brianferri
commented
1 year ago Thanks for reporting, this will be looked into :+1:
Closed NereaCassian closed 1 year ago
brianferri
commented
1 year ago Thanks for reporting, this will be looked into :+1:
szentigrad3
commented
1 year ago i can login to the dashboard fine
NereaCassian
commented
1 year ago @szentigrad3 can I get more info? Which browser you're using? The networks tab doesn't report any error?
szentigrad3
commented
1 year ago @szentigrad3 can I get more info? Which browser you're using? The networks tab doesn't report any error?
i'm using microsoft edge and no errors, https://i.imgur.com/jVLEdIG.png
NereaCassian
commented
1 year ago Oh, but you mean in your bot. Yeah I know that for now it's only failing for me.
brianferri
commented
1 year ago an initial analysis shows that it may have to do with how the links are being handled here: https://github.com/wtfnotavailable/Discord-MusicBot/blob/b4c9e8b6b42ee5ff68624109a1b8a58df34eb489/dashboard/src/pages/login/index.tsx#L36-L42 and here: https://github.com/wtfnotavailable/Discord-MusicBot/blob/b4c9e8b6b42ee5ff68624109a1b8a58df34eb489/dashboard/src/components/ProcessData.tsx#L1-L21 Thus: https://github.com/wtfnotavailable/Discord-MusicBot/blob/b4c9e8b6b42ee5ff68624109a1b8a58df34eb489/dashboard/src/services/api.ts#L101-L138
More research will be done
Neko-Life
commented
1 year ago probably no database configured, you can't have authorization without database
NereaCassian
commented
1 year ago I have a DB configured, the postgress db that comes with the bot. And I have setup correctly the database URL and type in the .env.
Neko-Life
commented
1 year ago apply this patch
From e23d8d6e4658d88d08bd04f9ff741e1384a044ea Mon Sep 17 00:00:00 2001
From: Neko-Life <nekolife123579@gmail.com>
Date: Tue, 29 Aug 2023 08:33:16 +0700
Subject: [PATCH] patch
---
djs-bot/api/v1/src/routes/v1/index.ts | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/djs-bot/api/v1/src/routes/v1/index.ts b/djs-bot/api/v1/src/routes/v1/index.ts
index 6d5c5e1..f97d0c0 100644
--- a/djs-bot/api/v1/src/routes/v1/index.ts
+++ b/djs-bot/api/v1/src/routes/v1/index.ts
@@ -59,14 +59,20 @@ const routes: RegisterRouteHandler = async (app, opts, done) => {
);
};
+ console.log({ headers: request.headers, path: request.routerPath });
+
if (!request.headers.access_token?.length) throwError();
const { user_id } = verifyToken(request.headers.access_token as string);
+ console.log({ user_id });
+
if (!user_id?.length) throwError();
const auth = await db.getUserAuth(user_id as string);
+ console.log({ auth });
+
if (!auth?.access_token?.length) throwError();
request.headers.user_id = user_id;
--
2.41.0
and then come back to us with some log, hopefully this can give us some clue
NereaCassian
commented
1 year ago Here are my logs
found 0 vulnerabilities
Using "postgresql" as the database schema
Generating Prisma client...
Pushing schema to database...
Database schema pushed successfully
> discord-musicbot@5.2.1-beta bot
> npm run api-build && node index.js
> discord-musicbot@5.2.1-beta api-build
> tsc -p api/v1/tsconfig.json
[29:7:2023 - 7:44] | Spawned shard 0
[29:7:2023 - 7:44] [WARN] | Bot running on OPLevel: 1
[29:7:2023 - 7:44] [WARN] | Debug mode is [ENABLED]!
[29:7:2023 - 7:44] [WARN] | Booting up the bot...
InsertNameHereBot/v5.2.1-beta (ID: 899776315958390805)
[29:7:2023 - 7:44] [WARN] | Loading error handlers...
[29:7:2023 - 7:44] [INFO] | Loaded debug error handlers!
[29:7:2023 - 7:44] [DEBUG] | Music engine "Erela" has been loaded
[29:7:2023 - 7:44] [DEBUG] | Prisma ORM has been loaded
[29:7:2023 - 7:44] [INFO] | Slash commands have been loaded. Waiting for bot to finish initializing...
[29:7:2023 - 7:44] [INFO] | Schedules have been loaded.
[29:7:2023 - 7:44] [INFO] | Event listeners have been loaded.
[29:7:2023 - 7:44] [INFO] | Successfully logged in as Judy Alvarez#5402
[29:7:2023 - 7:44] [INFO] | API is now listening on port 8080
[29:7:2023 - 7:44] [DEBUG] | Node: DockerNode | Lavalink node is connected.
[29:7:2023 - 7:44] [INFO] | Slash commands have been pushed to application
[29:7:2023 - 7:44] [SILLY] | InsertNameHereBot/v5.2.1-beta (ID: 899776315958390805) is online!
{
headers: {
host: 'judy.nereacassian.com',
'x-real-ip': '213.194.147.141',
'x-forwarded-for': '213.194.147.141',
'x-forwarded-host': 'judy.nereacassian.com',
connection: 'close',
'sec-ch-ua': '"Not.A/Brand";v="8", "Chromium";v="114", "Opera GX";v="100"',
accept: 'application/json, text/plain, */*',
'sec-ch-ua-mobile': '?0',
'user-agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 OPR/100.0.0.0',
'sec-ch-ua-platform': '"Windows"',
'sec-fetch-site': 'same-origin',
'sec-fetch-mode': 'cors',
'sec-fetch-dest': 'empty',
referer: 'https://judy.nereacassian.com/dashboard',
'accept-encoding': 'gzip, deflate, br',
'accept-language': 'es-ES,es;q=0.9'
},
path: '/api/v1/dashboard'
}
prisma:info Starting a postgresql pool with 13 connections.
{
headers: {
host: 'judy.nereacassian.com',
'x-real-ip': '213.194.147.141',
'x-forwarded-for': '213.194.147.141',
'x-forwarded-host': 'judy.nereacassian.com',
connection: 'close',
'sec-ch-ua': '"Not.A/Brand";v="8", "Chromium";v="114", "Opera GX";v="100"',
accept: 'application/json, text/plain, */*',
'sec-ch-ua-mobile': '?0',
'user-agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 OPR/100.0.0.0',
'sec-ch-ua-platform': '"Windows"',
'sec-fetch-site': 'same-origin',
'sec-fetch-mode': 'cors',
'sec-fetch-dest': 'empty',
referer: 'https://judy.nereacassian.com/dashboard',
'accept-encoding': 'gzip, deflate, br',
'accept-language': 'es-ES,es;q=0.9'
},
path: '/api/v1/dashboard'
}
{
headers: {
host: 'judy.nereacassian.com',
'x-real-ip': '213.194.147.141',
'x-forwarded-for': '213.194.147.141',
'x-forwarded-host': 'judy.nereacassian.com',
connection: 'close',
'sec-ch-ua': '"Not.A/Brand";v="8", "Chromium";v="114", "Opera GX";v="100"',
accept: 'application/json, text/plain, */*',
'sec-ch-ua-mobile': '?0',
'user-agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 OPR/100.0.0.0',
'sec-ch-ua-platform': '"Windows"',
'sec-fetch-site': 'same-origin',
'sec-fetch-mode': 'cors',
'sec-fetch-dest': 'empty',
referer: 'https://judy.nereacassian.com/dashboard',
'accept-encoding': 'gzip, deflate, br',
'accept-language': 'es-ES,es;q=0.9'
},
path: '/api/v1/dashboard'
}
{
headers: {
host: 'judy.nereacassian.com',
'x-real-ip': '213.194.147.141',
'x-forwarded-for': '213.194.147.141',
'x-forwarded-host': 'judy.nereacassian.com',
connection: 'close',
'sec-ch-ua': '"Not.A/Brand";v="8", "Chromium";v="114", "Opera GX";v="100"',
accept: 'application/json, text/plain, */*',
'sec-ch-ua-mobile': '?0',
'user-agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 OPR/100.0.0.0',
'sec-ch-ua-platform': '"Windows"',
'sec-fetch-site': 'same-origin',
'sec-fetch-mode': 'cors',
'sec-fetch-dest': 'empty',
referer: 'https://judy.nereacassian.com/dashboard',
'accept-encoding': 'gzip, deflate, br',
'accept-language': 'es-ES,es;q=0.9'
},
path: '/api/v1/dashboard'
}So it's looping in the verify token function
Neko-Life
commented
1 year ago try adding proxy_pass_request_headers on; to both location in your nginx config
NereaCassian
commented
1 year ago I did and still looping, this is my new conf
location / {
proxy_pass http://127.0.0.1:3000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_pass_request_headers on;
}
location /api {
proxy_pass http://127.0.0.1:1023;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_pass_request_headers on;
}does proxy_set_header access_token $access_token; works?
NereaCassian
commented
1 year ago I don't have any $access_token var configured in nginx, so it gives me a test failed
Neko-Life
commented
1 year ago there's something probably your configuration causing nginx to drop the access token header which needed for the authorization. You need to find which configuration or whatever causing it to do that so the api receives the header
NereaCassian
commented
1 year ago Okay, I did found out and is a very stupid thing If you do not explicitly set underscores_in_headers on;, NGINX will silently drop HTTP headers with underscores (which are perfectly valid according to the HTTP standard). So its solved. Thank you very much for your help. <3
brianferri
commented
1 year ago Should we maybe add some try catch blocks to return the actual errors, if possible?
Neko-Life
commented
1 year ago sure we can add some log in debug mode smt like "Missing access_token header", "Invalid JWT signature" etc.
SerpentDrago
commented
1 year ago I'm having the same "loop" problem using Nginx Config manager in unraid , i dont' see how or where to set the underscores_in_headers on;
i'm using the webbased config gui for nginx .
I authorize and just get looped to the main webpage again .. so i can't access the dashboard . Bot works fine besides
NereaCassian
commented
1 year ago @SerpentDrago just add the line in the config block of the advanced tab
When I try to log into the web dashboard the OAuth process loops and the /api/v1/dashboard endpoint gives a 404 causing that the logging process to loop. I'm using the 5.1/2 repo and deploying using docker. Here are my logs, they don't show any errors. https://gist.github.com/NereaCassian/117674bf44a2238b76a31994aa346713
I have already notified this issue in the discord server, I'm just creating this issue to keep track. The web dashboard is public, you can check the error by yourself https://judy.nereacassian.com
What I have already tried:
The 401 error
This is my NGINX config