Channels
community
contributing
general
github-activity
info
introductions
new-releases
random
security
support-questions
welcome-0xdelusion
welcome-aj-ya
welcome-aleksandrc
welcome-alpinjs
welcome-amberlamps1
welcome-andrew-rodriguez
welcome-ankit-choudhary
welcome-anthony-stod-custodio
welcome-call-in
welcome-chwalbox
welcome-claybiokiller
welcome-co7e
welcome-cosmoecwsa
welcome-devdag
welcome-dinso
welcome-drebotelho
welcome-elio
welcome-ernest
welcome-foxbarrington
welcome-fromscratch
welcome-galto4ir
welcome-goetzum
welcome-hay-kot
welcome-himanshu-kukreja
welcome-hossambarakat
welcome-ichikawakazuto
welcome-jahir9991
welcome-jamesl
welcome-jerry123424
welcome-john-oliver
welcome-jonas-alexanderson
welcome-jxyz
welcome-kelvinwop
welcome-kraz
welcome-lancekey
welcome-leoo
welcome-lukeacollins
welcome-m-j-mon
welcome-malik-khoja
welcome-marco
welcome-mardadi
welcome-meshguy
welcome-metamorph
welcome-mike-tectu
welcome-mirzok
welcome-mozomig
welcome-naberyou66_
welcome-nacer
welcome-namratha
welcome-naveenkumar
welcome-nightlight
welcome-nischith
welcome-notankit
welcome-olawumi
welcome-pavan-kumar-reddy-n
welcome-pineappaul
welcome-poothebear
welcome-rick
welcome-samuel-qosenergy
welcome-samuelstroschein
welcome-shubhamgoel23
welcome-shubhamkaushal
welcome-sidebar
welcome-surajsli
welcome-suyash_
welcome-syntaxerror
welcome-tauno
welcome-tauno
welcome-tawnoz
welcome-teclali
welcome-tls
welcome-turbosepp
welcome-vikram_shadow
welcome-yann
Title
f
FrAgOrDiE
04/26/2022, 11:29 AMI'm having trouble with NestJS + GraphQL, I've seen there were older messages about this in discord but it didn't really help...
Honestly I have no clue of how, according to the supertokens documentation of vanilla graphql on nodejs, this should be done:
ts
@Injectable()
export class GQLAuthGuard implements CanActivate {
async canActivate(context: ExecutionContext): Promise<boolean> {
const ctx = GqlExecutionContext.create(context).getContext();
let err = undefined;
// You can create an optional version of this by passing {sessionRequired: false} to verifySession
await verifySession({ sessionRequired: false })(
ctx.req,
ctx.res,
(res) => {
err = res;
},
);
if (ctx.res.headersSent) {
throw new STError({
message: 'RESPONSE_SENT',
type: 'RESPONSE_SENT',
});
}
if (err) {
throw err;
}
return true;
}
}r
rp
04/26/2022, 11:30 AMWhat’s the error you are facing?
f
FrAgOrDiE
04/26/2022, 11:32 AMThere are many in different scenarios... here's the one I get by calling a graphql endpoint being unauthenticated
D:\git\evt-server\node_modules\supertokens-node\lib\build\framework\express\framework.js:36
step(generator["throw"](value));
^
TypeError: next is not a function
at D:\git\evt-server\node_modules\supertokens-node\lib\build\framework\express\framework.js:179:24
at Generator.throw (<anonymous>)
at rejected (D:\git\evt-server\node_modules\supertokens-node\lib\build\framework\express\framework.js:36:44)
at processTicksAndRejections (node:internal/process/task_queues:96:5)The response looks correct 👇🏼 , but it makes the server crash ☝🏼
r
rp
04/26/2022, 11:34 AMDo you know which function in your code causes this?
f
FrAgOrDiE
04/26/2022, 11:42 AMI had to wait the session to expire because it's the only scenario that causes the error:
The error happens into the code I sent above
ctx.res.headersSent seems to be true
r
rp
04/26/2022, 11:43 AMYou can delete the sAccessToken in the cookie and then it would be like as if it’s expired
I see. So which error handler is catching that error?
The one that’s thrown in that if block
f
FrAgOrDiE
04/26/2022, 11:50 AMAlright I'm starting to understand:
The error is handled by this
ts
@Catch(STError)
export class SupertokensExceptionFilter implements ExceptionFilter {
handler: ErrorRequestHandler;
constructor() {
this.handler = errorHandler();
}
catch(exception: Error, host: ArgumentsHost) {
const ctx = host.switchToHttp();
const resp = ctx.getResponse<Response>();
if (resp.headersSent) {
return;
}
this.handler(
exception,
ctx.getRequest<Request>(),
resp,
ctx.getNext<NextFunction>(),
);
}
}which I just figured out it's not meant to handle graphql context
correct?
r
rp
04/26/2022, 11:51 AMYea. Correct
f
FrAgOrDiE
04/26/2022, 11:52 AMSo I'm trying to do something like this:
ts
if (ctx.res.headersSent) {
throw new GQLSTError({
message: 'RESPONSE_SENT',
type: 'RESPONSE_SENT',
});
}I'm throwing a different exception
GQLSTError extends STError
r
rp
04/26/2022, 11:53 AMYou can. As long as In that handler, you check that the type is response sent and just return
Cause if you send a response again, it will throw a different error
f
FrAgOrDiE
04/26/2022, 11:55 AMok that doesn't seem to work
ts
@Catch(STError)
export class SupertokensExceptionFilter implements ExceptionFilter {
handler: ErrorRequestHandler;
constructor() {
this.handler = errorHandler();
}
catch(exception: Error, host: ArgumentsHost) {
if (exception instanceof GQLSTError) return; // added this
const ctx = host.switchToHttp();
const resp = ctx.getResponse<Response>();
if (resp.headersSent) {
return;
}
this.handler(
exception,
ctx.getRequest<Request>(),
resp,
ctx.getNext<NextFunction>(),
);
}
}now the exception isn't caught by this filter
neither by the other one though
oh wait
didn't register it on main.ts
okay so
how do I get the ExecutionContext from here?
catch(exception: Error, host: ArgumentsHost)I used to access the GQL request by hardcoding the arg index like this
ts
ctx.getArgByIndex(2)by the way, the filter works, and...
ts
catch(exception: Error, host: ArgumentsHost) {
const context = host.getArgByIndex(2);
if (context.res.headersSent) {
return;
}
this.handler(exception, context.req, context.res, context.next);
}Error: Cannot set headers after they are sent to the client
at new NodeError (node:internal/errors:371:5)
at ServerResponse.setHeader (node:_http_outgoing:573:11)
at D:\git\evt-server\node_modules\apollo-server-express\src\ApolloServer.ts:171:19
at processTicksAndRejections (node:internal/process/task_queues:96:5)r
rp
04/26/2022, 12:16 PMYea.. in your erorr handler, you need to check if the err has
type == 'RESPONSE_SENT'f
FrAgOrDiE
04/26/2022, 12:31 PMts
catch(exception: Error, host: ArgumentsHost) {
if (exception.message === 'RESPONSE_SENT') return;
const context = host.getArgByIndex(2);
if (context.res.headersSent) {
return;
}
this.handler(exception, context.req, context.res, context.next);
}now it's done, and it's still throwing the error
by debugging it I can see it enters into the if statement and return
but still
Error: Cannot set headers after they are sent to the client
at new NodeError (node:internal/errors:371:5)
at ServerResponse.setHeader (node:_http_outgoing:573:11)
at D:\git\evt-server\node_modules\apollo-server-express\src\ApolloServer.ts:171:19
at processTicksAndRejections (node:internal/process/task_queues:96:5)r
rp
04/26/2022, 12:33 PMHmmm. I’m not too sure at the moment. Can you open an issue about this on o ur GitHub and we can suggest a solution that will work tomorrow or day after
f
FrAgOrDiE
04/26/2022, 1:12 PMI was going to... then I noticed it works with
antiCsrfCheck: falser
rp
04/26/2022, 1:22 PMRight. So when you query the API, you must not be setting a rid header
How r you querying it?
Using postman? Or fetch / axios?
f
FrAgOrDiE
04/26/2022, 1:22 PMpostman, I do not set the rid
message has been deleted
r
rp
04/26/2022, 1:23 PMSo you should set rid. If you are querying your own api, set the value of it to rid: anti-csrf