git-watchtower 2.1.10 → 2.1.12
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/bin/git-watchtower.js +12 -8
- package/package.json +1 -1
- package/src/server/coordinator.js +19 -0
package/bin/git-watchtower.js
CHANGED
|
@@ -397,8 +397,6 @@ const MAX_SERVER_LOG_LINES = 500;
|
|
|
397
397
|
const FORCE_KILL_GRACE_MS = 3000;
|
|
398
398
|
/** Additional grace period added to a command's timeout before SIGKILL. */
|
|
399
399
|
const SIGKILL_GRACE_AFTER_TIMEOUT_MS = 5000;
|
|
400
|
-
/** Delay between stopping and restarting the dev server. */
|
|
401
|
-
const SERVER_RESTART_DELAY_MS = 500;
|
|
402
400
|
/** How long a transient flash message stays on screen. */
|
|
403
401
|
const FLASH_MESSAGE_DURATION_MS = 3000;
|
|
404
402
|
/** Debounce window for file watcher events before notifying clients. */
|
|
@@ -826,13 +824,19 @@ function stopServerProcess() {
|
|
|
826
824
|
return Promise.race([closedPromise, hardCap]);
|
|
827
825
|
}
|
|
828
826
|
|
|
829
|
-
function restartServerProcess() {
|
|
827
|
+
async function restartServerProcess() {
|
|
830
828
|
addLog('Restarting server...', 'update');
|
|
831
|
-
|
|
832
|
-
|
|
833
|
-
|
|
834
|
-
|
|
835
|
-
|
|
829
|
+
// Await actual exit before respawning. The previous fire-and-forget
|
|
830
|
+
// stopServerProcess() + 500 ms setTimeout was shorter than the
|
|
831
|
+
// FORCE_KILL_GRACE_MS (3 s) SIGKILL escalation, so a dev server with
|
|
832
|
+
// a slow SIGTERM handler would yield EADDRINUSE on the respawn — the
|
|
833
|
+
// new process tried to bind a port the old one still held.
|
|
834
|
+
try {
|
|
835
|
+
await stopServerProcess();
|
|
836
|
+
} catch (_) { /* stopServerProcess never rejects in practice; best-effort */ }
|
|
837
|
+
if (isShuttingDown) return;
|
|
838
|
+
startServerProcess();
|
|
839
|
+
render();
|
|
836
840
|
}
|
|
837
841
|
|
|
838
842
|
// Network and polling state
|
package/package.json
CHANGED
|
@@ -34,6 +34,18 @@ const WATCHTOWER_DIR = path.join(os.homedir(), '.watchtower');
|
|
|
34
34
|
*/
|
|
35
35
|
const MAX_IPC_BUFFER = 1024 * 1024;
|
|
36
36
|
|
|
37
|
+
/**
|
|
38
|
+
* Maximum number of concurrent worker connections the coordinator will
|
|
39
|
+
* accept. The legitimate ceiling is "one git-watchtower instance per
|
|
40
|
+
* project the user is actively working on" — a generous double-digit
|
|
41
|
+
* limit covers any real workflow. The cap exists so a buggy or
|
|
42
|
+
* malicious local process running as the same user can't open thousands
|
|
43
|
+
* of sockets and exhaust the coordinator's file descriptors. Beyond
|
|
44
|
+
* this limit, Node's net.Server closes incoming connections after
|
|
45
|
+
* accept() rather than handing them to the request listener.
|
|
46
|
+
*/
|
|
47
|
+
const MAX_WORKER_CONNECTIONS = 64;
|
|
48
|
+
|
|
37
49
|
/**
|
|
38
50
|
* How long a worker waits for a `registered` ACK from the coordinator
|
|
39
51
|
* after the TCP connection completes and the `register` frame is written.
|
|
@@ -255,6 +267,12 @@ class Coordinator {
|
|
|
255
267
|
this._handleWorkerConnection(socket);
|
|
256
268
|
});
|
|
257
269
|
|
|
270
|
+
// Cap concurrent connections so a buggy/malicious local peer can't
|
|
271
|
+
// exhaust our FDs by opening thousands of sockets. Node's net.Server
|
|
272
|
+
// honours this by closing the accepted socket immediately when the
|
|
273
|
+
// count exceeds the limit — request listener never runs.
|
|
274
|
+
this.ipcServer.maxConnections = MAX_WORKER_CONNECTIONS;
|
|
275
|
+
|
|
258
276
|
this.ipcServer.on('error', (err) => {
|
|
259
277
|
reject(err);
|
|
260
278
|
});
|
|
@@ -722,4 +740,5 @@ module.exports = {
|
|
|
722
740
|
LOCK_FILE,
|
|
723
741
|
SOCKET_PATH,
|
|
724
742
|
MAX_IPC_BUFFER,
|
|
743
|
+
MAX_WORKER_CONNECTIONS,
|
|
725
744
|
};
|