ever growing provider_requests table in auth schema

[saibs]

We are self hosting hasura auth, we noticed recently that lots of entries are created in provider_requests table in auth schema and keeps on growing because of this request triggered in the oauth middleware responsible in creating the session. Note: we are not using any oauth provider as a signin method.

I think this is happening since this commit the healthz endpoint moved to app level and every call to healthz endpoint creates an entry in provider_requests table because of the above express middleware.

Steps to reproduce

• Make sure you are running the auth service without any AUTH_API_PREFIX
• Make a call to /healthz endpoint, which triggers oauth middleware and creating an entry in provider_requests table

tested on version: 0.24.0 related discord discussion

[dbarrosop]

Ok, I could reproduce with an empty AUTH_API_PREFIX. If you have a solution that doesn't involve changing current behavior a PR is more than welcomed. Otherwise we will try to take a look when we have the time.

Note to interested parties: This doesn't affect nhost-managed instances.

[saibs]

one easy solution by not affecting current behavior would be to hoist the /healthz endpoint check above the app usage of router

but this would still be a vulnerability as one can create lots of entries in the database by just calling random routes which are 404, because of this catch all route and would create sessions with null values in provider_requests table

[stale[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.