user sign-in tutorial

[mybigman]

What is the type of issue?

Documentation is incorrect, Example code is not working

What is the issue?

3. In /sign-in we insert a username and hashed password with argon2id
4. In /sign-up we does the following:

    4.1 We check if user exists and verify the password
    4.2 If the password matches, then we generate a new session into session
    4.3 We set cookie token with the value of session
    4.4 We append secret to cookie to add hash attacker from tampering with the cookie

3 and 4 should be switched.

3. In /sign-up ...
4. In /sign-in ...

Also the sign-in does not work in user.ts as it is expecting the cookie when it should only be setting the cookie after successful sign-in.

Where did you find it?

https://elysiajs.com/tutorial.html

[Gyuyeong]

I'm having the same issue. I copy-pasted the user.ts code from the tutorial and used swagger to send sign-in request, but it gave me a validation error on cookie, saying Property 'token' is missing.

Versions

• bun: 1.2.2
• [email protected]

Steps taken

All the steps are from tjhe installation guide and the tutorial.

1. Install bun

curl -fsSL https://bun.sh/install | bash

2. Create Elysia app

bun create elysia app

3. Copy index.ts, user.ts, note.ts from the tutorial
4. Install swagger and opentelemetry

bun add @elysiajs/swagger

bun add @elysiajs/opentelemetry

5. Run dev

bun dev

6. Request appropriate sign-up => success
7. Request sign-in with username and password from step 6 => error

I think this is related to t.Optional not working properly in user.ts:

optionalSession: t.Optional(t.Ref('session'))

[Gyuyeong]

I managed to find a work-around by fixing the code to the following:

optionalSession: t.Optional(t.Partial(t.Ref('session')))

However, I do not know if this is the intended way to make a field optional.