javascript-solid-server 0.0.150 → 0.0.151

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "javascript-solid-server",
-  "version": "0.0.150",
+  "version": "0.0.151",
   "description": "A minimal, fast Solid server",
   "main": "src/index.js",
   "type": "module",

package/src/storage/quota.js

@@ -8,6 +8,10 @@ import { join } from 'path';
 import { getDataRoot } from '../utils/url.js';
 
 const QUOTA_FILE = '.quota.json';
+// Temp files created by saveQuota live next to the quota file; they must be
+// excluded from disk-usage reconciliation so an orphan (e.g. from a crash
+// between writeFile and rename) doesn't inflate pod usage.
+const QUOTA_TMP_PREFIX = `${QUOTA_FILE}.tmp.`;
 
 /**
  * Get quota file path for a pod
@@ -16,6 +20,18 @@ function getQuotaPath(podName) {
   return join(getDataRoot(), podName, QUOTA_FILE);
 }
 
+/**
+ * Coerce a parsed quota object to a sane shape so all callers can do
+ * arithmetic on it without worrying about undefined/NaN/negative values.
+ */
+function sanitizeQuota(q) {
+  const toNum = (v) => {
+    const n = Number(v);
+    return Number.isFinite(n) && n >= 0 ? n : 0;
+  };
+  return { limit: toNum(q?.limit), used: toNum(q?.used) };
+}
+
 /**
  * Load quota data for a pod
  * @param {string} podName - The pod name
@@ -24,11 +40,15 @@ function getQuotaPath(podName) {
 export async function loadQuota(podName) {
   try {
     const data = await fs.readFile(getQuotaPath(podName), 'utf-8');
-    return JSON.parse(data);
+    // Empty/partial file can appear if a write was interrupted (or from a
+    // racing non-atomic save on older versions). Treat as missing and
+    // reconcile against on-disk usage so we don't under-count.
+    if (!data.trim()) return { limit: 0, used: await calculatePodSize(podName) };
+    return sanitizeQuota(JSON.parse(data));
   } catch (err) {
-    if (err.code === 'ENOENT') {
-      // No quota file - return defaults (will be initialized on first write)
-      return { limit: 0, used: 0 };
+    if (err.code === 'ENOENT') return { limit: 0, used: 0 };
+    if (err instanceof SyntaxError) {
+      return { limit: 0, used: await calculatePodSize(podName) };
     }
     throw err;
   }
@@ -40,7 +60,19 @@ export async function loadQuota(podName) {
  * @param {object} quota - Quota data
  */
 export async function saveQuota(podName, quota) {
-  await fs.writeFile(getQuotaPath(podName), JSON.stringify(quota, null, 2));
+  // Atomic write: fs.writeFile truncates before writing, which lets concurrent
+  // readers see an empty file. Write to a temp file and rename (POSIX-atomic).
+  // Any failure (writeFile or rename) cleans up the temp file so failed writes
+  // don't accumulate orphans.
+  const finalPath = getQuotaPath(podName);
+  const tmpPath = `${finalPath}.tmp.${process.pid}.${Date.now()}.${Math.random().toString(36).slice(2)}`;
+  try {
+    await fs.writeFile(tmpPath, JSON.stringify(quota, null, 2));
+    await fs.rename(tmpPath, finalPath);
+  } catch (err) {
+    await fs.unlink(tmpPath).catch(() => {});
+    throw err;
+  }
 }
 
 /**
@@ -76,8 +108,9 @@ async function calculateDirSize(dirPath) {
     for (const entry of entries) {
       const fullPath = join(dirPath, entry.name);
 
-      // Skip quota file itself
+      // Skip the quota file and any orphaned temp files from saveQuota.
       if (entry.name === QUOTA_FILE) continue;
+      if (entry.name.startsWith(QUOTA_TMP_PREFIX)) continue;
 
       if (entry.isDirectory()) {
         total += await calculateDirSize(fullPath);
@@ -106,9 +139,12 @@ async function calculateDirSize(dirPath) {
 export async function checkQuota(podName, additionalBytes, defaultQuota) {
   let quota = await loadQuota(podName);
 
-  // Initialize if no quota set
+  // Initialize if no quota set. loadQuota already sanitizes shape, so `used`
+  // is a finite non-negative number here — preserve it so reconciled usage
+  // from a recovered corrupt/empty file is not reset to 0.
   if (quota.limit === 0 && defaultQuota > 0) {
-    quota = await initializeQuota(podName, defaultQuota);
+    quota = { limit: defaultQuota, used: quota.used };
+    await saveQuota(podName, quota);
   }
 
   // No quota enforcement if limit is 0

package/test/quota-race.test.js

@@ -0,0 +1,143 @@
+/**
+ * Regression tests for #309 — concurrent quota updates causing 500s.
+ *
+ * Without atomic writes, two concurrent updateQuotaUsage calls race on
+ * .quota.json — the second load can read an empty/partial file and
+ * JSON.parse throws "Unexpected end of JSON input".
+ */
+
+import { describe, it, before, after } from 'node:test';
+import assert from 'node:assert';
+import fs from 'fs-extra';
+import os from 'os';
+import path from 'path';
+import {
+  initializeQuota,
+  updateQuotaUsage,
+  loadQuota,
+  saveQuota,
+  checkQuota,
+  calculatePodSize
+} from '../src/storage/quota.js';
+
+const POD = 'testpod';
+let TEST_ROOT;
+let originalDataRoot;
+
+describe('quota — concurrent updates (#309)', () => {
+  before(async () => {
+    originalDataRoot = process.env.DATA_ROOT;
+    TEST_ROOT = await fs.mkdtemp(path.join(os.tmpdir(), 'jss-quota-'));
+    process.env.DATA_ROOT = TEST_ROOT;
+    await fs.ensureDir(path.join(TEST_ROOT, POD));
+    await initializeQuota(POD, 50 * 1024 * 1024);
+  });
+
+  after(async () => {
+    if (originalDataRoot === undefined) delete process.env.DATA_ROOT;
+    else process.env.DATA_ROOT = originalDataRoot;
+    await fs.remove(TEST_ROOT);
+  });
+
+  it('many concurrent updates do not throw', async () => {
+    const N = 50;
+    const updates = Array.from({ length: N }, (_, i) =>
+      updateQuotaUsage(POD, 10 + i)
+    );
+    await assert.doesNotReject(Promise.all(updates));
+    const final = await loadQuota(POD);
+    assert.strictEqual(typeof final.used, 'number');
+    assert.ok(final.used > 0);
+  });
+
+  async function withResourceAndBrokenQuota(brokenContent) {
+    const resourcePath = path.join(TEST_ROOT, POD, 'resource.txt');
+    const quotaPath = path.join(TEST_ROOT, POD, '.quota.json');
+    const size = 321;
+    await fs.writeFile(resourcePath, 'x'.repeat(size));
+    await fs.writeFile(quotaPath, brokenContent);
+    return { size, cleanup: () => fs.remove(resourcePath) };
+  }
+
+  it('loadQuota reconciles usage from disk when quota file is empty', async () => {
+    const { size, cleanup } = await withResourceAndBrokenQuota('');
+    try {
+      const q = await loadQuota(POD);
+      assert.strictEqual(q.limit, 0);
+      assert.strictEqual(q.used, size);
+    } finally { await cleanup(); }
+  });
+
+  it('loadQuota reconciles usage from disk when quota file is corrupt', async () => {
+    const { size, cleanup } = await withResourceAndBrokenQuota('{"limit":524');
+    try {
+      const q = await loadQuota(POD);
+      assert.strictEqual(q.limit, 0);
+      assert.strictEqual(q.used, size);
+    } finally { await cleanup(); }
+  });
+
+  it('loadQuota sanitizes malformed fields (missing/null/negative)', async () => {
+    const quotaPath = path.join(TEST_ROOT, POD, '.quota.json');
+    const cases = [
+      ['{"limit":0}', { limit: 0, used: 0 }],
+      ['{"limit":null,"used":null}', { limit: 0, used: 0 }],
+      ['{"limit":-10,"used":-5}', { limit: 0, used: 0 }],
+      // Numeric strings are coerced — tolerates legacy/manually-edited files.
+      ['{"limit":"100","used":"50"}', { limit: 100, used: 50 }]
+    ];
+    for (const [body, expected] of cases) {
+      await fs.writeFile(quotaPath, body);
+      const q = await loadQuota(POD);
+      assert.deepStrictEqual(q, expected, `for ${body}`);
+    }
+  });
+
+  it('calculatePodSize ignores orphaned quota temp files', async () => {
+    // Simulate an orphan from a crashed saveQuota (process died between
+    // writeFile and rename) — must not be counted toward pod usage.
+    const resource = path.join(TEST_ROOT, POD, 'data.txt');
+    const orphan = path.join(TEST_ROOT, POD, '.quota.json.tmp.999.1.abc');
+    await fs.writeFile(resource, 'x'.repeat(50));
+    await fs.writeFile(orphan, 'x'.repeat(9999));
+    try {
+      const size = await calculatePodSize(POD);
+      assert.strictEqual(size, 50, 'orphan temp file must not be counted');
+    } finally {
+      await fs.remove(resource);
+      await fs.remove(orphan);
+    }
+  });
+
+  it('checkQuota preserves reconciled usage when re-initializing limit', async () => {
+    const { size, cleanup } = await withResourceAndBrokenQuota('');
+    try {
+      const defaultQuota = 10 * 1024 * 1024;
+      const { quota } = await checkQuota(POD, 0, defaultQuota);
+      assert.strictEqual(quota.limit, defaultQuota);
+      assert.strictEqual(quota.used, size, 'reconciled usage must not be reset to 0');
+    } finally { await cleanup(); }
+  });
+
+  it('saveQuota is atomic — concurrent read during save never sees empty file', async () => {
+    await saveQuota(POD, { limit: 1000, used: 100 });
+    const quotaPath = path.join(TEST_ROOT, POD, '.quota.json');
+
+    // Interleave 200 saves with 200 reads; with non-atomic writes, at least
+    // one read would land on a truncated file — the empty-file assertion
+    // below (or the JSON.parse) would then fail.
+    const ops = [];
+    for (let i = 0; i < 200; i++) {
+      ops.push(saveQuota(POD, { limit: 1000, used: i }));
+      ops.push(fs.readFile(quotaPath, 'utf-8').then((data) => {
+        assert.notStrictEqual(
+          data.length,
+          0,
+          'concurrent read saw an empty quota file'
+        );
+        JSON.parse(data);
+      }));
+    }
+    await assert.doesNotReject(Promise.all(ops));
+  });
+});