search

payloadcms / payload

Payload is the open-source, fullstack Next.js framework, giving you instant backend superpowers. Get a full TypeScript backend and admin panel instantly. Use Payload as a headless CMS or for building powerful applications.
https://payloadcms.com
MIT License
28.09k stars 1.74k forks source link

plugin-cloud expiring S3 credentials #8404

Open denolfe opened 2 months ago

denolfe commented 2 months ago

Environment Info

payload: 3.0.0-beta.108
next: 15.0.0-canary.160

Describe the Bug

The internal S3 client within plugin-cloud appears to have an expiring token after a certain amount of time.

Need to investigate how credentials could be getting stale and ensure they are being refreshed accordingly.

This should be addressed in v2 and v3.

Reports are showing the following error:

[12:56:11] ERROR (payload): Error getting file from cloud storage
    err: {
      "type": "S3ServiceException",
      "message": "The provided token has expired.",
      "stack":
          ExpiredToken: The provided token has expired.
              at throwDefaultError (/home/node/app/node_modules/@smithy/smithy-client/dist-cjs/index.js:838:20)
              at /home/node/app/node_modules/@smithy/smithy-client/dist-cjs/index.js:847:5
              at de_CommandError (/home/node/app/node_modules/@aws-sdk/client-s3/dist-cjs/index.js:4756:14)
              at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
              at async /home/node/app/node_modules/@smithy/middleware-serde/dist-cjs/index.js:35:20
              at async /home/node/app/node_modules/@aws-sdk/middleware-signing/dist-cjs/index.js:225:18
              at async /home/node/app/node_modules/@smithy/middleware-retry/dist-cjs/index.js:320:38
              at async /home/node/app/node_modules/@aws-sdk/middleware-flexible-checksums/dist-cjs/index.js:173:18
              at async /home/node/app/node_modules/@aws-sdk/middleware-sdk-s3/dist-cjs/index.js:97:20
              at async /home/node/app/node_modules/@aws-sdk/middleware-sdk-s3/dist-cjs/index.js:120:14
      "name": "ExpiredToken",
      "$fault": "client",
      "$metadata": {
        "httpStatusCode": 400,
        "requestId": "6QVCCRS3PJQB4BPR",
        "extendedRequestId": "asdf",
        "attempts": 1,
        "totalRetryDelay": 0
      "$fault": "client",
      },
      "Code": "ExpiredToken",
      "Token-0": "REDACTED",
      "RequestId": "6QVCCRS3PJQB4BPR",
      "HostId": "asdf"
    }

Reproduction Steps

Unclear, consistent recreation steps

Adapters and Plugins

No response

WebsiteFactoryTM commented 1 month ago

Hello, just to mention that this seems to be a v2 problem as well. I keep getting this error on my deployed app.

kendelljoseph commented 3 weeks ago

isValid() use in in payload-cloud

isValid() implementation in - amazon-cognito-idenity-js

kendelljoseph commented 3 weeks ago

PR Opened: https://github.com/payloadcms/payload/pull/8904