emailengine-app 2.68.0 → 2.69.0

package/lib/message-port-stream.js

@@ -1,6 +1,6 @@
 'use strict';
 
-const { Writable, Readable } = require('stream');
+const { Writable, Readable, pipeline } = require('stream');
 
 // const { MessageChannel } = require('worker_threads');
 // const { port1, port2 } = new MessageChannel();
@@ -9,6 +9,41 @@ class MessagePortWritable extends Writable {
     constructor(messagePort) {
         super();
         this.messagePort = messagePort;
+        this.portClosed = false;
+
+        // The reader side posts { cancel: true } when it is torn down (e.g. the
+        // HTTP client aborted the download). Stop the transfer so the upstream
+        // source - and the IMAP lock it holds - is released.
+        this.onPortMessage = message => {
+            if (message && message.cancel) {
+                this.destroy();
+            }
+        };
+        this.messagePort.on('message', this.onPortMessage);
+    }
+
+    postToPort(message) {
+        if (this.portClosed) {
+            return;
+        }
+        try {
+            this.messagePort.postMessage(message);
+        } catch (err) {
+            // ignore - the channel may already be torn down
+        }
+    }
+
+    closePort() {
+        if (this.portClosed) {
+            return;
+        }
+        this.portClosed = true;
+        this.messagePort.removeListener('message', this.onPortMessage);
+        try {
+            this.messagePort.close();
+        } catch (err) {
+            // ignore
+        }
     }
 
     _write(chunk, encoding, done) {
@@ -20,24 +55,25 @@ class MessagePortWritable extends Writable {
             chunk = Buffer.from(chunk, encoding);
         }
 
-        this.messagePort.postMessage({
-            value: chunk,
-            done: false
-        });
+        this.postToPort({ value: chunk, done: false });
         done();
     }
 
     _final(done) {
-        this.messagePort.postMessage({
-            done: true
-        });
-        try {
-            this.messagePort.close();
-        } catch (err) {
-            //ignore
-        }
+        this.postToPort({ done: true });
+        this.closePort();
         done();
     }
+
+    _destroy(err, done) {
+        // Abnormal termination: tell the reader so a truncated transfer is not
+        // mistaken for a complete message, then release the port.
+        if (err) {
+            this.postToPort({ error: err.message || 'Stream error' });
+        }
+        this.closePort();
+        done(err);
+    }
 }
 
 class MessagePortReadable extends Readable {
@@ -46,17 +82,28 @@ class MessagePortReadable extends Readable {
         this.messagePort = messagePort;
 
         this.canRead = false;
+        this.portClosed = false;
 
         this.readableQueue = [];
-        this.messagePort.on('message', message => {
-            if (message && (message.done || message.value)) {
+        this.onPortMessage = message => {
+            if (!message) {
+                return;
+            }
+            if (message.error) {
+                // The producer failed mid-transfer - surface it as a stream error
+                // rather than letting the consumer believe it received everything.
+                this.destroy(new Error(message.error));
+                return;
+            }
+            if (message.done || message.value) {
                 this.readableQueue.push(message);
 
                 if (this.canRead && this.readableQueue.length === 1) {
                     this._processReading();
                 }
             }
-        });
+        };
+        this.messagePort.on('message', this.onPortMessage);
     }
 
     _processReading() {
@@ -73,7 +120,57 @@ class MessagePortReadable extends Readable {
         this.canRead = true;
         this._processReading();
     }
+
+    _destroy(err, done) {
+        // Consumer is gone (client aborted, error, or clean end): tell the producer
+        // to stop and release the port + listener so nothing leaks across threads.
+        if (!this.portClosed) {
+            this.portClosed = true;
+            try {
+                this.messagePort.postMessage({ cancel: true });
+            } catch (cancelErr) {
+                // ignore - the peer may already be closed
+            }
+            this.messagePort.removeListener('message', this.onPortMessage);
+            try {
+                this.messagePort.close();
+            } catch (closeErr) {
+                // ignore
+            }
+        }
+        done(err);
+    }
+}
+
+/**
+ * Pipes a readable source into a MessagePortWritable so that an error on either
+ * side tears the transfer down instead of surfacing as an unhandled 'error'
+ * event. A mid-download failure on an IMAP source stream would otherwise crash
+ * the worker (and every account assigned to it).
+ *
+ * @param {Readable} source - Source stream (e.g. an IMAP download stream)
+ * @param {MessagePortWritable} writable - Destination bound to a MessagePort
+ * @param {Object} [logger] - Optional logger used to report transfer failures
+ */
+function pipeToMessagePort(source, writable, logger) {
+    pipeline(source, writable, err => {
+        if (!err || !logger) {
+            return;
+        }
+        // A consumer that aborts mid-download closes the destination early; that
+        // is expected (not a failure) so it should not be logged at error level.
+        if (err.code === 'ERR_STREAM_PREMATURE_CLOSE') {
+            if (typeof logger.debug === 'function') {
+                logger.debug({ msg: 'Message stream transfer aborted by consumer', err });
+            }
+            return;
+        }
+        if (typeof logger.error === 'function') {
+            logger.error({ msg: 'Message stream transfer failed', err });
+        }
+    });
 }
 
 module.exports.MessagePortWritable = MessagePortWritable;
 module.exports.MessagePortReadable = MessagePortReadable;
+module.exports.pipeToMessagePort = pipeToMessagePort;

package/lib/reject-worker-calls.js

@@ -0,0 +1,42 @@
+'use strict';
+
+/**
+ * Reject every pending cross-thread call routed to a worker thread that has
+ * terminated. Without this, a call placed against a worker that then crashes or
+ * is force-restarted keeps waiting until its own timeout fires - which can be
+ * minutes (the submitMessage floor) or hours (a large X-EE-Timeout). Rejecting
+ * here lets the caller fail fast with a retryable error the instant the worker
+ * is known to be gone.
+ *
+ * The stored `reject` wrapper clears the entry's timeout, so we only need to
+ * drop the entry from the queue and invoke it.
+ *
+ * @param {Map} callQueue - mid -> { resolve, reject, timer, worker }
+ * @param {Worker} worker - The terminated worker thread
+ * @param {Error} err - Rejection reason. May be a shared instance reused across
+ *   concurrent rejections, so callers must not attach per-call fields to it.
+ * @returns {number} Number of pending calls that were rejected
+ */
+function rejectWorkerCalls(callQueue, worker, err) {
+    let rejected = 0;
+
+    // Deleting the current entry while iterating a Map is safe in JS.
+    for (let [mid, entry] of callQueue) {
+        if (entry.worker !== worker) {
+            continue;
+        }
+
+        callQueue.delete(mid);
+        try {
+            entry.reject(err);
+        } catch (rejectErr) {
+            // A consumer that throws synchronously from its rejection path must
+            // not stop us from cleaning up the remaining pending calls.
+        }
+        rejected++;
+    }
+
+    return rejected;
+}
+
+module.exports = { rejectWorkerCalls };