search

rocicorp / replicache

Realtime Sync for Any Backend Stack
https://doc.replicache.dev
1.05k stars 37 forks source link

fix: Simplified Dueling Dags - Mutation Recovery - Do not recover mutation from clients with a different Replicache name #810

Closed grgbkr closed 2 years ago

grgbkr commented 2 years ago

Problem

A client MUST NOT recover mutations from a client with a different Replicache name. This is because a client uses its auth to push the mutations. This is safe for client's with the same name as they are for the same user. However, pushing on behalf of a client with a different name is very bad, as it will apply the mutations for a different user.

Solution

Add Replicache name to the IndexedDBDatabase records, and only recover mutations for clients with the same Repliache name. Add a test for this behavior.

Also adds versioning to IDBDatabasesStore for easing handling of future format changes of IndexedDBDatabase records.

vercel[bot] commented 2 years ago

This pull request is being automatically deployed with Vercel (learn more).
To see the status of your deployment, click below or on the icon next to each commit.

🔍 Inspect: https://vercel.com/rocicorp/replicache/3DCLhZpyiHoT5wAxW3BRSAnXiWRy
✅ Preview: https://replicache-git-grgbkr-sdd-mutation-recovery-onl-8d41c1-rocicorp.vercel.app