Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(dynamic-rate-limit): validate job lock cases #2975

Merged
merged 4 commits into from
Dec 25, 2024
Merged

fix(dynamic-rate-limit): validate job lock cases #2975

merged 4 commits into from
Dec 25, 2024
+132 −68

Conversation

roggervalf
Copy link
Collaborator

@roggervalf roggervalf commented Dec 19, 2024
edited
Loading

Validate existente of job when dynamic rate límit is used. Upgrade cron-parser to fix a vulnerability as well

manast
manast reviewed Dec 19, 2024
View reviewed changes
src/classes/scripts.ts
@@ -1387,13 +1387,11 @@ export class Scripts {
*/
async moveJobFromActiveToWait(jobId: string, token: string) {
const client = await this.queue.client;
const lockKey = `${this.queue.toKey(jobId)}:lock`;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why can't we generate the key here?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

removeLock include concats lock suffix to jobKey that is passed as an argv, so no need to pass lockKey

src/commands/moveJobFromActiveToWait-9.lua Outdated
local pttl = rcall("PTTL", KEYS[7])
if lockToken == token then
local metaKey = KEYS[6]
if rcall("EXISTS", jobKey) == 1 then
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we should be able to skip checking for the key existence as we need to read the token anyway, and it will return an empty string or nil if the key does not exist.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

as we don't expose this method to be used when using manual processing we should be good skipping it. For other methods like moveToComplete or moveToFailed is still needed as when passing token '0' we basically ignore that check

@roggervalf roggervalf force-pushed the fix-dynamic-rate-limit branch from 4cdb8a9 to 8e0214f Compare December 24, 2024 23:26
manast
manast approved these changes Dec 25, 2024
View reviewed changes
Copy link
Contributor

@manast manast left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@roggervalf roggervalf changed the title fix(dynamic-rate-limit): validate job existence fix(dynamic-rate-limit): validate job lock cases Dec 25, 2024
@roggervalf roggervalf merged commit 8bb27ea into master Dec 25, 2024
12 checks passed
@roggervalf roggervalf deleted the fix-dynamic-rate-limit branch December 25, 2024 13:37
github-actions bot pushed a commit that referenced this pull request Dec 25, 2024
@semantic-release-bot
chore(release): 5.34.5 [skip ci]
0763cd6 
## [5.34.5](v5.34.4...v5.34.5) (2024-12-25)

### Bug Fixes

* **dynamic-rate-limit:** validate job lock cases ([#2975](#2975)) ([8bb27ea](8bb27ea))
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@manast manast manast approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@roggervalf @manast