search

nestjs / nest

A progressive Node.js framework for building efficient, scalable, and enterprise-grade server-side applications with TypeScript/JavaScript 🚀
https://nestjs.com
MIT License
66.89k stars 7.56k forks source link

Internal Server Error with jwt guards and sockets #834

Closed alfredvaa closed 6 years ago

alfredvaa commented 6 years ago

I'm submitting a...


[ ] Regression 
[ ] Bug report
[ ] Feature request
[x] Documentation issue or request
[ ] Support request => Please do not submit support request here, instead post your question on Stack Overflow.

Current behavior

I have configured a project with JWT authentication from the docs, typeorm with postgres and a Gateway for socket.io. All in a minimal setup following the documentation. The sockets is working as intended when not having a guard protecting it, but when adding a guard, to one specific onEvent method in the Gateway, I get a response like this from my socket:

68:42["exception",{"status":"error","message":"Internal server error"}]

I have investigated this and I have no clue which part of the system that is generating the error. I have not found any way to have more detailed logging about this either.

Expected behavior

A more detailed error message, or in some way a hint about what might be wrong.

Minimal reproduction of the problem with instructions

https://github.com/alfredvaa/nestjs-test

What is the motivation / use case for changing the behavior?

Environment


Nest version: X.Y.Z


For Tooling issues:
- Node version: XX  
- Platform:  

Others:
alfredvaa commented 6 years ago

I have solved my issue now, but I think that there would still be good to have some way to get more logs in development mode. To actually see what was causing the error, I had to add a console.log into the ws-exceptions-handler.js inside the @nestjs/websockets package.

What actually caused my issue was that I was using the fromUrlQueryParameter in the ExtractJwt package (which I forgot to add in my example repo above...) and it seems that when using sockets, the request.url parameter is not defined, which that strategy is using. I had to add my own custom extractor that looked in the request.handshake.url instead:

const fromSocketQueryParameter = (request) => { var token = null, parsed_url = url.parse(request.handshake.url, true); if (parsed_url.query && Object.prototype.hasOwnProperty.call(parsed_url.query, 'token')) { token = parsed_url.query['token']; } return token; }

and using it like this: jwtFromRequest: ExtractJwt.fromExtractors([fromSocketQueryParameter]),

not sure if this is an issue within the passport-jwt package or if that package is just not supposed to be used with socket.io.

kamilmysliwiec commented 6 years ago

This package is not supposed to work with socket.io. The alternatives like https://github.com/erreina/passport-jwt.socketio are required though.

alfredvaa commented 6 years ago

I am not sure that I understand what you mean. Which package is not supposed to work with socket.io? If I read the docs here, and here, it says that Gateways is based on socket.io, and that guards should work just as it does for regular controllers. I guess that the problem is that I used the package ExtractJwt instead of a socket specific one in my strategy file though...

Anyway, the real issue reported in this thread was that there is no stack trace or message besides "internal server error" available when my initial problem occurs. I think there should be a way in Nestjs to activate more detailed logs.

kamilmysliwiec commented 6 years ago

Could you report this issue here? https://github.com/nestjs/passport In terms of the more detailed logs, 100% agree

mazyvan commented 5 years ago

Hi @alfredvaa I'm using basically the approach you described. But I'm getting an "Internal server error" when the token is wrong. If it is valid everything works find.

Do you know how to solve that?

lock[bot] commented 4 years ago

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.