Closed eatyourgreens closed 1 year ago
zwolf
commented
1 year ago This could be a breaking change, in that auth.checkCurrent() will now spam the API if it is called too frequently.
This seems like completely reasonable use of the API, but as a part of the review of this PR, I'd like to make sure we know where and how this is called and whether "spam" is a fair description.
eatyourgreens
commented
1 year ago This branch breaks the new classifier. 🙁
https://github.com/zooniverse/front-end-monorepo/pull/4917#issuecomment-1613831735
eatyourgreens
commented
1 year ago Login/logout is broken on this branch too.
https://github.com/zooniverse/Panoptes-Front-End/pull/6677#issuecomment-1614516556
https://github.com/zooniverse/front-end-monorepo/pull/4917#issuecomment-1614356700
eatyourgreens
commented
1 year ago So, each of our frontend projects has a block of code like this, which runs auth.checkCurrent() every time the auth client emits a change event:
import auth from 'panoptes-client/lib/auth;
auth.listen('change', () => {
auth.checkCurrent();
});The problem is:
checkCurrent() calls this.update, which emits a change event.this.checkCurrent() and this.update, so they emit change events too.This hasn't been a problem for us to date, because checkCurrent is memo-ised via _currentUserPromise. When I removed that in this PR, weird bugs were triggered:
auth.checkCurrent() can trigger auth.checkCurrent(), leading to recursion. My first pass at this PR spammed /api/me with hundreds of requests when the page first loaded.auth.checkCurrent(), which generates a new access token and signs you back in to Panoptes again.I've started a rewrite of auth.js, in #210, to make the code easier to read and maybe make it more explicit where the client emits events.
Remove session caching from
auth.checkCurrent(). Instead, add a_fetchingstate which is true while a user session is being fetched from Panoptes.This should close #207 by changing
auth.checkCurrent()so that it always checks the Panoptes API when called, except if there is an API request already in progress.This could be a breaking change, in that
auth.checkCurrent()will now spam the API if it is called too frequently.