a year ago
I have a deployed NodeJS api, which was working fine. Just this week it stopped working properly. The proyect is up, is connected to the DB and ideally it should be working. However when the authenticacition method is invoked it always return a 4XX error. When go to dev enviroment using the same variables the code works properly and API is completely functional. Is there something additional do we need to configure? It seems like it has to do with the technology/libraries used to authenticate user to be the problem.
7 Replies
a year ago
Hey there! We've found the following might help you get unblocked faster:
- 🧵 GraphQL API Authentication Error
- 🧵 Error deploiement nodejs express api
- 🧵 [RESOLVED] Rollback issue
- 🧵 Server is deployed and active , but did not listening to request.
If you find the answer from one of these, please let us know by solving the thread!
a year ago
This thread has been marked as public for community involvement, as it does not contain any sensitive or personal information. Any further activity in this thread will be visible to everyone.
Status changed to Open nico • 12 months ago
a year ago
Need More Details to Help You:
Project Setup:
- Is this a Node.js Express app?
- What authentication library are you using? (JWT, Passport, Auth0, Firebase Auth, etc.)
- Which specific packages for auth? (jsonwebtoken, passport-jwt, bcrypt, etc.)
Configuration:
- Do you have CORS configured? What origins are allowed?
- Are you using middleware like helmet or security headers?
- What's your auth flow? (Bearer tokens, cookies, sessions?)
Testing Method:
- Are you testing with an API tool (Postman, Insomnia, curl) or through your frontend?
- If frontend: are you getting CORS errors in browser console?
Environment Variables:
- Which env vars are you sending to Railway?
- Any database connection strings, JWT secrets, API keys?
- Did you restart/redeploy the app after updating environment variables?
Error Details:
- What specific 4XX error code? (401, 403, 422?)
- Any error messages in Railway logs?
- Does the auth endpoint respond at all, or complete timeout?
Recent Changes:
- Did you update any dependencies recently?
- Any Railway configuration changes?
- When exactly did it stop working?
Share your package.json auth dependencies and Railway environment variable names (not values) - this will help pinpoint the issue quickly.
vivek
## **Need More Details to Help You:** **Project Setup:** * Is this a Node.js Express app? * What authentication library are you using? (JWT, Passport, Auth0, Firebase Auth, etc.) * Which specific packages for auth? (jsonwebtoken, passport-jwt, bcrypt, etc.) **Configuration:** * Do you have CORS configured? What origins are allowed? * Are you using middleware like helmet or security headers? * What's your auth flow? (Bearer tokens, cookies, sessions?) **Testing Method:** * **Are you testing with an API tool (Postman, Insomnia, curl) or through your frontend?** * If frontend: are you getting CORS errors in browser console? **Environment Variables:** * Which env vars are you sending to Railway? * Any database connection strings, JWT secrets, API keys? * **Did you restart/redeploy the app after updating environment variables?** **Error Details:** * What specific 4XX error code? (401, 403, 422?) * Any error messages in Railway logs? * Does the auth endpoint respond at all, or complete timeout? **Recent Changes:** * Did you update any dependencies recently? * Any Railway configuration changes? * When exactly did it stop working? Share your package.json auth dependencies and Railway environment variable names (not values) - this will help pinpoint the issue quickly.
a year ago
Project Setup:
- Is this a Node.js Express app? Yes
- What authentication library are you using? (JWT, Passport, Auth0, Firebase Auth, etc.) JWT Token
- Which specific packages for auth? (jsonwebtoken, passport-jwt, bcrypt, etc.) passport-jwt
Configuration:
- Do you have CORS configured? What origins are allowed? All CORS are configured, none the less we have Back and Front under the same DNS
- Are you using middleware like helmet or security headers? Middlewares
- What's your auth flow? (Bearer tokens, cookies, sessions?) Cookies
Testing Method:
- Are you testing with an API tool (Postman, Insomnia, curl) or through your frontend? Postman and Fiddler Classic
- If frontend: are you getting CORS errors in browser console? No
Environment Variables:
- Which env vars are you sending to Railway? JWT Keys, and DB Connection
- Any database connection strings, JWT secrets, API keys? Yes
- Did you restart/redeploy the app after updating environment variables? Yes
Error Details:
- What specific 4XX error code? (401, 403, 422?) 401 Unathorized-
Side-Bar--> We have tested the code in a developer enviroment it still works. We notice that on the dev-env a cookie with the passport toke is created but in railway production it does not get created. We deployed the code again in to another project in railways and tested it via Postman we get the same result 401 Unathorized.
Side-Bar2--> This projects connects to MongoDB "hosted in Mongo" we had a little "disagreement" with them regarding the account and it got suspended. However we settle the "disagreement" and the account got restored. We tested the application on friday 18 and everything was up and running. The back end does respond it connects to the DB. On the dev-env the code connects and works properly.
- Any error messages in Railway logs? Yes but it worked before inspite of errors
- Does the auth endpoint respond at all, or complete timeout? It does answer back
Recent Changes:
- Did you update any dependencies recently? No
- Any Railway configuration changes? No
- When exactly did it stop working? This past tuesday.
Share your package.json auth dependencies and Railway environment variable names (not values) - this will help pinpoint the issue quickly.
{
"name": "@sie/backend",
"version": "0.0.0",
"author": "Gabriel Aguilar <gavarela90@gmail.com>",
"scripts": {
"dev": "nodemon --env-file=.env --env-file=.env src/index.js",
"seed": "node --env-file=.env seed.js",
"start": "node src/index.js",
"lint": "eslint .",
"lint:fix": "eslint --fix .",
"format": "prettier --write ."
},
"dependencies": {
"@koa/cors": "^4.0.0",
"@sie/common": "^0.0.0",
"bcrypt": "^5.1.1",
"common": "file:../common",
"json-2-csv": "^5.0.1",
"jsonwebtoken": "^9.0.2",
"koa": "^2.14.2",
"koa-bodyparser": "^4.4.1",
"koa-helmet": "^7.0.2",
"koa-morgan": "^1.0.1",
"koa-passport": "^6.0.0",
"koa-ratelimit": "^5.1.0",
"koa-router": "^12.0.1",
"mongoose": "^8.0.2",
"morgan": "^1.10.0",
"passport": "^0.7.0",
"passport-jwt": "^4.0.1",
"passport-local": "^1.0.0"
},
"devDependencies": {
"nodemon": "^3.0.2"
}
}
a year ago
There was no solution found we just reframe the query.
a year ago
Can you try removing that devDependencies section from the package.json, and try redeploying it again.
Also, have you added a "healthcheckup endpoint" for your non-dev environment? If not, then please refer to this post: https://docs.railway.com/guides/healthchecks#configure-the-healthcheck-port and do let me know whether the build process is successful or not?
clashing
Can you try removing that devDependencies section from the package.json, and try redeploying it again. Also, have you added a "healthcheckup endpoint" for your non-dev environment? If not, then please refer to this post: <https://docs.railway.com/guides/healthchecks#configure-the-healthcheck-port> and do let me know whether the build process is successful or not?
a year ago
Any update, abelcerrato
abelcerrato
**Project Setup:** * Is this a Node.js Express app? Yes * What authentication library are you using? (JWT, Passport, Auth0, Firebase Auth, etc.) JWT Token * Which specific packages for auth? (jsonwebtoken, passport-jwt, bcrypt, etc.) passport-jwt **Configuration:** * Do you have CORS configured? What origins are allowed? All CORS are configured, none the less we have Back and Front under the same DNS * Are you using middleware like helmet or security headers? Middlewares * What's your auth flow? (Bearer tokens, cookies, sessions?) Cookies **Testing Method:** * **Are you testing with an API tool (Postman, Insomnia, curl) or through your frontend? Postman and Fiddler Classic** * If frontend: are you getting CORS errors in browser console? No **Environment Variables:** * Which env vars are you sending to Railway? JWT Keys, and DB Connection * Any database connection strings, JWT secrets, API keys? Yes * **Did you restart/redeploy the app after updating environment variables? Yes** **Error Details:** * What specific 4XX error code? (401, 403, 422?) 401 Unathorized- Side-Bar--> We have tested the code in a developer enviroment it still works. We notice that on the dev-env a cookie with the passport toke is created but in railway production it does not get created. We deployed the code again in to another project in railways and tested it via Postman we get the same result 401 Unathorized. Side-Bar2--> This projects connects to MongoDB "hosted in Mongo" we had a little "disagreement" with them regarding the account and it got suspended. However we settle the "disagreement" and the account got restored. We tested the application on friday 18 and everything was up and running. The back end does respond it connects to the DB. On the dev-env the code connects and works properly.  * Any error messages in Railway logs? Yes but it worked before inspite of errors  * Does the auth endpoint respond at all, or complete timeout? It does answer back **Recent Changes:** * Did you update any dependencies recently? No * Any Railway configuration changes? No * When exactly did it stop working? This past tuesday. Share your package.json auth dependencies and Railway environment variable names (not values) - this will help pinpoint the issue quickly.  ```json { "name": "@sie/backend", "version": "0.0.0", "author": "Gabriel Aguilar <gavarela90@gmail.com>", "scripts": { "dev": "nodemon --env-file=.env --env-file=.env src/index.js", "seed": "node --env-file=.env seed.js", "start": "node src/index.js", "lint": "eslint .", "lint:fix": "eslint --fix .", "format": "prettier --write ." }, "dependencies": { "@koa/cors": "^4.0.0", "@sie/common": "^0.0.0", "bcrypt": "^5.1.1", "common": "file:../common", "json-2-csv": "^5.0.1", "jsonwebtoken": "^9.0.2", "koa": "^2.14.2", "koa-bodyparser": "^4.4.1", "koa-helmet": "^7.0.2", "koa-morgan": "^1.0.1", "koa-passport": "^6.0.0", "koa-ratelimit": "^5.1.0", "koa-router": "^12.0.1", "mongoose": "^8.0.2", "morgan": "^1.10.0", "passport": "^0.7.0", "passport-jwt": "^4.0.1", "passport-local": "^1.0.0" }, "devDependencies": { "nodemon": "^3.0.2" } } ```
a year ago
When you send the auth request in postman does the api respond with any set-cookie header ?
Can you compare the same from your dev environment ?
It could be that it's responding with a set-cookie but with a different domain.