bug with using credentials

[brokolosov]

A bug occurs when using a POST request with credentials and passing data through the request.body. If credentials not using or if turn off serverFactory, so all works is correctly. How to fix this?

[tinchoz49]

can you show me a code example?

[brokolosov]

yes, sure... I'm using typescript

// server.ts

import { fastifyUws, serverFactory } from '@geut/fastify-uws'
import fastify from 'fastify'
import dotenv from 'dotenv'
import app from './app'

dotenv.config()

const port = process.env.PORT as unknown as number
const host = process.env.HOST as unknown as string

const server = fastify({
  serverFactory,
})

server.register(fastifyUws)
server.register(app)

server.listen({ port, host }, () => {})

// app.ts

import cors from '@fastify/cors'
import type { FastifyPluginAsync } from 'fastify'

const app: FastifyPluginAsync = async (fastify, opts): Promise<void> => {
  void fastify.register(cors, {
    credentials: true,
    origin: ['http://127.0.0.1:3333'],
    methods: ['GET', 'POST', 'PUT', 'PATCH', 'DELETE'],
  })

  void fastify.register(AutoLoad, {
    dir: join(__dirname, 'plugins'),
    options: opts,
  })

  void fastify.register(AutoLoad, {
    dir: join(__dirname, 'routes'),
    options: Object.assign({ prefix: `/api/${process.env.API_VERSION}` }, opts),
  })
}

// router file

import type { FastifyPluginAsync } from 'fastify'
import { isLoggedIn } from '../../middleware/isLoggedIn'

const chart: FastifyPluginAsync = async (fastify): Promise<void> => {
  fastify.post('/create', {
    preHandler: isLoggedIn,
  },
  async (request, reply) => {
    try {
      const { ...someData } = await request.body
      const chart = await fastify.prisma.charts.create({
        data: { ... someData},
      })
      await reply.code(201).send(chart.id)
    }
    catch (e) {
      await reply.code(500).send('uups...')
    }
  },
  )

//client

import axios from 'axios'

const apiClient = axios.create({
  baseURL,
  withCredentials: true,
})

[brokolosov]

This request ('/create') is not executed at all, and there are no errors either, it just frozen. But if remove prehandler (on server) and credentials (on client for this particular request), then works fine.

[brokolosov]

P.S. One more clarification. The issue occurs only if the data is transferred via "body". If transferring through "query" then all works correctly too

[tinchoz49]

thank you @brokolosov for all the information, I will look into it

[tinchoz49]

i check this by doing a test and i cannot reproduce the problem:

import { test } from 'uvu'
import * as assert from 'uvu/assert'
import Fastify from 'fastify'
import cors from '@fastify/cors'
import { serverFactory, fastifyUws } from '../src/index.js'

test('cookies', async () => {
  const app = Fastify({
    serverFactory
  })

  app.register(fastifyUws)

  app.register(cors, {
    credentials: true,
    origin: ['http://127.0.0.1:3333'],
    methods: ['GET', 'POST', 'PUT', 'PATCH', 'DELETE']
  })

  app.post('/', {
    preHandler: async () => {
      console.log('all good')
    }
  }, (req, res) => {
    console.log(req.body)
    return { ok: true }
  })

  await app.listen({ port: 3333 })

  const res = await fetch(`http://localhost:${app.server.address().port}`, {
    method: 'POST',
    credentials: 'include',
    headers: {
      'Content-Type': 'application/json'
    },
    body: JSON.stringify({ hi: true })
  }).then(res => res.json())

  console.log(res)
  
  await app.close()
})

test.run()

[brokolosov]

Thank you for your time. It turned out to be much more complicated. The conflict occurs with the "session.store" module. But so far, I have not figured out what exactly the bug is.