iDefineHD/TurboTrades
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
TurboTrades/QUICK_FIX.md
iDefineHD 232968de1e first commit
2026-01-10 04:57:43 +00:00

4.8 KiB
Raw Permalink Blame History

Quick Fix Guide - Sessions & 2FA Not Working

TL;DR - The routes work! The issue is cookie configuration.

Good news: Both /api/user/sessions and /api/user/2fa/setup endpoints exist and work perfectly! The problem: Your browser cookies aren't reaching the backend.

🚀 Fastest Way to Diagnose

Option 1: Use the Diagnostic Page (EASIEST)

  1. Make sure both frontend and backend are running
  2. Navigate to: http://localhost:5173/diagnostic
  3. The page will automatically run all tests and tell you exactly what's wrong
  4. Follow the on-screen instructions

Option 2: Browser Console (QUICK)

  1. While on your frontend (logged in), press F12
  2. Go to Console tab
  3. Paste this and press Enter:
fetch('/api/auth/debug-cookies', { credentials: 'include' })
  .then(r => r.json())
  .then(d => console.log('Backend sees cookies:', d.hasAccessToken, d.hasRefreshToken));

If it shows false, false → Backend isn't receiving cookies (see fix below) If it shows true, true → Backend IS receiving cookies, continue testing

🔧 Most Likely Fix

Problem: Cookie Domain Mismatch

Your backend is probably setting cookies with the wrong domain.

Fix:

  1. Stop your backend (Ctrl+C)

  2. Edit TurboTrades/config/index.js or create/edit .env:

# Add or update these lines:
COOKIE_DOMAIN=localhost
COOKIE_SECURE=false
COOKIE_SAME_SITE=lax
CORS_ORIGIN=http://localhost:5173
  1. Restart backend:
npm run dev

  1. Clear ALL cookies:

    • DevTools (F12) → Application → Cookies → localhost → Right-click → Clear

  2. Log out and log back in via Steam

  3. Test again - go to http://localhost:5173/diagnostic

Verify It's Fixed

After applying the fix:

  1. Go to http://localhost:5173/diagnostic
  2. All checks should show green checkmarks
  3. Try accessing Profile → Active Sessions
  4. Try enabling 2FA

🐛 Still Not Working?

Check Cookie Attributes in DevTools

  1. Press F12
  2. Go to Application tab (Chrome) or Storage tab (Firefox)
  3. Click Cookieshttp://localhost:5173
  4. Find accessToken and refreshToken

Check these values:

Attribute Should Be Problem If
Domain localhost 127.0.0.1 or 0.0.0.0
Secure ☐ unchecked ☑ checked (won't work on HTTP)
SameSite Lax Strict
Path / Anything else

If cookies don't exist at all:

  • You're not actually logged in
  • Click "Login with Steam" and complete OAuth
  • After redirect, check cookies again

If cookies exist but wrong attributes:

  • Backend config is wrong
  • Apply the fix above
  • Clear cookies
  • Log in again

📝 What Actually Happened

When I tested your backend directly:

# Testing sessions endpoint
curl http://localhost:3000/user/sessions
# Response: {"error":"Unauthorized","message":"No access token provided"}
# This is CORRECT - it means the route exists and works!

# Testing 2FA endpoint  
curl -X POST http://localhost:3000/user/2fa/setup -H "Content-Type: application/json" -d "{}"
# Response: {"error":"Unauthorized","message":"No access token provided"}
# This is also CORRECT!

Both routes exist and respond properly. They're just not receiving your cookies when called from the frontend.

🎯 Root Cause

Your frontend makes requests like:

http://localhost:5173/api/user/sessions

Vite proxy forwards it to:

http://localhost:3000/user/sessions

The backend processes it but doesn't receive the Cookie header because:

  • Cookie domain doesn't match
  • Or cookie is marked Secure but you're on HTTP
  • Or SameSite is too restrictive

📚 More Help

  • Detailed guide: See TROUBLESHOOTING_AUTH.md
  • Browser diagnostic: See BROWSER_DIAGNOSTIC.md
  • Test backend: Run node test-auth.js

Quick Test Commands

# Test if backend is running
curl http://localhost:3000/health

# Test if routes are registered
curl http://localhost:3000/user/sessions
# Should return 401 Unauthorized (this is good!)

# Test cookie debug endpoint
curl http://localhost:3000/auth/debug-cookies
# Shows cookie configuration

# After logging in, copy accessToken from DevTools and test:
curl http://localhost:3000/user/sessions -H "Cookie: accessToken=YOUR_TOKEN_HERE"
# Should return your sessions (if cookie is valid)

🎉 Success Looks Like This

When everything works:

  1. Browser has accessToken and refreshToken cookies
  2. Backend receives those cookies on every request
  3. /api/auth/me returns your user data
  4. /api/user/sessions returns your active sessions
  5. /api/user/2fa/setup generates QR code
  6. Profile page shows sessions and 2FA options

Need more help? Go to http://localhost:5173/diagnostic and follow the on-screen instructions!

Reference in New Issue View Git Blame Copy Permalink