time":1715242938829,"pid":23008,"hostname":"192.168.1.36","reqId":"req-5q","res":{"statusCode":200},"responseTime":13.594189018011093,"msg":"request completed"}
web | {"level":30,"time":1715242938960,"pid":23008,"hostname":"192.168.1.36","reqId":"req-5r","req":{"method":"GET","url":"/images/logo-min.png","hostname":"localhost:8910","remoteAddress":"127.0.0.1","remotePort":49481},"msg":"incoming request"}
web | {"level":30,"time":1715242938966,"pid":23008,"hostname":"192.168.1.36","reqId":"req-5s","req":{"method":"GET","url":"/images/logo-min-white.png","hostname":"localhost:8910","remoteAddress":"127.0.0.1","remotePort":49474},"msg":"incoming request"}
web | {"level":30,"time":1715242938969,"pid":23008,"hostname":"192.168.1.36","reqId":"req-5t","req":{"method":"GET","url":"/assets/SearchEngine2-79414e34.svg","hostname":"localhost:8910","remoteAddress":"127.0.0.1","remotePort":49485},"msg":"incoming request"}
web | {"level":30,"time":1715242938972,"pid":23008,"hostname":"192.168.1.36","reqId":"req-5r","res":{"statusCode":304},"responseTime":11.838036000728607,"msg":"request completed"}
web | {"level":30,"time":1715242938973,"pid":23008,"hostname":"192.168.1.36","reqId":"req-5s","res":{"statusCode":304},"responseTime":6.522659987211227,"msg":"request completed"}
web | {"level":30,"time":1715242938975,"pid":23008,"hostname":"192.168.1.36","reqId":"req-5t","res":{"statusCode":304},"responseTime":6.2836949825286865,"msg":"request completed"}

And this for an incorrect connection:

web | {"level":30,"time":1715243183004,"pid":23008,"hostname":"192.168.1.36","reqId":"req-8c","req":{"method":"POST","url":"/api/auth","hostname":"localhost:8910","remoteAddress":"127.0.0.1","remotePort":50303},"msg":"incoming request"}
web | {"level":30,"time":1715243183004,"pid":23008,"hostname":"192.168.1.36","reqId":"req-8c","source":"/api/auth","msg":"fetching from remote server"}
api | {"level":30,"time":1715243183004,"pid":23006,"hostname":"192.168.1.36","reqId":"req-17","req":{"method":"POST","url":"/api/auth","hostname":"localhost:8910","remoteAddress":"127.0.0.1","remotePort":50120},"msg":"incoming request"}
api | {"level":30,"time":1715243183108,"pid":23006,"hostname":"192.168.1.36","reqId":"req-17","res":{"statusCode":400},"responseTime":103.94403299689293,"msg":"request completed"}
web | {"level":30,"time":1715243183108,"pid":23008,"hostname":"192.168.1.36","reqId":"req-8c","msg":"response received"}
web | {"level":30,"time":1715243183109,"pid":23008,"hostname":"192.168.1.36","reqId":"req-8c","res":{"statusCode":400},"responseTime":105.01829400658607,"msg":"request completed"}
web | {"level":30,"time":1715243183118,"pid":23008,"hostname":"192.168.1.36","reqId":"req-8d","req":{"method":"GET","url":"/api/auth?method=getToken","hostname":"localhost:8910","remoteAddress":"127.0.0.1","remotePort":50303},"msg":"incoming request"}
web | {"level":30,"time":1715243183119,"pid":23008,"hostname":"192.168.1.36","reqId":"req-8d","source":"/api/auth","msg":"fetching from remote server"}
api | {"level":30,"time":1715243183120,"pid":23006,"hostname":"192.168.1.36","reqId":"req-18","req":{"method":"GET","url":"/api/auth?method=getToken","hostname":"localhost:8910","remoteAddress":"127.0.0.1","remotePort":50120},"msg":"incoming request"}
api | {"level":30,"time":1715243183122,"pid":23006,"hostname":"192.168.1.36","reqId":"req-18","res":{"statusCode":200},"responseTime":2.124350994825363,"msg":"request completed"}
web | {"level":30,"time":1715243183123,"pid":23008,"hostname":"192.168.1.36","reqId":"req-8d","msg":"response received"}
web | {"level":30,"time":1715243183123,"pid":23008,"hostname":"192.168.1.36","reqId":"req-8d","res":{"statusCode":200},"responseTime":4.436474978923798,"msg":"request completed"}

imdev · May 9, 2024, 8:33am

I tested localhost with deleting the cookies & also in private browsing and had the same problem, so dbAuth doesn’t seem to work at all with serve.

rob · May 9, 2024, 11:53pm

Check in your auth config how the Secure attribute is being set on the auth cookie. Chrome has an exception where you can set a secure cookie on localhost (which is not technically secure). It could be that accessing it by IP is NOT subject to this exception and so the Secure attribute prevents the cookie from being sent back by the browser when accessed via http.

imdev · May 13, 2024, 5:56pm

@rob thanks for your answer, I set the auth cookie like this:

cookie: {
  attributes: {
    HttpOnly: true,
    Path: '/',
    SameSite: 'None',
    Secure: true,

    // If you need to allow other domains (besides the api side) access to
    // the dbAuth session cookie:
    // Domain: 'example.com',
  },
  name: cookieName,
},

And for localhost and 127.0.0.1 it works, but using my IP address as 192.168.1.81 does not work which causes the same problem.

I also tested on Firefox same problem.

rob · May 13, 2024, 7:06pm

Okay, try setting Secure: false and restart the server and see if it works from 192.168.1.81

I believe the default config says something like:

Secure: process.env.NODE_ENV === 'production'

That way when you’re dev mode it’ll always be a non-secure cookie and should work everywhere.

imdev · May 14, 2024, 8:47pm

Thanks @rob, it works now.

Yes Secure is defined by default as:

Secure: process.env.NODE_ENV !== 'development'