search

supabase / ssr

Supabase clients for use in server-side rendering frameworks.
MIT License
73 stars 7 forks source link

Error: Invalid UTF-8 sequence crashing Vercel #67

Open k2xl opened 1 month ago

k2xl commented 1 month ago

Bug report

Describe the bug

On version "@supabase/ssr": "^0.4.0",

image

Randomly been getting these errors for my app. Only solution is to destroy my cookies and refresh.

Error: Invalid UTF-8 sequence at (node_modules/@supabase/ssr/dist/module/utils/base64url.js:187:0) at (node_modules/@supabase/ssr/dist/module/utils/base64url.js:90:0) at (node_modules/@supabase/ssr/dist/module/cookies.js:246:30) at (node_modules/@supabase/auth-js/dist/module/lib/helpers.js:100:0) at (node_modules/@supabase/auth-js/dist/module/GoTrueClient.js:787:0) at (node_modules/@supabase/auth-js/dist/module/GoTrueClient.js:768:0) at (node_modules/@supabase/auth-js/dist/module/GoTrueClient.js:714:0)

This us a super weird bug where when I visit my website it just literally crashes. However clearing my cookies the website works for a bit then stops.

To Reproduce

Steps to reproduce the behavior, please provide code snippets or a repository:

I do not know how the bug occurs.

Screenshots

If applicable, add screenshots to help explain your problem.

System information

Running on a nextjs app with supabase. My app allows google logins

Nishchit14 commented 1 month ago

This is happening to me as well on the production app. Need to degrade the version asap.

k2xl commented 1 month ago

@Nishchit14 which version did you downgrade? I continuously get this error in production too

Nishchit14 commented 1 month ago

@k2xl @supabase/ssr": "^0.0.10

j4w8n commented 1 month ago

@Nishchit14 @k2xl would you mind adding this option to all of your Supabase client-creation code, to see if it resolves the issue? Keep in mind that this will alter how the cookie is stored; so, if you are grabbing the cookie yourself, somewhere in your code, you'd need to change how that functions.

I'm not offering this as a long-term solution, but rather a test. Although, if it's a client option then it could be used long-term.

/* example only. this option is needed in all code that creates a client. */
export function createClient() {
  return createBrowserClient(process.env.NEXT_PUBLIC_SUPABASE_URL!, process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!,
    {
      cookieEncoding: "raw"
    }
  )
}

base64: image

raw: image

Roughly how long is the time between failures?

k2xl commented 1 month ago

Trying and will get back to you (Apologies, accidentally closed the task. reopened it now)

k2xl commented 1 month ago

Still occurs. Happens an hour or so in

j4w8n commented 1 month ago

I'm not sure what would be going on then. I went through every source file, and the only references I can find to base64url.js are when cookies are being encoded/decoded to/from base64 (or for tests).

And you're sure you added that option in every place that a Supabase client is created?

And the error is the same as the original?

k2xl commented 1 month ago

@j4w8n I added it to all the createClients that allow me to pass that cookieEncoding

  // Create a supabase client on the browser with project's credentials
  return createBrowserClient(
    process.env.NEXT_PUBLIC_SUPABASE_URL!,
    process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!,
    { cookieEncoding: 'raw' }
  );
const cookieStore = cookies();

  return createServerClient(
    process.env.NEXT_PUBLIC_SUPABASE_URL!,
    process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!,
    {
      cookieEncoding: 'raw',
      cookies: {
        get(name: string) {
          return cookieStore.get(name)?.value;
        },
        set(name: string, value: string, options: CookieOptions) {
          try {
            cookieStore.set({ name, value, ...options });
          } catch (error) {
            // The `set` method was called from a Server Component.
            // This can be ignored if you have middleware refreshing
            // user sessions.
          }
        },
        remove(name: string, options: CookieOptions) {
          try {
            cookieStore.set({ name, value: '', ...options });
          } catch (error) {
            // The `delete` method was called from a Server Component.
            // This can be ignored if you have middleware refreshing
            // user sessions.
          }
        },
      },
    }
  );

Initialization error: Error: Invalid UTF-8 sequence
    at stringFromUTF8 (webpack-internal:///(rsc)/./node_modules/@supabase/ssr/dist/module/utils/base64url.js:195:19)
    at stringFromBase64URL (webpack-internal:///(rsc)/./node_modules/@supabase/ssr/dist/module/utils/base64url.js:98:17)
j4w8n commented 1 month ago

@k2xl that's really strange. Can you verify the cookie is not being stored with a base64 prefix at the beginning?

k2xl commented 1 month ago

Actually the cookies still do begin with base64…

j4w8n commented 1 month ago

@k2xl Is this reproducible during dev on your machine, or is it only during prod on Vercel?

k2xl commented 1 month ago

Reproduces on dev and on prod

fincha commented 4 weeks ago

I have the same issue, but it happens to me only on prod... what a shame :(

    "@nuxtjs/supabase": "^1.4.1",

error stack

[nitro] [unhandledRejection] Error: Invalid UTF-8 sequence
    at stringFromUTF8 (/opt/render/project/src/.output/server/node_modules/@supabase/ssr/dist/main/utils/base64url.js:200:19)
    at stringFromBase64URL (/opt/render/project/src/.output/server/node_modules/@supabase/ssr/dist/main/utils/base64url.js:94:17)
    at Object.getItem (/opt/render/project/src/.output/server/node_modules/@supabase/ssr/dist/main/cookies.js:249:63)
    at process.processTicksAndRejections (node:internal/process/task_queues:105:5)
    at async getItemAsync (/opt/render/project/src/.output/server/node_modules/@supabase/auth-js/dist/main/lib/helpers.js:134:19)
    at async SupabaseAuthClient.__loadSession (/opt/render/project/src/.output/server/node_modules/@supabase/auth-js/dist/main/GoTrueClient.js:800:34)
    at async SupabaseAuthClient._useSession (/opt/render/project/src/.output/server/node_modules/@supabase/auth-js/dist/main/GoTrueClient.js:781:28)
    at async SupabaseAuthClient._emitInitialSession (/opt/render/project/src/.output/server/node_modules/@supabase/auth-js/dist/main/GoTrueClient.js:1218:16)
Screenshot 2024-10-17 at 22 50 40 Screenshot 2024-10-17 at 22 50 46

PS: ok, it only happens, when I have this cookie... no idea how it happend. I haven't even deployed today. PPS:

I have decoded this base64 cookie and have found probably the issue:

{"access_token":"eyJhb...Z3q0","token_type":"bearer","expires_in":3600,"expires_at":1729179524,"refresh_token":"LOt97s...ky-A","user":{"id":"8f71b6c8-32bb-40a0-b22e

Total length: 2379 characters (decoded) I am using latest Version of firefox on macos.

it is not a valid JSON... the user id is not fully represended. Now idea how it happend.

fincha commented 4 weeks ago

Ok... my bad, I wondered why the first part of the cookie was decodeable and others not, so I combined it 😄 (what a hacker I am) anyway, the string was also decodeable.

I used this tool to decode: https://base64.guru/converter/decode

and I had this warning:

The character encoding was detected as “ISO-8859-1”, but the algorithm is inaccurate and there is a high probability that this is wrong. Because of this you can get the wrong results. To know for sure, please check the Character Encoding Detector tool.

at the end of the json I had this

ÓuCS£Cƒ£#ã3“3Cs%¢"Â&—5öæöç–Ö÷W2#¦fÇ6W×Ð
Screenshot 2024-10-17 at 23 08 21

this might be the issue