Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Error: Invalid UTF-8 sequence crashing Vercel #67

Open
k2xl opened this issue Sep 20, 2024 · 16 comments
Open

Error: Invalid UTF-8 sequence crashing Vercel #67

k2xl opened this issue Sep 20, 2024 · 16 comments
Labels
bug Something isn't working

Comments

@k2xl
Copy link

k2xl commented Sep 20, 2024

Bug report

  • [x ] I confirm this is a bug with Supabase, not with my own application.
  • [ x] I confirm I have searched the Docs, GitHub Discussions, and Discord.

Describe the bug

On version
"@supabase/ssr": "^0.4.0",

image Randomly been getting these errors for my app. Only solution is to destroy my cookies and refresh.

Error: Invalid UTF-8 sequence
at (node_modules/@supabase/ssr/dist/module/utils/base64url.js:187:0)
at (node_modules/@supabase/ssr/dist/module/utils/base64url.js:90:0)
at (node_modules/@supabase/ssr/dist/module/cookies.js:246:30)
at (node_modules/@supabase/auth-js/dist/module/lib/helpers.js:100:0)
at (node_modules/@supabase/auth-js/dist/module/GoTrueClient.js:787:0)
at (node_modules/@supabase/auth-js/dist/module/GoTrueClient.js:768:0)
at (node_modules/@supabase/auth-js/dist/module/GoTrueClient.js:714:0)

This us a super weird bug where when I visit my website it just literally crashes. However clearing my cookies the website works for a bit then stops.

To Reproduce

Steps to reproduce the behavior, please provide code snippets or a repository:

I do not know how the bug occurs.

Screenshots

If applicable, add screenshots to help explain your problem.

System information

Running on a nextjs app with supabase. My app allows google logins

@k2xl k2xl added the bug Something isn't working label Sep 20, 2024
@Nishchit14
Copy link

This is happening to me as well on the production app. Need to degrade the version asap.

@k2xl
Copy link
Author

k2xl commented Sep 27, 2024

@Nishchit14 which version did you downgrade? I continuously get this error in production too

@Nishchit14
Copy link

@k2xl @supabase/ssr": "^0.0.10

@j4w8n
Copy link
Contributor

j4w8n commented Sep 29, 2024

@Nishchit14 @k2xl would you mind adding this option to all of your Supabase client-creation code, to see if it resolves the issue? Keep in mind that this will alter how the cookie is stored; so, if you are grabbing the cookie yourself, somewhere in your code, you'd need to change how that functions.

I'm not offering this as a long-term solution, but rather a test. Although, if it's a client option then it could be used long-term.

/* example only. this option is needed in all code that creates a client. */
export function createClient() {
  return createBrowserClient(process.env.NEXT_PUBLIC_SUPABASE_URL!, process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!,
    {
      cookieEncoding: "raw"
    }
  )
}

base64:
image

raw:
image

Roughly how long is the time between failures?

@k2xl
Copy link
Author

k2xl commented Sep 30, 2024

Trying and will get back to you
(Apologies, accidentally closed the task. reopened it now)

@k2xl k2xl closed this as completed Sep 30, 2024
@k2xl k2xl reopened this Sep 30, 2024
@k2xl
Copy link
Author

k2xl commented Oct 1, 2024

Still occurs. Happens an hour or so in

@j4w8n
Copy link
Contributor

j4w8n commented Oct 1, 2024

I'm not sure what would be going on then. I went through every source file, and the only references I can find to base64url.js are when cookies are being encoded/decoded to/from base64 (or for tests).

And you're sure you added that option in every place that a Supabase client is created?

And the error is the same as the original?

@k2xl
Copy link
Author

k2xl commented Oct 1, 2024

@j4w8n I added it to all the createClients that allow me to pass that cookieEncoding

  // Create a supabase client on the browser with project's credentials
  return createBrowserClient(
    process.env.NEXT_PUBLIC_SUPABASE_URL!,
    process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!,
    { cookieEncoding: 'raw' }
  );
const cookieStore = cookies();

  return createServerClient(
    process.env.NEXT_PUBLIC_SUPABASE_URL!,
    process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!,
    {
      cookieEncoding: 'raw',
      cookies: {
        get(name: string) {
          return cookieStore.get(name)?.value;
        },
        set(name: string, value: string, options: CookieOptions) {
          try {
            cookieStore.set({ name, value, ...options });
          } catch (error) {
            // The `set` method was called from a Server Component.
            // This can be ignored if you have middleware refreshing
            // user sessions.
          }
        },
        remove(name: string, options: CookieOptions) {
          try {
            cookieStore.set({ name, value: '', ...options });
          } catch (error) {
            // The `delete` method was called from a Server Component.
            // This can be ignored if you have middleware refreshing
            // user sessions.
          }
        },
      },
    }
  );

Initialization error: Error: Invalid UTF-8 sequence
    at stringFromUTF8 (webpack-internal:///(rsc)/./node_modules/@supabase/ssr/dist/module/utils/base64url.js:195:19)
    at stringFromBase64URL (webpack-internal:///(rsc)/./node_modules/@supabase/ssr/dist/module/utils/base64url.js:98:17)

@j4w8n
Copy link
Contributor

j4w8n commented Oct 1, 2024

@k2xl that's really strange. Can you verify the cookie is not being stored with a base64 prefix at the beginning?

@k2xl
Copy link
Author

k2xl commented Oct 2, 2024

Actually the cookies still do begin with base64…

@j4w8n
Copy link
Contributor

j4w8n commented Oct 3, 2024

@k2xl Is this reproducible during dev on your machine, or is it only during prod on Vercel?

@k2xl
Copy link
Author

k2xl commented Oct 6, 2024

Reproduces on dev and on prod

@fincha
Copy link

fincha commented Oct 17, 2024

I have the same issue, but it happens to me only on prod... what a shame :(

    "@nuxtjs/supabase": "^1.4.1",

error stack

[nitro] [unhandledRejection] Error: Invalid UTF-8 sequence
    at stringFromUTF8 (/opt/render/project/src/.output/server/node_modules/@supabase/ssr/dist/main/utils/base64url.js:200:19)
    at stringFromBase64URL (/opt/render/project/src/.output/server/node_modules/@supabase/ssr/dist/main/utils/base64url.js:94:17)
    at Object.getItem (/opt/render/project/src/.output/server/node_modules/@supabase/ssr/dist/main/cookies.js:249:63)
    at process.processTicksAndRejections (node:internal/process/task_queues:105:5)
    at async getItemAsync (/opt/render/project/src/.output/server/node_modules/@supabase/auth-js/dist/main/lib/helpers.js:134:19)
    at async SupabaseAuthClient.__loadSession (/opt/render/project/src/.output/server/node_modules/@supabase/auth-js/dist/main/GoTrueClient.js:800:34)
    at async SupabaseAuthClient._useSession (/opt/render/project/src/.output/server/node_modules/@supabase/auth-js/dist/main/GoTrueClient.js:781:28)
    at async SupabaseAuthClient._emitInitialSession (/opt/render/project/src/.output/server/node_modules/@supabase/auth-js/dist/main/GoTrueClient.js:1218:16)
Screenshot 2024-10-17 at 22 50 40 Screenshot 2024-10-17 at 22 50 46

PS: ok, it only happens, when I have this cookie... no idea how it happend. I haven't even deployed today.
PPS:

I have decoded this base64 cookie and have found probably the issue:

{"access_token":"eyJhb...Z3q0","token_type":"bearer","expires_in":3600,"expires_at":1729179524,"refresh_token":"LOt97s...ky-A","user":{"id":"8f71b6c8-32bb-40a0-b22e

Total length: 2379 characters (decoded)
I am using latest Version of firefox on macos.

it is not a valid JSON... the user id is not fully represended. Now idea how it happend.

@fincha
Copy link

fincha commented Oct 17, 2024

Ok... my bad, I wondered why the first part of the cookie was decodeable and others not, so I combined it 😄 (what a hacker I am) anyway, the string was also decodeable.

I used this tool to decode: https://base64.guru/converter/decode

and I had this warning:

The character encoding was detected as “ISO-8859-1”, but the algorithm is inaccurate and there is a high probability that this is wrong. Because of this you can get the wrong results. To know for sure, please check the Character Encoding Detector tool.

at the end of the json I had this

ÓuCS£C�£#ã3�3Cs%¢"Â&�5öæöç�Ö÷W2#¦fÇ6W×Ð
Screenshot 2024-10-17 at 23 08 21

this might be the issue

@Krovikan-Vamp
Copy link

My cookies also start with the "base64-" prefix and I have passed the cookieEncoding prop as noted above.
image

Are there any options other than downgrading the @supabase/ssr version?

Clearing the site data always resolves this error, though. After the session times out (an hour or so) I get the same error.
image

@fincha
Copy link

fincha commented Dec 3, 2024

I "fixed" this for me, by deleting all the cookies and this issue never reappear, BUT i think I have an idea why it was present the first time, if you @Krovikan-Vamp could confirm one of this actions for you too, this will be the issue:

  • you switched between users and one of the users has more information in token then the other
  • you enriched/decreaed amount of information passed by token for single user

my idea is, if token was 4 cookies long, and is suddently 3 or the other way, it crashes, what makes totally sense IMHO.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

No branches or pull requests

5 participants