search

galnir / Master-Bot

A Discord music bot and dashboard with slash commands, playlist support, Spotify, music quiz, saved playlists, lyrics, gifs and more
MIT License
464 stars 372 forks source link

Add Support for NEXTAUTH_URL_INTERNAL flag in the .env file #749

Closed ghost closed 2 years ago

ghost commented 2 years ago

Yo so I was looking at the nextauth docs and it looks like there's a second flag that can be passed for the internal url if your hosting on your own machine instead of a cloud server.

When provided it uses a the provided url as the internal server url but when not it defaults to the NEXTAUTH_URL flag. The flag is as shown below:

NEXTAUTH_URL_INTERNAL=http://localhost:3000

The docs page explains it like so:

NEXTAUTH_URL_INTERNAL

If provided, server-side calls will use this instead of NEXTAUTH_URL. Useful in environments when the server doesn't have access to the canonical URL of your site. Defaults to NEXTAUTH_URL.

Here is the page I found it at: https://next-auth.js.org/configuration/options

Basically having this option would be useful for people hosting on their own machines instead of on a cloud server.

With this the NEXTAUTH_URL= can be set to:

NEXTAUTH_URL=http://<public_server_ip>:3000

So the settings in the .env would look like this:

NEXTAUTH_SECRET="somesupersecrettwelvelengthword"
NEXTAUTH_URL="http://<public_server_ip>:3000"
NEXTAUTH_URL_INTERNAL="http://localhost:3000"
NEXT_PUBLIC_INVITE_URL="https://discord.com/api/oauth2/authorize?client_id=1003>"
DISCORD_CLIENT_ID="XXXXXXXXXXXXXXXXXXXXXXXXXXX"
DISCORD_CLIENT_SECRET="XXXXXXXXXXXXXXXXXXXXXXXXXXX"
galnir commented 2 years ago

I think you can just add another redirect URL in the Discord developer portal and call it a day? You wouldn't run the repo on two machines at the same time, so you can set the URL to whatever you need and avoid this?

Am I right or is it more comfortable for you in the way you recommend?

ghost commented 2 years ago

I think you can just add another redirect URL in the Discord developer portal and call it a day? You wouldn't run the repo on two machines at the same time, so you can set the URL to whatever you need and avoid this?

Am I right or is it more comfortable for you in the way you recommend?

This doesn't actually use two machines. It actually allows the dashboard to work properly from both the internal IP and public IP of the server.

So if you host in your own machine you don't need to have a separate internet provider to use the dashboard.

Without this you have to choose either private dashboard that can only be accessed by the host or Public that can't be accessed by the host.

With this the dashboard can be used by both the host and public users.

See my PR for a working fix implemented.

Bacon-Fixation commented 2 years ago

im confused, i run master-bot publicly and don't have any issues with getting to the dashboard via http://localhost:3000 or public ip, or the domain name

Does this hide your public ip from the invite url?

For me, I paid for a web domain ($1 a month) so I could obfuscate the public IP from the Invite URL (IP can still be found by looking up the DNS info tho)

Much Love -Bacon

ghost commented 2 years ago

im confused, i run master-bot publicly and don't have any issues with getting to the dashboard via http://localhost:3000 or public ip, or the domain name

Does this hide your public ip from the invite url?

For me, I paid for a web domain ($1 a month) so I could obfuscate the public IP from the Invite URL (IP can still be found by looking up the DNS info tho)

Much Love -Bacon

The problem is when you try to invite it to a server.

It looks for the specified callback Url which only works if you have access to the IP specified.

So if you set NEXTAUTH_URL to http://localhost:3000, only the host system will be able to actually use the dashboard. And if you set NEXTAUTH_URL to http://public_ip:3000 then it will only be useable to users outside your internet connection.

You can connect with http://localhost:3000 regardless but you can't invite the bot or use the dashboard when hosting from your own machine if you don't have both the internal and public IP set.

Whith this the dashboard is useable to both the localhost and public IP.

Naturally this also requires two callback urls but it fixes the issue with hosting from your own machine rather than from a VPN.

As for the domain name. That renders this method completely unneeded since you can add all required IP addresses to the domain name and set the domain name as the NEXTAUTH_URL.

This is just for those who don't want to pay for a domain to be able to use their own dashboard and still have it publicly useable.

ghost commented 2 years ago

An easier explanation is if you use http://localhost:3000 as the NEXTAUTH_URL than the redirect when logging in will always be http://localhost:3000/auth/discord no matter what system or ip you try to login from. and obviously that won't work if you're not logging in from the host machine. This fixes that issue basically.

Or at the very least that's what it does for me if I don't have the NEXTAUTH_URL_INTERNAL option to separate the public ip from the private ip.

galnir commented 2 years ago

merged #757