Running threat dragon behind nginx

[mikkeschiren]

Describe the bug:
When deploying Threat Dragon to Kubernetes, I can't get the Github Oauth to work. I guess it could be a nginx config needed?

Expected behaviour:
Login with Github Oauth should work behind a proxy.

Logs:

error: controllers/auth.js:  {"service":"threat-dragon","timestamp":"2024-03-06 17:05:09"}
error: Unexpected token ' in JSON at position 0 {"service":"threat-dragon","stack":"SyntaxError: Unexpected token ' in JSON at position 0\n    at JSON.parse (<anonymous>)\n    at getPrimaryKey (/app/td.server/dist/helpers/encryption.helper.js:23:19)\n    at Object.encryptPromise (/app/td.server/dist/helpers/encryption.helper.js:99:13)\n    at _callee$ (/app/td.server/dist/helpers/jwt.helper.js:21:47)\n    at tryCatch (/app/td.server/node_modules/@babel/runtime/helpers/regeneratorRuntime.js:45:16)\n    at Generator.<anonymous> (/app/td.server/node_modules/@babel/runtime/helpers/regeneratorRuntime.js:133:17)\n    at Generator.next (/app/td.server/node_modules/@babel/runtime/helpers/regeneratorRuntime.js:74:21)\n    at asyncGeneratorStep (/app/td.server/node_modules/@babel/runtime/helpers/asyncToGenerator.js:3:24)\n    at _next (/app/td.server/node_modules/@babel/runtime/helpers/asyncToGenerator.js:22:9)\n    at /app/td.server/node_modules/@babel/runtime/helpers/asyncToGenerator.js:27:7\n    at new Promise (<anonymous>)\n    at Object.<anonymous> (/app/td.server/node_modules/@babel/runtime/helpers/asyncToGenerator.js:19:12)\n    at Object.createAsync (/app/td.server/dist/helpers/jwt.helper.js:49:17)\n    at _callee$ (/app/td.server/dist/controllers/auth.js:55:42)\n    at tryCatch (/app/td.server/node_modules/@babel/runtime/helpers/regeneratorRuntime.js:45:16)\n    at Generator.<anonymous> (/app/td.server/node_modules/@babel/runtime/helpers/regeneratorRuntime.js:133:17)","timestamp":"2024-03-06 17:05:09"}
error: undefined {"service":"threat-dragon","timestamp":"2024-03-06 17:05:09"}

[mikkeschiren]

A bit more information:
After returning from the Github authentication
Browser URL is: https://MYHOST/#/oauth-return?code=13325c5424a1bdfa5965
And in the browser console I can see this:
https://MYHOST/api/oauth/github?code=13325c5424a1bdfa5965

Which gives a 500 with json response:
{"status":500,"message":"Internal Server Error","details":"Internal Server Error"}

[mikkeschiren]

Running in debug mode:

debug: controllers/threatmodelcontroller.js: API organisation request: [object Object] {"service":"threat-dragon","timestamp":"2024-03-06 20:26:09"}
debug: controllers/auth.js: API login request: [object Object] {"service":"threat-dragon","timestamp":"2024-03-06 20:26:09"}
debug: controllers/auth.js: API oauthReturn request: [object Object] {"service":"threat-dragon","timestamp":"2024-03-06 20:26:10"}
debug: controllers/homecontroller.js: API index request, sendFile /app/dist/index.html {"service":"threat-dragon","timestamp":"2024-03-06 20:26:10"}
debug: controllers/auth.js: API completeLogin request: [object Object] {"service":"threat-dragon","timestamp":"2024-03-06 20:26:11"}
error: controllers/auth.js:  {"service":"threat-dragon","timestamp":"2024-03-06 20:26:12"}
error: Requires authentication {"body":{"documentation_url":"https://docs.github.com/rest/users/users#get-the-authenticated-user","message":"Requires authentication"},"headers":{"access-control-allow-origin":"*","access-control-expose-headers":"ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Used, X-RateLimit-Resource, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, X-GitHub-SSO, X-GitHub-Request-Id, Deprecation, Sunset","connection":"close","content-length":"127","content-security-policy":"default-src 'none'","content-type":"application/json; charset=utf-8","date":"Wed, 06 Mar 2024 20:26:12 GMT","referrer-policy":"origin-when-cross-origin, strict-origin-when-cross-origin","server":"GitHub.com","strict-transport-security":"max-age=31536000; includeSubdomains; preload","vary":"Accept-Encoding, Accept, X-Requested-With","x-content-type-options":"nosniff","x-frame-options":"deny","x-github-api-version-selected":"2022-11-28","x-github-media-type":"github.v3; format=json","x-github-request-id":"12AF:598D5:8F69364:904CE92:65E8D164","x-ratelimit-limit":"60","x-ratelimit-remaining":"59","x-ratelimit-reset":"1709760372","x-ratelimit-resource":"core","x-ratelimit-used":"1","x-xss-protection":"0"},"service":"threat-dragon","statusCode":401,"timestamp":"2024-03-06 20:26:12"}
error: undefined {"service":"threat-dragon","timestamp":"2024-03-06 20:26:12"}
debug: controllers/auth.js: Returning error to client: {"status":500,"message":"Internal Server Error","details":"Internal Server Error"} {"service":"threat-dragon","timestamp":"2024-03-06 20:26:12"}

[jgadsden]

we do not yet have a solution for this, so bumping back to version 2.4

[ericfitz]

I have a fork that has this functionality ready and tested. I'm working on the docs for it and will send a merge request in the next week or so.

[jgadsden]

Thanks @ericfitz , much appreciated and I have assigned this to you