balderdashy/sails

Data leak between requests

Open

#6,944 opened on Jan 30, 2020

View on GitHub
 (10 comments) (0 reactions) (0 assignees)JavaScript (1,953 forks)batch import
bughelp wantedormrepro please

Repository metrics

Stars
 (22,778 stars)
PR merge metrics
 (No merged PRs in 30d)

Description

Node version: node:8.12-alpine Sails version (sails): "^1.2.3" ORM hook version (sails-hook-orm): "^2.1.1" Sockets hook version (sails-hook-sockets): "^1.4.0"

ISSUE 1: Somehow response data from one request say to '/user/login' end up being swapped with someone's else request response. So users on our apps got swapped and saw the other's info,.

ISSUE 2: Similarly, two parallel requests to an api say 'list-items' end up mixing items from both users together in the resonse. So one user gets some of his items and some of the other user's items & same with the other user.

What we did to solve the problem, was to refactor the code a bit: 1- We stopped using things like promise.all() and did some refactoring which solved ISSUE 1 2- We had a function receives items list as input goes into a for loop ( for x of y ) to call two awaits db calls for each of the items, create some additional properly for the item, push into a new array and return this array. This array was getting mixed up.

Regardless of our code and whether it could be written in a better way or not, how on earth is data being swapped like this ? is there anyone who knows or faced something like this with saisjs before ?

Thank you !

Contributor guide