@abraca/dabra 2.0.4 → 2.0.5

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@abraca/dabra",
-  "version": "2.0.4",
+  "version": "2.0.5",
   "description": "abracadabra provider",
   "keywords": [
     "abracadabra",

package/src/AbracadabraBaseProvider.ts

@@ -142,6 +142,16 @@ export class AbracadabraBaseProvider extends EventEmitter {
 
   isAuthenticated = false;
 
+  /**
+   * True once this provider has received at least one Authenticated frame
+   * on the current socket lifetime. Used by `permissionDeniedHandler` to
+   * tell apart "the entry doc is wrong / unreachable" (first frame is a
+   * denial → config error, give up) from "a mid-session write was denied"
+   * (server keeps the read subscription alive → don't kill the socket).
+   * Reset on close.
+   */
+  private _hasEverAuthenticated = false;
+
   /** Current WebSocket connection status. */
   get connectionStatus(): WebSocketStatus {
     return this.configuration.websocketProvider.status;
@@ -504,6 +514,10 @@ export class AbracadabraBaseProvider extends EventEmitter {
   onClose() {
     this.isAuthenticated = false;
     this.synced = false;
+    // Reset per-socket-lifetime auth flag so the next connection's
+    // permissionDeniedHandler can correctly identify a fresh-connection
+    // denial as a config error.
+    this._hasEverAuthenticated = false;
 
     // update awareness (all users except local left)
     if (this.awareness) {
@@ -616,15 +630,26 @@ export class AbracadabraBaseProvider extends EventEmitter {
     // closes after every server-side rejection, AbracadabraWS schedules a
     // retry, the new connection sends the same Subscribe → server denies
     // again, ad infinitum (CPU/log/network spam, page looks "broken" to
-    // the user). The dominant cases:
+    // the user). The dominant cases here:
     //   * "document not found" — entry-doc-id pinned to something that
     //     doesn't exist on this server
-    //   * "permission denied" — operator never granted the user access
-    // Both are config issues; retrying won't fix them. We only stop the
-    // socket when this provider OWNS it (`manageSocket`); shared sockets
-    // (e.g. multiplexed child providers) leave the parent's lifecycle
-    // alone and just give up on this doc.
-    if (this.manageSocket) {
+    //   * initial "permission denied" — operator never granted access
+    // Both are config issues; retrying won't fix them.
+    //
+    // BUT — once we've successfully authenticated at least once on this
+    // socket, a permission_denied frame means a *mid-session* operation
+    // was rejected (e.g. a write attempt on a doc the user only has read
+    // on, or a Forbidden surfaced from defense-in-depth). The server
+    // keeps the read subscription alive in that case (see ws.rs handling
+    // of Error::Forbidden), so killing the socket would be a regression:
+    // it tears down every other doc's sync just because one write was
+    // denied. Skip the disconnect here and let the affected operation
+    // surface its own error.
+    //
+    // We only stop the socket when this provider OWNS it (`manageSocket`);
+    // shared sockets (e.g. multiplexed child providers) leave the parent's
+    // lifecycle alone and just give up on this doc.
+    if (this.manageSocket && !this._hasEverAuthenticated) {
       try {
         this.configuration.websocketProvider.disconnect();
       }
@@ -634,6 +659,7 @@ export class AbracadabraBaseProvider extends EventEmitter {
 
   authenticatedHandler(scope: string) {
     this.isAuthenticated = true;
+    this._hasEverAuthenticated = true;
     this.authorizedScope = scope as AuthorizedScope;
 
     this.emit("authenticated", { scope });