Security restrict flooding connections in my database

JonL · November 13, 2020, 5:36pm

======== TEMPLATE BUG FORM ========

Wappler Version : 3.4.2
Operating System : Catalina
Server Model: NodeJS
Database Type: Postgresql
Hosting Type: Heroku and Local

Expected behavior

What do you think should happen?

Security Restrict database checks should close the db connection.

Actual behavior

What actually happens?

The connections stays open and idle and will eventually kill my app as it will not allow more connections.

How to reproduce

Add a security restrict check against database and check active connections in PG.

select *
from pg_stat_activity
WHERE pg_stat_activity.usename = 'youruser'

@patrick I know you added a fix to kill knex connections in one of the updates I am missing. But I don't know if it addresses specifically the Security restrict action or it addresses all knex connections(including the one created by Security Restrict).

Unfortunately I can't update at the moment so I have to stay in 3.4.2 until I finish a feature.

JonL · November 13, 2020, 5:51pm

Additional info: I think it only happens via AJAX calls.

I have a page that performs 4 Restricts.

The first one is in the layout page which checks if the user can access the page. I believe this one doesn’t keep the connection idle and it is handled correctly.
Once the page is loaded it will call 3 SCs(ajax) which have a Restrict to avoid external access to the API. All these will end up creating idle connections that flood my DB.

patrick · November 13, 2020, 8:23pm

Wappler 3.4.1 should already have the cleanup code for the connections.

Code is located in lib/core/app.js, search for this.res.on('finish', () => this.db[name].destroy());.

The code listens to the finish event (https://www.npmjs.com/package/express-end). It then destroys the database (knex) object which should close the connections.

JonL · November 13, 2020, 9:12pm

Thanks for confirming Patrick. The code was there but for some reason it wasn’t working.
However, I finished the feature, updated to 3.5.4 and adapted all my code to work with globals.

This means that I removed each local Security Provider from all my API endpoints and left only the Restrict using the Global Security Provider. From that moment on the connections started to shut down correctly.

So this was only occurring with the combination of a SC file with a local Security Provider followed by a Security Restrict being called via AJAX on 3.4.2. Any first thought on why? I am truly intrigued.

Now everything is fine so if nothing comes up don’t worry at all. I am happy it’s fixed and this can be closed.

George · November 14, 2020, 4:28pm

8 posts were split to a new topic: NodeJS and global security provider

JonL · November 20, 2020, 8:36am

This can be closed I guess.

patrick · November 23, 2020, 5:00pm

This topic was automatically closed after 3 days. New replies are no longer allowed.