Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Incorrect ClientInfo Handling When Loading Persisted Operations from Cache #1179

Closed
janeli1 opened this issue Sep 16, 2024 · 2 comments · Fixed by #1351
Closed

Incorrect ClientInfo Handling When Loading Persisted Operations from Cache #1179

janeli1 opened this issue Sep 16, 2024 · 2 comments · Fixed by #1351
Labels
bug Something isn't working internally-reviewed The issue has been reviewed internally.

Comments

@janeli1
Copy link

janeli1 commented Sep 16, 2024

Component(s)

router

Component version

N.A.

wgc version

N.A.

controlplane version

N.A.

router version

0.110.1

What happened?

If possible, please create a PR with a failing test to illustrate the issue clearly.
Otherwise, please attach a minimum reproduction through a GitHub repository that includes
essential information such as the relevant subgraph SDLs.
Please also make sure that the instructions for the reproduction are clear, tested, and fully accurate.

Description

There is an issue with the caching mechanism for Persisted Operations. When a request with a valid Persisted Operation ID (POID) is made, the corresponding query body is correctly loaded from the cache. However, if a subsequent request is made with the same POID but an incorrect or different clientInfo, the cached query body is still passed through, regardless of the mismatched clientInfo. This behavior leads to inaccurate operations being processed based on stale or incorrect client data, potentially causing unintended results in the application's response.

This reported issue is caused by code here:
https://github.com/wundergraph/cosmo/blob/router%400.110.1/router/core/operation_processor.go#L317
The load PO from cache is checking only POID.
This is different from how the router check on POclient cache here with ClientInfo and the POID: https://github.com/wundergraph/cosmo/blob/router%400.110.1/router/internal/persistedoperation/client.go#L73

Steps to Reproduce

  1. Send a HTTP request with a valid POID. Got a valid response.
  2. Send a HTTP request with the same POID but will different clientInfo. Got a valid response.

Expected Result

  1. Send a HTTP request with a valid POID. Got a valid response.
  2. Send a HTTP request with the same POID but will different clientInfo. When clientInfo is not supported, expect an error.

Environment information

Environment

OS: (e.g., "Ubuntu 20.04")
Package Manager: pnpm, npm, yarn, etc
Compiler(if manually compiled): (e.g., "go 14.2")

Router configuration

No response

Router execution config

No response

Log output

No response

Additional context

No response
@janeli1 janeli1 added the bug Something isn't working label Sep 16, 2024
@github-actions GitHub Actions
Copy link

WunderGraph commits fully to Open Source and we want to make sure that we can help you as fast as possible.
The roadmap is driven by our customers and we have to prioritize issues that are important to them.
You can influence the priority by becoming a customer. Please contact us here.

@StarpTech StarpTech added the internally-reviewed The issue has been reviewed internally. label Sep 17, 2024
@StarpTech
Copy link
Contributor

Hi @janeli1, thank you for reporting. We will take a look and come back to you soon.

This was referenced Oct 16, 2024
Closed
Closed
@df-wg df-wg mentioned this issue Nov 8, 2024
Merged
5 tasks
@df-wg df-wg mentioned this issue Nov 12, 2024
Merged
5 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working internally-reviewed The issue has been reviewed internally.
Projects
None yet
Milestone
No milestone
2 participants
@StarpTech @janeli1