Error when creating token for API with shared listen path

fredrikhl · May 10, 2016, 10:28am

I accidently set up two APIs with the same listen-path. One of the APIs was configured to use OAuth2, and the other with Auth Token.

When trying to generate an Auth Token that is restricted to the latter API, I get the following errors from Tyk

tyk[3720]: 2016/05/10 12:13:36 http: panic serving <client-ip>: runtime error: invalid memory address or nil pointer dereference
tyk[3720]: goroutine 256 [running]:
tyk[3720]: net/http.(*conn).serve.func1(0xc8201be100)
tyk[3720]: /usr/local/go/src/net/http/server.go:1389 +0xc1
tyk[3720]: panic(0xc55920, 0xc82000e0b0)
tyk[3720]: /usr/local/go/src/runtime/panic.go:426 +0x4e9
tyk[3720]: main.createKeyHandler(0x7fd8c10ab778, 0xc82005a270, 0xc82029e0e0)
tyk[3720]: /home/tyk/go/src/github.com/lonelycode/tyk/api.go:1316 +0x141b
tyk[3720]: main.CheckIsAPIOwner.func1(0x7fd8c10ab778, 0xc82005a270, 0xc82029e0e0)
tyk[3720]: /home/tyk/go/src/github.com/lonelycode/tyk/middleware_api_security_handler.go:24 +0xe1
tyk[3720]: net/http.HandlerFunc.ServeHTTP(0xc8202f6df0, 0x7fd8c10ab778, 0xc82005a270, 0xc82029e0e0)
tyk[3720]: /usr/local/go/src/net/http/server.go:1618 +0x3a
tyk[3720]: github.com/gorilla/mux.(*Router).ServeHTTP(0xc820248b40, 0x7fd8c10ab778, 0xc82005a270, 0xc82029e0e0)
tyk[3720]: /home/tyk/go/src/github.com/gorilla/mux/mux.go:98 +0x29e
tyk[3720]: net/http.(*ServeMux).ServeHTTP(0xc820058ba0, 0x7fd8c10ab778, 0xc82005a270, 0xc82029e0e0)
tyk[3720]: /usr/local/go/src/net/http/server.go:1910 +0x17d
tyk[3720]: net/http.serverHandler.ServeHTTP(0xc8203f2000, 0x7fd8c10ab778, 0xc82005a270, 0xc82029e0e0)
tyk[3720]: /usr/local/go/src/net/http/server.go:2081 +0x19e
tyk[3720]: net/http.(*conn).serve(0xc8201be100)
tyk[3720]: /usr/local/go/src/net/http/server.go:1472 +0xf2e
tyk[3720]: created by net/http.(*Server).Serve
tyk[3720]: /usr/local/go/src/net/http/server.go:2137 +0x44e

and Dashboard:

tyk-analytics[28785]: time="May 10 12:13:36" level=error msg="Failed to create key: Post <base-url>/tyk/keys/create: EOF"
tyk-analytics[28785]: time="May 10 12:13:36" level=warning msg="Failed create:Failed to create key: Post <base-url>/tyk/keys/create: EOF"
tyk-analytics[28785]: time="May 10 12:13:36" level=error msg="Failed to save new session object to Tyk: Failed to create key: Post <base-url>/tyk/keys/create:
EOF"

This is probably an error on my part, with misconfigured APIs, but

I should probably get a warning or an error when trying to create a new API using the same listen-path AND with different auth methods.
This situation should be handled better.

Martin · May 10, 2016, 10:55am

Usually if a duplicate listen path is detected, it doesn’t get loaded and you do see a warnings in the gateway logs. Also, the gateway will skip the duplicate path and not load it, so it is partially handled.

Also, I think the dashboard actually has a mode to ensure listen paths are unique, but I think this is disabled if domain handling is enabled, because with domain handling it is possible to have duplicate listen paths bound to mutliple APIs. Might need some tightening up.

This stack trace is new though, so will tey and make it cleaner.

Thanks for the heads up.