Coder Social home page Coder Social logo

Comments (4)

j1mmie avatar j1mmie commented on May 16, 2024 1

Created a workaround. It ain't pretty, but it's available here:

https://github.com/j1mmie/fireway

It works by shimming the crypto module's randomBytes method. The shimmed version does not dispatch RANDOMBYTESREQUEST hooks, but still strives to be cryptographically secure.

Firestore's client library uses the autoid function (which calls randomBytes) to attach a tag to every network request. That's why it gets called even in get and so forth. It also uses autoid when creating a random document id. So if you're at all concerned about these tags/ids being cryptographically secure, then I would not use my hack. Initial entropy is obtained from the crypto module itself. And the PRNG comes from best practices by hash/prng guru @bryc. But I am in no way qualified to offer any sort of guarantee.

My fork also fixes an issue with forceAwait not working, and adds a 30 second timeout to it. It might possibly resolve this: #51

from fireway.

j1mmie avatar j1mmie commented on May 16, 2024

Same here. Happens with batches too.

Node version: v16.20.0
Fireway SHA: master (ed478ff)

from fireway.

tciuro avatar tciuro commented on May 16, 2024

+1

Interesting that hard-coding the docID works:

module.exports.migrate = async ({ firestore, FieldValue, FieldPath }) => {
    await firestore.collection('test').doc('foo').set({key: 'value'})
}

But as reported by @bradleesand, any other variation fails.

from fireway.

j1mmie avatar j1mmie commented on May 16, 2024

Made some headway on this issue:

  1. Found out that Firestore's internal method, autoid, is the culprit. It calls crypto.randomBytes, which is reporting an open async call but not reporting that it is closed.
  2. Found a similar issue in Jest: uuidjs/uuid#566
  3. The issue was resolved in Jest here: https://github.com/jestjs/jest/pull/11278/files. It simply checks the type of async hook that is triggered, and ignores type RANDOMBYTESREQUEST

I tried applying a similar fix to Fireway, but for some reason the async hook for the get promise (or whichever method is used) gets lumped into the same async hook as the randomBytes promise. I can't find a way to both safely detect open-async calls and ignore RANDOMBYTESREQUEST calls.

I'll continue looking for workarounds / fixes.

from fireway.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.