search

Home  >  Q&A  >  body text

My Laravel + GatsbyJS app uses auth:sanctum for login management, other users are getting server 500 errors, but my login is working fine

<p>So I have an app (using laravel for the backend and GatsbyJS for the frontend) that I'm helping develop. A month ago, all users were able to log in without issues. But I found that now, all users cannot log in in the production environment (except me). </p> <p>login.jsx file</p> <pre class="brush:php;toolbar:false;">const formChanged = async (e) => { setError(false); e.preventDefault(); setSubmitting(true); let loginData = getValues(); let response = await login(loginData.email, loginData.password); setSubmitting(false); if (response.error) { setError(true); setValue('password', ''); } else { navigate('/app/idm/'); } };</pre> <p>let response = await login() calls a method named login, which is located in the api.js file</p> <p>api.js file</p> <pre class="brush:php;toolbar:false;">// Log in to the application export const login = async (email, password) => { // send request let response = await makeRequest('post', '/login', { email, password }); // If there are no errors, set the token and user if (!response.error && isBrowser()) { localStorage.setItem('idm_token', response.data.access_token); let my_user = JSON.stringify(await me(response.data.access_token)); localStorage.setItem('idm_user', my_user); } return response; };</pre> <p>When we pass the email and password, this data is verified and at this point, all users are able to generate tokens without issue. </p> <p> (For reference only, the code to generate the sanctum token) api.php file</p> <pre class="brush:php;toolbar:false;">Route::post('/login', function(Request $request) { $login = $request->only('email', 'password'); if (Auth::attempt($login)) { $user = User::where('email', $request['email'])->firstOrFail(); $token = $user->createToken('auth_token')->plainTextToken; return response()->json([ 'access_token' => $token, 'token_type' => 'Bearer' ]); } return response()->json(["message" => "Authentication failed"], 401); })->name('api.login');</pre> <p>The problem appears to be accessing routes that are currently protected by auth:sanctum. Again, all users are able to generate tokens, but only my login details allow me to access the route. All other users will receive a server 500 error. </p> <p>This happens in the api.js file when we try to get my_user details: </p> <pre class="brush:php;toolbar:false;">let my_user = JSON.stringify(await me(response.data.access_token));</pre> <p>Another problem I'm having is that my laravel application in production stopped outputting errors a few months ago and I can't figure out how to fix the error logging issue in production (in development, Error logging is OK).</p> <p>Sorry for the lack of details, I'm very new to all this and if there are any tips or things to try I'd really appreciate it, even if I don't get the answer I'm more than willing to work on learning and solving this question. </p>
P粉215292716P粉215292716464 days ago592

reply all(1)I'll reply

  • P粉734486718

    P粉7344867182023-09-05 00:10:08

    To further troubleshoot the issue, I decided to look at why I wasn't receiving the error logs.

    I decided to set the storage folder and its contents to chmod 777

    chmod -R 777 storage/

    Add -R to recursively set content to 777

    This actually solved my login issue, but I noticed that after returning the permission level to 775, some users were able to log in again, but not all.

    Then I thought, maybe there is a permission issue with my log file/folder and maybe that's why I'm not getting the error log printed out?

    So I looked further into my laravel.log file. Turns out it can only be read by the user (ubuntu:ubuntu). I decided to change its group to www-data

    chown ubuntu:www-data laravel.log

    This is very helpful to me, I am able to record error logs in laravel again!

    Now I see my error, roughly as follows:

    production.ERROR: Unable to create lockable file: /var/www/main/backend/storage/framework/cache/data/d5/........etc...etcc

    So I checked every permission under storage and found that my data folder can only be accessed by the user

    I added www-data as a group of the data folder:

    chown ubuntu:www-data data

    Now, my problem is solved! (Note: My chmod permissions have been restored to 775)

    reply
    0
  • Cancelreply