Working from a Vue front end with a Rails API, I am attempting to implement following/unfollowing. this works fine on my local machine, but on my Render server, I am getting the message Filter chain halted, without the follow being created.
I thought/think this might be an environment vars issue, but I have checked the secret_key and confirmed via the rails console that JWT.decode is working. The request headers include the correct token as well.
Server log is:
Apr 5 01:21:16 PM I, [2023-04-05T17:21:16.175314 #73] INFO -- : [61a6e555-e384-49d0-bac6-27b8aaaece9a] Started POST "/authors/1e6935d8-7b95-4d72-bb76-1d8f8a535e70/follow" for 172.70.114.157 at 2023-04-05 17:21:16 +0000
Apr 5 01:21:16 PM I, [2023-04-05T17:21:16.176134 #73] INFO -- : [61a6e555-e384-49d0-bac6-27b8aaaece9a] Processing by AuthorsController#follow as */*
Apr 5 01:21:16 PM I, [2023-04-05T17:21:16.176184 #73] INFO -- : [61a6e555-e384-49d0-bac6-27b8aaaece9a] Parameters: {"id"=>"1e6935d8-7b95-4d72-bb76-1d8f8a535e70"}
Apr 5 01:21:16 PM header is eyJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjoiYzJhZWI3NDEtM2YzNS00NjA5LThhNDctYzgwMDc4OWRlOTU3IiwiZXhwIjoxNjgwNzk4ODUzfQ.rwqS6UHmtbH8NoC6dYphlPPtnotMhY0jmsXF_xae3sE
Apr 5 01:21:16 PM decoding token: eyJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjoiYzJhZWI3NDEtM2YzNS00NjA5LThhNDctYzgwMDc4OWRlOTU3IiwiZXhwIjoxNjgwNzk4ODUzfQ.rwqS6UHmtbH8NoC6dYphlPPtnotMhY0jmsXF_xae3sE
Apr 5 01:21:16 PM I, [2023-04-05T17:21:16.179648 #73] INFO -- : [61a6e555-e384-49d0-bac6-27b8aaaece9a] Filter chain halted as :authorize_request rendered or redirected
Apr 5 01:21:16 PM I, [2023-04-05T17:21:16.179767 #73] INFO -- : [61a6e555-e384-49d0-bac6-27b8aaaece9a] Completed 401 Unauthorized in 4ms (Views: 0.2ms | ActiveRecord: 0.5ms | Allocations: 598)
Here is the Authors Controller:
class AuthorsController < ApplicationController
# skip_before_action :verify_authenticity_token
before_action :find_author, except: [:index]
before_action :authorize_request, except: [:index, :show, :followers]
def index
@authors = Author.all
render json: @authors.to_json( :include => [:followers]), status: :ok
end
def show
render json: @author.to_json( :include => [:followers]), status: :ok
end
def follow
if @current_user
@current_user.followeds << @author
render json: @current_user
else
render json: { errors: 'No current user' }
end
end
def unfollow
@current_user.followed_authors.find_by(followed_id: @author.id).destroy
end
def followers
@followers = @author.followers
# .paginate(page: params[:page])
render json: @followers, status: :ok
end
private
def find_author
@author = Author.find(params[:id])
rescue ActiveRecord::RecordNotFound
render json: { errors: 'Author not found' }, status: :not_found
end
end
Authorize-request action in Application controller:
class ApplicationController < ActionController::API
def not_found
render json: { error: 'not_found' }
end
def authorize_request
header = request.headers['Authorization']
header = header.split(' ').last if header
puts "header is #{header}"
begin
@decoded = JsonWebToken.decode(header)
puts "decoded header is #{@decoded}"
puts "user id is: #{@decoded[0]['user_id']}"
@current_user = User.find(@decoded[0]['user_id'])
puts "current_user is #{@current_user}"
rescue ActiveRecord::RecordNotFound => e
render json: { errors: e.message }, status: :unauthorized
rescue JWT::DecodeError => e
render json: { errors: e.message }, status: :unauthorized
end
end
end
and JsonWebToken.rb:
class JsonWebToken
# SECRET_KEY = Rails.application.secrets.secret_key_base
def self.encode(payload, exp = 24.hours.from_now)
payload[:exp] = exp.to_i
JWT.encode(payload, ENV['SECRET_KEY'])
end
def self.decode(token)
puts("decoding token: #{token}")
decoded = JWT.decode(token, ENV['SECRET_KEY'])
puts("decoded is #{decoded}")
return decoded
end
end