From 30cc4169d83d9d580fb158777a9f04b33833c58d Mon Sep 17 00:00:00 2001 From: Bo Borgerson Date: Wed, 1 Feb 2017 15:32:42 -0800 Subject: [PATCH] Protect multiple RSA requesters from each other If two ReactServerAgent requests are made to a given endpoint only one upstream http request is actually issued, and the result is provided to both requesters. Previously this result was passed by reference, so mutations by one requester interfered with the data for others. This patch provides a fresh deep copy to each requester. This has the unfortunate side effect of introducing a deep copy in the browser where we previously thought we could get away without one. It's a minor perf hit, but it's important for data integrity. --- .../core/ReactServerAgent/Cache.js | 38 +++++++++---------- .../__tests__/ReactServerAgentSpec.js | 10 ++++- 2 files changed, 26 insertions(+), 22 deletions(-) diff --git a/packages/react-server/core/ReactServerAgent/Cache.js b/packages/react-server/core/ReactServerAgent/Cache.js index e9796502c..d21f46627 100644 --- a/packages/react-server/core/ReactServerAgent/Cache.js +++ b/packages/react-server/core/ReactServerAgent/Cache.js @@ -177,22 +177,16 @@ class CacheEntry { this.res = res; this.loaded = true; - if (SERVER_SIDE){ - - // Deep copy. - // - // Leave ourselves with a clean copy of the original - // response regardless of what mutation might happen - // once stores get ahold of it. - // - // This is important to ensure that we provide the same - // data from the cache when we wake up in the browser - // as we initially provide on the server. - // - res = JSON.parse(JSON.stringify(res)); - } - - this.dfd.resolve(res); + // Resolve with a serialized copy. We'll unserialize for each + // requester. This way we provide a fresh copy each time so mutations + // don't leak. + // + // This also leaves _us_ with a clean copy of the original response. + // This is important to ensure that we provide the same data from the + // cache when we wake up in the browser as we initially provide on the + // server. + // + this.dfd.resolve(JSON.stringify(res)); } setError (err) { @@ -218,17 +212,21 @@ class CacheEntry { this.dfd.reject(err); } + _parsePromise(dfd) { + return dfd.promise.then(val => JSON.parse(val)); + } + whenDataReady () { if (SERVER_SIDE) { // server-side, we increment the number of requesters // we expect to retrieve the data on the frontend this.requesters += 1; - return this.dfd.promise; + return this._parsePromise(this.dfd); } else { // client-side, whenever someone retrieves data from the cache, // we decrement the number of retrievals expected, and when we // hit zero, remove the cache entry. - return this._requesterDecrementingPromise(this.dfd.promise); + return this._requesterDecrementingPromise(this.dfd); } } @@ -250,11 +248,11 @@ class CacheEntry { * Chain a promise with another promise that decrements * the number of expected requesters. */ - _requesterDecrementingPromise (promise) { + _requesterDecrementingPromise (dfd) { // regardless of whether we're resolved with a 'res' or 'err', // we want to decrement requests. the appropriate 'success' or 'error' // callback will be executed on whatever is chained after this method - return promise.fin( resOrErr => { + return this._parsePromise(dfd).fin( resOrErr => { this.decrementRequesters(); return resOrErr; }); diff --git a/packages/react-server/core/ReactServerAgent/__tests__/ReactServerAgentSpec.js b/packages/react-server/core/ReactServerAgent/__tests__/ReactServerAgentSpec.js index d31744311..94cba9720 100644 --- a/packages/react-server/core/ReactServerAgent/__tests__/ReactServerAgentSpec.js +++ b/packages/react-server/core/ReactServerAgent/__tests__/ReactServerAgentSpec.js @@ -537,7 +537,10 @@ describe("ReactServerAgent", () => { ]).then(results => { var [res1, res2] = results; - expect(res1).toBe(res2); + expect(res1).toEqual(res2); + + // Must be a deep copy, not a reference. + expect(res1).not.toBe(res2); var cache = ReactServerAgent.cache(); var dehydrated = cache.dehydrate(); @@ -566,7 +569,10 @@ describe("ReactServerAgent", () => { ]).then(results => { var [res1, res2] = results; - expect(res1).toBe(res2); + expect(res1).toEqual(res2); + + // Must be a deep copy, not a reference. + expect(res1).not.toBe(res2); var cache = ReactServerAgent.cache(); var dehydrated = cache.dehydrate();