Open geekykant opened 9 months ago
Sorry, false alarm. But still valid for an enhancement as a proper message wasn't displayed in the UI, nor the REST response.
Solution: I missed to setup the Access control part, which sets permission for users to each topic. So go inside the docker container, and run the nfty access commands.
Troubleshooted it from the docker trace logs:
{"level":"TRACE","message":"HTTP request started","http_method":"GET","http_path":"/<topic>/ws?auth=**OTJidXg2","http_request":"GET /<topic>/ws?auth=**OTJidXg2 HTTP/1.1\nPragma: no-cache\nOrigin: https://<base-url>\nAccept-Encoding: gzip, deflate, br\nConnection: upgrade\nX-Forwarded-For: 111.92.127.132\nAccept-Language: en-IN,en-GB;q=0.9,en;q=0.8,en-US;q=0.7,hi;q=0.6\nSec-Websocket-Extensions: permessage-deflate; client_max_window_bits\nSec-Websocket-Key: fpmT/qWG3A1zjYXDGfAGQg==\nUpgrade: websocket\nCache-Control: no-cache\nUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Edg/120.0.0.0\nSec-Websocket-Version: 13","tag":"http","user_id":"u_rYmbLhQnu2","user_name":"geekykant","visitor_auth_limiter_limit":0.016666666666666666,"visitor_auth_limiter_tokens":30,"visitor_id":"ip:111.92.127.132","visitor_ip":"111.92.127.132","visitor_messages":0,"visitor_messages_limit":17280,"visitor_messages_remaining":17280,"visitor_request_limiter_limit":0.2,"visitor_request_limiter_tokens":59.05817581699999,"visitor_seen":"2023-12-26T08:21:51.766Z"}
{"level":"DEBUG","message":"Access to topic <topic> not authorized","error":"unauthorized","http_method":"GET","http_path":"/<topic>/ws?auth=**OTJidXg2","tag":"http","topic":"<topic>","topic_last_access":"2023-12-26T08:21:16.475Z","topic_subscribers":0,"user_id":"u_rYmbLhQnu2","user_name":"geekykant","visitor_auth_limiter_limit":0.016666666666666666,"visitor_auth_limiter_tokens":30,"visitor_id":"ip:111.92.127.132","visitor_ip":"111.92.127.132","visitor_messages":0,"visitor_messages_limit":17280,"visitor_messages_remaining":17280,"visitor_request_limiter_limit":0.2,"visitor_request_limiter_tokens":58.05823781519999,"visitor_seen":"2023-12-26T08:21:51.766Z"}
{"level":"DEBUG","message":"WebSocket error (this error is okay, it happens a lot): forbidden","error":"forbidden","error_code":40301,"http_method":"GET","http_path":"/<topic>/ws?auth=**OTJidXg2","http_status":403,"tag":"websocket","topic":"<topic>","topic_last_access":"2023-12-26T08:21:16.475Z","topic_subscribers":0,"user_id":"u_rYmbLhQnu2","user_name":"geekykant","visitor_auth_limiter_limit":0.016666666666666666,"visitor_auth_limiter_tokens":30,"visitor_id":"ip:111.92.127.132","visitor_ip":"111.92.127.132","visitor_messages":0,"visitor_messages_limit":17280,"visitor_messages_remaining":17280,"visitor_request_limiter_limit":0.2,"visitor_request_limiter_tokens":58.05825770499999,"visitor_seen":"2023-12-26T08:21:51.766Z"}
@binwiederhier Can we move this to enhancement - to possibly have proper failure messages displayed for access-control and permission related issues?
:lady_beetle: Describe the bug I have setup authentication in ntfy to strictly allow only registered users to use the platform. However publishing a notification throws 403 HTTP error.
Here is my config: docker-compose.yml
nginx config
:computer: Components impacted
:bulb: Screenshots and/or logs
The console logs I see are:
:crystal_ball: Additional context The only additional change I added is authentication. WIthout that, it works perfectly fine. I don't understand exactly why this error message comes up other than 403 error and webSocket connection failed.