search

zekroTJA / shinpuru

シンプル - Discord Bot with role selection, moderation, karma ranking, a starboard, code execution, raid alerting, backups, a web interface, twitch notifications and more!
https://shnp.de
MIT License
188 stars 37 forks source link

Blank site when i login into the Webinterface #328

Closed CallMeAGI closed 2 years ago

CallMeAGI commented 2 years ago

Type

Breaking Issue

Instances

Description

Im not able to login into the webinterface, because when i try to login after a succesfull auth im stuck at the webpath "/api/auth/oauthcallback?code=" and im not logged in, in the webinterface.

(i removed the code for this report)

Steps to reproduce

  1. go to your bots webinterface
  2. press on the login button
  3. authorize the login

Attachments

I got no errors or anything else, just only a blank site bugreport-shinpu-web

zekroTJA commented 2 years ago

Hm, that's weird.

Do you use the Docker image or the binaries from the release page?

Also, could you please repeat the login process with the developer tools of the browser open?
You can open them by pressing F12 or Ctrl + Shift + I. After that, log in until you are stuck again on that blank page. Now, please go to the Network tab in the developer tools. After that, if there are any failed (maked red) requests, please click on each and provide a screen shot of them like shown in the example below. And please don't forget to hide any potential credentials the the screenshot like cookie headers or token query parameters. ;)

image

CallMeAGI commented 2 years ago

Hi, I use the the binaries. Version 1.27.0. unknown_2022 01 09-15 37 unknown_2022 01 09-15 36 unknown_2022 01 09-15 38_1

zekroTJA commented 2 years ago

This is actually really odd, because this handler should never return a blank 200 OK.

I tried to reproduce this by downloading the binaries (release 1.27.0) and running them on a completely clean MariaDB as well as Redis instance and was not able to reproduce this behavior.

Either there is an issue with your configuration or with your routing / rev proxy environment.

For my testing, I've used the following config:

configVersionPleaseDoNotChange: 6
codeexec:
  ranna:
    apiversion: v1
    endpoint: 'https://public.ranna.zekro.de'
    token: ''
  type: ranna
database:
  mysql:
    database: 'shinpuru'
    host: 'localhost:3306'
    password: 'dev'
    user: 'root'
  type: mysql
cache:
  redis:
    addr: "localhost:6379"
    type: 0
  cachedatabase: true
discord:
  clientid: '911603978758914089'
  clientsecret: '***'
  generalprefix: ;;
  ownerid: '221905671296253953'
  token: '***'
  disabledcommands:
logging:
  commandlogging: true
  loglevel: 5
permissions:
  defaultadminrules:
    - +sp.guild.*
    - +sp.etc.*
    - +sp.chat.*
  defaultuserrules:
    - +sp.etc.*
    - +sp.chat.*
schedules:
storage:
  minio:
    accesskey: 'dev-access-key'
    accesssecret: 'dev-secret-key'
    endpoint: 'localhost:9000'
    location: us-east-1
    secure: false
  type: minio
twitchapp:
  clientid: "***"
  clientsecret: "***"
webserver:
  addr: :8080
  apitokenkey: "***"
  enabled: true
  landingpage:
    showlocalinvite: true
    showpublicinvites: true
  publicaddr: http://localhost:8080
  captcha:
    sitekey: "20000000-ffff-ffff-ffff-000000000002"
    secretkey: "0x0000000000000000000000000000000000000000"
metrics:
  enable: true
  addr: ":9091"

Could you please provide your config (with the secrets removed ofc) just so that I can have a look over it?

CallMeAGI commented 2 years ago

This is my config!

configVersionPleaseDoNotChange: 6
discord:
  token: "xxx"
  generalprefix: ";;"
  ownerid: "312998964465238018"
  clientid: "925204349028819026"
  clientsecret: "xxx"
   globalcommandratelimit:
    burst: 1
    limitseconds: 10
permissions:
  defaultuserrules:
  - +sp.etc.*
  - +sp.chat.*
  defaultadminrules:
  - +sp.guild.*
  - +sp.etc.*
  - +sp.chat.*

database:
  type: "mysql"
  mysql:
    host: "localhost"
    user: "database_user"
    password: "database_password"
    database: "database"
cache:
  redis:
    addr: "localhost:6379"
    password: "redis_password"
    type: 0
  cachedatabase: true
logging:
  commandlogging: true
  loglevel: 4
storage:
  type: "file"
minio:
    endpoint: "minio.exmaple.com"
    accesskey: "my_minio_access_key"
    accesssecret: "my_minio_access_secret"
    location: "us-east-1"
    secure: false
  file:
    location: /home/dcbot/data
webserver:
  enabled: true
  addr: 0.0.0.0:80
  tls:
    enabled: false
    cert: "/etc/cert/mycert.pem"
    key: "/etc/cert/mykey.pem"
  publicaddr: "http://api.theuwuclan.de"
  debugpublicaddr: "http://localhost:8081"
  ratelimit:
    enabled: true
    burst: 50
    limitseconds: 3
twitchapp:
  clientid: "f34eqnjavd5so30yoivbu9ls5pjfek"
  clientsecret: "xxx"
metrics:
  enable: true
  addr: ":9091"
schedules:
  guildbackups:        '0 0 6,18 * * *'
  refreshtokencleanup: '0 0 5 * * *'
zekroTJA commented 2 years ago

I've tried around to find differences in your config to mine and just found you are setting debugpublicaddr. This should never be used outside of debugging and development, so maybe it would help removing it from your config. But when I added it, it did not result into the issue so I am still unable to reproduce it. I've also set up shinpuru under a sub domain on a separate server and was not able to reproduce the issue, so I really think it has something to do with your service routing.

Do you have any kind of reverse proxy between shinpuru and the entrypoint? Have you tried it with your config on a local system hosting via localhost? If yes, does this result in the same issue?

CallMeAGI commented 2 years ago

I had tried out now with your config and now i became this in the logs:

INFO[2022/01/15 07:01:14 CET] Starting up...
INFO[2022/01/15 07:01:14 CET] Checking database for migrations and apply if needed...
INFO[2022/01/15 07:01:14 CET] Enabled redis as database cache
INFO[2022/01/15 07:01:14 CET] Connected to database
INFO[2022/01/15 07:01:14 CET] Connected to storage device
INFO[2022/01/15 07:01:15 CET] LCT :: scheduled job name="refresh token cleanup" spec="0 0 5 "
INFO[2022/01/15 07:01:15 CET] LCT :: scheduled job name="guild backup" spec="0 0 6,18 "
INFO[2022/01/15 07:01:15 CET] LCT :: scheduled job name="twitch notify" spec="@every 60s"
INFO[2022/01/15 07:01:15 CET] LCT :: scheduled job name="report expiration" spec="@every 5m"
INFO[2022/01/15 07:01:15 CET] LCT :: scheduled job name="verification kick routine" spec="@every 1h"
INFO[2022/01/15 07:01:15 CET] Invite link: https://discord.com/api/oauth2/authorize?client_id=925204349028819026&scope=bot%20applications.commands&permissions=2080894065
INFO[2022/01/15 07:01:15 CET] Commands registered n=41
INFO[2022/01/15 07:01:15 CET] Mime check of .js returned invalid mime value 'text/javascript; charset=utf-8', trying to fix this now...
INFO[2022/01/15 07:01:15 CET] Successfully fixed .js mime value
INFO[2022/01/15 07:01:15 CET] Web server running bindAddr=":8080" publicAddr="http://api.theuwuclan.de:8080"
INFO[2022/01/15 07:01:15 CET] Started event loop. Stop with CTRL-C...
INFO[2022/01/15 07:01:15 CET] Initialization finished took=1.360990617s
INFO[2022/01/15 07:01:15 CET] Metrics server started addr=":9091"
INFO[2022/01/15 07:01:16 CET] READY :: caching members of guilds ... n=2
DEBU[2022/01/15 07:01:16 CET] READY :: skip fetching members because state is hydrated gid=923693482084818994
DEBU[2022/01/15 07:01:16 CET] READY :: skip fetching members because state is hydrated gid=923693539542564954
INFO[2022/01/15 07:01:16 CET] READY :: caching members finished
DEBU[2022/01/15 07:01:33 CET] WS :: GET /api/me code=200 duration="39.424µs" error="invalid access token" ip= method=GET
DEBU[2022/01/15 07:01:33 CET] WS :: GET /api/guilds code=200 duration="32.368µs" error="invalid access token" ip= method=GET
DEBU[2022/01/15 07:01:33 CET] WS :: POST /api/auth/accesstoken code=200 duration="40.389µs" error=Unauthorized ip= method=POST
DEBU[2022/01/15 07:01:33 CET] WS :: POST /api/auth/accesstoken code=200 duration="26.13µs" error=Unauthorized ip= method=POST DEBU[2022/01/15 07:01:33 CET] WS :: GET /api/me code=200 duration="29.395µs" error="invalid access token" ip= method=GET
DEBU[2022/01/15 07:01:33 CET] WS :: GET /api/util/landingpageinfo code=200 duration="615.279µs" ip= method=GET
DEBU[2022/01/15 07:01:33 CET] WS :: GET /assets/landingpage/background.png code=200 duration="57.801µs" ip= method=GET
DEBU[2022/01/15 07:01:35 CET] WS :: GET /api/auth/login code=307 duration="60.955µs" ip= method=GET
DEBU[2022/01/15 07:02:00 CET] WS :: GET /api/auth/oauthcallback code=200 duration=145.997236ms ip= method=GET

i dont know if this helps but i thinked i just should send this to you.

zekroTJA commented 2 years ago

That's interesting, at least it means that the request comes in to shinpuru and is getting handled in some way.

I've added a lot of debug log output to the handlers in question which might give some crucial information to see what is actually going on in there.

Could you please download the binary from this build and run a full OAuth2 login procedure. Then, please provide the logs generated. https://github.com/zekroTJA/shinpuru/actions/runs/1702278737

The log output should look similar to that:

INFO[2022/01/15 19:45:28 CET] Starting up...
WARN[2022/01/15 19:45:28 CET] I328 :: ATTENTION! THIS IS A DEBUG VERSION OF SHINPURU WHICH LOGS CRUCIAL DATA AND SHOULD NEVER BE USED IN PRODUCTION! 
INFO[2022/01/15 19:45:28 CET] Checking database for migrations and apply if needed... 
[...]
DEBU[2022/01/15 19:45:40 CET] WS :: GET   /api/me                           code=200 duration=0s error="invalid access token" ip= method=GET
DEBU[2022/01/15 19:45:40 CET] WS :: GET   /api/guilds                       code=200 duration=0s error="invalid access token" ip= method=GET
DEBU[2022/01/15 19:45:40 CET] WS :: POST  /api/auth/accesstoken             code=200 duration=155.4989ms ip= method=POST
DEBU[2022/01/15 19:45:40 CET] WS :: GET   /api/me                           code=200 duration=1.9999ms ip= method=GET
DEBU[2022/01/15 19:45:40 CET] WS :: POST  /api/auth/accesstoken             code=200 duration=299.859ms ip= method=POST
DEBU[2022/01/15 19:45:40 CET] WS :: GET   /api/guilds                       code=200 duration=4.4992ms ip= method=GET
DEBU[2022/01/15 19:45:44 CET] WS :: POST  /api/auth/logout                  code=200 duration=3.8589ms ip= method=POST
DEBU[2022/01/15 19:45:44 CET] WS :: GET   /api/me                           code=200 duration="498.5µs" error="invalid access token" ip= method=GET
DEBU[2022/01/15 19:45:44 CET] WS :: GET   /api/util/landingpageinfo         code=200 duration="998.6µs" ip= method=GET
DEBU[2022/01/15 19:45:44 CET] WS :: POST  /api/auth/accesstoken             code=200 duration=1.8392ms error=Unauthorized ip= method=POST
DEBU[2022/01/15 19:45:46 CET] WS :: GET   /api/auth/login                   code=307 duration="499.7µs" ip= method=GET
DEBU[2022/01/15 19:45:48 CET] I328 :: Entering DiscordOAuth#HandlerCallback  code=0x165353110872bd2774f3fd20f6e9bbf1
DEBU[2022/01/15 19:45:49 CET] I328 :: Token request successful              accessToken=0xe2a5c0235e3ed9cb9b3efb38c7ad254c code=0x165353110872bd2774f3fd20f6e9bbf1
DEBU[2022/01/15 19:45:49 CET] I328 :: User request successful               code=0x165353110872bd2774f3fd20f6e9bbf1 userID=221905671296253953
DEBU[2022/01/15 19:45:49 CET] I328 :: Entering RefreshTokenRequestHandler#LoginSuccessHandler 
DEBU[2022/01/15 19:45:49 CET] I328 :: User ID                               userID=221905671296253953
DEBU[2022/01/15 19:45:49 CET] I328 :: Refresh token successfully retrieved  refreshToken=0x9d3f107d31c99583d091a52a8336e44e
DEBU[2022/01/15 19:45:49 CET] WS :: GET   /api/auth/oauthcallback           code=307 duration=592.1212ms ip= method=GET
DEBU[2022/01/15 19:45:49 CET] WS :: GET   /api/me                           code=200 duration=0s error="invalid access token" ip= method=GET
[...]

The essential log outputs in question are all prefixed with I328 :: so you can also basically filter by that if you want. All auth codes and tokens are MD5 hashed in hex format in the log outputs, so please also provide them just so that I can see if there is some odd behavior going on.

CallMeAGI commented 2 years ago 
INFO[2022/01/16 12:02:59 CET] Starting up...                                                                                                                                                    
WARN[2022/01/16 12:02:59 CET] I328 :: ATTENTION! THIS IS A DEBUG VERSION OF SHINPURU WHICH LOGS CRUCIAL DATA AND SHOULD NEVER BE USED IN PRODUCTION!                                            
INFO[2022/01/16 12:02:59 CET] Checking database for migrations and apply if needed...                                                                                                           
INFO[2022/01/16 12:02:59 CET] DATABASE :: applying migration                version=9                                                                                                           
INFO[2022/01/16 12:02:59 CET] Enabled redis as database cache                                                                                                                                   
INFO[2022/01/16 12:02:59 CET] Connected to database                                                                                                                                             
INFO[2022/01/16 12:02:59 CET] Connected to storage device                                                                                                                                       
INFO[2022/01/16 12:03:00 CET] LCT :: scheduled job                          name="refresh token cleanup" spec="0 0 5 * * *"                                                                     
INFO[2022/01/16 12:03:00 CET] LCT :: scheduled job                          name="guild backup" spec="0 0 6,18 * * *"                                                                           
INFO[2022/01/16 12:03:00 CET] LCT :: scheduled job                          name="twitch notify" spec="@every 60s"                                                                              
INFO[2022/01/16 12:03:00 CET] LCT :: scheduled job                          name="report expiration" spec="@every 5m"                                                                           
INFO[2022/01/16 12:03:00 CET] LCT :: scheduled job                          name="verification kick routine" spec="@every 1h"                                                                   
INFO[2022/01/16 12:03:00 CET] LCT :: scheduled job                          name="antiraid joinlog flush" spec="@every 1h"                                                                      
INFO[2022/01/16 12:03:00 CET] Commands registered                           n=40                                                                                                                
INFO[2022/01/16 12:03:00 CET] Invite link: https://discord.com/api/oauth2/authorize?client_id=925204349028819026&scope=bot%20applications.commands&permissions=2080894065                       
INFO[2022/01/16 12:03:00 CET] Mime check of .js returned invalid mime value 'text/javascript; charset=utf-8', trying to fix this now ...                                                        
INFO[2022/01/16 12:03:00 CET] Successfully fixed .js mime value                                                                                                                                 
INFO[2022/01/16 12:03:00 CET] Web server running                            bindAddr=":8080" publicAddr="http://api.theuwuclan.de:8080"                                                         
INFO[2022/01/16 12:03:00 CET] Started event loop. Stop with CTRL-C...                                                                                                                           
INFO[2022/01/16 12:03:00 CET] Initialization finished                       took=1.655548357s                                                                                                   
INFO[2022/01/16 12:03:00 CET] Metrics server started                        addr=":9091"                                                                                                        
INFO[2022/01/16 12:03:01 CET] READY :: caching members of guilds ...        n=2                                                                                                                
DEBU[2022/01/16 12:03:01 CET] READY :: skip fetching members because state is hydrated  gid=923693482084818994                                                                                  
DEBU[2022/01/16 12:03:01 CET] READY :: skip fetching members because state is hydrated  gid=923693539542564954                                                                                  
INFO[2022/01/16 12:03:01 CET] READY :: caching members finished                                                                                                                                 
DEBU[2022/01/16 12:03:43 CET] WS :: GET   /                                 code=200 duration="92.003�s" ip= method=GET                                                                         
DEBU[2022/01/16 12:03:44 CET] WS :: GET   /polyfills-es2015.895622983b1da42836f2.js  code=200 duration="111.959�s" ip= method=GET                                                               
DEBU[2022/01/16 12:03:44 CET] WS :: GET   /main-es2015.1f332b23e78ab4bd4b82.js  code=200 duration="41.855�s" ip= method=GET                                                                     
DEBU[2022/01/16 12:03:44 CET] WS :: GET   /runtime-es2015.336a0dd45455eee42458.js  code=200 duration="73.32�s" ip= method=GET                                                                   
DEBU[2022/01/16 12:03:44 CET] WS :: GET   /styles.6669414b0cfe049888e1.css  code=200 duration="85.327�s" ip= method=GET                                                                         
DEBU[2022/01/16 12:03:44 CET] WS :: GET   /scripts.3c3e9a19f3e3801f8abe.js  code=200 duration="80.011�s" ip= method=GET                                                                         
DEBU[2022/01/16 12:04:01 CET] WS :: GET   /api/me                           code=200 duration="49.613�s" error="invalid access token" ip= method=GET                                            
DEBU[2022/01/16 12:04:01 CET] WS :: GET   /api/guilds                       code=200 duration="52.36�s" error="invalid access token" ip= method=GET                                             
DEBU[2022/01/16 12:04:01 CET] WS :: GET   /assets/dc-logo.svg               code=200 duration="76.498�s" ip= method=GET                                                                         
DEBU[2022/01/16 12:04:01 CET] WS :: GET   /assets/lightbulb.svg             code=200 duration="101.421�s" ip= method=GET                                                                        
DEBU[2022/01/16 12:04:01 CET] WS :: POST  /api/auth/accesstoken             code=200 duration="13.012�s" error=Unauthorized ip= method=POST                                                     
DEBU[2022/01/16 12:04:01 CET] WS :: POST  /api/auth/accesstoken             code=200 duration="36.454�s" error=Unauthorized ip= method=POST                                                     
DEBU[2022/01/16 12:04:01 CET] WS :: GET   /api/me                           code=200 duration="35.148�s" error="invalid access token" ip= method=GET                                            
DEBU[2022/01/16 12:04:01 CET] WS :: GET   /api/util/landingpageinfo         code=200 duration="386.269�s" ip= method=GET                                                                        
DEBU[2022/01/16 12:04:01 CET] WS :: GET   /assets/landingpage/banner.png    code=200 duration="87.194�s" ip= method=GET                                                                         
DEBU[2022/01/16 12:04:02 CET] WS :: GET   /assets/landingpage/background.png  code=200 duration="73.633�s" ip= method=GET                                                                       
DEBU[2022/01/16 12:04:02 CET] WS :: GET   /assets/landingpage/500px/ex-report.png  code=200 duration="78.893�s" ip= method=GET                                                                  
DEBU[2022/01/16 12:04:02 CET] WS :: GET   /assets/landingpage/500px/ex-backups.png  code=200 duration="90.308�s" ip= method=GET                                                                 
DEBU[2022/01/16 12:04:02 CET] WS :: GET   /assets/landingpage/500px/ex-karma.png  code=200 duration="81.383�s" ip= method=GET                                                                   
DEBU[2022/01/16 12:04:02 CET] WS :: GET   /assets/landingpage/500px/ex-codeexec.png  code=200 duration="86.665�s" ip= method=GET                                                                
DEBU[2022/01/16 12:04:04 CET] WS :: GET   /assets/landingpage/github.svg    code=200 duration="84.52�s" ip= method=GET                                                                          
DEBU[2022/01/16 12:04:04 CET] WS :: GET   /assets/landingpage/ko-fi.svg     code=200 duration="94.319�s" ip= method=GET                                                                         
DEBU[2022/01/16 12:04:14 CET] WS :: GET   /api/auth/login                   code=307 duration="53.264�s" ip= method=GET                                                                         
DEBU[2022/01/16 12:04:22 CET] I328 :: Entering DiscordOAuth#HandlerCallback  code=0xb056b1ee3173b02318710b674ac0aa4f                                                                            
ERRO[2022/01/16 12:04:22 CET] I328 :: Token request: Error response code    code=0xb056b1ee3173b02318710b674ac0aa4f responseCode=401                                                            
DEBU[2022/01/16 12:04:22 CET] WS :: GET   /api/auth/oauthcallback           code=200 duration=138.518286ms ip= method=GET
zekroTJA commented 2 years ago

Okay, this is actually really interesting.

DEBU[2022/01/16 12:04:22 CET] I328 :: Entering DiscordOAuth#HandlerCallback  code=0xb056b1ee3173b02318710b674ac0aa4f                                                                            
ERRO[2022/01/16 12:04:22 CET] I328 :: Token request: Error response code    code=0xb056b1ee3173b02318710b674ac0aa4f responseCode=401

That means, the auth code passed via the callback is not valid for whatever reason.

First of all, I discovered that the error handler of the OAuth module did not forward errors correctly. That's why an invalid authentication returns a 200 OK. I've now fixed that.

This will still not fix your problem, because, for some reason, the obtained auth token is not valid in your login flow. Could you please check if you are using the right credentials for your Discord App (client ID, client secret).

You can now use the canary build, if you want. It should at least return the right error responses now. ^^

CallMeAGI commented 2 years ago

Before i wanted to setup the canary, i had reconfigured the config now and resetted the database in mysql but im being redirecting to the main page but not getting logged in.

DEBU[2022/01/16 14:25:48 CET] WS :: GET   /                                 code=200 duration="81.164µs" ip= method=GET                                                                         
DEBU[2022/01/16 14:25:48 CET] WS :: GET   /runtime-es2015.336a0dd45455eee42458.js  code=200 duration="54.546µs" ip= method=GET                                                                  
DEBU[2022/01/16 14:25:48 CET] WS :: GET   /polyfills-es2015.895622983b1da42836f2.js  code=200 duration="70.46µs" ip= method=GET                                                                 
DEBU[2022/01/16 14:25:48 CET] WS :: GET   /main-es2015.1f332b23e78ab4bd4b82.js  code=200 duration="36.721µs" ip= method=GET                                                                     
DEBU[2022/01/16 14:25:48 CET] WS :: GET   /scripts.3c3e9a19f3e3801f8abe.js  code=200 duration="57.801µs" ip= method=GET                                                                         
DEBU[2022/01/16 14:25:48 CET] WS :: GET   /styles.6669414b0cfe049888e1.css  code=200 duration="49.637µs" ip= method=GET                                                                         
DEBU[2022/01/16 14:25:49 CET] WS :: GET   /api/me                           code=200 duration="39.137µs" error="invalid access token" ip= method=GET                                            
DEBU[2022/01/16 14:25:49 CET] WS :: GET   /api/guilds                       code=200 duration="12.573µs" error="invalid access token" ip= method=GET                                            
DEBU[2022/01/16 14:25:49 CET] WS :: GET   /assets/lightbulb.svg             code=200 duration="66µs" ip= method=GET                                                                             
DEBU[2022/01/16 14:25:49 CET] WS :: GET   /assets/dc-logo.svg               code=200 duration="37.405µs" ip= method=GET                                                                         
DEBU[2022/01/16 14:25:49 CET] WS :: POST  /api/auth/accesstoken             code=200 duration="10.027µs" error=Unauthorized ip= method=POST                                                     
DEBU[2022/01/16 14:25:49 CET] WS :: POST  /api/auth/accesstoken             code=200 duration="9.558µs" error=Unauthorized ip= method=POST                                                      
DEBU[2022/01/16 14:25:49 CET] WS :: GET   /favicon.ico                      code=200 duration="44.785µs" ip= method=GET                                                                         
DEBU[2022/01/16 14:25:49 CET] WS :: GET   /api/me                           code=200 duration="23.942µs" error="invalid access token" ip= method=GET                                            
DEBU[2022/01/16 14:25:49 CET] WS :: GET   /api/util/landingpageinfo         code=200 duration="369.462µs" ip= method=GET                                                                        
DEBU[2022/01/16 14:25:49 CET] WS :: GET   /assets/landingpage/500px/ex-report.png  code=200 duration="33.478µs" ip= method=GET                                                                  
DEBU[2022/01/16 14:25:49 CET] WS :: GET   /assets/landingpage/banner.png    code=200 duration="45.63µs" ip= method=GET                                                                          
DEBU[2022/01/16 14:25:49 CET] WS :: GET   /assets/landingpage/500px/ex-backups.png  code=200 duration="51.112µs" ip= method=GET                                                                 
DEBU[2022/01/16 14:25:49 CET] WS :: GET   /assets/landingpage/500px/ex-karma.png  code=200 duration="25.272µs" ip= method=GET                                                                   
DEBU[2022/01/16 14:25:49 CET] WS :: GET   /assets/landingpage/500px/ex-codeexec.png  code=200 duration="56.282µs" ip= method=GET                                                                
DEBU[2022/01/16 14:25:49 CET] WS :: GET   /assets/landingpage/background.png  code=200 duration="55.678µs" ip= method=GET                                                                       
DEBU[2022/01/16 14:25:49 CET] WS :: GET   /assets/landingpage/github.svg    code=200 duration="46.836µs" ip= method=GET                                                                         
DEBU[2022/01/16 14:25:49 CET] WS :: GET   /assets/landingpage/ko-fi.svg     code=200 duration="51.111µs" ip= method=GET                                                                         
DEBU[2022/01/16 14:25:51 CET] WS :: GET   /api/auth/login                   code=307 duration="32.211µs" ip= method=GET                                                                         
DEBU[2022/01/16 14:25:55 CET] I328 :: Entering DiscordOAuth#HandlerCallback  code=0xc023de9100c8edff01092ba31adcfd4b                                                                            
DEBU[2022/01/16 14:25:55 CET] I328 :: Token request successful              accessToken=0x3876dc128d918f3bcb5518e4ea34e821 code=0xc023de9100c8edff01092ba31adcfd4b                              
DEBU[2022/01/16 14:25:55 CET] I328 :: User request successful               code=0xc023de9100c8edff01092ba31adcfd4b userID=312998964465238018                                                   
DEBU[2022/01/16 14:25:55 CET] I328 :: Entering RefreshTokenRequestHandler#LoginSuccessHandler                                                                                                   
DEBU[2022/01/16 14:25:55 CET] I328 :: User ID                               userID=312998964465238018                                                                                           
DEBU[2022/01/16 14:25:55 CET] I328 :: Refresh token successfully retrieved  refreshToken=0xfe708c1cdacc1f279998d5962297b6ba                                                                     
DEBU[2022/01/16 14:25:55 CET] WS :: GET   /api/auth/oauthcallback           code=307 duration=633.055112ms ip= method=GET                                                                       
DEBU[2022/01/16 14:25:56 CET] WS :: GET   /api/me                           code=200 duration="18.874µs" error="invalid access token" ip= method=GET                                            
DEBU[2022/01/16 14:25:56 CET] WS :: GET   /guilds                           code=200 duration="126.731µs" ip= method=GET                                                                        
DEBU[2022/01/16 14:25:56 CET] WS :: GET   /api/guilds                       code=200 duration="22.246µs" error="invalid access token" ip= method=GET                                            
DEBU[2022/01/16 14:25:56 CET] WS :: POST  /api/auth/accesstoken             code=200 duration="15.189µs" error=Unauthorized ip= method=POST                  
DEBU[2022/01/16 14:25:56 CET] WS :: GET   /api/me                           code=200 duration="11.914µs" error="invalid access token" ip= method=GET                                            
DEBU[2022/01/16 14:25:57 CET] WS :: GET   /api/guilds                       code=200 duration="30.715µs" error="invalid access token" ip= method=GET                                            
DEBU[2022/01/16 14:25:57 CET] WS :: POST  /api/auth/accesstoken             code=200 duration="11.29µs" error=Unauthorized ip= method=POST                                                      
DEBU[2022/01/16 14:25:57 CET] WS :: POST  /api/auth/accesstoken             code=200 duration="10.696µs" error=Unauthorized ip= method=POST                                                     
DEBU[2022/01/16 14:25:57 CET] WS :: GET   /api/me                           code=200 duration="13.353µs" error="invalid access token" ip= method=GET                                            
DEBU[2022/01/16 14:25:57 CET] WS :: GET   /api/util/landingpageinfo         code=200 duration="395.864µs" ip= method=GET
CallMeAGI commented 2 years ago

Before i wanted to setup the canary, i had reconfigured the config now and resetted the database in mysql but im being redirecting to the main page but not getting logged in.

DEBU[2022/01/16 14:25:48 CET] WS :: GET   /                                 code=200 duration="81.164µs" ip= method=GET                                                                         
DEBU[2022/01/16 14:25:48 CET] WS :: GET   /runtime-es2015.336a0dd45455eee42458.js  code=200 duration="54.546µs" ip= method=GET                                                                  
DEBU[2022/01/16 14:25:48 CET] WS :: GET   /polyfills-es2015.895622983b1da42836f2.js  code=200 duration="70.46µs" ip= method=GET                                                                 
DEBU[2022/01/16 14:25:48 CET] WS :: GET   /main-es2015.1f332b23e78ab4bd4b82.js  code=200 duration="36.721µs" ip= method=GET                                                                     
DEBU[2022/01/16 14:25:48 CET] WS :: GET   /scripts.3c3e9a19f3e3801f8abe.js  code=200 duration="57.801µs" ip= method=GET                                                                         
DEBU[2022/01/16 14:25:48 CET] WS :: GET   /styles.6669414b0cfe049888e1.css  code=200 duration="49.637µs" ip= method=GET                                                                         
DEBU[2022/01/16 14:25:49 CET] WS :: GET   /api/me                           code=200 duration="39.137µs" error="invalid access token" ip= method=GET                                            
DEBU[2022/01/16 14:25:49 CET] WS :: GET   /api/guilds                       code=200 duration="12.573µs" error="invalid access token" ip= method=GET                                            
DEBU[2022/01/16 14:25:49 CET] WS :: GET   /assets/lightbulb.svg             code=200 duration="66µs" ip= method=GET                                                                             
DEBU[2022/01/16 14:25:49 CET] WS :: GET   /assets/dc-logo.svg               code=200 duration="37.405µs" ip= method=GET                                                                         
DEBU[2022/01/16 14:25:49 CET] WS :: POST  /api/auth/accesstoken             code=200 duration="10.027µs" error=Unauthorized ip= method=POST                                                     
DEBU[2022/01/16 14:25:49 CET] WS :: POST  /api/auth/accesstoken             code=200 duration="9.558µs" error=Unauthorized ip= method=POST                                                      
DEBU[2022/01/16 14:25:49 CET] WS :: GET   /favicon.ico                      code=200 duration="44.785µs" ip= method=GET                                                                         
DEBU[2022/01/16 14:25:49 CET] WS :: GET   /api/me                           code=200 duration="23.942µs" error="invalid access token" ip= method=GET                                            
DEBU[2022/01/16 14:25:49 CET] WS :: GET   /api/util/landingpageinfo         code=200 duration="369.462µs" ip= method=GET                                                                        
DEBU[2022/01/16 14:25:49 CET] WS :: GET   /assets/landingpage/500px/ex-report.png  code=200 duration="33.478µs" ip= method=GET                                                                  
DEBU[2022/01/16 14:25:49 CET] WS :: GET   /assets/landingpage/banner.png    code=200 duration="45.63µs" ip= method=GET                                                                          
DEBU[2022/01/16 14:25:49 CET] WS :: GET   /assets/landingpage/500px/ex-backups.png  code=200 duration="51.112µs" ip= method=GET                                                                 
DEBU[2022/01/16 14:25:49 CET] WS :: GET   /assets/landingpage/500px/ex-karma.png  code=200 duration="25.272µs" ip= method=GET                                                                   
DEBU[2022/01/16 14:25:49 CET] WS :: GET   /assets/landingpage/500px/ex-codeexec.png  code=200 duration="56.282µs" ip= method=GET                                                                
DEBU[2022/01/16 14:25:49 CET] WS :: GET   /assets/landingpage/background.png  code=200 duration="55.678µs" ip= method=GET                                                                       
DEBU[2022/01/16 14:25:49 CET] WS :: GET   /assets/landingpage/github.svg    code=200 duration="46.836µs" ip= method=GET                                                                         
DEBU[2022/01/16 14:25:49 CET] WS :: GET   /assets/landingpage/ko-fi.svg     code=200 duration="51.111µs" ip= method=GET                                                                         
DEBU[2022/01/16 14:25:51 CET] WS :: GET   /api/auth/login                   code=307 duration="32.211µs" ip= method=GET                                                                         
DEBU[2022/01/16 14:25:55 CET] I328 :: Entering DiscordOAuth#HandlerCallback  code=0xc023de9100c8edff01092ba31adcfd4b                                                                            
DEBU[2022/01/16 14:25:55 CET] I328 :: Token request successful              accessToken=0x3876dc128d918f3bcb5518e4ea34e821 code=0xc023de9100c8edff01092ba31adcfd4b                              
DEBU[2022/01/16 14:25:55 CET] I328 :: User request successful               code=0xc023de9100c8edff01092ba31adcfd4b userID=312998964465238018                                                   
DEBU[2022/01/16 14:25:55 CET] I328 :: Entering RefreshTokenRequestHandler#LoginSuccessHandler                                                                                                   
DEBU[2022/01/16 14:25:55 CET] I328 :: User ID                               userID=312998964465238018                                                                                           
DEBU[2022/01/16 14:25:55 CET] I328 :: Refresh token successfully retrieved  refreshToken=0xfe708c1cdacc1f279998d5962297b6ba                                                                     
DEBU[2022/01/16 14:25:55 CET] WS :: GET   /api/auth/oauthcallback           code=307 duration=633.055112ms ip= method=GET                                                                       
DEBU[2022/01/16 14:25:56 CET] WS :: GET   /api/me                           code=200 duration="18.874µs" error="invalid access token" ip= method=GET                                            
DEBU[2022/01/16 14:25:56 CET] WS :: GET   /guilds                           code=200 duration="126.731µs" ip= method=GET                                                                        
DEBU[2022/01/16 14:25:56 CET] WS :: GET   /api/guilds                       code=200 duration="22.246µs" error="invalid access token" ip= method=GET                                            
DEBU[2022/01/16 14:25:56 CET] WS :: POST  /api/auth/accesstoken             code=200 duration="15.189µs" error=Unauthorized ip= method=POST                  
DEBU[2022/01/16 14:25:56 CET] WS :: GET   /api/me                           code=200 duration="11.914µs" error="invalid access token" ip= method=GET                                            
DEBU[2022/01/16 14:25:57 CET] WS :: GET   /api/guilds                       code=200 duration="30.715µs" error="invalid access token" ip= method=GET                                            
DEBU[2022/01/16 14:25:57 CET] WS :: POST  /api/auth/accesstoken             code=200 duration="11.29µs" error=Unauthorized ip= method=POST                                                      
DEBU[2022/01/16 14:25:57 CET] WS :: POST  /api/auth/accesstoken             code=200 duration="10.696µs" error=Unauthorized ip= method=POST                                                     
DEBU[2022/01/16 14:25:57 CET] WS :: GET   /api/me                           code=200 duration="13.353µs" error="invalid access token" ip= method=GET                                            
DEBU[2022/01/16 14:25:57 CET] WS :: GET   /api/util/landingpageinfo         code=200 duration="395.864µs" ip= method=GET

Edit: I become the same to Shinpuru Canary Log:

DEBU[2022/01/16 15:35:13 CET] WS :: GET   /api/auth/login                   code=307 duration="53.943µs" ip= method=GET                                                                         
DEBU[2022/01/16 15:35:18 CET] WS :: GET   /api/auth/oauthcallback           code=307 duration=502.32139ms ip= method=GET                                                                        
DEBU[2022/01/16 15:35:18 CET] WS :: GET   /api/me                           code=200 duration="13.336µs" error="invalid access token" ip= method=GET                                            
DEBU[2022/01/16 15:35:18 CET] WS :: GET   /api/guilds                       code=200 duration="14.826µs" error="invalid access token" ip= method=GET                                            
DEBU[2022/01/16 15:35:18 CET] WS :: POST  /api/auth/accesstoken             code=200 duration="19.28µs" error=Unauthorized ip= method=POST                                                      
DEBU[2022/01/16 15:35:18 CET] WS :: GET   /api/me                           code=200 duration="58.025µs" error="invalid access token" ip= method=GET                                            
DEBU[2022/01/16 15:35:18 CET] WS :: GET   /api/guilds                       code=200 duration="41.451µs" error="invalid access token" ip= method=GET                                            
DEBU[2022/01/16 15:35:18 CET] WS :: POST  /api/auth/accesstoken             code=200 duration="12.276µs" error=Unauthorized ip= method=POST                                                     
DEBU[2022/01/16 15:35:18 CET] WS :: POST  /api/auth/accesstoken             code=200 duration="12.334µs" error=Unauthorized ip= method=POST                                                     
DEBU[2022/01/16 15:35:18 CET] WS :: GET   /api/me                           code=200 duration="14.489µs" error="invalid access token" ip= method=GET                                            
DEBU[2022/01/16 15:35:19 CET] WS :: GET   /api/util/landingpageinfo         code=200 duration="369.417µs" ip= method=GET
zekroTJA commented 2 years ago

Okay, this is really odd. Why are the access tokens generated by shinpuru invalid? xD 

DEBU[2022/01/16 15:35:18 CET] WS :: GET   /api/me                           code=200 duration="14.489µs" error="invalid access token" ip= method=GET

I have no idea what's going on at this point to be honest. Maybe try to clear your browser cookies on the shinpuru page. Could be possible that the cookie can not be overwritten or read for some reason.

CallMeAGI commented 2 years ago

I had tried to login with deleted cookies and with my smartphone too, but it still dont works. Now i had a new login idea because of always thinking how to fix this but idk if this would be a good idea, but i will make a suggest request for it.

CallMeAGI commented 2 years ago

Solved after a few updates.