public/owltide
1
0
Fork 0
Code Issues 3 Pull requests Projects Releases Packages 1 Wiki Activity Actions
owltide/server/database.ts

191 lines
5.2 KiB
TypeScript
Raw Normal View History

License under AGPL version 3 or later I firmly believe in free software. The application I'm making here have capabilities that I've not seen in any system. It presents itself as an opportunity to collaborate on a tool that serves the people rather than corporations. Whose incentives are to help people rather, not make the most money. And whose terms ensure that these freedoms and incentives cannot be taken back or subverted. I license this software under the AGPL.
2025-06-30 18:58:24 +02:00
/*
SPDX-FileCopyrightText: © 2025 Hornwitser <code@hornwitser.no>
SPDX-License-Identifier: AGPL-3.0-or-later
*/
Use sync access for the temp JSON file database Replace all async reads and writes to the JSON database with the sync reads and writes to prevent a data corruption race condition where two requests are processed at the same time and write to the same file, or one reads while the other writes causing read of partially written data.
2025-09-20 23:04:16 +02:00
import { readFileSync, writeFileSync, unlinkSync } from "node:fs";
Refactor to persist and reliably deliver events Store events that are to be broadcasted in the database, and fetch events to serve in the /api/event stream to the client from the database. This ensures that events are not lost if the operation to open the stream takes longer than usual, or the client was not connected at the time the event was broadcast. To ensure no events are lost in the transition from server generating the page to the client hydrating and establishing a connection with the event stream, the /api/last-event-id endpoint is first queried on the server before any other entities is fetched from the database. The client then passes this id when establishing the event stream, and receives all events greater than that id.
2025-09-20 20:11:58 +02:00
import type { ApiAuthenticationProvider, ApiEvent, ApiSchedule, ApiSubscription, ApiUserType } from "~/shared/types/api";
Refactor user storage and update Rename accounts to users to be consistent with the new naming scheme where account only referes to the logged in user of the session and implement live updates of users via a user store which listens for updates from the event stream.
2025-06-23 00:17:22 +02:00
import type { Id } from "~/shared/types/common";
Refactor code saving data Move the code dealing with saving and loading data to server/database to gather it all up into one place.
2025-03-05 18:41:47 +01:00
Rename AcountSession to ServerSession Start the work of clearly distingushing client side types, server side types and types shared over the API by renaming "AccountSession" and "Session" names used on the server to "ServerSession".
2025-06-09 16:51:05 +02:00
export interface ServerSession {
Refactor sessions to frequently rotate In order to minimise the window of opportunity to steal a session, automatically rotate it onto a new session on a frequent basis. This makes a session cookie older than the automatic rollover time less likely to grant access and more likely to be detected. Should a stolen session cookie get rotated while the attacker is using it, the user will be notificed that their session has been taken the next time they open the app if the user re-visits the website before the session is discarded.
2025-07-07 22:42:49 +02:00
id: Id,
access: ApiUserType,
accountId?: number,
Refactor demo login as an authentication method Use the authentication method system for the demo login and the generated accounts. This makes it possible to toggle it off on production systems as these shouldn't have it enabled at all.
2025-07-09 17:57:49 +02:00
authenticationProvider?: ApiAuthenticationProvider,
Implement register and login with Telegram Add the concept of authentication methods that authenticate an account where using the telegram login widget is one such method. If a login is done with an authentication method that's not associated with any account the session ends up with the data from the authentication method in order to allow registering a new account with the authentication method. This has to be stored on the session as otherwise it wouldn't be possible to implement authentication methods such as OAuth2 that takes the user to a third-party site and then redirects the browser back.
2025-07-09 15:21:39 +02:00
authenticationSlug?: string,
authenticationName?: string,
Separate rotation and expiry of sessions If a session is rotate in the middle of a server side rendering then some random portions of requests made on the server side will fail with a session taken error as the server is not going to update the cookies of the client during these requests. To avoid this pitfall extend the expiry time of sessions to be 10 seconds after the session has been rotated. This is accomplished by introducing a new timestamp on sessions called the rotateAt at time alongside the expiresAt time. Sessions used after rotateAt that haven't been rotated get rotated into a new session and the existing session gets the expiresAt time set to 10 seconds in the future. Sessions that are past the expiredAt time have no access. This makes the logic around session expiry simpler, and also makes it possible to audit when a session got rotated, and to mark sessions as expired without a chance to rotate to a new session without having to resort to a finished flag.
2025-07-09 14:54:54 +02:00
rotatesAtMs: number,
expiresAtMs?: number,
Refactor sessions to frequently rotate In order to minimise the window of opportunity to steal a session, automatically rotate it onto a new session on a frequent basis. This makes a session cookie older than the automatic rollover time less likely to grant access and more likely to be detected. Should a stolen session cookie get rotated while the attacker is using it, the user will be notificed that their session has been taken the next time they open the app if the user re-visits the website before the session is discarded.
2025-07-07 22:42:49 +02:00
discardAtMs: number,
successor?: Id,
Rename AcountSession to ServerSession Start the work of clearly distingushing client side types, server side types and types shared over the API by renaming "AccountSession" and "Session" names used on the server to "ServerSession".
2025-06-09 16:51:05 +02:00
};
Refactor user storage and update Rename accounts to users to be consistent with the new naming scheme where account only referes to the logged in user of the session and implement live updates of users via a user store which listens for updates from the event stream.
2025-06-23 00:17:22 +02:00
export interface ServerUser {
id: Id,
updatedAt: string,
deleted?: boolean,
type: ApiUserType,
name?: string,
interestedEventIds?: number[],
interestedEventSlotIds?: number[],
timezone?: string,
locale?: string,
}
Implement register and login with Telegram Add the concept of authentication methods that authenticate an account where using the telegram login widget is one such method. If a login is done with an authentication method that's not associated with any account the session ends up with the data from the authentication method in order to allow registering a new account with the authentication method. This has to be stored on the session as otherwise it wouldn't be possible to implement authentication methods such as OAuth2 that takes the user to a third-party site and then redirects the browser back.
2025-07-09 15:21:39 +02:00
export interface ServerAuthenticationMethod {
id: Id,
Refactor demo login as an authentication method Use the authentication method system for the demo login and the generated accounts. This makes it possible to toggle it off on production systems as these shouldn't have it enabled at all.
2025-07-09 17:57:49 +02:00
provider: ApiAuthenticationProvider,
Implement register and login with Telegram Add the concept of authentication methods that authenticate an account where using the telegram login widget is one such method. If a login is done with an authentication method that's not associated with any account the session ends up with the data from the authentication method in order to allow registering a new account with the authentication method. This has to be stored on the session as otherwise it wouldn't be possible to implement authentication methods such as OAuth2 that takes the user to a third-party site and then redirects the browser back.
2025-07-09 15:21:39 +02:00
slug: string,
name: string,
userId: Id,
}
Refactor code saving data Move the code dealing with saving and loading data to server/database to gather it all up into one place.
2025-03-05 18:41:47 +01:00
// For this demo I'm just storing the runtime data in JSON files. When making
// this into proper application this should be replaced with an actual database.
Pull JSON read file logic into a function
2025-03-07 12:25:10 +01:00
const schedulePath = "data/schedule.json";
const subscriptionsPath = "data/subscriptions.json";
Refactor user storage and update Rename accounts to users to be consistent with the new naming scheme where account only referes to the logged in user of the session and implement live updates of users via a user store which listens for updates from the event stream.
2025-06-23 00:17:22 +02:00
const usersPath = "data/users.json";
const nextUserIdPath = "data/next-user-id.json";
Basic account and session system Provide a basic account system with login and server side session store identified by a cookie. Upon successful login a signed session cookie is set by the server with the session stored on the server identifying which account it is logged in as. The client uses a shared useFetch on the session endpoint to identify if it's logged in and which account it is logged in as, and refreshes this when loggin in or out.
2025-03-07 12:41:57 +01:00
const sessionsPath = "data/sessions.json";
const nextSessionIdPath = "data/next-session-id.json";
Implement register and login with Telegram Add the concept of authentication methods that authenticate an account where using the telegram login widget is one such method. If a login is done with an authentication method that's not associated with any account the session ends up with the data from the authentication method in order to allow registering a new account with the authentication method. This has to be stored on the session as otherwise it wouldn't be possible to implement authentication methods such as OAuth2 that takes the user to a third-party site and then redirects the browser back.
2025-07-09 15:21:39 +02:00
const authMethodPath = "data/auth-method.json";
const nextAuthenticationMethodIdPath = "data/auth-method-id.json"
Refactor to persist and reliably deliver events Store events that are to be broadcasted in the database, and fetch events to serve in the /api/event stream to the client from the database. This ensures that events are not lost if the operation to open the stream takes longer than usual, or the client was not connected at the time the event was broadcast. To ensure no events are lost in the transition from server generating the page to the client hydrating and establishing a connection with the event stream, the /api/last-event-id endpoint is first queried on the server before any other entities is fetched from the database. The client then passes this id when establishing the event stream, and receives all events greater than that id.
2025-09-20 20:11:58 +02:00
const nextEventIdPath = "data/next-event-id.json";
const eventsPath = "data/events.json";
Refactor code saving data Move the code dealing with saving and loading data to server/database to gather it all up into one place.
2025-03-05 18:41:47 +01:00
Use sync access for the temp JSON file database Replace all async reads and writes to the JSON database with the sync reads and writes to prevent a data corruption race condition where two requests are processed at the same time and write to the same file, or one reads while the other writes causing read of partially written data.
2025-09-20 23:04:16 +02:00
function remove(path: string) {
Add debug route to delete the database To simplify development add a debug route to delete the database content so that it'll be re-generated to the demo schedule.
2025-05-31 23:10:25 +02:00
try {
Use sync access for the temp JSON file database Replace all async reads and writes to the JSON database with the sync reads and writes to prevent a data corruption race condition where two requests are processed at the same time and write to the same file, or one reads while the other writes causing read of partially written data.
2025-09-20 23:04:16 +02:00
unlinkSync(path);
Add debug route to delete the database To simplify development add a debug route to delete the database content so that it'll be re-generated to the demo schedule.
2025-05-31 23:10:25 +02:00
} catch (err: any) {
if (err.code !== "ENOENT") {
throw err;
}
}
}
Use sync access for the temp JSON file database Replace all async reads and writes to the JSON database with the sync reads and writes to prevent a data corruption race condition where two requests are processed at the same time and write to the same file, or one reads while the other writes causing read of partially written data.
2025-09-20 23:04:16 +02:00
export function deleteDatabase() {
remove(schedulePath);
remove(subscriptionsPath);
remove(usersPath);
remove(sessionsPath);
Add debug route to delete the database To simplify development add a debug route to delete the database content so that it'll be re-generated to the demo schedule.
2025-05-31 23:10:25 +02:00
}
Use sync access for the temp JSON file database Replace all async reads and writes to the JSON database with the sync reads and writes to prevent a data corruption race condition where two requests are processed at the same time and write to the same file, or one reads while the other writes causing read of partially written data.
2025-09-20 23:04:16 +02:00
function readJson<T>(filePath: string, fallback: T) {
Pull JSON read file logic into a function
2025-03-07 12:25:10 +01:00
let data: T extends () => infer R ? R : T;
Refactor code saving data Move the code dealing with saving and loading data to server/database to gather it all up into one place.
2025-03-05 18:41:47 +01:00
try {
Use sync access for the temp JSON file database Replace all async reads and writes to the JSON database with the sync reads and writes to prevent a data corruption race condition where two requests are processed at the same time and write to the same file, or one reads while the other writes causing read of partially written data.
2025-09-20 23:04:16 +02:00
data = JSON.parse(readFileSync(filePath, "utf-8"));
Refactor code saving data Move the code dealing with saving and loading data to server/database to gather it all up into one place.
2025-03-05 18:41:47 +01:00
} catch (err: any) {
if (err.code !== "ENOENT")
throw err;
Pull JSON read file logic into a function
2025-03-07 12:25:10 +01:00
data = typeof fallback === "function" ? fallback() : fallback;
Refactor code saving data Move the code dealing with saving and loading data to server/database to gather it all up into one place.
2025-03-05 18:41:47 +01:00
}
Pull JSON read file logic into a function
2025-03-07 12:25:10 +01:00
return data;
}
Use sync access for the temp JSON file database Replace all async reads and writes to the JSON database with the sync reads and writes to prevent a data corruption race condition where two requests are processed at the same time and write to the same file, or one reads while the other writes causing read of partially written data.
2025-09-20 23:04:16 +02:00
export function readSchedule() {
Implement database administration Add routes and admin panel elements for creating a database backup, restoring from a backup, deleting the existing schedule, and replacing the database with the demo schedule. These server as crude ways to manage the data stored in the system.
2025-06-28 01:23:52 +02:00
return readJson(schedulePath, (): ApiSchedule => ({
id: 111,
updatedAt: new Date().toISOString(),
}));
Refactor code saving data Move the code dealing with saving and loading data to server/database to gather it all up into one place.
2025-03-05 18:41:47 +01:00
}
Use sync access for the temp JSON file database Replace all async reads and writes to the JSON database with the sync reads and writes to prevent a data corruption race condition where two requests are processed at the same time and write to the same file, or one reads while the other writes causing read of partially written data.
2025-09-20 23:04:16 +02:00
export function writeSchedule(schedule: ApiSchedule) {
writeFileSync(schedulePath, JSON.stringify(schedule, undefined, "\t") + "\n", "utf-8");
Refactor code saving data Move the code dealing with saving and loading data to server/database to gather it all up into one place.
2025-03-05 18:41:47 +01:00
}
Use sync access for the temp JSON file database Replace all async reads and writes to the JSON database with the sync reads and writes to prevent a data corruption race condition where two requests are processed at the same time and write to the same file, or one reads while the other writes causing read of partially written data.
2025-09-20 23:04:16 +02:00
export function readSubscriptions() {
let subscriptions = readJson<ApiSubscription[]>(subscriptionsPath, []);
Refactor subscription format Place the actual push subscription data into a push property on the subscription so that other properties can be added to it.
2025-03-07 12:30:39 +01:00
if (subscriptions.length && "keys" in subscriptions[0]) {
// Discard old format
subscriptions = [];
}
Pull JSON read file logic into a function
2025-03-07 12:25:10 +01:00
return subscriptions;
Refactor code saving data Move the code dealing with saving and loading data to server/database to gather it all up into one place.
2025-03-05 18:41:47 +01:00
}
Use sync access for the temp JSON file database Replace all async reads and writes to the JSON database with the sync reads and writes to prevent a data corruption race condition where two requests are processed at the same time and write to the same file, or one reads while the other writes causing read of partially written data.
2025-09-20 23:04:16 +02:00
export function writeSubscriptions(subscriptions: ApiSubscription[]) {
writeFileSync(subscriptionsPath, JSON.stringify(subscriptions, undefined, "\t") + "\n", "utf-8");
Refactor code saving data Move the code dealing with saving and loading data to server/database to gather it all up into one place.
2025-03-05 18:41:47 +01:00
}
Basic account and session system Provide a basic account system with login and server side session store identified by a cookie. Upon successful login a signed session cookie is set by the server with the session stored on the server identifying which account it is logged in as. The client uses a shared useFetch on the session endpoint to identify if it's logged in and which account it is logged in as, and refreshes this when loggin in or out.
2025-03-07 12:41:57 +01:00
Use sync access for the temp JSON file database Replace all async reads and writes to the JSON database with the sync reads and writes to prevent a data corruption race condition where two requests are processed at the same time and write to the same file, or one reads while the other writes causing read of partially written data.
2025-09-20 23:04:16 +02:00
export function readNextUserId() {
return readJson(nextUserIdPath, 0);
Implement database administration Add routes and admin panel elements for creating a database backup, restoring from a backup, deleting the existing schedule, and replacing the database with the demo schedule. These server as crude ways to manage the data stored in the system.
2025-06-28 01:23:52 +02:00
}
Use sync access for the temp JSON file database Replace all async reads and writes to the JSON database with the sync reads and writes to prevent a data corruption race condition where two requests are processed at the same time and write to the same file, or one reads while the other writes causing read of partially written data.
2025-09-20 23:04:16 +02:00
export function writeNextUserId(nextId: number) {
writeFileSync(nextUserIdPath, String(nextId), "utf-8");
Implement database administration Add routes and admin panel elements for creating a database backup, restoring from a backup, deleting the existing schedule, and replacing the database with the demo schedule. These server as crude ways to manage the data stored in the system.
2025-06-28 01:23:52 +02:00
}
Use sync access for the temp JSON file database Replace all async reads and writes to the JSON database with the sync reads and writes to prevent a data corruption race condition where two requests are processed at the same time and write to the same file, or one reads while the other writes causing read of partially written data.
2025-09-20 23:04:16 +02:00
export function nextUserId() {
let nextId = readJson(nextUserIdPath, 0);
Add create account functionality
2025-03-07 23:53:57 +01:00
if (nextId === 0) {
Use sync access for the temp JSON file database Replace all async reads and writes to the JSON database with the sync reads and writes to prevent a data corruption race condition where two requests are processed at the same time and write to the same file, or one reads while the other writes causing read of partially written data.
2025-09-20 23:04:16 +02:00
nextId = Math.max(...(readUsers()).map(user => user.id), -1) + 1;
Add create account functionality
2025-03-07 23:53:57 +01:00
}
Use sync access for the temp JSON file database Replace all async reads and writes to the JSON database with the sync reads and writes to prevent a data corruption race condition where two requests are processed at the same time and write to the same file, or one reads while the other writes causing read of partially written data.
2025-09-20 23:04:16 +02:00
writeFileSync(nextUserIdPath, String(nextId + 1), "utf-8");
Add create account functionality
2025-03-07 23:53:57 +01:00
return nextId;
}
Use sync access for the temp JSON file database Replace all async reads and writes to the JSON database with the sync reads and writes to prevent a data corruption race condition where two requests are processed at the same time and write to the same file, or one reads while the other writes causing read of partially written data.
2025-09-20 23:04:16 +02:00
export function readUsers() {
return readJson(usersPath, (): ServerUser[] => []);
Basic account and session system Provide a basic account system with login and server side session store identified by a cookie. Upon successful login a signed session cookie is set by the server with the session stored on the server identifying which account it is logged in as. The client uses a shared useFetch on the session endpoint to identify if it's logged in and which account it is logged in as, and refreshes this when loggin in or out.
2025-03-07 12:41:57 +01:00
}
Use sync access for the temp JSON file database Replace all async reads and writes to the JSON database with the sync reads and writes to prevent a data corruption race condition where two requests are processed at the same time and write to the same file, or one reads while the other writes causing read of partially written data.
2025-09-20 23:04:16 +02:00
export function writeUsers(users: ServerUser[]) {
writeFileSync(usersPath, JSON.stringify(users, undefined, "\t") + "\n", "utf-8");
Basic account and session system Provide a basic account system with login and server side session store identified by a cookie. Upon successful login a signed session cookie is set by the server with the session stored on the server identifying which account it is logged in as. The client uses a shared useFetch on the session endpoint to identify if it's logged in and which account it is logged in as, and refreshes this when loggin in or out.
2025-03-07 12:41:57 +01:00
}
Use sync access for the temp JSON file database Replace all async reads and writes to the JSON database with the sync reads and writes to prevent a data corruption race condition where two requests are processed at the same time and write to the same file, or one reads while the other writes causing read of partially written data.
2025-09-20 23:04:16 +02:00
export function readNextSessionId() {
return readJson(nextSessionIdPath, 0);
Implement database administration Add routes and admin panel elements for creating a database backup, restoring from a backup, deleting the existing schedule, and replacing the database with the demo schedule. These server as crude ways to manage the data stored in the system.
2025-06-28 01:23:52 +02:00
}
Use sync access for the temp JSON file database Replace all async reads and writes to the JSON database with the sync reads and writes to prevent a data corruption race condition where two requests are processed at the same time and write to the same file, or one reads while the other writes causing read of partially written data.
2025-09-20 23:04:16 +02:00
export function writeNextSessionId(nextId: number) {
writeFileSync(nextSessionIdPath, String(nextId), "utf-8");
Implement database administration Add routes and admin panel elements for creating a database backup, restoring from a backup, deleting the existing schedule, and replacing the database with the demo schedule. These server as crude ways to manage the data stored in the system.
2025-06-28 01:23:52 +02:00
}
Use sync access for the temp JSON file database Replace all async reads and writes to the JSON database with the sync reads and writes to prevent a data corruption race condition where two requests are processed at the same time and write to the same file, or one reads while the other writes causing read of partially written data.
2025-09-20 23:04:16 +02:00
export function nextSessionId() {
const nextId = readJson(nextSessionIdPath, 0);
writeFileSync(nextSessionIdPath, String(nextId + 1), "utf-8");
Basic account and session system Provide a basic account system with login and server side session store identified by a cookie. Upon successful login a signed session cookie is set by the server with the session stored on the server identifying which account it is logged in as. The client uses a shared useFetch on the session endpoint to identify if it's logged in and which account it is logged in as, and refreshes this when loggin in or out.
2025-03-07 12:41:57 +01:00
return nextId;
}
Use sync access for the temp JSON file database Replace all async reads and writes to the JSON database with the sync reads and writes to prevent a data corruption race condition where two requests are processed at the same time and write to the same file, or one reads while the other writes causing read of partially written data.
2025-09-20 23:04:16 +02:00
export function readSessions() {
Refactor sessions to frequently rotate In order to minimise the window of opportunity to steal a session, automatically rotate it onto a new session on a frequent basis. This makes a session cookie older than the automatic rollover time less likely to grant access and more likely to be detected. Should a stolen session cookie get rotated while the attacker is using it, the user will be notificed that their session has been taken the next time they open the app if the user re-visits the website before the session is discarded.
2025-07-07 22:42:49 +02:00
return readJson<ServerSession[]>(sessionsPath, [])
Basic account and session system Provide a basic account system with login and server side session store identified by a cookie. Upon successful login a signed session cookie is set by the server with the session stored on the server identifying which account it is logged in as. The client uses a shared useFetch on the session endpoint to identify if it's logged in and which account it is logged in as, and refreshes this when loggin in or out.
2025-03-07 12:41:57 +01:00
}
Use sync access for the temp JSON file database Replace all async reads and writes to the JSON database with the sync reads and writes to prevent a data corruption race condition where two requests are processed at the same time and write to the same file, or one reads while the other writes causing read of partially written data.
2025-09-20 23:04:16 +02:00
export function writeSessions(sessions: ServerSession[]) {
writeFileSync(sessionsPath, JSON.stringify(sessions, undefined, "\t") + "\n", "utf-8");
Basic account and session system Provide a basic account system with login and server side session store identified by a cookie. Upon successful login a signed session cookie is set by the server with the session stored on the server identifying which account it is logged in as. The client uses a shared useFetch on the session endpoint to identify if it's logged in and which account it is logged in as, and refreshes this when loggin in or out.
2025-03-07 12:41:57 +01:00
}
Implement register and login with Telegram Add the concept of authentication methods that authenticate an account where using the telegram login widget is one such method. If a login is done with an authentication method that's not associated with any account the session ends up with the data from the authentication method in order to allow registering a new account with the authentication method. This has to be stored on the session as otherwise it wouldn't be possible to implement authentication methods such as OAuth2 that takes the user to a third-party site and then redirects the browser back.
2025-07-09 15:21:39 +02:00
Use sync access for the temp JSON file database Replace all async reads and writes to the JSON database with the sync reads and writes to prevent a data corruption race condition where two requests are processed at the same time and write to the same file, or one reads while the other writes causing read of partially written data.
2025-09-20 23:04:16 +02:00
export function nextAuthenticationMethodId() {
const nextId = readJson(nextAuthenticationMethodIdPath, 0);
writeFileSync(nextAuthenticationMethodIdPath, String(nextId + 1), "utf-8");
Implement register and login with Telegram Add the concept of authentication methods that authenticate an account where using the telegram login widget is one such method. If a login is done with an authentication method that's not associated with any account the session ends up with the data from the authentication method in order to allow registering a new account with the authentication method. This has to be stored on the session as otherwise it wouldn't be possible to implement authentication methods such as OAuth2 that takes the user to a third-party site and then redirects the browser back.
2025-07-09 15:21:39 +02:00
return nextId;
}
Use sync access for the temp JSON file database Replace all async reads and writes to the JSON database with the sync reads and writes to prevent a data corruption race condition where two requests are processed at the same time and write to the same file, or one reads while the other writes causing read of partially written data.
2025-09-20 23:04:16 +02:00
export function writeNextAuthenticationMethodId(nextId: number) {
writeFileSync(nextAuthenticationMethodIdPath, String(nextId), "utf-8");
Refactor demo login as an authentication method Use the authentication method system for the demo login and the generated accounts. This makes it possible to toggle it off on production systems as these shouldn't have it enabled at all.
2025-07-09 17:57:49 +02:00
}
Use sync access for the temp JSON file database Replace all async reads and writes to the JSON database with the sync reads and writes to prevent a data corruption race condition where two requests are processed at the same time and write to the same file, or one reads while the other writes causing read of partially written data.
2025-09-20 23:04:16 +02:00
export function readAuthenticationMethods() {
Implement register and login with Telegram Add the concept of authentication methods that authenticate an account where using the telegram login widget is one such method. If a login is done with an authentication method that's not associated with any account the session ends up with the data from the authentication method in order to allow registering a new account with the authentication method. This has to be stored on the session as otherwise it wouldn't be possible to implement authentication methods such as OAuth2 that takes the user to a third-party site and then redirects the browser back.
2025-07-09 15:21:39 +02:00
return readJson<ServerAuthenticationMethod[]>(authMethodPath, [])
}
Use sync access for the temp JSON file database Replace all async reads and writes to the JSON database with the sync reads and writes to prevent a data corruption race condition where two requests are processed at the same time and write to the same file, or one reads while the other writes causing read of partially written data.
2025-09-20 23:04:16 +02:00
export function writeAuthenticationMethods(authMethods: ServerAuthenticationMethod[]) {
writeFileSync(authMethodPath, JSON.stringify(authMethods, undefined, "\t") + "\n", "utf-8");
Implement register and login with Telegram Add the concept of authentication methods that authenticate an account where using the telegram login widget is one such method. If a login is done with an authentication method that's not associated with any account the session ends up with the data from the authentication method in order to allow registering a new account with the authentication method. This has to be stored on the session as otherwise it wouldn't be possible to implement authentication methods such as OAuth2 that takes the user to a third-party site and then redirects the browser back.
2025-07-09 15:21:39 +02:00
}
Refactor to persist and reliably deliver events Store events that are to be broadcasted in the database, and fetch events to serve in the /api/event stream to the client from the database. This ensures that events are not lost if the operation to open the stream takes longer than usual, or the client was not connected at the time the event was broadcast. To ensure no events are lost in the transition from server generating the page to the client hydrating and establishing a connection with the event stream, the /api/last-event-id endpoint is first queried on the server before any other entities is fetched from the database. The client then passes this id when establishing the event stream, and receives all events greater than that id.
2025-09-20 20:11:58 +02:00
Use sync access for the temp JSON file database Replace all async reads and writes to the JSON database with the sync reads and writes to prevent a data corruption race condition where two requests are processed at the same time and write to the same file, or one reads while the other writes causing read of partially written data.
2025-09-20 23:04:16 +02:00
export function nextEventId() {
const nextId = readJson(nextEventIdPath, 0);
writeFileSync(nextEventIdPath, String(nextId + 1), "utf-8");
Refactor to persist and reliably deliver events Store events that are to be broadcasted in the database, and fetch events to serve in the /api/event stream to the client from the database. This ensures that events are not lost if the operation to open the stream takes longer than usual, or the client was not connected at the time the event was broadcast. To ensure no events are lost in the transition from server generating the page to the client hydrating and establishing a connection with the event stream, the /api/last-event-id endpoint is first queried on the server before any other entities is fetched from the database. The client then passes this id when establishing the event stream, and receives all events greater than that id.
2025-09-20 20:11:58 +02:00
return nextId;
}
Use sync access for the temp JSON file database Replace all async reads and writes to the JSON database with the sync reads and writes to prevent a data corruption race condition where two requests are processed at the same time and write to the same file, or one reads while the other writes causing read of partially written data.
2025-09-20 23:04:16 +02:00
export function writeNextEventId(nextId: number) {
writeFileSync(nextEventIdPath, String(nextId), "utf-8");
Refactor to persist and reliably deliver events Store events that are to be broadcasted in the database, and fetch events to serve in the /api/event stream to the client from the database. This ensures that events are not lost if the operation to open the stream takes longer than usual, or the client was not connected at the time the event was broadcast. To ensure no events are lost in the transition from server generating the page to the client hydrating and establishing a connection with the event stream, the /api/last-event-id endpoint is first queried on the server before any other entities is fetched from the database. The client then passes this id when establishing the event stream, and receives all events greater than that id.
2025-09-20 20:11:58 +02:00
}
Use sync access for the temp JSON file database Replace all async reads and writes to the JSON database with the sync reads and writes to prevent a data corruption race condition where two requests are processed at the same time and write to the same file, or one reads while the other writes causing read of partially written data.
2025-09-20 23:04:16 +02:00
export function readEvents() {
Refactor to persist and reliably deliver events Store events that are to be broadcasted in the database, and fetch events to serve in the /api/event stream to the client from the database. This ensures that events are not lost if the operation to open the stream takes longer than usual, or the client was not connected at the time the event was broadcast. To ensure no events are lost in the transition from server generating the page to the client hydrating and establishing a connection with the event stream, the /api/last-event-id endpoint is first queried on the server before any other entities is fetched from the database. The client then passes this id when establishing the event stream, and receives all events greater than that id.
2025-09-20 20:11:58 +02:00
return readJson<ApiEvent[]>(eventsPath, [])
}
Use sync access for the temp JSON file database Replace all async reads and writes to the JSON database with the sync reads and writes to prevent a data corruption race condition where two requests are processed at the same time and write to the same file, or one reads while the other writes causing read of partially written data.
2025-09-20 23:04:16 +02:00
export function writeEvents(events: ApiEvent[]) {
writeFileSync(eventsPath, JSON.stringify(events, undefined, "\t") + "\n", "utf-8");
Refactor to persist and reliably deliver events Store events that are to be broadcasted in the database, and fetch events to serve in the /api/event stream to the client from the database. This ensures that events are not lost if the operation to open the stream takes longer than usual, or the client was not connected at the time the event was broadcast. To ensure no events are lost in the transition from server generating the page to the client hydrating and establishing a connection with the event stream, the /api/last-event-id endpoint is first queried on the server before any other entities is fetched from the database. The client then passes this id when establishing the event stream, and receives all events greater than that id.
2025-09-20 20:11:58 +02:00
}
Reference in a new issue Copy permalink