midnight Posts - Answer Overflow

midnight

Explore posts from servers

CDCloudflare Developers SSolidJS DTDrizzle Team

•Created by midnight on 8/23/2024 in #support

Unexpected End of JSON Input on API Route

I am working through creating a OIDC workflow. I have a Astro site that sends the user to the Auth endpoint which handles the handshake with Google for Auth and through the redirect_url I send the browser back to the SolidStart App. I have this file at src/routes/auth/callback.ts that works in dev mode but not when deployed:

import { redirect } from "@solidjs/router";
import type { APIEvent } from "@solidjs/start/server";
import { setCookie } from "vinxi/http";

export async function GET({ request, nativeEvent  }: APIEvent) {
  const { searchParams } = new URL(request.url);
  const code = searchParams.get("code");

  if (code) {
    const response = await fetch(`${import.meta.env.VITE_AUTH_URL}token`, {
      method: "POST",
      body: new URLSearchParams({
        grant_type: "authorization_code",
        client_id: "astro",
        code,
        redirect_uri: import.meta.env.PROD
          ? `https://${import.meta.env.VITE_APP_URL}/auth/callback`
          : "http://localhost:3000/auth/callback",
      }),
    });

    if (response.ok) {
      const { access_token } = await response.json();
      setCookie(nativeEvent, "auth_token", access_token, {
        httpOnly: import.meta.env.PROD,
        maxAge: 60 * 60 * 24 * 7, // 7 days
        // sameSite: "strict",
      });
      return redirect("/");
    }
  }
  return redirect(`https://${import.meta.env.VITE_WWW_URL}`, 406);
}

import { redirect } from "@solidjs/router";
import type { APIEvent } from "@solidjs/start/server";
import { setCookie } from "vinxi/http";

export async function GET({ request, nativeEvent  }: APIEvent) {
  const { searchParams } = new URL(request.url);
  const code = searchParams.get("code");

  if (code) {
    const response = await fetch(`${import.meta.env.VITE_AUTH_URL}token`, {
      method: "POST",
      body: new URLSearchParams({
        grant_type: "authorization_code",
        client_id: "astro",
        code,
        redirect_uri: import.meta.env.PROD
          ? `https://${import.meta.env.VITE_APP_URL}/auth/callback`
          : "http://localhost:3000/auth/callback",
      }),
    });

    if (response.ok) {
      const { access_token } = await response.json();
      setCookie(nativeEvent, "auth_token", access_token, {
        httpOnly: import.meta.env.PROD,
        maxAge: 60 * 60 * 24 * 7, // 7 days
        // sameSite: "strict",
      });
      return redirect("/");
    }
  }
  return redirect(`https://${import.meta.env.VITE_WWW_URL}`, 406);
}

Locally on my machine it works just fine but when deployed I get a 500 Request error Unexpected end of JSON input with the OIDC code in the URL bar: my.domain.com/auth/callback?code=eyJhbGci... If I pull the code out and put it into jwt.io to validate, its valid and expected. I dont know where to go from here to debug further and would love some guidance on where to investigate and understand where my bug is.

32 replies

CDCloudflare Developers

•Created by midnight on 8/20/2024 in #workers-help

Auto Setup Tail Worker with Pulumi for Sentry

Is there a way to automatically setup a tail worker with either Baselime or Sentry when deploying a new worker through Pulumi? We do a per user deployment with SST which leverages the Pulumi provider. I would like to be able to setup a tail worker automatically on deployment for my stages to send logs to either Baselime or Sentry. Is this possible via the API and/or Pulumi versus clickops in the console for each worker?

2 replies

SSolidJS

•Created by midnight on 7/28/2024 in #support

Button to API route returns 404 but direct hit functions

I think I am running into an issue with the router and im 99% sure there is something I am missing. Im building out an oauth flow. I am able to get the access_token stored as a cookie. I am building the logout flow which is a SolidStart API route that accepts a GET request and just deletes the cookie. Hitting the api route with httpie or via curl returns a 302 to the home page as expected but the button that is a href to the same route returns a 404. I am at a loss why the API route can be hit from httpie, works if I manually go to localhost:3000/auth/logout, but not from the button. I can copy and paste the link the button has and it works, just not when I actually press the button. Here is the button:

import { Button } from "$/components/ui/button";
import { getRequestEvent, isServer } from "solid-js/web";

export function Logout() {
  const host = new URL(
    isServer ? getRequestEvent()!.request.url : window.location.href,
  ).host;

  const logoutUrl = import.meta.env.DEV
    ? `http://${host}/auth/logout`
    : `https://${host}auth/logout`;

  return (
    <Button as="a" href={logoutUrl} variant="destructive">
      Logout
    </Button>
  );
}

import { Button } from "$/components/ui/button";
import { getRequestEvent, isServer } from "solid-js/web";

export function Logout() {
  const host = new URL(
    isServer ? getRequestEvent()!.request.url : window.location.href,
  ).host;

  const logoutUrl = import.meta.env.DEV
    ? `http://${host}/auth/logout`
    : `https://${host}auth/logout`;

  return (
    <Button as="a" href={logoutUrl} variant="destructive">
      Logout
    </Button>
  );
}

And this is the src/routes/auth/logout.tsx:

import type { APIEvent } from "@solidjs/start/server";
import { deleteCookie } from "vinxi/http";

export async function GET({ nativeEvent }: APIEvent) {
  if (nativeEvent.web?.url?.pathname === "/auth/logout") {
    deleteCookie("auth_token");

    // TODO: Redirect to relative path homepage
    return Response.redirect("http://localhost:3000");
  }
}

import type { APIEvent } from "@solidjs/start/server";
import { deleteCookie } from "vinxi/http";

export async function GET({ nativeEvent }: APIEvent) {
  if (nativeEvent.web?.url?.pathname === "/auth/logout") {
    deleteCookie("auth_token");

    // TODO: Redirect to relative path homepage
    return Response.redirect("http://localhost:3000");
  }
}

5 replies

SSolidJS

•Created by midnight on 7/23/2024 in #support

JWT to Cookie

I am getting pretty confused on when to use something like @solid-primitives/storage versus vinxi/http to set cookies or if I should use a middleware similar to how sveltekit implements middlewares for locals. example I am working through is authenticating my user. I have the standard OIDC flow. user clicks the 'login with google' button and is sent to auth.mydomain.com/auth/google/authorize which generates the url sends them to google to signin. The user signs in with google and is send back to auth.mydomain.com/callback/google which validates them in my DB and generates a JWT and sends them back to the location.origin with the url containing the access_token. (example: localhost:3000/#eyJhbG.... I want to take that jwt access_token and set it as the Authorization: Bearer $AUTH_TOKEN and remove the hashed value from the url? What is the best practice for working with this flow in solidstart? I tried using the useSession but it requires a password and I dont nececarily need the encryption since I have a helper server side called useSession that validates the cookie and if anything is wrong, deletes the cookie and returns an error

50 replies

CDCloudflare Developers

•Created by midnight on 7/12/2024 in #workers-help

Reset workers subdomain

Is there a way to reset my account’s workers subdomain? We recently closed the business that the subdomain was designated for and we wanted to just reset it back to the default before customization. Is this possible and if so what’s the correct way to proceed?

13 replies

Gaming

Programming