for some reason ^ crashes server any help would be appreciat Prisma #prisma-whats-new

Join Slack

for some reason ^ crashes server, any help would b...

# prisma-whats-new

woss

04/05/2018, 2:46 PM

for some reason ^ crashes server, any help would be appreciated 🙂

lawjolla

04/05/2018, 2:58 PM

Sounds like your transpiler isn't set up correctly.

woss

04/05/2018, 2:59 PM

it’s default setup

prisma init app

lawjolla

04/05/2018, 3:00 PM

woss

04/05/2018, 3:01 PM

let’s say that my token is malformed/invalid in playground i get RED

TypeError: Failed to fetch

in terminal i see the error thrown nicely but it was not picked up by the server. now im looking at the source code trying to figure it out. it’s express under the hood 🙂

lawjolla

04/05/2018, 3:02 PM

Did you set up the .env?

woss

04/05/2018, 3:02 PM

yes. it all works when token is OK. meaning not expired not malformed

lawjolla

04/05/2018, 3:45 PM

Right, that's expected behavior.

lawjolla

04/05/2018, 3:45 PM

The server should have thrown a 401 (Unauthorized)

woss

04/05/2018, 3:46 PM

it’s throwing 500 instead of 401

woss

04/05/2018, 3:50 PM

with error

Error: invalid signature

. I’m intentionally breaking the validity of a token. so that is not something that is unexpected. what’s unexpected is that it doesn’t handle the errors correctly

woss

04/05/2018, 3:53 PM

yup, same happens when jwt is expired 😞

lawjolla

04/05/2018, 3:58 PM

Sending a malformed token is a network error. Odd that you're getting 500 instead of 401 though

woss

04/05/2018, 3:59 PM

401 should be triggered by jwt expired, right?

lawjolla

04/05/2018, 3:59 PM

Yes

lawjolla

04/05/2018, 4:00 PM

https://cl.ly/0l3N1Y1H3A38

woss

04/05/2018, 4:01 PM

hm.

woss

04/05/2018, 4:01 PM

template for that is same/similar as mine?

lawjolla

04/05/2018, 4:02 PM

It's based off my authentication template which is based of off an unauthenticated prisma template. 🙂

lawjolla

04/05/2018, 4:02 PM

https://github.com/LawJolla/prisma-auth0-example

woss

04/05/2018, 4:03 PM

oh yeah, i’ve seen this one somewhere 🙂

lawjolla

04/05/2018, 4:03 PM

Oh I just noticed/remembered that I returned the 401 from a malformed JWT. My mistake

lawjolla

04/05/2018, 4:04 PM

The JWT validation only throws an error. Sorry for the bad info.

woss

04/05/2018, 4:05 PM

just checking server/src/index and it really doen’t look that diff than mine

woss

04/05/2018, 4:05 PM

no probs dude! happen to the best of us 😉

lawjolla

04/05/2018, 4:05 PM

Copy code

<http://server.express.post|server.express.post>(
  server.options.endpoint,
  checkJwt,
  (err, req, res, next) => {
    if (err) return res.status(401).send(err.message)
    next()
  }
)

woss

04/05/2018, 4:05 PM

95% similar as mine

woss

04/05/2018, 4:06 PM

and

checkJwt

99% same 😄

lawjolla

04/05/2018, 4:13 PM

Ok so back to your original question.. you want a malformed/expired JWT to continue?

woss

04/05/2018, 4:15 PM

no. i don’t want it to break, i would like to return anything, something except 500. 401 would be good as well. im looking at your example and comparing. what’s NOT in mine is the

prisma-binding

would that make any difference if i would inclode it as well?

lawjolla

04/05/2018, 4:16 PM

It shouldn't. Have you console logged your error to see what's coming back?

woss

04/05/2018, 4:23 PM

errors stack-trace. i think i’ll call it for today. Thanks a lot for all the help! i’ll Post back here when i make it work 🙂

lawjolla

04/05/2018, 4:25 PM

err

should be returning something like..

Copy code

...
 name: 'UnauthorizedError',
  message: 'jwt expired',
  code: 'invalid_token',
  status: 401,
...

woss

04/05/2018, 4:26 PM

oh that would be so nice. does your example returns such response?

lawjolla

04/05/2018, 4:27 PM

https://cl.ly/2A0p29072f3B

woss

04/05/2018, 4:27 PM

yes, exactly

woss

04/05/2018, 4:28 PM

and then playground fails and graphiql

lawjolla

04/05/2018, 4:28 PM

That's just a result of the network error

lawjolla

04/05/2018, 4:29 PM

It'll do the same thing if you return anything other than a GraphQL structure

lawjolla

04/05/2018, 4:31 PM

I think of it like this.. a client should not be sending the server an expired JWT. That should be handled on the client before the request. And no one should ever send a malformed JWT. "Bearer" means it's valid on its face. Well, it's not valid on its face, therefore, in my mind, this is a network/request level error and the server should discard the request.

woss

04/05/2018, 4:33 PM

both points true and i agree, but you know that when you are building server and expecting 3rd party apps to connect both of the points are not going to be 100% respected thus i’d really like to make it gracefully fail. there is a way but it’s on resolver level. then throwing an Error would work

lawjolla

04/05/2018, 4:35 PM

Not to get into philosophical debates -- the server should work how you want it to work -- a network error is a graceful fail and those clients should be able to handle that. But if you actually want to return a GraphQL error, I would just attach it onto the request and deal with it later

lawjolla

04/05/2018, 4:37 PM

Copy code

<http://server.express.post|server.express.post>(
  server.options.endpoint,
  checkJwt,
  (err, req, res, next) => {
    if (err) req.user = { ... authorized: false}
    next()
  }
)

woss

04/05/2018, 4:39 PM

something like that. thanks !! I hope i didn’t take much energy from you 🙂 ’twas a pleasure

lawjolla

04/05/2018, 4:39 PM

Not at all, let me know what other issues pop up. Hopefully that helped

👍 1

woss

04/05/2018, 4:40 PM

it did.

2 Views

Open in Slack

Previous Next