querysub 0.406.0 → 0.408.0

package/bin/audit-disk-values.js

@@ -0,0 +1,7 @@
+#!/usr/bin/env node
+
+// Always local, as we want to always use the local code? Might not be needed anymore?
+process.argv.push("--local");
+
+require("typenode");
+require("../src/diagnostics/auditDiskValuesEntry");

package/bin/deploy-prefixes.js

@@ -0,0 +1,7 @@
+#!/usr/bin/env node
+
+// Always local, as we want to always use the local code? Might not be needed anymore?
+process.argv.push("--local");
+
+require("typenode");
+require("../src/4-deploy/deployPrefixes");

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "querysub",
-  "version": "0.406.0",
+  "version": "0.408.0",
   "main": "index.js",
   "license": "MIT",
   "note1": "note on node-forge fork, see https://github.com/digitalbazaar/forge/issues/744 for details",
@@ -23,6 +23,7 @@
   },
   "bin": {
     "deploy": "./bin/deploy.js",
+    "deploy-prefixes": "./bin/deploy-prefixes.js",
     "server": "./bin/server.js",
     "server-public": "./bin/server-public.js",
     "function": "./bin/function.js",
@@ -39,7 +40,8 @@
     "addsuperuser": "./bin/addsuperuser.js",
     "error-watch": "./bin/error-watch.js",
     "error-watch-public": "./bin/error-watch-public.js",
-    "audit-imports": "./bin/audit-imports.js"
+    "audit-imports": "./bin/audit-imports.js",
+    "audit-disk-values": "./bin/audit-disk-values.js"
   },
   "dependencies": {
     "@types/fs-ext": "^2.0.3",
@@ -60,7 +62,7 @@
     "pako": "^2.1.0",
     "peggy": "^5.0.6",
     "querysub": "^0.357.0",
-    "socket-function": "^1.1.11",
+    "socket-function": "^1.1.18",
     "terser": "^5.31.0",
     "typesafecss": "^0.28.0",
     "yaml": "^2.5.0",

package/src/-a-archives/archiveCache.ts

@@ -82,15 +82,18 @@ const getDiskMetricsBase = async () => {
             usedCacheBytes += info.size;
             usedCacheFiles++;
         } else {
-            // TEMP files, and... any files?
-            // If it's too old, delete it
-            let stat = await fs.promises.stat(cacheArchives2 + file);
-            let threshold = Date.now() - TEMP_THRESHOLD;
-            if (stat.mtimeMs < threshold) {
-                try {
-                    await fs.promises.unlink(cacheArchives2 + file);
-                } catch { }
-            }
+            try {
+                // TEMP files, and... any files?
+                // If it's too old, delete it
+                let stat = await fs.promises.stat(cacheArchives2 + file);
+                let threshold = Date.now() - TEMP_THRESHOLD;
+                if (stat.mtimeMs < threshold) {
+                    try {
+                        await fs.promises.unlink(cacheArchives2 + file);
+                    } catch { }
+                }
+                // If we can't stat it, someone else deleted it, so that's fine...
+            } catch { }
         }
     }
     let processFileParallel = runInParallel({ parallelCount: 32 }, processFile);

package/src/-a-auth/certs.ts

@@ -480,7 +480,7 @@ export function decodeNodeId(nodeId: string, allowMissingThreadId?: "allowMissin
 export function decodeNodeIdAssert(nodeId: string, allowMissingThreadId?: "allowMissingThreadId"): NodeIdParts {
     let result = decodeNodeId(nodeId, allowMissingThreadId);
     if (!result) {
-        throw new Error(`Invalid nodeId: ${nodeId}`);
+        throw new Error(`Invalid nodeId: ${JSON.stringify(nodeId)}`);
     }
     return result;
 }

package/src/-c-identity/IdentityController.ts

@@ -18,7 +18,7 @@ import { formatTime } from "socket-function/src/formatting/format";
 import { waitForFirstTimeSync } from "socket-function/time/trueTimeShim";
 import { red } from "socket-function/src/formatting/logColors";
 import { isNode } from "typesafecss";
-import { areNodeIdsEqual, getOwnThreadId } from "../-f-node-discovery/NodeDiscovery";
+import { areNodeIdsEqual, getOwnNodeId, getOwnThreadId } from "../-f-node-discovery/NodeDiscovery";
 
 let callerInfo = new Map<CallerContext, {
     reconnectNodeId: string | undefined;
@@ -109,6 +109,7 @@ export const IdentityController_getOwnPubKeyShort = lazy((): number => {
     return getShortNumber(pubKey);
 });
 
+
 export interface ChangeIdentityPayload {
     time: number;
     cert: string;
@@ -116,6 +117,7 @@ export interface ChangeIdentityPayload {
     serverId: string;
     mountedPort: number | undefined;
     debugEntryPoint: string | undefined;
+    clientIsNode: boolean;
 }
 class IdentityControllerBase {
     // IMPORTANT! We HAVE to call changeIdentity NOT JUST because we can't use peer certificates in the browser, BUT, also
@@ -133,6 +135,11 @@ class IdentityControllerBase {
             throw new Error(`Signed payload too old, ${payload.time} < ${signedThreshold} from ${caller.localNodeId} (${caller.nodeId})`);
         }
 
+        if (payload.clientIsNode && payload.serverId !== getOwnNodeId()) {
+            // This is extremely common when we reuse ports, which we do frequently for the edge nodes. 
+            throw new Error(`You tried to contact another server. We are ${getOwnNodeId()}, you tried to contact ${payload.serverId}.`);
+        }
+
         // Verify the signature is meant for us, otherwise any other site can hijack the login!
         //  (We don't have to worry about other servers on the same domain, as all servers
         //      on the same domain should be the same!)
@@ -221,6 +228,7 @@ const changeIdentityOnce = cacheWeak(async function changeIdentityOnce(connectio
         certIssuer: issuer.cert.toString(),
         mountedPort: getNodeIdLocation(SocketFunction.mountedNodeId)?.port,
         debugEntryPoint: isNode() ? process.argv[1] : "browser",
+        clientIsNode: isNode(),
     };
     let signature = sign(threadKeyCert, payload);
     await timeoutToError(

package/src/-f-node-discovery/NodeDiscovery.ts

@@ -3,11 +3,11 @@ import { getArchives } from "../-a-archives/archives";
 import { getDomain, isDevDebugbreak, isNoNetwork, isPublic } from "../config";
 import { measureBlock } from "socket-function/src/profiling/measure";
 import { isNode, sha256Hash, throttleFunction, timeInMinute, timeInSecond } from "socket-function/src/misc";
-import { errorToUndefinedSilent, ignoreErrors, logErrors, timeoutToUndefinedSilent } from "../errors";
+import { errorToUndefinedSilent, ignoreErrors, logErrors, timeoutToError, timeoutToUndefinedSilent } from "../errors";
 import { ensureWeAreTrusted, requiresNetworkTrustHook } from "../-d-trust/NetworkTrust2";
 import { delay, runInfinitePoll, runInfinitePollCallAtStart } from "socket-function/src/batching";
-import { getNodeId, getNodeIdFromLocation, getNodeIdLocation } from "socket-function/src/nodeCache";
-import { lazy } from "socket-function/src/caching";
+import { getCallFactory, getCreateCallFactory, getNodeId, getNodeIdFromLocation, getNodeIdLocation } from "socket-function/src/nodeCache";
+import { cache, lazy } from "socket-function/src/caching";
 import { shuffle } from "../misc/random";
 import { blue, green, magenta, red, yellow } from "socket-function/src/formatting/logColors";
 import { PromiseObj } from "../promise";
@@ -46,8 +46,6 @@ let DISK_AUDIT_RATE = timeInMinute * 15;
 //  probably is less than that). Which is around 2.5 cents on digital ocean IF we go over
 //  our 1TB/month allowance.
 let API_AUDIT_RATE = timeInSecond * 30;
-// BUT, for now, poll less often... because I think it is lagging our 2 core potato digital ocean server.
-API_AUDIT_RATE = timeInMinute * 5;
 let API_AUDIT_COUNT = 12;
 
 
@@ -196,8 +194,12 @@ function addNodeIdBase(nodeId: string) {
     allNodeIds2.add(nodeId);
     onNodesChanged();
 }
-function setNodeIds(nodeIds: string[]) {
+async function setNodeIds(nodeIds: string[]) {
     nodeIds = nodeIds.filter(x => x !== SPECIAL_NODE_ID_FOR_UNMOUNTED_NODE);
+    if (isNode()) {
+        await Promise.allSettled(nodeIds.map(checkWrongServerNodeId));
+        nodeIds = nodeIds.filter(nodeId => !wrongServerNodeIds.has(nodeId));
+    }
 
     console.info("setNodeIds", { nodeIds });
     let newNodeIds = nodeIds.filter(nodeId => !allNodeIds2.has(nodeId));
@@ -295,25 +297,74 @@ export async function triggerNodeChange() {
     }));
 }
 
+// If we can connect on the same port, but it has a different thread ID, it means the old thread ID is gone. We're never going to go back to an old thread ID, and we can't have two threads on the same port. 
+let wrongServerNodeIds = new Set<string>();
+let checkWrongServerNodeId = cache(async (nodeId: string) => {
+    if (wrongServerNodeIds.has(nodeId)) return;
+    let callFactory = await timeoutToUndefinedSilent(timeInSecond * 5, Promise.resolve(getCreateCallFactory(nodeId)));
+    if (!callFactory) {
+        if (SocketFunction.logMessages) {
+            console.log(`Did not find call factory for ${nodeId}`);
+        }
+        // Clear it right away, so we can check for it being alive quickly.
+        checkWrongServerNodeId.clear(nodeId);
+        return;
+    }
+    if (callFactory) {
+        // Not great, but... this should work well enough.
+        for (let i = 0; i < 10; i++) {
+            if (callFactory.receivedInitializeState) break;
+            await delay(500);
+        }
+        if (!callFactory.receivedInitializeState && SocketFunction.logMessages) {
+            console.log(`Did not receive initialize state from ${nodeId}`);
+        }
+    } else {
+        if (SocketFunction.logMessages) {
+            console.log(`Did not find call factory for ${nodeId}`);
+        }
+    }
+    if (callFactory && callFactory.realNodeId && callFactory.realNodeId !== nodeId) {
+        if (SocketFunction.logMessages) {
+            console.log(red(`Found dead thread, disconnecting node and deleting from archives ${nodeId}`));
+        }
+        wrongServerNodeIds.add(nodeId);
+        callFactory?.disconnect();
+        // Dead threads never come back, so this should be safe to do. 
+        await archives().del(nodeId);
+        // Return, so we don't clear this.
+        return;
+    } else {
+        if (SocketFunction.logMessages) {
+            console.log(green(`Found live thread, node ${nodeId}, real node id ${callFactory?.realNodeId}`));
+        }
+    }
+
+    setTimeout(() => {
+        checkWrongServerNodeId.clear(nodeId);
+    }, timeInMinute * 5);
+});
+
 async function syncArchives() {
     if (isServer()) {
         // Make sure we are present
         await writeHeartbeat();
         let nodeIds = await archives().find("");
         console.log(green(`Syncing node ids from archives`), { nodeIds });
-        setNodeIds(nodeIds);
+        console.log(green(`Synced node ids from archives`), { nodeIds });
+        await setNodeIds(nodeIds);
     } else {
         if (isNoNetwork() || !isNode()) {
             // NOTE: If no network, our trust source might be different, so we can't talk to regular nodes,
             //  and instead have to only talk to HTTP nodes
-            setNodeIds([getBrowserUrlNode()]);
+            await setNodeIds([getBrowserUrlNode()]);
         } else {
             // If on the network, NetworkTrust2 should sync the trusted machines from backblaze, so we should be
             //  able to talk to any nodes.
             //  - If they user is using --client they only want to talk to querysub nodes. There might be multiple,
             //      which cloudflare will proxy, HOWEVER, it is more efficient to directly access the node list, which
             //      will be better for load balancing and updating on failure than the cloudflare proxying... probably.
-            setNodeIds(await NodeDiscoveryController.nodes[getBrowserUrlNode()].getAllNodeIds());
+            await setNodeIds(await NodeDiscoveryController.nodes[getBrowserUrlNode()].getAllNodeIds());
         }
     }
 }
@@ -332,7 +383,7 @@ async function runHeartbeatAuditLoop() {
         let deadTime = Date.now() - DEAD_THRESHOLD;
         let nodeIds = await archives().find("");
         // We spent the money checking the node list, so we might as well update it
-        setNodeIds(nodeIds);
+        await setNodeIds(nodeIds);
 
         let pendingDeadCount = 0;
 
@@ -565,6 +616,7 @@ class NodeDiscoveryControllerBase {
     public async addNode(nodeId: string) {
         console.log(magenta(`Received addNode`), { nodeId });
         addNodeId(nodeId);
+        return true;
     }
     public async resyncNodes(reason: string) {
         let caller = SocketFunction.getCaller();
@@ -589,6 +641,7 @@ const NodeDiscoveryController = SocketFunction.register(
     "NodeDiscoveryController-7991037e-fd9e-4085-b1db-52035487e72c",
     new NodeDiscoveryControllerBase(),
     () => ({
+        getOwnNodeId: { noClientHooks: true, noDefaultHooks: true },
         addNode: { hooks: [requiresNetworkTrustHook] },
         resyncNodes: { hooks: [requiresNetworkTrustHook] },
         getAllNodesHash: { hooks: [requiresNetworkTrustHook] },

package/src/0-path-value-core/AuthorityLookup.ts

@@ -5,7 +5,7 @@ import { archiveJSONT } from "../-a-archives/archivesJSONT";
 import { getDomain, isPublic } from "../config";
 import { cache, lazy } from "socket-function/src/caching";
 import { SocketFunction } from "socket-function/SocketFunction";
-import { runInSerial, runInfinitePollCallAtStart } from "socket-function/src/batching";
+import { delay, runInSerial, runInfinitePollCallAtStart } from "socket-function/src/batching";
 import { getAllNodeIds, getOwnNodeId, isOwnNodeId, onNodeBroadcasted, syncNodesNow, watchDeltaNodeIds, watchNodeIds } from "../-f-node-discovery/NodeDiscovery";
 import { IdentityController_getCurrentReconnectNodeIdAssert } from "../-c-identity/IdentityController";
 import { requiresNetworkTrustHook } from "../-d-trust/NetworkTrust2";
@@ -16,6 +16,7 @@ import { AuthoritySpec } from "./PathRouter";
 import { formatTime } from "socket-function/src/formatting/format";
 import { getAllAuthoritySpec, getEmptyAuthoritySpec } from "./PathRouterServerAuthoritySpec";
 
+setImmediate(() => import("../3-path-functions/syncSchema"));
 
 let NETWORK_POLL_INTERVAL = timeInMinute * 5;
 let CALL_TIMEOUT = isPublic() ? timeInSecond * 20 : timeInSecond * 3;
@@ -46,11 +47,15 @@ class AuthorityLookup {
     }
 
     public getTopologySync() {
-        if (!this.didInitialSync) throw new Error("Cannot call getTopologySync without calling syncAllNow at some point first.");
+        if (!this.didInitialSync) {
+            require("debugbreak")(2);
+            debugger;
+            throw new Error("Cannot call getTopologySync without awaiting syncAllNow or startSyncing.");
+        }
         return Array.from(this.topology.nodes.values()).filter(x => x.isReady);
     }
     public getAuthoritySpecForNodeId(nodeId: string): AuthoritySpec | undefined {
-        if (!this.didInitialSync) throw new Error("Cannot call getAuthoritySpecForNodeId without calling syncAllNow at some point first.");
+        if (!this.didInitialSync) throw new Error("Cannot call getAuthoritySpecForNodeId without awaiting syncAllNow or startSyncing.");
         return this.topology.nodes.get(nodeId)?.authoritySpec;
     }
 
@@ -201,9 +206,14 @@ class AuthorityLookup {
         if (isClient()) {
             // Doesn't matter what the node ID is, we should really only be connecting to the browser node ID, Which will have all the data for the current domain. 
             //  - Get all node IDs should restrict our nodes to just the browser node ID. If we ever change this, then either it's redundant nodes and they all have all the same data, or we need to figure out what data they have, And as their proxies, it probably won't be their actual authority data. So that will require new API functions, etc. 
+            await new Promise(r => setImmediate(r));
+            await delay(1);
+            let { getPrefixesForDeploy } = await import("../3-path-functions/syncSchema");
             this.updatePaths(nodeId, {
-                ...getAllAuthoritySpec(),
                 nodeId: nodeId,
+                prefixes: await getPrefixesForDeploy(),
+                routeStart: 0,
+                routeEnd: 1,
             }, true);
             return;
         }