8 months ago
I have a deployed NodeJS api, which was working fine. Just this week it stopped working properly. The proyect is up, is connected to the DB and ideally it should be working. However when the authenticacition method is invoked it always return a 4XX error. When go to dev enviroment using the same variables the code works properly and API is completely functional. Is there something additional do we need to configure? It seems like it has to do with the technology/libraries used to authenticate user to be the problem.
7 Replies
8 months ago
Hey there! We've found the following might help you get unblocked faster:
If you find the answer from one of these, please let us know by solving the thread!
8 months ago
This thread has been marked as public for community involvement, as it does not contain any sensitive or personal information. Any further activity in this thread will be visible to everyone.
Status changed to Open itsrems • 8 months ago
8 months ago
Need More Details to Help You:
Project Setup:
Is this a Node.js Express app?
What authentication library are you using? (JWT, Passport, Auth0, Firebase Auth, etc.)
Which specific packages for auth? (jsonwebtoken, passport-jwt, bcrypt, etc.)
Configuration:
Do you have CORS configured? What origins are allowed?
Are you using middleware like helmet or security headers?
What's your auth flow? (Bearer tokens, cookies, sessions?)
Testing Method:
Are you testing with an API tool (Postman, Insomnia, curl) or through your frontend?
If frontend: are you getting CORS errors in browser console?
Environment Variables:
Which env vars are you sending to Railway?
Any database connection strings, JWT secrets, API keys?
Did you restart/redeploy the app after updating environment variables?
Error Details:
What specific 4XX error code? (401, 403, 422?)
Any error messages in Railway logs?
Does the auth endpoint respond at all, or complete timeout?
Recent Changes:
Did you update any dependencies recently?
Any Railway configuration changes?
When exactly did it stop working?
Share your package.json auth dependencies and Railway environment variable names (not values) - this will help pinpoint the issue quickly.
vivek
Need More Details to Help You:Project Setup:Is this a Node.js Express app?What authentication library are you using? (JWT, Passport, Auth0, Firebase Auth, etc.)Which specific packages for auth? (jsonwebtoken, passport-jwt, bcrypt, etc.)Configuration:Do you have CORS configured? What origins are allowed?Are you using middleware like helmet or security headers?What's your auth flow? (Bearer tokens, cookies, sessions?)Testing Method:Are you testing with an API tool (Postman, Insomnia, curl) or through your frontend?If frontend: are you getting CORS errors in browser console?Environment Variables:Which env vars are you sending to Railway?Any database connection strings, JWT secrets, API keys?Did you restart/redeploy the app after updating environment variables?Error Details:What specific 4XX error code? (401, 403, 422?)Any error messages in Railway logs?Does the auth endpoint respond at all, or complete timeout?Recent Changes:Did you update any dependencies recently?Any Railway configuration changes?When exactly did it stop working?Share your package.json auth dependencies and Railway environment variable names (not values) - this will help pinpoint the issue quickly.
8 months ago
Project Setup:
Is this a Node.js Express app? Yes
What authentication library are you using? (JWT, Passport, Auth0, Firebase Auth, etc.) JWT Token
Which specific packages for auth? (jsonwebtoken, passport-jwt, bcrypt, etc.) passport-jwt
Configuration:
Do you have CORS configured? What origins are allowed? All CORS are configured, none the less we have Back and Front under the same DNS
Are you using middleware like helmet or security headers? Middlewares
What's your auth flow? (Bearer tokens, cookies, sessions?) Cookies
Testing Method:
Are you testing with an API tool (Postman, Insomnia, curl) or through your frontend? Postman and Fiddler Classic
If frontend: are you getting CORS errors in browser console? No
Environment Variables:
Which env vars are you sending to Railway? JWT Keys, and DB Connection
Any database connection strings, JWT secrets, API keys? Yes
Did you restart/redeploy the app after updating environment variables? Yes
Error Details:
What specific 4XX error code? (401, 403, 422?) 401 Unathorized-
Side-Bar--> We have tested the code in a developer enviroment it still works. We notice that on the dev-env a cookie with the passport toke is created but in railway production it does not get created. We deployed the code again in to another project in railways and tested it via Postman we get the same result 401 Unathorized.
Side-Bar2--> This projects connects to MongoDB "hosted in Mongo" we had a little "disagreement" with them regarding the account and it got suspended. However we settle the "disagreement" and the account got restored. We tested the application on friday 18 and everything was up and running. The back end does respond it connects to the DB. On the dev-env the code connects and works properly.
Any error messages in Railway logs? Yes but it worked before inspite of errors
Does the auth endpoint respond at all, or complete timeout? It does answer back
Recent Changes:
Did you update any dependencies recently? No
Any Railway configuration changes? No
When exactly did it stop working? This past tuesday.
Share your package.json auth dependencies and Railway environment variable names (not values) - this will help pinpoint the issue quickly.
{
"name": "@sie/backend",
"version": "0.0.0",
"author": "Gabriel Aguilar <gavarela90@gmail.com>",
"scripts": {
"dev": "nodemon --env-file=.env --env-file=.env src/index.js",
"seed": "node --env-file=.env seed.js",
"start": "node src/index.js",
"lint": "eslint .",
"lint:fix": "eslint --fix .",
"format": "prettier --write ."
},
"dependencies": {
"@koa/cors": "^4.0.0",
"@sie/common": "^0.0.0",
"bcrypt": "^5.1.1",
"common": "file:../common",
"json-2-csv": "^5.0.1",
"jsonwebtoken": "^9.0.2",
"koa": "^2.14.2",
"koa-bodyparser": "^4.4.1",
"koa-helmet": "^7.0.2",
"koa-morgan": "^1.0.1",
"koa-passport": "^6.0.0",
"koa-ratelimit": "^5.1.0",
"koa-router": "^12.0.1",
"mongoose": "^8.0.2",
"morgan": "^1.10.0",
"passport": "^0.7.0",
"passport-jwt": "^4.0.1",
"passport-local": "^1.0.0"
},
"devDependencies": {
"nodemon": "^3.0.2"
}
}
8 months ago
There was no solution found we just reframe the query.
8 months ago
Can you try removing that devDependencies section from the package.json, and try redeploying it again.
Also, have you added a "healthcheckup endpoint" for your non-dev environment? If not, then please refer to this post: https://docs.railway.com/guides/healthchecks#configure-the-healthcheck-port and do let me know whether the build process is successful or not?
clashing
Can you try removing that devDependencies section from the package.json, and try redeploying it again. Also, have you added a "healthcheckup endpoint" for your non-dev environment? If not, then please refer to this post: https://docs.railway.com/guides/healthchecks#configure-the-healthcheck-port and do let me know whether the build process is successful or not?
7 months ago
Any update, abelcerrato
abelcerrato
Project Setup:Is this a Node.js Express app? YesWhat authentication library are you using? (JWT, Passport, Auth0, Firebase Auth, etc.) JWT TokenWhich specific packages for auth? (jsonwebtoken, passport-jwt, bcrypt, etc.) passport-jwtConfiguration:Do you have CORS configured? What origins are allowed? All CORS are configured, none the less we have Back and Front under the same DNSAre you using middleware like helmet or security headers? MiddlewaresWhat's your auth flow? (Bearer tokens, cookies, sessions?) CookiesTesting Method:Are you testing with an API tool (Postman, Insomnia, curl) or through your frontend? Postman and Fiddler ClassicIf frontend: are you getting CORS errors in browser console? NoEnvironment Variables:Which env vars are you sending to Railway? JWT Keys, and DB ConnectionAny database connection strings, JWT secrets, API keys? YesDid you restart/redeploy the app after updating environment variables? YesError Details:What specific 4XX error code? (401, 403, 422?) 401 Unathorized-Side-Bar--> We have tested the code in a developer enviroment it still works. We notice that on the dev-env a cookie with the passport toke is created but in railway production it does not get created. We deployed the code again in to another project in railways and tested it via Postman we get the same result 401 Unathorized.Side-Bar2--> This projects connects to MongoDB "hosted in Mongo" we had a little "disagreement" with them regarding the account and it got suspended. However we settle the "disagreement" and the account got restored. We tested the application on friday 18 and everything was up and running. The back end does respond it connects to the DB. On the dev-env the code connects and works properly.Any error messages in Railway logs? Yes but it worked before inspite of errorsDoes the auth endpoint respond at all, or complete timeout? It does answer backRecent Changes:Did you update any dependencies recently? NoAny Railway configuration changes? NoWhen exactly did it stop working? This past tuesday.Share your package.json auth dependencies and Railway environment variable names (not values) - this will help pinpoint the issue quickly.{ "name": "@sie/backend", "version": "0.0.0", "author": "Gabriel Aguilar <gavarela90@gmail.com>", "scripts": { "dev": "nodemon --env-file=.env --env-file=.env src/index.js", "seed": "node --env-file=.env seed.js", "start": "node src/index.js", "lint": "eslint .", "lint:fix": "eslint --fix .", "format": "prettier --write ." }, "dependencies": { "@koa/cors": "^4.0.0", "@sie/common": "^0.0.0", "bcrypt": "^5.1.1", "common": "file:../common", "json-2-csv": "^5.0.1", "jsonwebtoken": "^9.0.2", "koa": "^2.14.2", "koa-bodyparser": "^4.4.1", "koa-helmet": "^7.0.2", "koa-morgan": "^1.0.1", "koa-passport": "^6.0.0", "koa-ratelimit": "^5.1.0", "koa-router": "^12.0.1", "mongoose": "^8.0.2", "morgan": "^1.10.0", "passport": "^0.7.0", "passport-jwt": "^4.0.1", "passport-local": "^1.0.0" }, "devDependencies": { "nodemon": "^3.0.2" } }
7 months ago
When you send the auth request in postman does the api respond with any set-cookie header ?
Can you compare the same from your dev environment ?
It could be that it's responding with a set-cookie but with a different domain.