Queued event may be sent multiple times

[jirenius]

Issue

If a subscription queues an events (change or add) which introduces a resource reference to a resource that is loaded but not yet sent, the event may be sent multiple times.

How to recreate

Assume we have the following resources:

• test.a - a simple model
• test.b - a simple model
• test.collection - an empty collection
• test.model - contains reference to test.a and test.b.

1) Client sends request: get.test.model 2) Resgate sends NATS request: get.test.model 3) Resgate sends NATS requests: get.test.a and get.test.b 4) Service responds to get.test.a (but not get.test.b), making test.a loaded but not sent to client. 5) Service sends event.test.collection.add event, adding test.b reference, causing test.collection to start queuing events. 6) Service sends event.test.collection.add event, adding test.a reference. 7) Service responds to get.test.b request. 8) Resgate faultily sends the event.test.collection.add event for test.a two times to client, corrupting the state of the client.

Impact

The bug has no security impact, and low impact on usage as it only affects a rare corner case. There are no reported occurrences in production or development environments.

In case the bug is encountered, the client will get a corrupted state not matching that of the service.

[jirenius]

Fixed in #94