Comments (21)
BioCla
commented on August 12, 2024
1
Thanks for reporting, this will be looked into 👍
from discord-musicbot.
Neko-Life
commented on August 12, 2024
1
try adding proxy_pass_request_headers on; to both location in your nginx config
from discord-musicbot.
szentigrad3
commented on August 12, 2024
i can login to the dashboard fine
https://i.imgur.com/9GUfcCC.png
from discord-musicbot.
NereaCassian
commented on August 12, 2024
@szentigrad3 can I get more info? Which browser you're using? The networks tab doesn't report any error?
from discord-musicbot.
szentigrad3
commented on August 12, 2024
@szentigrad3 can I get more info? Which browser you're using? The networks tab doesn't report any error?
i'm using microsoft edge and no errors, https://i.imgur.com/jVLEdIG.png
from discord-musicbot.
NereaCassian
commented on August 12, 2024
Oh, but you mean in your bot. Yeah I know that for now it's only failing for me.
from discord-musicbot.
BioCla
commented on August 12, 2024
an initial analysis shows that it may have to do with how the links are being handled here:
Discord-MusicBot/dashboard/src/pages/login/index.tsx
Lines 36 to 42 in b4c9e8b
and here:
Discord-MusicBot/dashboard/src/components/ProcessData.tsx
Lines 1 to 21 in b4c9e8b
Thus:
Discord-MusicBot/dashboard/src/services/api.ts
Lines 101 to 138 in b4c9e8b
More research will be done
from discord-musicbot.
Neko-Life
commented on August 12, 2024
probably no database configured, you can't have authorization without database
from discord-musicbot.
NereaCassian
commented on August 12, 2024
I have a DB configured, the postgress db that comes with the bot. And I have setup correctly the database URL and type in the .env.
from discord-musicbot.
Neko-Life
commented on August 12, 2024
apply this patch
From e23d8d6e4658d88d08bd04f9ff741e1384a044ea Mon Sep 17 00:00:00 2001
From: Neko-Life <[email protected]>
Date: Tue, 29 Aug 2023 08:33:16 +0700
Subject: [PATCH] patch
---
djs-bot/api/v1/src/routes/v1/index.ts | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/djs-bot/api/v1/src/routes/v1/index.ts b/djs-bot/api/v1/src/routes/v1/index.ts
index 6d5c5e1..f97d0c0 100644
--- a/djs-bot/api/v1/src/routes/v1/index.ts
+++ b/djs-bot/api/v1/src/routes/v1/index.ts
@@ -59,14 +59,20 @@ const routes: RegisterRouteHandler = async (app, opts, done) => {
);
};
+ console.log({ headers: request.headers, path: request.routerPath });
+
if (!request.headers.access_token?.length) throwError();
const { user_id } = verifyToken(request.headers.access_token as string);
+ console.log({ user_id });
+
if (!user_id?.length) throwError();
const auth = await db.getUserAuth(user_id as string);
+ console.log({ auth });
+
if (!auth?.access_token?.length) throwError();
request.headers.user_id = user_id;
--
2.41.0
and then come back to us with some log, hopefully this can give us some clue
from discord-musicbot.
NereaCassian
commented on August 12, 2024
Here are my logs
found 0 vulnerabilities
Using "postgresql" as the database schema
Generating Prisma client...
Pushing schema to database...
Database schema pushed successfully
> [email protected] bot
> npm run api-build && node index.js
> [email protected] api-build
> tsc -p api/v1/tsconfig.json
[29:7:2023 - 7:44] | Spawned shard 0
[29:7:2023 - 7:44] [WARN] | Bot running on OPLevel: 1
[29:7:2023 - 7:44] [WARN] | Debug mode is [ENABLED]!
[29:7:2023 - 7:44] [WARN] | Booting up the bot...
InsertNameHereBot/v5.2.1-beta (ID: 899776315958390805)
[29:7:2023 - 7:44] [WARN] | Loading error handlers...
[29:7:2023 - 7:44] [INFO] | Loaded debug error handlers!
[29:7:2023 - 7:44] [DEBUG] | Music engine "Erela" has been loaded
[29:7:2023 - 7:44] [DEBUG] | Prisma ORM has been loaded
[29:7:2023 - 7:44] [INFO] | Slash commands have been loaded. Waiting for bot to finish initializing...
[29:7:2023 - 7:44] [INFO] | Schedules have been loaded.
[29:7:2023 - 7:44] [INFO] | Event listeners have been loaded.
[29:7:2023 - 7:44] [INFO] | Successfully logged in as Judy Alvarez#5402
[29:7:2023 - 7:44] [INFO] | API is now listening on port 8080
[29:7:2023 - 7:44] [DEBUG] | Node: DockerNode | Lavalink node is connected.
[29:7:2023 - 7:44] [INFO] | Slash commands have been pushed to application
[29:7:2023 - 7:44] [SILLY] | InsertNameHereBot/v5.2.1-beta (ID: 899776315958390805) is online!
{
headers: {
host: 'judy.nereacassian.com',
'x-real-ip': '213.194.147.141',
'x-forwarded-for': '213.194.147.141',
'x-forwarded-host': 'judy.nereacassian.com',
connection: 'close',
'sec-ch-ua': '"Not.A/Brand";v="8", "Chromium";v="114", "Opera GX";v="100"',
accept: 'application/json, text/plain, */*',
'sec-ch-ua-mobile': '?0',
'user-agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 OPR/100.0.0.0',
'sec-ch-ua-platform': '"Windows"',
'sec-fetch-site': 'same-origin',
'sec-fetch-mode': 'cors',
'sec-fetch-dest': 'empty',
referer: 'https://judy.nereacassian.com/dashboard',
'accept-encoding': 'gzip, deflate, br',
'accept-language': 'es-ES,es;q=0.9'
},
path: '/api/v1/dashboard'
}
prisma:info Starting a postgresql pool with 13 connections.
{
headers: {
host: 'judy.nereacassian.com',
'x-real-ip': '213.194.147.141',
'x-forwarded-for': '213.194.147.141',
'x-forwarded-host': 'judy.nereacassian.com',
connection: 'close',
'sec-ch-ua': '"Not.A/Brand";v="8", "Chromium";v="114", "Opera GX";v="100"',
accept: 'application/json, text/plain, */*',
'sec-ch-ua-mobile': '?0',
'user-agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 OPR/100.0.0.0',
'sec-ch-ua-platform': '"Windows"',
'sec-fetch-site': 'same-origin',
'sec-fetch-mode': 'cors',
'sec-fetch-dest': 'empty',
referer: 'https://judy.nereacassian.com/dashboard',
'accept-encoding': 'gzip, deflate, br',
'accept-language': 'es-ES,es;q=0.9'
},
path: '/api/v1/dashboard'
}
{
headers: {
host: 'judy.nereacassian.com',
'x-real-ip': '213.194.147.141',
'x-forwarded-for': '213.194.147.141',
'x-forwarded-host': 'judy.nereacassian.com',
connection: 'close',
'sec-ch-ua': '"Not.A/Brand";v="8", "Chromium";v="114", "Opera GX";v="100"',
accept: 'application/json, text/plain, */*',
'sec-ch-ua-mobile': '?0',
'user-agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 OPR/100.0.0.0',
'sec-ch-ua-platform': '"Windows"',
'sec-fetch-site': 'same-origin',
'sec-fetch-mode': 'cors',
'sec-fetch-dest': 'empty',
referer: 'https://judy.nereacassian.com/dashboard',
'accept-encoding': 'gzip, deflate, br',
'accept-language': 'es-ES,es;q=0.9'
},
path: '/api/v1/dashboard'
}
{
headers: {
host: 'judy.nereacassian.com',
'x-real-ip': '213.194.147.141',
'x-forwarded-for': '213.194.147.141',
'x-forwarded-host': 'judy.nereacassian.com',
connection: 'close',
'sec-ch-ua': '"Not.A/Brand";v="8", "Chromium";v="114", "Opera GX";v="100"',
accept: 'application/json, text/plain, */*',
'sec-ch-ua-mobile': '?0',
'user-agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 OPR/100.0.0.0',
'sec-ch-ua-platform': '"Windows"',
'sec-fetch-site': 'same-origin',
'sec-fetch-mode': 'cors',
'sec-fetch-dest': 'empty',
referer: 'https://judy.nereacassian.com/dashboard',
'accept-encoding': 'gzip, deflate, br',
'accept-language': 'es-ES,es;q=0.9'
},
path: '/api/v1/dashboard'
}from discord-musicbot.
BioCla
commented on August 12, 2024
So it's looping in the verify token function
from discord-musicbot.
NereaCassian
commented on August 12, 2024
I did and still looping, this is my new conf
location / {
proxy_pass http://127.0.0.1:3000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_pass_request_headers on;
}
location /api {
proxy_pass http://127.0.0.1:1023;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_pass_request_headers on;
}
from discord-musicbot.
Neko-Life
commented on August 12, 2024
does proxy_set_header access_token $access_token; works?
from discord-musicbot.
NereaCassian
commented on August 12, 2024
I don't have any $access_token var configured in nginx, so it gives me a test failed
from discord-musicbot.
Neko-Life
commented on August 12, 2024
there's something probably your configuration causing nginx to drop the access token header which needed for the authorization. You need to find which configuration or whatever causing it to do that so the api receives the header
from discord-musicbot.
NereaCassian
commented on August 12, 2024
Okay, I did found out and is a very stupid thing If you do not explicitly set underscores_in_headers on;, NGINX will silently drop HTTP headers with underscores (which are perfectly valid according to the HTTP standard). So its solved. Thank you very much for your help. <3
from discord-musicbot.
BioCla
commented on August 12, 2024
Should we maybe add some try catch blocks to return the actual errors, if possible?
from discord-musicbot.
Neko-Life
commented on August 12, 2024
sure we can add some log in debug mode smt like "Missing access_token header", "Invalid JWT signature" etc.
from discord-musicbot.
SerpentDrago
commented on August 12, 2024
I'm having the same "loop" problem using Nginx Config manager in unraid , i dont' see how or where to set the underscores_in_headers on;
i'm using the webbased config gui for nginx .
I authorize and just get looped to the main webpage again .. so i can't access the dashboard . Bot works fine besides
from discord-musicbot.
NereaCassian
commented on August 12, 2024
@SerpentDrago just add the line in the config block of the advanced tab
from discord-musicbot.
Related Issues (20)
- Error when deploying via npm
- Support for a lavalink-client which has lavalink v4 support HOT 9
- Allow /play command in the control channel
- Dashboard login loop HOT 10
- Issue with fastify v4.26.0 HOT 1
- Multi-language support and interface buttons
- SUSPICIOUS - Could not load track. HOT 7
- Support for DockerFile for fly.io deployment HOT 2
- WS and API port interverted in config.js default HOT 4
- Error while output the queue command HOT 1
- command.setCategory is not a function
- Music not playing | There was an error while searching HOT 5
- There was an error while searching HOT 1
- Lavalink error when playing? HOT 1
- New lavalink v4
- Discord resets Bot token because of to many requests HOT 1
- Cannot play music "There was an error while searching" HOT 5
- Error: Used disallowed intents HOT 3
- Update to Lavalink 4.x server HOT 2
- [ERROR] | [FATAL] Possibly Uncaught Exception, Reason: ReferenceError: player is not defined HOT 11
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from discord-musicbot.