Skip to content
Open
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 12 additions & 1 deletion havril/internal/api/handlers/oauth_handler.go
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,18 @@ type codeEntry struct {
}

func NewOAuthHandler(baseURL string, userRepo *user.Repository) *OAuthHandler {
return &OAuthHandler{baseURL: baseURL, userRepo: userRepo}
h := &OAuthHandler{baseURL: baseURL, userRepo: userRepo}
go func() {

Copy link
Copy Markdown
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this goroutine lacks an exit. in this current state there will be accumulation of goroutines if we have users multiple being login in

for range time.Tick(5 * time.Minute) {

Copy link
Copy Markdown
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we should ensure that time.Tick is closed bcs it cannot be recovered by a garbage collector and will lead to more memory leaks

h.codes.Range(func(k, v any) bool {

Copy link
Copy Markdown
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

regarding that, I feel like if have the DoS vector attack that can leak huge cpu spike not sure if my current vpc could handle that 😅

we can keep that for now

if time.Now().After(v.(*codeEntry).expiresAt) {
h.codes.Delete(k)
}
return true
})
}
}()
return h
}

// Metadata handles GET /.well-known/oauth-authorization-server
Expand Down