UnauthorizedError: No authorization token -- EC2/RDS Postgres

Question

My node.js app runs fine on my local machine (and is able to authenticate against my remote Postgres database hosted in AWS RDS). However, whenever I try to deploy my app to my ec2 instance running Ubuntu 20, I get the following error:

UnauthorizedError: No authorization token was found
    at middleware (/home/ubuntu/[EMPLOYER]-dashboard/backend/node_modules/express-jwt/lib/index.js:76:21)
    at /home/ubuntu/[EMPLOYER]-dashboard/backend/node_modules/express-unless/index.js:47:5
    at Layer.handle [as handle_request] (/home/ubuntu/[EMPLOYER]-dashboard/backend/node_modules/express/lib/router/layer.js:95:5)
    at trim_prefix (/home/ubuntu/[EMPLOYER]-dashboard/backend/node_modules/express/lib/router/index.js:317:13)
    at /home/ubuntu/[EMPLOYER]-dashboard/backend/node_modules/express/lib/router/index.js:284:7
    at Function.process_params (/home/ubuntu/[EMPLOYER]-dashboard/backend/node_modules/express/lib/router/index.js:335:12)
    at next (/home/ubuntu/[EMPLOYER]-dashboard/backend/node_modules/express/lib/router/index.js:275:10)
    at serveStatic (/home/ubuntu/[EMPLOYER]-dashboard/backend/node_modules/serve-static/index.js:75:16)
    at Layer.handle [as handle_request] (/home/ubuntu/[EMPLOYER]-dashboard/backend/node_modules/express/lib/router/layer.js:95:5)
    at trim_prefix (/home/ubuntu/[EMPLOYER]-dashboard/backend/node_modules/express/lib/router/index.js:317:13)

I have double checked the security settings on AWS--I am pretty confident my issue is not related to the security policy. I'm able to connect to the database fine using the psql command line tool from my EC2 instance. On my local machine, I am able to recreate this error in the following way: In the frontend server directory, in the .env file, I have the following line:

REACT_APP_API_HOST=http://localhost:5000

If I remove that line before starting the development server on my machine, then I get the exact same error as listed above. With that line present, the authentication works fine.

Of course, when running the app on my local machine, I am running two servers: the frontend server on port 3000, and the backend server on port 5000. When I deploy to the EC2 instance, I only have the backend server running on port 5000--I build the frontend locally, and then upload it via ftp to the server.

Below are the request and response headers that are sent when the error occurs:

Request:

POST /dashboard/undefined/user/login HTTP/1.1
Host: [EC2 IP].us-west-2.compute.amazonaws.com:5000
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:89.0) Gecko/20100101 Firefox/89.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json
Content-Length: 43
Origin: http://[EC2 IP].us-west-2.compute.amazonaws.com:5000
Connection: keep-alive
Referer: http://[EC2 IP].us-west-2.compute.amazonaws.com:5000/dashboard/login
Cookie: _ga=GA1.5.1312663935.1625619936; _gid=GA1.5.976208181.1626105841; _gat_gtag_UA_135473578_2=1

Response:

HTTP/1.1 401 Unauthorized
X-Powered-By: Express
Vary: Origin
Access-Control-Allow-Credentials: true
Content-Security-Policy: default-src 'none'
X-Content-Type-Options: nosniff
Content-Type: text/html; charset=utf-8
Content-Length: 1354
Date: Mon, 12 Jul 2021 16:04:59 GMT
Connection: keep-alive
Keep-Alive: timeout=5

Answer 1

My assumption is that your port "5000" is wrong. In the local environment, you can use these ports for development, but when you make deploy to EC2 the default http port is 80 (443 for https). So, try to change the "REACT_APP_API_HOST" value with

REACT_APP_API_HOST= http://[EC2 IP].us-west-2.compute.amazonaws.com


 or  REACT_APP_API_HOST= https://[EC2 IP].us-west-2.compute.amazonaws.com  (for 443). 

In case that you need to use port 5000 make sure that all used ports(80,443,3000,5000) are added to the security group from your EC2 (ELB, EBS in case of use)

Answer 2

Please check your request first line. it contains undefined