Skip to content

Update Auth.js and solved some potential bugs.#9605

Open
Ujjawal-Kantt wants to merge 1 commit intoparse-community:alphafrom
Ujjawal-Kantt:alpha
Open

Update Auth.js and solved some potential bugs.#9605
Ujjawal-Kantt wants to merge 1 commit intoparse-community:alphafrom
Ujjawal-Kantt:alpha

Conversation

@Ujjawal-Kantt
Copy link
Copy Markdown

@Ujjawal-Kantt Ujjawal-Kantt commented Feb 11, 2025

Pull Request

Issue

Closes: Issue #XXXX

Approach

This PR fixes memory leaks, improves session management, enhances security, and optimizes authentication logic in the Auth.js file.

Key Changes:

  1. Fixed Memory Leak in throttle

    • Used a Map() to track session timeouts.
    • Cleared timeouts properly before setting new ones.

  2. Improved Role Fetching Mechanism

    • Ensured this.userRoles updates correctly.
    • Avoided redundant database calls when fetching user roles.

  3. Enhanced Session Token Management

    • Ensured missing sessionToken values are handled properly.
    • Added validation to check for expired session tokens before processing.

  4. Optimized Security Checks & Error Handling

    • Improved error logging for better debugging.
    • Ensured expired or invalid session tokens are rejected early.

  5. Updated renewSessionIfNeeded Logic

    • Reduced redundant session expiry updates.
    • Only updates session expiry when required, preventing unnecessary writes.

Tasks

  • Fix memory leaks in session handling.
  • Improve role-fetching logic.
  • Enhance error handling and security checks.
  • Add tests for updated authentication logic.
  • Update documentation to reflect session management improvements.
  • Add security check.
  • Add new Parse Error codes to Parse JS SDK (No hard-coded error codes in Parse Server).

@Ujjawal-Kantt
Update Auth.js and solved some potential bugs.
b2ec267 
Signed-off-by: Ujjawal Kantt <124806392+Ujjawal-Kantt@users.noreply.github.com>
@parse-github-assistant
Copy link
Copy Markdown

parse-github-assistant Bot commented Feb 11, 2025

Thanks for opening this pull request!

  • ❌ Please link an issue that describes the reason for this pull request, otherwise your pull request will be closed. Make sure to write it as Closes: #123 in the PR description, so I can recognize it.

@mtrezza
Copy link
Copy Markdown
Member

mtrezza commented Apr 7, 2025
edited
Loading

@Ujjawal-Kantt in light of recent fixes in auth adapters, and changes in throttle, is this PR still relevant? If so, you may want to break it down into individual PRs, each one addressing a specific issue, unless where it makes to combine into a single PR.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Ujjawal-Kantt @mtrezza