My Laravel + GatsbyJS app uses auth:sanctum for login management, other users are getting server 500 errors, but my login is working fine

Question

So I have an app (using laravel for the backend and GatsbyJS for the frontend) that I'm helping develop. A month ago, all users were able to log in without issues. But I found that now, all users cannot log in in the production environment (except me).

login.jsx file

const formChanged = async (e) => {
    setError(false);
    e.preventDefault();
    setSubmitting(true);
    let loginData = getValues();
    let response = await login(loginData.email, loginData.password);
    setSubmitting(false);
    if (response.error) {
      setError(true);
      setValue('password', '');
    } else {
      navigate('/app/idm/');
    }
  };

let response = await login() calls a method named login, which is located in the api.js file

api.js file

// Log in to the application
export const login = async (email, password) => {

  // send request
  let response = await makeRequest('post', '/login', { email, password });

  // If there are no errors, set the token and user
  if (!response.error && isBrowser()) {
    localStorage.setItem('idm_token', response.data.access_token);
    let my_user = JSON.stringify(await me(response.data.access_token));
    localStorage.setItem('idm_user', my_user);
  }

  return response;
};

When we pass the email and password, this data is verified and at this point, all users are able to generate tokens without issue.

(For reference only, the code to generate the sanctum token) api.php file

Route::post('/login', function(Request $request) {
    $login = $request->only('email', 'password');

    if (Auth::attempt($login)) {
        $user = User::where('email', $request['email'])->firstOrFail();
        
        $token = $user->createToken('auth_token')->plainTextToken;

        return response()->json([
            'access_token' => $token,
            'token_type' => 'Bearer'
        ]);
    }

    return response()->json(["message" => "Authentication failed"], 401);
})->name('api.login');

The problem appears to be accessing routes that are currently protected by auth:sanctum. Again, all users are able to generate tokens, but only my login details allow me to access the route. All other users will receive a server 500 error.

This happens in the api.js file when we try to get my_user details:

let my_user = JSON.stringify(await me(response.data.access_token));

Another problem I'm having is that my laravel application in production stopped outputting errors a few months ago and I can't figure out how to fix the error logging issue in production (in development, Error logging is OK).

Sorry for the lack of details, I'm very new to all this and if there are any tips or things to try I'd really appreciate it, even if I don't get the answer I'm more than willing to work on learning and solving this question.

Answer 1

To further troubleshoot the issue, I decided to look at why I wasn't receiving the error logs.

I decided to set the storage folder and its contents to chmod 777

chmod -R 777 storage/

Add -R to recursively set content to 777

This actually solved my login issue, but I noticed that after returning the permission level to 775, some users were able to log in again, but not all.

Then I thought, maybe there is a permission issue with my log file/folder and maybe that's why I'm not getting the error log printed out?

So I looked further into my laravel.log file. Turns out it can only be read by the user (ubuntu:ubuntu). I decided to change its group to www-data

chown ubuntu:www-data laravel.log

This is very helpful to me, I am able to record error logs in laravel again!

Now I see my error, roughly as follows:

production.ERROR: Unable to create lockable file: /var/www/main/backend/storage/framework/cache/data/d5/........etc...etcc

So I checked every permission under storage and found that my data folder can only be accessed by the user

I added www-data as a group of the data folder:

chown ubuntu:www-data data

Now, my problem is solved! (Note: My chmod permissions have been restored to 775)