search

freshgiammi-lab / connect-typeorm

A TypeORM-based session store.
https://npmjs.com/package/connect-typeorm
MIT License
48 stars 25 forks source link

[BUG]: Spam Update after start server #42

Open SebaBoler opened 1 year ago

SebaBoler commented 1 year ago

Contact Details

No response

Bug description

After start server NestJs + TypeOrm + Graphql session few times tried to update 

[Nest] 10205  - 23.02.2023, 11:16:55     LOG [GraphQLModule] Mapped {/graphql, POST} route +198ms
[Nest] 10205  - 23.02.2023, 11:16:55     LOG [NestApplication] Nest application successfully started +3ms
🚀 Server server is running on : http://[::1]:4000
query: SELECT "session"."expiredAt" AS "session_expiredAt", "session"."id" AS "session_id", "session"."json" AS "session_json", "session"."destroyedAt" AS "session_destroyedAt" FROM "public"."sessions" "session" WHERE ( "session"."expiredAt" > $1 AND "session"."id" = $2 ) AND ( "session"."destroyedAt" IS NULL ) -- PARAMETERS: [1677151031456,"PNDawtNPJili9eClxEz2LZlJyv9Zj1Om"]
query: SELECT "session"."expiredAt" AS "session_expiredAt", "session"."id" AS "session_id", "session"."json" AS "session_json", "session"."destroyedAt" AS "session_destroyedAt" FROM "public"."sessions" "session" WHERE ( "session"."expiredAt" > $1 AND "session"."id" = $2 ) AND ( "session"."destroyedAt" IS NULL ) -- PARAMETERS: [1677151032792,"PNDawtNPJili9eClxEz2LZlJyv9Zj1Om"]
query: SELECT "session"."expiredAt" AS "session_expiredAt", "session"."id" AS "session_id", "session"."json" AS "session_json", "session"."destroyedAt" AS "session_destroyedAt" FROM "public"."sessions" "session" WHERE ( "session"."expiredAt" > $1 AND "session"."id" = $2 ) AND ( "session"."destroyedAt" IS NULL ) -- PARAMETERS: [1677151033425,"PNDawtNPJili9eClxEz2LZlJyv9Zj1Om"]
query: SELECT "session"."expiredAt" AS "session_expiredAt", "session"."id" AS "session_id", "session"."json" AS "session_json", "session"."destroyedAt" AS "session_destroyedAt" FROM "public"."sessions" "session" WHERE ( "session"."expiredAt" > $1 AND "session"."id" = $2 ) AND ( "session"."destroyedAt" IS NULL ) -- PARAMETERS: [1677151034445,"PNDawtNPJili9eClxEz2LZlJyv9Zj1Om"]
query: SELECT "session"."expiredAt" AS "session_expiredAt", "session"."id" AS "session_id", "session"."json" AS "session_json", "session"."destroyedAt" AS "session_destroyedAt" FROM "public"."sessions" "session" WHERE ( "session"."expiredAt" > $1 AND "session"."id" = $2 ) AND ( "session"."destroyedAt" IS NULL ) -- PARAMETERS: [1677151035425,"PNDawtNPJili9eClxEz2LZlJyv9Zj1Om"]

Next issue after when I used Mutation to login and inserted first session to entity, server just started spam update and changing session.destroyedAt. Its not good practice to spam like that every milisecond.

query: INSERT INTO "public"."sessions"("expiredAt", "id", "json", "destroyedAt") VALUES ($1, $2, $3, DEFAULT) RETURNING "destroyedAt" -- PARAMETERS: [1677154720896,"5bLbGqQp5MEusImGFnPUXZdulu_uHHHI","{\"cookie\":{\"originalMaxAge\":3600000,\"expires\":\"2023-02-23T12:18:40.696Z\",\"secure\":true,\"httpOnly\":true,\"path\":\"/\",\"sameSite\":\"none\"},\"userId\":\"b018aec8-27b5-4239-810e-edf5b1fc2074\",\"language\":\"pl\"}"]
query: SELECT "session"."expiredAt" AS "session_expiredAt", "session"."id" AS "session_id", "session"."json" AS "session_json", "session"."destroyedAt" AS "session_destroyedAt" FROM "public"."sessions" "session" WHERE ( "session"."expiredAt" > $1 AND "session"."id" = $2 ) AND ( "session"."destroyedAt" IS NULL ) -- PARAMETERS: [1677151121208,"5bLbGqQp5MEusImGFnPUXZdulu_uHHHI"]
query: UPDATE "public"."sessions" SET "expiredAt" = $1 WHERE "id" IN ($2) -- PARAMETERS: [1677154721442,"5bLbGqQp5MEusImGFnPUXZdulu_uHHHI"]
query: SELECT "session"."expiredAt" AS "session_expiredAt", "session"."id" AS "session_id", "session"."json" AS "session_json", "session"."destroyedAt" AS "session_destroyedAt" FROM "public"."sessions" "session" WHERE ( "session"."expiredAt" > $1 AND "session"."id" = $2 ) AND ( "session"."destroyedAt" IS NULL ) -- PARAMETERS: [1677151122208,"5bLbGqQp5MEusImGFnPUXZdulu_uHHHI"]
query: UPDATE "public"."sessions" SET "expiredAt" = $1 WHERE "id" IN ($2) -- PARAMETERS: [1677154722368,"5bLbGqQp5MEusImGFnPUXZdulu_uHHHI"]
query: SELECT "session"."expiredAt" AS "session_expiredAt", "session"."id" AS "session_id", "session"."json" AS "session_json", "session"."destroyedAt" AS "session_destroyedAt" FROM "public"."sessions" "session" WHERE ( "session"."expiredAt" > $1 AND "session"."id" = $2 ) AND ( "session"."destroyedAt" IS NULL ) -- PARAMETERS: [1677151123207,"5bLbGqQp5MEusImGFnPUXZdulu_uHHHI"]
query: UPDATE "public"."sessions" SET "expiredAt" = $1 WHERE "id" IN ($2) -- PARAMETERS: [1677154723299,"5bLbGqQp5MEusImGFnPUXZdulu_uHHHI"]
query: SELECT "session"."expiredAt" AS "session_expiredAt", "session"."id" AS "session_id", "session"."json" AS "session_json", "session"."destroyedAt" AS "session_destroyedAt" FROM "public"."sessions" "session" WHERE ( "session"."expiredAt" > $1 AND "session"."id" = $2 ) AND ( "session"."destroyedAt" IS NULL ) -- PARAMETERS: [1677151124212,"5bLbGqQp5MEusImGFnPUXZdulu_uHHHI"]
query: UPDATE "public"."sessions" SET "expiredAt" = $1 WHERE "id" IN ($2) -- PARAMETERS: [1677154724292,"5bLbGqQp5MEusImGFnPUXZdulu_uHHHI"]
query: SELECT "session"."expiredAt" AS "session_expiredAt", "session"."id" AS "session_id", "session"."json" AS "session_json", "session"."destroyedAt" AS "session_destroyedAt" FROM "public"."sessions" "session" WHERE ( "session"."expiredAt" > $1 AND "session"."id" = $2 ) AND ( "session"."destroyedAt" IS NULL ) -- PARAMETERS: [1677151125218,"5bLbGqQp5MEusImGFnPUXZdulu_uHHHI"]
query: UPDATE "public"."sessions" SET "expiredAt" = $1 WHERE "id" IN ($2) -- PARAMETERS: [1677154725301,"5bLbGqQp5MEusImGFnPUXZdulu_uHHHI"]
query: SELECT "session"."expiredAt" AS "session_expiredAt", "session"."id" AS "session_id", "session"."json" AS "session_json", "session"."destroyedAt" AS "session_destroyedAt" FROM "public"."sessions" "session" WHERE ( "session"."expiredAt" > $1 AND "session"."id" = $2 ) AND ( "session"."destroyedAt" IS NULL ) -- PARAMETERS: [1677151126212,"5bLbGqQp5MEusImGFnPUXZdulu_uHHHI"]
query: UPDATE "public"."sessions" SET "expiredAt" = $1 WHERE "id" IN ($2) -- PARAMETERS: [1677154726301,"5bLbGqQp5MEusImGFnPUXZdulu_uHHHI"]
query: SELECT "session"."expiredAt" AS "session_expiredAt", "session"."id" AS "session_id", "session"."json" AS "session_json", "session"."destroyedAt" AS "session_destroyedAt" FROM "public"."sessions" "session" WHERE ( "session"."expiredAt" > $1 AND "session"."id" = $2 ) AND ( "session"."destroyedAt" IS NULL ) -- PARAMETERS: [1677151127207,"5bLbGqQp5MEusImGFnPUXZdulu_uHHHI"]
query: UPDATE "public"."sessions" SET "expiredAt" = $1 WHERE "id" IN ($2) -- PARAMETERS: [1677154727288,"5bLbGqQp5MEusImGFnPUXZdulu_uHHHI"]
query: SELECT "session"."expiredAt" AS "session_expiredAt", "session"."id" AS "session_id", "session"."json" AS "session_json", "session"."destroyedAt" AS "session_destroyedAt" FROM "public"."sessions" "session" WHERE ( "session"."expiredAt" > $1 AND "session"."id" = $2 ) AND ( "session"."destroyedAt" IS NULL ) -- PARAMETERS: [1677151128209,"5bLbGqQp5MEusImGFnPUXZdulu_uHHHI"]
query: UPDATE "public"."sessions" SET "expiredAt" = $1 WHERE "id" IN ($2) -- PARAMETERS: [1677154728277,"5bLbGqQp5MEusImGFnPUXZdulu_uHHHI"]

Its any chance to disabled that to setup manually or adjust time to next update ?

My configuration

    const sessionMiddleware = session({
      // store: new RedisStore({
      //   client: redis as any,
      // }),
      store: new TypeormStore().connect(getRepository(SessionEntity)),
      name: process.env.SESSION_COOKIE_NAME,
      secret: process.env.SESSION_SECRET,
      resave: false,
      saveUninitialized: false,
      // rolling: true,
      cookie: {
        httpOnly: true,
        maxAge: Number(process.env.SESSION_MAXAGE),
        sameSite: 'none',
        secure: PORT !== 8080,
      },

Steps to reproduce

.

Additional Information

No response

freshgiammi commented 1 year ago

Hi @SebaBoler, that's because your TypeORM config has 'query' logging turned on (see: https://typeorm.io/logging), even if I can't see it from the configuration options. Connect-typeorm does not output anything to the console by default. (Also I've been warned the docs are a bit out of date but I haven't had time to fix them, you can check how I usually configure it in #37)

Those queries are executed because connect-typeorm acts as a sort of middleware, allowing you to access the user's info from the request object and as such, every time a request is made connect-typeorm will scan the session table and return the correct object, thus producing a query log.

I couldn't replicate your issue on my dev Express backend and I can only get two queries to DB for each request (SELECT and UPDATE), could you replicate it on a repo?

SebaBoler commented 1 year ago

i will create simple repo. Give me few days