422 Unprocessable Content on official tutorial code - cookie 'token' missing #1144
Comments
|
me too |
|
The error message appears because the validation However, the tutorial page is intended to provide a comprehensive explanation of the framework. Further investigation is needed to understand why the use of The code below will fix the Authentication section in the tutorial by adding validation to check if the user is already logged in and move the sign-out route to the very end without the need for validation, as it is automatically validated by // user.ts
import { Elysia, t } from 'elysia';
export const userService = new Elysia({ name: 'user/service' })
.state({
user: {} as Record<string, string>,
session: {} as Record<string, string>,
})
.model({
signIn: t.Object({
username: t.String({ minLength: 1 }),
password: t.String({ minLength: 8 }),
}),
session: t.Cookie(
{
token: t.String(),
},
{
secrets: 'seia',
}
),
optionalSession: t.Optional(t.Ref('session')),
})
.macro({
isSignIn(enabled: boolean) {
if (!enabled) return;
return {
beforeHandle({ error, cookie: { token }, store: { session } }) {
if (!token.value)
return error(401, {
success: false,
message: 'Unauthorized',
});
const username = session[token.value as unknown as number];
if (!username)
return error(401, {
success: false,
message: 'Unauthorized',
});
},
};
},
});
export const getUserId = new Elysia()
.use(userService)
.guard({
isSignIn: true,
cookie: 'session',
})
.resolve(({ store: { session }, cookie: { token } }) => ({
username: session[token.value],
}))
.as('plugin');
export const user = new Elysia({ prefix: '/user' })
.use(userService)
.put(
'/sign-up',
async ({ body: { username, password }, store, error }) => {
if (store.user[username])
return error(400, {
success: false,
message: 'User already exists',
});
store.user[username] = await Bun.password.hash(password);
return {
success: true,
message: 'User created',
};
},
{
body: 'signIn',
}
)
.post(
'/sign-in',
async ({ store: { user, session }, error, body: { username, password }, cookie: { token } }) => {
if (!user[username] || !(await Bun.password.verify(password, user[username])))
return error(400, {
success: false,
message: 'Invalid username or password',
});
if (token.value) {
return {
success: true,
message: 'You are already signed in',
};
}
const key = crypto.getRandomValues(new Uint32Array(1))[0];
session[key] = username;
token.value = key.toString();
return {
success: true,
message: `Signed in as ${username}`,
};
},
{
body: 'signIn',
}
)
.use(getUserId)
.get('/profile', ({ username }) => ({
success: true,
username,
}))
.get('/sign-out', ({ cookie: { token } }) => {
token.remove();
return {
success: true,
message: 'Signed out',
};
}); |
What version of Elysia is running?
latest (1.2.25) - bun 1.2.6
What platform is your computer?
Linux 6.13.7-arch1-1 x86_64 unknown
What steps can reproduce the bug?
Run
bun devGo to http://localhost:3000/swagger
Create a user through the
sign-upendpoint (I usednameas name andpasswordas password) (works)Try to sign in through the
sign-inendpoint with the correct credentials.What is the expected behavior?
The user should be logged in, the
tokencookie should be set in the response, and should NOT be required at the request level (otherwise there's no way to log in without an already active session).What do you see instead?
A 422 Unprocessable Content error response with no cookie set and the following body:
Additional information
Either this is a tutorial "bug", or this is an Elysia bug.
Note that this was the easiest way I've found to create a reproducible bug report, but I encountered it on a non-tutorial project first.
Have you try removing the
node_modulesandbun.lockband try again yet?Yes, created a fresh project in repro steps
The text was updated successfully, but these errors were encountered: