On reset password, how do I avoid error 400 from Feathersjs?

Question

Attempting email confirmation using feathers-authentication-management. I followed a tutorial by Imre Gelens, which is based on an older tutorial by Jon Paul Miles.

Verify Signup and Password Reset both completely work in development, but Verify does not work in Production. In the browser I get:

POST https://www.example.com/authManagement 400 (Bad Request)

Verify does completely work in production.

Perhaps the problem is due to my configuration of nginx proxy server, but then why would Verify work?

Any insight is appreciated.

The tutorials are at: https://hackernoon.com/setting-up-email-verification-in-feathersjs-ce764907e4f2 and https://blog.feathersjs.com/how-to-setup-email-verification-in-feathersjs-72ce9882e744

Here's authmanagement.service.js

// Initializes the `authmanagement` service on path `/authmanagement`
const authManagement = require('feathers-authentication-management');
const hooks = require('./authmanagement.hooks');
const notifier = require('./notifier');

module.exports = function (app) {

  // Initialize our service with any options it requires
  app.configure(authManagement(notifier(app)));

  // Get our initialized service so that we can register hooks and filters
  const service = app.service('authManagement');

  service.hooks(hooks);
};

None of the hooks are set in authmanagement.hooks

Then the notifier.js is:

module.exports = function(app) {

function getLink(type, hash) {
  // I don't think we get this far without hitting the error
  // in dev:
    // const url = 'http://xx.xxx.xxx.xxx:nnnn/' + type + '?token=' + hash
  // in prod:
  // env var:  SERVER_CALL="https://www.example.com/"
  const url = process.env.SERVER_CALL + type + '?token=' + hash
  return url
}

function sendEmail(email) {
  return app.service('mailer').create(email).then(function (result) {
    console.log('Sent email', result)
  }).catch(err => {
    console.log('Error sending email', err)
  })
}

return {
  notifier: function(type, user, notifierOptions) {
    let tokenLink
    let email
    switch (type) {
      case 'resendVerifySignup': //sending the user the verification email
        tokenLink = getLink('verify', user.verifyToken)
        email = {
           from: process.env.FROM_EMAIL,
           to: user.email,
           subject: 'Verify Signup',
           html: "<p>You are receiving this email from a registration request on example.com. \
                If you did not make that request, you can safely ignore this message.</p> \
                <p>To complete your registration, follow this link:</p>" + tokenLink + "&email=" + user.email
        }
        return sendEmail(email)
        break

      case 'verifySignup': // confirming verification
        tokenLink = getLink('verify', user.verifyToken)
        email = {
           from: process.env.FROM_EMAIL,
           to: user.email,
           subject: 'Confirm Signup',
           html: 'Thanks for verifying your email'
        }
        return sendEmail(email)
        break

      case 'sendResetPwd':
        tokenLink = getLink('reset', user.resetToken)
        email = {
           from: process.env.FROM_EMAIL,
           to: user.email,
           subject: 'Reset Password',
           html: "<p>You are receiving this email because someone made a request to reset your password. \
                If you did not make that request, you can safely ignore this message.</p> \
                <p>Alternatively, if you do want to reset you password, follow this link:</p>" + tokenLink + "&email=" + user.email
        }
        return sendEmail(email)
        break

      case 'resetPwd':
        tokenLink = getLink('reset', user.resetToken)
        email = {
           from: process.env.FROM_EMAIL,
           to: user.email,
           subject: 'Confirm Reset',
           html: 'Thanks for resetting'
        }
        return sendEmail(email)
        break

      case 'passwordChange':
        email = {}
        return sendEmail(email)
        break

      case 'identityChange':
        tokenLink = getLink('verifyChanges', user.verifyToken)
        email = {}
        return sendEmail(email)
        break

      default:
        break
    }
  }
}
}

And the relevant bit of nginx config is:

location /authManagement {
        proxy_pass http://nnn.nn.nnn.nnn:pppp;
}

The call from client is:

    var call = "";
    if (process.env.NODE_ENV === "development"){
      call = "http://xx.xxx.xxx.xxx:pppp/authManagement";
    }
    else if (process.env.NODE_ENV === "production"){
      call = "https://www.example.com/authManagement";
    }

    axios.post(call, {
      action: 'sendResetPwd',
      value: { email: emailValue }
     })

Answer 1

Giving up on this. Feathers looks great on the surface -- particularly having services generated automatically in a robust manor. But trying to debug issues like this makes it easier to generate the api manually. A big attraction is having the email confirmation and password reset infrastructure generated for you, but it's really not. And it seems easier to do that from scratch, also.

As a follow-up: Since abandoning Feathers, I completed email authentication in 1 day. I had spent a month trying to get Feathers working. I originally estimated 3 days to complete the work. Moses Esan made a really good tutorial -- I had it working in an hour or two, spent the rest of the day moving email from Sendgrid to AWS SES and a few other mods. Easy to debug and to modify. All done! Granted, all the client code was reused with only slight modification.
Here's his tutorial, in case it helps anyone else