lee/puter
1
0
Fork 0
mirror of https://github.com/HeyPuter/puter.git synced 2026-05-26 19:32:46 +00:00
Code Issues Actions 4 Packages Projects Releases Wiki Activity

fix: handle problematic null or undefined case

Browse Source 
This is the product of a couple hours of debugging. We can now remove
the uuid entry from the cache for a deleted user without the strange
lockup behavior that was being observed previously. However, it is still
explained exactly how this happened; while this commit addresses the
cause it does not represent an actual understanding of the issue.

What is known is the following:
- /delete-own-user can trigger a complete lockup
- this happens when invalidate_cached_user is called
- kv.del('users:uuid:<uuid of user>') triggers the issue
- ... because get_user returns null and
- configurable_auth middleware accepts the null value
- configurable_auth middleware DOES call next()
- it is unknown why a lockup occurs after this
This commit is contained in:
KernelDeimos
2025-04-24 14:37:25 -04:00
parent 210ecaba8f
commit b7efa6f894
3 changed files with 10 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/backend/src/api/APIError.js
+4
View File
@@ -356,6 +356,10 @@ module.exports = class APIError {
status: 401,
message: 'Authentication failed.',
},
'user_not_found': {
status: 401,
message: 'User not found.',
},
'token_unsupported': {
status: 401,
message: 'This authentication token is not supported here.',
src/backend/src/helpers.js
+1 -1
View File
@@ -199,7 +199,7 @@ async function get_user(options) {
*/
function invalidate_cached_user (user) {
kv.del('users:username:' + user.username);
// kv.del('users:uuid:' + user.uuid);
kv.del('users:uuid:' + user.uuid);
kv.del('users:email:' + user.email);
kv.del('users:id:' + user.id);
}
src/backend/src/services/auth/AuthService.js
+5
View File
@@ -24,6 +24,7 @@ const { Context } = require("../../util/context");
const APIError = require("../../api/APIError");
const { DB_WRITE } = require("../database/consts");
const { UUIDFPE } = require("../../util/uuidfpe");
const { nou } = require("../../util/langutil");
// This constant defines the namespace used for generating app UUIDs from their origins
const APP_ORIGIN_UUID_NAMESPACE = '33de3768-8ee0-43e9-9e73-db192b97a5d8';
@@ -106,6 +107,10 @@ class AuthService extends BaseService {
const user = await get_user({ uuid: decoded.user_uid });
if ( nou(user) ) {
throw APIError.create('user_not_found');
}
const actor_type = new UserActorType({
user,
session: session.uuid,