search

dbeaver / cloudbeaver

Cloud Database Manager
https://dbeaver.com/
Apache License 2.0
3.47k stars 377 forks source link

GQL Error: Not Found on login until cache cleared #2896

Closed nrogerarkhn closed 1 month ago

nrogerarkhn commented 1 month ago

Describe the bug After I connect to oAuth2 proxy, when I get to Cloudbeaver after having been disconnected due to being idle, I'm welcomed by an error and I can't get to the main screen.

When I clear my cache and cookies, I can access Cloudbeaver's main screen normally again, until a new disconnection.

Stack trace on the app: 

GQL Error: Not Found
GQL Error: Not Found
    at CustomGraphQLClient.overrideRequest (https://portail.eds.chu-toulouse.fr/cloudbeaver/index.0c33c3cde250cf2a3e30.js:2:292052)
    at async NetworkStateService.sessionExpiredInterceptor (https://portail.eds.chu-toulouse.fr/cloudbeaver/index.0c33c3cde250cf2a3e30.js:2:265088)
    at async SessionExpireService.sessionExpiredInterceptor (https://portail.eds.chu-toulouse.fr/cloudbeaver/index.0c33c3cde250cf2a3e30.js:2:278932)
    at async ServerConfigResource.loader (https://portail.eds.chu-toulouse.fr/cloudbeaver/index.0c33c3cde250cf2a3e30.js:2:271926)
    at async ServerConfigResource.loadingTask (https://portail.eds.chu-toulouse.fr/cloudbeaver/index.0c33c3cde250cf2a3e30.js:2:249058)
    at async ServerConfigResource.taskWrapper (https://portail.eds.chu-toulouse.fr/cloudbeaver/index.0c33c3cde250cf2a3e30.js:2:249146)
    at async Task.task (https://portail.eds.chu-toulouse.fr/cloudbeaver/index.0c33c3cde250cf2a3e30.js:2:248744)

No log on the container side except for a debug log for a new web session.

To Reproduce Our stack is a bit tricky: we made a custom Helm chart for Cloudbeaver. We didn't do any config changes though, so everything is probably set to defaults. I'll still put the reproduction steps and I'll explain more in Additional context section.

  1. Go to Cloudbeaver
  2. Pass first authentication step with oAuth2 proxy
  3. Get to Cloudbeaver
  4. Connect and work
  5. Get disconnected by oAuth2 proxy for being idle
  6. Go back to Cloudbeaver some time later
  7. Pass first authentication step with oAuth2 proxy again
  8. Face error when getting to Cloudbeaver

Screenshots image

Desktop (please complete the following information):

Additional context As written before, Cloudbeaver is packaged in a home-made Helm chart. The deployment is quite basic, with no ConfigMap nor custom configuration. The Ingress however, is a bit peculiar. We use Traefik, and there are 3 middlewares on Cloudbeaver's Ingress:

  1. A middleware which strips /cloudbeaver/ from the URL accessed (because we don't serve Cloudbeaver on / but on /cloudbeaver)
  2. A middleware to rewrite the _ROOT_URI_ in the frontend from / to /cloudbeaver/
  3. A middleware which redirects the user to oAuth2 proxy (because not everyone is supposed to access Cloudbeaver, it does not supersede Cloudbeaver's own authentication, it just adds another layer of authentication)

I know it's a lot of custom and strange modifications, but if anyone has any insight on what can be done to fix this, I'll take it!

Thanks in advance.

EvgeniaBzzz commented 1 month ago

Hi @nrogerarkhn It looks like something wrong with your proxy settings. As you don't have any error in the server log and as you get error after authorisation on your side with oAuth2 proxy.

Also you can set rootURI in cloudbeaver.conf (this issue can be helpful).

nrogerarkhn commented 1 month ago

Hello @EvgeniaBzzz Thanks for your insights, I first set rootURI thanks to the issue you linked.

Then, I realized that in fact, the cookie from oAuth2 expired so the front couldn't access /api/ anymore (got 403 Forbidden). Hence the GraphQL error. And I couldn't hard reload because of my hacking of the rootURI.

I removed oAuth2 authentication on the /cloudbeaver/api/ endpoints and that solved my issue.

Thank you again!

EvgeniaBzzz commented 1 month ago

Thanks for the update!