- Notifications
You must be signed in to change notification settings - Fork6
Security fixes and debug logging#54
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.
Already on GitHub?Sign in to your account
Uh oh!
There was an error while loading.Please reload this page.
Conversation
e8fe599 intodevelopUh oh!
There was an error while loading.Please reload this page.
| }; | ||
| constauthMw=authenticator(_.pick(config,["AUTH_SECRET","VALID_ISSUERS"])); | ||
| letfinished=false; | ||
| constbailoutTimer=setTimeout(()=>{ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
[performance]
The use of a fixed timeout of 8000ms for the bailout timer in the authentication middleware may not be suitable for all environments and could lead to unexpected behavior if the authentication process takes longer. Consider making this timeout configurable or ensuring it is appropriate for the expected load and performance characteristics of the system.
| } | ||
| actions.push(method); | ||
| actions.push(async(req,res,next)=>{ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
[❗❗correctness]
Theactions.push(async (req, res, next) => {...}) block assumes that themethod function returns a promise if it is asynchronous. Ensure that all controller methods are consistently returning promises if they perform asynchronous operations, otherwise, this could lead to unhandled promise rejections or incorrect logging.
No description provided.