[BUG] Docker Container ssx-server-dev crashes for any log in after the first.
Closed this issue · 2 comments
Is there an existing issue for this?
- I have searched the existing issues
Current Behavior
I'm using the ssx-server-dev container described in the <repo>/docker-compose.yml to attempt to do local development. I've removed the front-end in order to use my own from the docker-compose.yml, so my file looks like:
services:
ssx-server:
container_name: ssx-server-dev
image: spruce/ssx-server-dev
env_file: .env
build:
context: .
dockerfile: ssx-server.Dockerfile
ports:
- "8443:8443"The container works for the first log in. The container outputs the following log:
ssx-server-dev | {
ssx-server-dev | userId: 'did:pkh:eip155:1:0xdA3176d77c04632F2862B14E35bc6B4717FB5016',
ssx-server-dev | type: 'ssx-login',
ssx-server-dev | content: {
ssx-server-dev | signature: '0xf977aaedd14c0ee9121edce880fd58132cdf580a6eb1966623f3c2b8d66a77e423dec09db2b9b32149bd79e11a99eb8310f3a5db1d541c6b7bd74f1515c6332d1c',
ssx-server-dev | siwe: 'localhost wants you to sign in with your Ethereum account:\n' +
ssx-server-dev | '0xdA3176d77c04632F2862B14E35bc6B4717FB5016\n' +
ssx-server-dev | '\n' +
ssx-server-dev | '\n' +
ssx-server-dev | 'URI: did:key:z6MkpjgcdvifNmcj5gCz39QSVegUM4mzKG8rMTox8vGnJDWY#z6MkpjgcdvifNmcj5gCz39QSVegUM4mzKG8rMTox8vGnJDWY\n' +
ssx-server-dev | 'Version: 1\n' +
ssx-server-dev | 'Chain ID: 1\n' +
ssx-server-dev | 'Nonce: TtC8dYMIK8rzTT6tW\n' +
ssx-server-dev | 'Issued At: 2023-01-05T20:53:18.905Z',
ssx-server-dev | isGnosis: false
ssx-server-dev | },
ssx-server-dev | timestamp: '2023-01-05T20:53:21.728Z'
ssx-server-dev | }
If I refresh the client app, then log in again, it crashes with the message:
ssx-server-dev | /root/ssx/packages/ssx-server/dist/middlewares/express/middleware.js:59
ssx-server-dev | const { success: verified, data } = siweMessageVerify;
ssx-server-dev | ^
ssx-server-dev |
ssx-server-dev | TypeError: Cannot destructure property 'success' of 'siweMessageVerify' as it is undefined.
ssx-server-dev | at /root/ssx/packages/ssx-server/dist/middlewares/express/middleware.js:59:30
ssx-server-dev | at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
ssx-server-dev |
ssx-server-dev | Node.js v18.12.1
ssx-server-dev exited with code 1
This is consistently reproducible.
Expected Behavior
The ssx-server-dev container can handle a second user logging in or a malformed message without crashing.
Steps To Reproduce
- Clone the repo.
- Run the docker container
- Visit the app
- Log in
- Refresh the app
- Log in again
Anything else?
One major issue is that de-structuring an undefined property in JavaScript causes an unrecoverable error and program wide crash. De-structuring without validation is always going to risk making a recoverable error into a fatal one.
I think we should strive to make them recoverable, in the sense that one malformed message from one user doesn't crash the whole system for other users. That way a useful error can be returned in the case of accidental malformed messages and the system is not vulnerable to one bad message being enough to launch a DoS attack.
This bug is related to ssx-server middleware
Good news, I'm no longer experiencing this issue after the latest changes. I'm going to close this issue.