My Laravel + GatsbyJS app uses auth:sanctum for login management, other users are getting server 500 errors, but my login is working fine
<p>So I have an app (using laravel for the backend and GatsbyJS for the frontend) that I'm helping develop.
A month ago, all users were able to log in without issues. But I found that now, all users cannot log in in the production environment (except me). </p>
<p>login.jsx file</p>
<pre class="brush:php;toolbar:false;">const formChanged = async (e) => {
setError(false);
e.preventDefault();
setSubmitting(true);
let loginData = getValues();
let response = await login(loginData.email, loginData.password);
setSubmitting(false);
if (response.error) {
setError(true);
setValue('password', '');
} else {
navigate('/app/idm/');
}
};</pre>
<p>let response = await login() calls a method named login, which is located in the api.js file</p>
<p>api.js file</p>
<pre class="brush:php;toolbar:false;">// Log in to the application
export const login = async (email, password) => {
// send request
let response = await makeRequest('post', '/login', { email, password });
// If there are no errors, set the token and user
if (!response.error && isBrowser()) {
localStorage.setItem('idm_token', response.data.access_token);
let my_user = JSON.stringify(await me(response.data.access_token));
localStorage.setItem('idm_user', my_user);
}
return response;
};</pre>
<p>When we pass the email and password, this data is verified and at this point, all users are able to generate tokens without issue. </p>
<p> (For reference only, the code to generate the sanctum token)
api.php file</p>
<pre class="brush:php;toolbar:false;">Route::post('/login', function(Request $request) {
$login = $request->only('email', 'password');
if (Auth::attempt($login)) {
$user = User::where('email', $request['email'])->firstOrFail();
$token = $user->createToken('auth_token')->plainTextToken;
return response()->json([
'access_token' => $token,
'token_type' => 'Bearer'
]);
}
return response()->json(["message" => "Authentication failed"], 401);
})->name('api.login');</pre>
<p>The problem appears to be accessing routes that are currently protected by auth:sanctum. Again, all users are able to generate tokens, but only my login details allow me to access the route.
All other users will receive a server 500 error. </p>
<p>This happens in the api.js file when we try to get my_user details: </p>
<pre class="brush:php;toolbar:false;">let my_user = JSON.stringify(await me(response.data.access_token));</pre>
<p>Another problem I'm having is that my laravel application in production stopped outputting errors a few months ago and I can't figure out how to fix the error logging issue in production (in development, Error logging is OK).</p>
<p>Sorry for the lack of details, I'm very new to all this and if there are any tips or things to try I'd really appreciate it, even if I don't get the answer I'm more than willing to work on learning and solving this question. </p>
