Fix task cancellation, session token expiry, and resource management#12
Merged
Conversation
Delay mode spawned a detached task per message; on stop they were not cancelled (lingering up to the delay), and the handles were never tracked. Hold them in AbortOnDrop guards (pruning finished ones so the list stays bounded) so pending delays are aborted when the node stops.
Session tokens were kept in a set forever (removed only on logout), so repeated logins grew it unbounded. Store each token with a 7-day expiry, prune expired entries on login, and treat expired tokens as invalid. Add a session issue/validate/revoke round-trip test.
get_or_create held the global registry mutex while calling build(), which for tls/wss constructs a TLS config that can panic on unreadable platform certs — poisoning the mutex and breaking all future MQTT connects. Build outside the lock and double-check on insert (a concurrent task may have created the same connection meanwhile, in which case the redundant one is discarded). Confines a build panic to the one node.
The link registry kept a broadcast channel per name forever; over many deploys with distinct names it grew unbounded. Refcount each name and remove its channel when the last link-in/out using it stops (via an RAII guard). Add a test that the entry is removed on last release.
The js function language had no execution cap, so a `while (true) {}`
script occupied a blocking thread forever (rhai is capped by operations,
WASM by fuel — only js was unbounded). Set boa's loop-iteration limit so
runaway loops error out. Add transform + runaway-loop tests.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This pull request introduces several improvements to resource management and safety across the codebase, including session expiration for authentication tokens, bounded resource usage in node channels, and improved handling of MQTT shared connections. It also adds tests to ensure correct behavior and prevent resource leaks.
Authentication improvements:
Authnow have an expiration time (SESSION_TTL) and are automatically pruned when expired, preventing unbounded memory usage from stale tokens. Validation now checks for expiry, and tests were added for session lifecycle. [1] [2] [3] [4] [5] [6]Node/channel resource management:
link.rsnow use reference counting to track active users and automatically remove unused channels, preventing memory leaks over repeated deployments. Tests verify that channels are removed when no longer referenced. [1] [2] [3] [4] [5]Delay node improvements:
MQTT connection safety:
get_or_createinmqtt_shared.rsnow avoids holding the global registry lock while building new connections (which could panic), and ensures only a single shared connection exists per key, aborting redundant drivers if necessary. [1] [2] [3]JavaScript node safety: