parse-server icon indicating copy to clipboard operation
parse-server copied to clipboard

Published 20 hours ago verified publisher icon parse-community

Update Auth.js and solved some potential bugs.

Open Ujjawal-Kantt opened this issue 9 months ago • 2 comments
trafficstars

Pull Request

Issue

Closes: Issue #XXXX

Approach

This PR fixes memory leaks, improves session management, enhances security, and optimizes authentication logic in the Auth.js file.

Key Changes:

  1. Fixed Memory Leak in throttle

    • Used a Map() to track session timeouts.
    • Cleared timeouts properly before setting new ones.

  2. Improved Role Fetching Mechanism

    • Ensured this.userRoles updates correctly.
    • Avoided redundant database calls when fetching user roles.

  3. Enhanced Session Token Management

    • Ensured missing sessionToken values are handled properly.
    • Added validation to check for expired session tokens before processing.

  4. Optimized Security Checks & Error Handling

    • Improved error logging for better debugging.
    • Ensured expired or invalid session tokens are rejected early.

  5. Updated renewSessionIfNeeded Logic

    • Reduced redundant session expiry updates.
    • Only updates session expiry when required, preventing unnecessary writes.

Tasks

  • [x] Fix memory leaks in session handling.
  • [x] Improve role-fetching logic.
  • [x] Enhance error handling and security checks.
  • [ ] Add tests for updated authentication logic.
  • [ ] Update documentation to reflect session management improvements.
  • [ ] Add security check.
  • [ ] Add new Parse Error codes to Parse JS SDK (No hard-coded error codes in Parse Server).

Ujjawal-Kantt avatar Feb 11 '25 12:02 Ujjawal-Kantt

Thanks for opening this pull request!

  • ❌ Please link an issue that describes the reason for this pull request, otherwise your pull request will be closed. Make sure to write it as Closes: #123 in the PR description, so I can recognize it.

parse-github-assistant[bot] avatar Feb 11 '25 12:02 parse-github-assistant[bot]

@Ujjawal-Kantt in light of recent fixes in auth adapters, and changes in throttle, is this PR still relevant? If so, you may want to break it down into individual PRs, each one addressing a specific issue, unless where it makes to combine into a single PR.

mtrezza avatar Apr 07 '25 16:04 mtrezza