joe/kami-parse-server
Public Access
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: MongoDB timeout errors unhandled and potentially revealing internal data (#10020)

Browse Source
This commit is contained in:
Manuel
2026-01-25 00:15:01 +01:00
committed by GitHub
parent 1b5bd2f754
commit 1d3336d128
5 changed files with 164 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
src/Adapters/Storage/Mongo/MongoStorageAdapter.js
View File

@@ -27,6 +27,36 @@ const ReadPreference = mongodb.ReadPreference;
const MongoSchemaCollectionName = '_SCHEMA';
/**
* Determines if a MongoDB error is a transient infrastructure error
* (connection pool, network, server selection) as opposed to a query-level error.
*/
function isTransientError(error) {
if (!error) {
return false;
}
// Connection pool, network, and server selection errors
const transientErrorNames = [
'MongoWaitQueueTimeoutError',
'MongoServerSelectionError',
'MongoNetworkTimeoutError',
'MongoNetworkError',
];
if (transientErrorNames.includes(error.name)) {
return true;
}
// Check for MongoDB's transient transaction error label
if (typeof error.hasErrorLabel === 'function') {
if (error.hasErrorLabel('TransientTransactionError')) {
return true;
}
}
return false;
}
const storageAdapterAllCollections = mongoAdapter => {
return mongoAdapter
.connect()
@@ -252,6 +282,13 @@ export class MongoStorageAdapter implements StorageAdapter {
delete this.connectionPromise;
logger.error('Received unauthorized error', { error: error });
}
// Transform infrastructure/transient errors into Parse.Error.INTERNAL_SERVER_ERROR
if (isTransientError(error)) {
logger.error('Database transient error', error);
throw new Parse.Error(Parse.Error.INTERNAL_SERVER_ERROR, 'Database error');
}
throw error;
}

4
src/middlewares.js
View File

@@ -378,9 +378,9 @@ export const handleParseSession = async (req, res, next) => {
next(error);
return;
}
// TODO: Determine the correct error scenario.
// Log full error details internally, but don't expose to client
req.config.loggerController.error('error getting auth for sessionToken', error);
throw new Parse.Error(Parse.Error.UNKNOWN_ERROR, error);
next(new Parse.Error(Parse.Error.UNKNOWN_ERROR, 'Unknown error'));
}
};