search

MasterKale / SimpleWebAuthn

WebAuthn, Simplified. A collection of TypeScript-first libraries for simpler WebAuthn integration. Supports modern browsers, Node, Deno, and more.
https://simplewebauthn.dev
MIT License
1.62k stars 137 forks source link

extractStrings is not a function #495

Closed Innei closed 11 months ago

Innei commented 11 months ago

Describe the issue

I deploy application to production environment, but there are some error in verifyRegistrationResponse

3|mx-server  |  ERROR  extractStrings is not a function
3|mx-server  |   at readString (/node_modules/.pnpm/cbor-x@1.5.6/node_modules/cbor-x/dist/node.cjs:520:1)
3|mx-server  |   at read (/node_modules/.pnpm/cbor-x@1.5.6/node_modules/cbor-x/dist/node.cjs:343:1)
3|mx-server  |   at read (/node_modules/.pnpm/cbor-x@1.5.6/node_modules/cbor-x/dist/node.cjs:363:1)
3|mx-server  |   at checkedRead (/node_modules/.pnpm/cbor-x@1.5.6/node_modules/cbor-x/dist/node.cjs:202:1)
3|mx-server  |   at Encoder.decode (/node_modules/.pnpm/cbor-x@1.5.6/node_modules/cbor-x/dist/node.cjs:153:1)
3|mx-server  |   at Encoder.decodeMultiple (/node_modules/.pnpm/cbor-x@1.5.6/node_modules/cbor-x/dist/node.cjs:170:1)
3|mx-server  |   at Object.decodeFirst (/node_modules/.pnpm/@simplewebauthn+server@8.3.5/node_modules/@simplewebauthn/server/script/helpers/iso/isoCBOR.js:30:1)
3|mx-server  |   at decodeAttestationObject (/node_modules/.pnpm/@simplewebauthn+server@8.3.5/node_modules/@simplewebauthn/server/script/helpers/decodeAttestationObject.js:12:1)
3|mx-server  |   at verifyRegistrationResponse (/node_modules/.pnpm/@simplewebauthn+server@8.3.5/node_modules/@simplewebauthn/server/script/registration/verifyRegistrationResponse.js:100:1)
3|mx-server  |   at AuthnService.verifyRegistrationResponse (/home/deploy/mx/modules/authn/authn.service.js:89:1)

Reproduction Steps

This error only causes in prod and using @vercel/ncc to bundle.

Because https://github.com/kriszyp/cbor-x/blob/master/node-index.js#L16, but ncc not support runtime require, the bundled application can not find this package, so the error thrown.

How to solve

If you are still using ncc to pack, please add CBOR_NATIVE_ACCELERATION_DISABLED=true in the env file, to disable the runtime require

https://github.com/kriszyp/cbor-x/blob/master/node-index.js#L10

MasterKale commented 11 months ago

Thanks for reporting this @Innei! There are so many possible hosting setups these days that I have to rely on you all to help work through issues like this one with Vercel.

I'm going to reopen this as a documentation issue - I've got a section in the docs with various issues and workarounds that this would slot nicely into.

Innei commented 11 months ago

@MasterKale Hi, nice work. I think this type of env should not be controlled by the external env because it directly affects the operation of the app. So now I inject this env directly into the runtime, like this.

function nodeEnvInjection() {
  // # https://github.com/kriszyp/cbor-x/blob/master/node-index.js#L16 https://github.com/kriszyp/cbor-x/blob/master/node-index.js#L10
  // # ncc not support runtime require so disable ACCELERATION
  process.env['CBOR_NATIVE_ACCELERATION_DISABLED'] = '1'
}

// And at first of the main entry
nodeEnvInjection()
MasterKale commented 11 months ago

I've added this to the docs as new troubleshooting guidance:

https://simplewebauthn.dev/docs/packages/server#error-extractstrings-is-not-a-function