Login error when Exposing SQLPage to a domain/ip

lovasoa / SQLpage

SQL-only webapp builder, empowering data analysts to build websites and applications quickly

https://sql.datapage.app

MIT License

1.29k stars 69 forks source link

Login error when Exposing SQLPage to a domain/ip #79

Closed althaf004 closed 12 months ago

althaf004 commented 12 months ago

SQLPage login is working perfectly when running with http://localhost:8080. when this url is exposed to another IP. Login is not happening. We tried authentication with the files provided in the example section.

please help to fix the this

lovasoa commented 12 months ago

Hello and thanks for getting in touch!

Can you explain your problem in more details? Please describe precisely each of the steps you have taken, which was the expected outcome, and what happened instead.

Can you please also include screenshots of the issue in your report?

althaf004 commented 12 months ago

hi @lovasoa , please see my configuration in detail.

i have used user-authentication repo to check the user authentication.

changes made where : updated the sqlpage.json to below

{
  "database_url": "postgres://postgres:uO7hG7ILE34hKW@10.10.10.10:3456/abc_lib",
  "max_database_pool_connections": 25,
  "database_connection_idle_timeout_seconds": 60,
  "database_connection_max_lifetime_seconds": 3600,
  "sqlite_extensions": [],
  "port": 8080
}

after running ./sqlpage.bin

i was able to browse to application using url http://localhost:8080. Where i signup for a user and was able to login for the same user.

When i tried to expose this url to my private ip 10.10.12.62. i was able to see the login page, but trying for same user, authentication fails.

I had tried this in 3 machines and we got the same result.

lovasoa commented 12 months ago

How did you expose this url to your private ip ?

Do you see the user accounts you created in the database ? Can you connect to your database (using pgAdmin for instance) and send a screenshot of the contents of the user_info table ?

althaf004 commented 12 months ago

My OS is windows, i have installed WSL and using linux, i have run this file. Exposed this to an ip using netsh interface portproxy.

Below is the screenshot you asked for:

you may reproduce this same with sqlpage.exe file. Accessing the IP from a different machine, u will run into same login problem.

lovasoa commented 12 months ago

Hey sorry for not noticing it sooner !

The problem comes from cookies. SQLPage creates secure cookies by default, which are not transmitted to remote hosts over insecure (http) connections.

You can force SQLPage to use insecure cookies instead (that will work over remote http connections) by using setting the secure parameter of the cookie component to FALSE here.

-- Generate a random 32 characters session ID, insert it into the database,
-- and save it in a cookie on the user's browser.
INSERT INTO login_session (id, username)
VALUES (sqlpage.random_string(32), :username)
RETURNING 'cookie' AS component, 'session' AS name, id AS value, FALSE AS secure;

I think we should document that better to prevent other people to get into the same issue in the future. Do you want to create a small pull request to the documentation and the authentication example ?

althaf004 commented 12 months ago

@lovasoa thanks for looking into this.