postgres.js throws PostgresError: expected password response, got message type 109 intermittently

[iugo]

We are experiencing an intermittent issue with postgres.js where we are receiving the error PostgresError: expected password response, got message type 109 (08P01 | protocol_violation). The stack trace for the error is as follows:

PostgresError: expected password response, got message type 109
    at ErrorResponse (https://deno.land/x/postgresjs@v3.3.5/src/connection.js:775:26)
    at handle (https://deno.land/x/postgresjs@v3.3.5/src/connection.js:477:6)
    at data (https://deno.land/x/postgresjs@v3.3.5/src/connection.js:318:9)
    at https://deno.land/x/postgresjs@v3.3.5/polyfills.js:150:32
    at Array.forEach (<anonymous>)
    at call (https://deno.land/x/postgresjs@v3.3.5/polyfills.js:150:18)
    at success (https://deno.land/x/postgresjs@v3.3.5/src/connection.js:110:11)
    at eventLoopTick (ext:core/01_core.js:183:11)

Actual behavior The app throws the error PostgresError: expected password response, got message type 109 (08P01 | protocol_violation).

Additional information

• Deno v1.36.3
• The application is running in Aliyun Function Compute.
• We are using postgres.js version 3.3.5.
• The database is running PostgreSQL version 14.
• The issue is intermittent. It occurs only sometimes, and there does not seem to be any pattern to when it occurs.

Thank you for your help.

[masfahru]

related to https://github.com/porsager/postgres/issues/430

I got the error message after setting the password authentication to md5, would you like to check your database auth-method ?

[iugo]

@masfahru I checked the settings in the pg_hba_file_rules and found that they are indeed using MD5 encryption.

Then, I tried to add a new rule to change to trust for the internal network, but it still seems to be reporting an error. It is also possible that some containers are not using the new method for database connections. I will do further testing.

[porsager]

Thanks a lot for the investigations. I found a race condition in the auth startup messages that definitely caused this. I'll push a new release right away