From b7efa6f89431836bcd1292d495ba010c2933d9dd Mon Sep 17 00:00:00 2001 From: KernelDeimos Date: Thu, 24 Apr 2025 14:37:25 -0400 Subject: [PATCH] fix: handle problematic null or undefined case This is the product of a couple hours of debugging. We can now remove the uuid entry from the cache for a deleted user without the strange lockup behavior that was being observed previously. However, it is still explained exactly how this happened; while this commit addresses the cause it does not represent an actual understanding of the issue. What is known is the following: - /delete-own-user can trigger a complete lockup - this happens when invalidate_cached_user is called - kv.del('users:uuid:') triggers the issue - ... because get_user returns null and - configurable_auth middleware accepts the null value - configurable_auth middleware DOES call next() - it is unknown why a lockup occurs after this --- src/backend/src/api/APIError.js | 4 ++++ src/backend/src/helpers.js | 2 +- src/backend/src/services/auth/AuthService.js | 5 +++++ 3 files changed, 10 insertions(+), 1 deletion(-) diff --git a/src/backend/src/api/APIError.js b/src/backend/src/api/APIError.js index afd1a22fe..413af0a8f 100644 --- a/src/backend/src/api/APIError.js +++ b/src/backend/src/api/APIError.js @@ -356,6 +356,10 @@ module.exports = class APIError { status: 401, message: 'Authentication failed.', }, + 'user_not_found': { + status: 401, + message: 'User not found.', + }, 'token_unsupported': { status: 401, message: 'This authentication token is not supported here.', diff --git a/src/backend/src/helpers.js b/src/backend/src/helpers.js index f721a7e2b..8cacbb44d 100644 --- a/src/backend/src/helpers.js +++ b/src/backend/src/helpers.js @@ -199,7 +199,7 @@ async function get_user(options) { */ function invalidate_cached_user (user) { kv.del('users:username:' + user.username); - // kv.del('users:uuid:' + user.uuid); + kv.del('users:uuid:' + user.uuid); kv.del('users:email:' + user.email); kv.del('users:id:' + user.id); } diff --git a/src/backend/src/services/auth/AuthService.js b/src/backend/src/services/auth/AuthService.js index 8fa9ae856..24c04c0b0 100644 --- a/src/backend/src/services/auth/AuthService.js +++ b/src/backend/src/services/auth/AuthService.js @@ -24,6 +24,7 @@ const { Context } = require("../../util/context"); const APIError = require("../../api/APIError"); const { DB_WRITE } = require("../database/consts"); const { UUIDFPE } = require("../../util/uuidfpe"); +const { nou } = require("../../util/langutil"); // This constant defines the namespace used for generating app UUIDs from their origins const APP_ORIGIN_UUID_NAMESPACE = '33de3768-8ee0-43e9-9e73-db192b97a5d8'; @@ -106,6 +107,10 @@ class AuthService extends BaseService { const user = await get_user({ uuid: decoded.user_uid }); + if ( nou(user) ) { + throw APIError.create('user_not_found'); + } + const actor_type = new UserActorType({ user, session: session.uuid,