Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Issue resolving IP address with port 9091 #239

Closed
opinionated-architect opened this issue Mar 30, 2021 · 7 comments
Closed

Issue resolving IP address with port 9091 #239

opinionated-architect opened this issue Mar 30, 2021 · 7 comments
Assignees
@davidpatrick

Comments

@opinionated-architect
Copy link

I am using NestJS to integrate with JWKS for token verification.

Use Case
The use case I have is that I have developed a server for the creation and management of jwt tokens locally. This allows developers to completely isolate in development and have no need for network. Other advantages such as security isolation, etc, are also of benefit.

The Issue
The jwks-rsa package does not seem to like parsing IP addresses with ports. For some reason, it expects that the port 80 (and i assume 443) are used, however, in my scenario this is impossible as the computer has been (from the security team) blocked port 80 for servers. To be clear... not my decision, however, it appears that I am stuck with it.

The Request
Can the jwks-rsa library include the ability to support ports other than 80/443

The Configuration

In the NestJS calls, I have the following code:

import { ExtractJwt, Strategy } from 'passport-jwt';
import { PassportStrategy } from '@nestjs/passport';
import { Injectable } from '@nestjs/common';
const jwksRsa = require('jwks-rsa');

@Injectable()
export class JwtStrategy extends PassportStrategy(Strategy) {
    constructor() {
        super({
            jwtFromRequest: ExtractJwt.fromAuthHeaderAsBearerToken(),
            ignoreExpiration: false,
            secretOrKeyProvider: jwksRsa.passportJwtSecret({
                cache: true,
                rateLimit: true,
                jwksRequestsPerMinute: 5,
                 // this works! Note I have changed the URL to a random so you cannot access my computer :)
                // jwksUri: "https://abc123.ngrok.io/jwks"
                // This fails with the error message below.
                jwksUri: "http://localhost:9091/jwks"
            }),
            algorithms: ['RS256']
        });
    }

    async validate(payload: any) {
        return { userId: payload.sub, email: payload.email,groups: payload.groups  };
    }
}

The Error Message
The following is the error message I receive with the localhost:9091 configuration.

  jwks Requests to the JWKS endpoint available for the next minute: 4 +21s
  jwks Fetching signing key for 'FvvPBRHsv_y3i94MV5cekGK0bCXoF9FuO6NHld_k9QA' +0ms
  jwks Fetching keys from 'http://localhost:9091/jwks' +4ms
  jwks Failure: { Error: getaddrinfo ENOTFOUND localhost:9091 localhost:9091:9091
    at GetAddrInfoReqWrap.onlookup [as oncomplete] (dns.js:56:26)
  errno: 'ENOTFOUND',
  code: 'ENOTFOUND',
  syscall: 'getaddrinfo',
  hostname: 'localhost:9091',
  host: 'localhost:9091',
  port: '9091' } +15ms

As you can see above, the hostname is localhost:9091. Also, you can see that getaddrinfo does not seem to parse the request correctly.

The Workaround
For now, as a less than ideal solution, I have been using ngrok. In this way, I am able to point to a service on port 80/443. With this in place everything works great, however, I am pretty sure that this is not sustainable due to the level of security at the organizational level and... a bit of a hack.
@davidpatrick
Copy link
Contributor

@opinionated-architect can you confirm what version you are on? I believe this should be fixed on the latest version

@opinionated-architect
Copy link
Author

@davidpatrick Thanks for the quick reply!

I am using 2.0.2 which seems to be the latest. I have no issues reaching the endpoint through the browser or ngrok with your library.

I looked at NPM and it seems that 2.0.2 is the latest version. Any other suggestions?

@davidpatrick
Copy link
Contributor

It looks like it's not parsing your URL correctly, hostname: 'localhost:9091' should be localhost as addressed in #233

I will take a look this week at it

@davidpatrick davidpatrick self-assigned this Mar 31, 2021
@opinionated-architect
Copy link
Author

@davidpatrick Thanks man. Appreciate it

@davidpatrick
Copy link
Contributor

Hey @opinionated-architect I ran some tests on this and I was unable to reproduce this issue on the latest version.

Could you double check the version you are running with npm list jwks-rsa? Your error Error: getaddrinfo ENOTFOUND localhost:9091 localhost:9091:9091 at GetAddrInfoReqWrap.onlookup and hostname: 'localhost:9091', makes me think that we can't be on 2.0.2 and its still passing in the full host into hostname, rather than just the hostname.

There are some other possibilities it looks like people have run into if you google getaddrinfo ENOTFOUND localhost.

@davidpatrick
Copy link
Contributor

@opinionated-architect I'm closing this for now as it doesn't appear to be an issue with this package. Let me know if there are any other questions that I could help you troubleshoot with.

@opinionated-architect
Copy link
Author

@davidpatrick Just wanted to come back and say thanks for looking into this.... Appreciate the solid communication.

@snyk-bot snyk-bot mentioned this issue Apr 21, 2022
Open
@donavon donavon mentioned this issue Nov 28, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@davidpatrick davidpatrick

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@davidpatrick @opinionated-architect