alvin-bot 4.8.8 → 4.9.0

package/test/web-server-shutdown.test.ts

@@ -0,0 +1,111 @@
+/**
+ * Fix #1 — Web server must release port on shutdown.
+ *
+ * Regression: on bot restart the previous http.Server kept listening on
+ * :3100 (because shutdown() never called server.close()). launchd then
+ * restarted the bot, the next boot tried server.listen(3100), hit
+ * EADDRINUSE, and the bot crashed uncaught. Crash-loop.
+ *
+ * Contract we're establishing:
+ *   - src/web/server.ts must export `stopWebServer(server, opts?)`
+ *   - It must resolve once `server.close()` finishes.
+ *   - It must force-close idle/active sockets so close() can't hang
+ *     forever (otherwise shutdown would block on the 5s launchd grace).
+ *   - After stopWebServer() returns, a fresh http.Server must be able
+ *     to listen(port) on the same port without EADDRINUSE.
+ */
+import { describe, it, expect } from "vitest";
+import http from "http";
+import { once } from "events";
+import { startWebServer, stopWebServer } from "../src/web/server.js";
+
+function getFreePort(): Promise<number> {
+  return new Promise((resolve, reject) => {
+    const s = http.createServer();
+    s.listen(0, () => {
+      const addr = s.address();
+      if (typeof addr === "object" && addr) {
+        const p = addr.port;
+        s.close(() => resolve(p));
+      } else {
+        reject(new Error("no address"));
+      }
+    });
+  });
+}
+
+describe("stopWebServer (Fix #1)", () => {
+  it("closes an http.Server so the port becomes reusable", async () => {
+    const port = await getFreePort();
+
+    const server = http.createServer((_req, res) => {
+      res.end("ok");
+    });
+    await new Promise<void>((r) => server.listen(port, () => r()));
+
+    // Hold an open idle keep-alive socket — this is the exact state that
+    // prevented server.close() from resolving in production. A real
+    // stopWebServer() must break this stall.
+    const hanger = http.get(`http://127.0.0.1:${port}/`, () => { /* body */ });
+    await once(hanger, "response").catch(() => { /* swallow */ });
+
+    const t0 = Date.now();
+    await stopWebServer(server);
+    const elapsed = Date.now() - t0;
+
+    expect(elapsed).toBeLessThan(2000);
+
+    // Prove the port is actually free: a new server must be able to bind it.
+    const reuse = http.createServer();
+    await new Promise<void>((resolve, reject) => {
+      reuse.once("error", reject);
+      reuse.listen(port, () => resolve());
+    });
+    await new Promise<void>((r) => reuse.close(() => r()));
+  });
+
+  it("is safe to call on an already-closed server", async () => {
+    const port = await getFreePort();
+    const server = http.createServer();
+    await new Promise<void>((r) => server.listen(port, () => r()));
+    await stopWebServer(server);
+    // Calling twice must not throw
+    await expect(stopWebServer(server)).resolves.toBeUndefined();
+  });
+
+  it("is safe to call on a server that never listened", async () => {
+    const server = http.createServer();
+    await expect(stopWebServer(server)).resolves.toBeUndefined();
+  });
+
+  it("closes even when a client is holding a long-lived connection", async () => {
+    // Production-mirror: a long-polling /api/cron?wait=1 or similar.
+    // Before the fix, server.close() would hang on these sockets and the
+    // 5s launchd grace would kill the bot before the port was released.
+    const port = await getFreePort();
+    const server = http.createServer((_req, res) => {
+      // Never send a full response — keep the socket open until close.
+      res.writeHead(200, { "Content-Type": "text/plain" });
+      res.write("chunk-1");
+      // intentionally do NOT call res.end()
+    });
+    await new Promise<void>((r) => server.listen(port, () => r()));
+
+    const req = http.get(`http://127.0.0.1:${port}/hang`);
+    // Swallow the inevitable socket-close error once the server is torn down
+    req.on("error", () => { /* expected */ });
+    await once(req, "response").catch(() => { /* swallow */ });
+
+    const t0 = Date.now();
+    await stopWebServer(server);
+    expect(Date.now() - t0).toBeLessThan(2000);
+
+    // Port is reusable
+    const reuse = http.createServer();
+    await new Promise<void>((resolve, reject) => {
+      reuse.once("error", reject);
+      reuse.listen(port, () => resolve());
+    });
+    await new Promise<void>((r) => reuse.close(() => r()));
+  });
+});

package/test/whatsapp-auth-resilience.test.ts

@@ -0,0 +1,96 @@
+/**
+ * Fix #2 — WhatsApp saveCreds must survive a vanished auth directory.
+ *
+ * Regression: `Unhandled rejection: ENOENT creds.json` in err.log when
+ * baileys fired a delayed `creds.update` event after the auth dir was
+ * gone (crash mid-init, trash, manual cleanup, etc.).
+ *
+ * Contract: we export a helper `makeResilientSaveCreds(authDir, inner)`
+ * from src/platforms/whatsapp-auth-helpers.ts. It wraps baileys' raw
+ * saveCreds so that an ENOENT triggers a mkdir-p + one retry before
+ * surfacing the error. Any other error bubbles up unchanged.
+ */
+import { describe, it, expect, beforeEach, afterEach } from "vitest";
+import fs from "fs";
+import os from "os";
+import { resolve, join } from "path";
+import { makeResilientSaveCreds } from "../src/platforms/whatsapp-auth-helpers.js";
+
+let authDir: string;
+
+beforeEach(() => {
+  authDir = resolve(os.tmpdir(), `alvin-wa-auth-${process.pid}-${Date.now()}`);
+  fs.mkdirSync(authDir, { recursive: true });
+});
+
+afterEach(() => {
+  if (fs.existsSync(authDir)) fs.rmSync(authDir, { recursive: true, force: true });
+});
+
+describe("makeResilientSaveCreds (Fix #2)", () => {
+  it("calls the inner saveCreds on the happy path", async () => {
+    let calls = 0;
+    const inner = async () => { calls++; };
+    const wrapped = makeResilientSaveCreds(authDir, inner);
+    await wrapped();
+    expect(calls).toBe(1);
+  });
+
+  it("recreates the auth dir and retries when inner throws ENOENT", async () => {
+    let calls = 0;
+    const inner = async () => {
+      calls++;
+      if (calls === 1) {
+        // Mirror baileys fs.promises.writeFile behaviour
+        const err = new Error(
+          `ENOENT: no such file or directory, open '${join(authDir, "creds.json")}'`,
+        ) as NodeJS.ErrnoException;
+        err.code = "ENOENT";
+        throw err;
+      }
+    };
+    // Simulate the vanished dir
+    fs.rmSync(authDir, { recursive: true, force: true });
+    expect(fs.existsSync(authDir)).toBe(false);
+
+    const wrapped = makeResilientSaveCreds(authDir, inner);
+    await wrapped();
+
+    expect(calls).toBe(2);
+    expect(fs.existsSync(authDir)).toBe(true);
+  });
+
+  it("only retries once — a second ENOENT surfaces as error", async () => {
+    let calls = 0;
+    const inner = async () => {
+      calls++;
+      const err = new Error("ENOENT: no such file or directory") as NodeJS.ErrnoException;
+      err.code = "ENOENT";
+      throw err;
+    };
+    const wrapped = makeResilientSaveCreds(authDir, inner);
+    await expect(wrapped()).rejects.toThrow(/ENOENT/);
+    expect(calls).toBe(2);
+  });
+
+  it("surfaces non-ENOENT errors unchanged", async () => {
+    const inner = async () => {
+      const err = new Error("EACCES: permission denied") as NodeJS.ErrnoException;
+      err.code = "EACCES";
+      throw err;
+    };
+    const wrapped = makeResilientSaveCreds(authDir, inner);
+    await expect(wrapped()).rejects.toThrow(/EACCES/);
+  });
+
+  it("is safe to call concurrently", async () => {
+    let calls = 0;
+    const inner = async () => {
+      calls++;
+      await new Promise((r) => setTimeout(r, 5));
+    };
+    const wrapped = makeResilientSaveCreds(authDir, inner);
+    await Promise.all([wrapped(), wrapped(), wrapped()]);
+    expect(calls).toBe(3);
+  });
+});