Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Verify endpoint not working in latest update (requires port 4000?) #580

Open
Kalcode opened this issue Nov 14, 2024 · 3 comments
Open

Verify endpoint not working in latest update (requires port 4000?) #580

Kalcode opened this issue Nov 14, 2024 · 3 comments

Comments

@Kalcode
Copy link

Kalcode commented Nov 14, 2024

In the latest version 34.1, whenever I run the verify endpoint, I get

Nov 14 17:20:36.018 INF call completed trace.trace_id=3ad89f76-0f70-48ac-96ca-7877363a5247 trace.span_id="" trace.parent_span_id="" request.client_ip=172.18.0.1 request.method=GET request.url="/verify?redirectTo=http%3A%2F%2Flocalhost%3A3000&ticket=verifyEmail%3A9bef7911-f282-4dc7-8309-6e2b29dd611a&type=emailVerify" response.status_code=502 response.latency_time=842.567µs response.errors=[]

2024/11/14 17:20:36 http: proxy error: dial tcp 127.0.0.1:4001: connect: connection refused

Not sure what is happening here. I can signup, but can't verify. Not sure where its getting 4001 from either.

I did notice when I set the server port to 4050, it says listening on 4051.

I suspect that something under the hood requires 4000 or 4001 is hardcoded.


Actually just tested before posting. If the auth server is set to 4000 it works, once you change it, then it cant find 4001 suddenly

@dbarrosop
Copy link
Member

dbarrosop commented Nov 14, 2024

Hello,
thanks for the report, I am assuming you are self-hosting so would you mind providing a docker-compose file that reproduces the issue so we can look into this? Preferrably just the minimum changes to reproduce this issue to this file

Thanks!

@dbarrosop
Copy link
Member

dbarrosop commented Nov 14, 2024

Just did a quick test and seems to work fine (using main branch):

$ go run main.go --port 4050
Nov 14 19:20:17.589 INF auth v
Nov 14 19:20:17.589 INF starting program flags.api-prefix="" flags.port=4050 flags.debug=false flags.log-format-text=true flags.postgres=******** flags.postgres-migrations=******** flags.node-server-path=. flags.disable-signup=false flags.conceal-errors=false flags.default-allowed-roles="[me user editor]" flags.default-role=user flags.default-locale=en flags.allowed-locales=[en] flags.disable-new-users=false flags.gravatar-enabled=true flags.gravatar-default=blank flags.gravatar-rating=g flags.refresh-token-expires-in=******** flags.access-tokens-expires-in=******** flags.hasura-graphql-jwt-secret=******** flags.email-verification-required=false flags.smtp-host=localhost flags.smtp-port=1025 flags.smtp-secure=false flags.smtp-user=user flags.smtp-password=******** [email protected] flags.smtp-api-header="" flags.smtp-auth-method=PLAIN flags.client-url=http://localhost:3000 flags.allow-redirect-urls=[] flags.server-url=http://127.0.0.2:4000 flags.enable-change-env=true flags.custom-claims="" flags.graphql-url=http://localhost:8080/v1/graphql flags.hasura-admin-secret=******** flags.password-min-length=******** flags.password-hibp-enabled=******** flags.templates-path=/app/email-templates flags.block-email-domains=[] flags.block-emails=[] flags.allowed-email-domains=[] flags.allowed-emails=[] flags.email-passwordless-enabled=******** flags.require-elevated-claim=disabled flags.webauthn-enabled=false flags.webauthn-rp-name="" flags.webauthn-rp-id="" flags.webauthn-rp-origins=[] flags.webauthn-attestation-timeout=60000 flags.rate-limit-enable=false flags.rate-limit-global-burst=100 flags.rate-limit-global-interval=1m0s flags.rate-limit-email-burst=10 flags.rate-limit-email-interval=1h0m0s flags.rate-limit-email-is-global=false flags.rate-limit-sms-burst=10 flags.rate-limit-sms-interval=1h0m0s flags.rate-limit-brute-force-burst=10 flags.rate-limit-brute-force-interval=5m0s flags.rate-limit-signups-burst=10 flags.rate-limit-signups-interval=5m0s flags.rate-limit-memcache-server="" flags.rate-limit-memcache-prefix="" flags.turnstile-secret=******** flags.apple-client-id="" flags.google-client-id="" flags.help=false
Warning: Ignoring extra certs from `/etc/ssl/certs/ca-bundle.crt`, load failed: error:80000002:system library::No such file or directory
{"level":"info","message":"Log level: debug"}
{"level":"info","message":"Waiting for Hasura to be ready..."}
{"level":"info","message":"Hasura is ready"}
{"level":"info","message":"Applying SQL migrations..."}
{"level":"info","message":"SQL migrations applied"}
{"level":"info","message":"Applying metadata..."}
{"level":"debug","message":"Exporting metadata..."}
{"level":"debug","message":"Applying metadata patch..."}
{"level":"info","message":"Metadata applied"}
{"level":"info","message":"Running on port 4051"}

I did notice when I set the server port to 4050, it says listening on 4051.

That's because there are two services, an old one written in node we are slowly deprecating and a go service, which is the main one and the one that listens on the port you specify. The node service doesn't need external connectivity so if you are using a container only the port you configure needs to be exposed. The extra port is only needed for the go service to forward the requests for the endpoints that we haven't migrated yet. We wrote about this here

Also, coincidentally we just migrated the /verify endpoint from node to go #579. Not that it matters, it should still work.

@Kalcode
Copy link
Author

Kalcode commented Nov 19, 2024

Yah exposing it was the way to go for our stack and a very simple work-around.

Docker-file used

  auth:
    container_name: auth
    command: serve
    image: nhost/hasura-auth:0.34.1
    restart: always
    ports: 
      - 4050:4000
    env_file:
      - .env
    environment:
      AUTH_ENABLE_CHANGE_ENV: "false"
      AUTH_API_PREFIX: ""
      AUTH_CLIENT_URL: ${AUTH_CLIENT_URL}
      AUTH_EMAIL_SIGNIN_EMAIL_VERIFIED_REQUIRED: "true"
      AUTH_LOCALE_DEFAULT: en
      AUTH_LOG_FORMAT_TEXT: "true"
      AUTH_SERVER_URL: http://localhost:4050
      AUTH_SMTP_AUTH_METHOD: PLAIN
      AUTH_SMTP_HOST: ${AUTH_SMTP_HOST}
      AUTH_SMTP_PASS: ${AUTH_SMTP_PASS}
      AUTH_SMTP_PORT: 1025
      AUTH_SMTP_SECURE: "false"
      AUTH_SMTP_SENDER: ${AUTH_SMTP_SENDER}
      AUTH_SMTP_USER: user
      AUTH_USER_DEFAULT_ALLOWED_ROLES: ${AUTH_USER_DEFAULT_ALLOWED_ROLES}
      HASURA_GRAPHQL_ADMIN_SECRET: ${HASURA_GRAPHQL_ADMIN_SECRET}
      HASURA_GRAPHQL_DATABASE_URL: ${HASURA_GRAPHQL_DATABASE_DOCKER_URL}
      HASURA_GRAPHQL_GRAPHQL_URL: http://graphql-engine:8080/v1/graphql
      HASURA_GRAPHQL_JWT_SECRET: ${HASURA_GRAPHQL_JWT_SECRET}
    # volumes:
    #   - ./apps/email-templates:/app/email-templates

I believe I was using the ENV AUTH_PORT and that was causing the confusion, if I changed that to say 4050, then when verifying it tries go to 4001 still and says connection refused. Something is doing a check on 4001 when that is changed.

But yah, repeating that changing what was exposed works plenty fine.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants