fix(admin): eliminate GoTrue empty-body 500s under bulk load (retry-all + undici keep-alive + sequential bulk), CSV formula-injection guard
This commit is contained in:
Gerhard Scheikl
+7
-4
@@ -1,6 +1,7 @@
|
||||
import Link from 'next/link';
|
||||
import { computeMetrics } from '@/lib/admin/metrics';
|
||||
import { getSupabaseAdmin } from '@/lib/supabase/admin';
|
||||
import { withAdminRetry } from '@/lib/admin/retry';
|
||||
import { formatBytes, formatDate } from '@/lib/format';
|
||||
|
||||
export const dynamic = 'force-dynamic';
|
||||
@@ -18,10 +19,12 @@ export default async function AdminOverviewPage() {
|
||||
const admin = getSupabaseAdmin();
|
||||
|
||||
// Recent signups (latest 5 users).
|
||||
const { data: recentUsersData } = await admin.auth.admin.listUsers({
|
||||
page: 1,
|
||||
perPage: 5,
|
||||
});
|
||||
const { data: recentUsersData } = await withAdminRetry(() =>
|
||||
admin.auth.admin.listUsers({
|
||||
page: 1,
|
||||
perPage: 5,
|
||||
}),
|
||||
);
|
||||
const recentUsers = recentUsersData?.users ?? [];
|
||||
|
||||
// Over-quota tunnels (compute in memory).
|
||||
|
||||
@@ -237,6 +237,11 @@ export function TunnelsTable({
|
||||
} catch {
|
||||
result.fail++;
|
||||
}
|
||||
// Tiny inter-op pacing: strictly sequential (concurrency 1) with a small
|
||||
// gap so we never burst the admin API; single refresh after all settle.
|
||||
if (i < targets.length - 1) {
|
||||
await new Promise((r) => setTimeout(r, 75));
|
||||
}
|
||||
}
|
||||
setBulkProgress(null);
|
||||
setBulkBusy(false);
|
||||
|
||||
@@ -136,6 +136,12 @@ export function UsersTable({
|
||||
} catch {
|
||||
result.fail++;
|
||||
}
|
||||
// Tiny inter-op pacing: keep the per-row mutations strictly sequential
|
||||
// (concurrency 1) with a small gap so we never burst the GoTrue admin
|
||||
// API, then refresh ONCE after every op has settled (below).
|
||||
if (i < targets.length - 1) {
|
||||
await new Promise((r) => setTimeout(r, 75));
|
||||
}
|
||||
}
|
||||
setBulkProgress(null);
|
||||
setBulkBusy(false);
|
||||
|
||||
@@ -1,6 +1,7 @@
|
||||
import { type NextRequest } from 'next/server';
|
||||
import { requireAdminApi } from '@/lib/auth/admin-guard';
|
||||
import { getSupabaseAdmin } from '@/lib/supabase/admin';
|
||||
import { withAdminRetry } from '@/lib/admin/retry';
|
||||
import { logAdminAction } from '@/lib/auth/audit';
|
||||
import { isUuid, parseBoolean } from '@/lib/admin/validators';
|
||||
import { jsonNoStore } from '@/lib/admin/response';
|
||||
@@ -44,9 +45,14 @@ export async function POST(
|
||||
}
|
||||
|
||||
const admin = getSupabaseAdmin();
|
||||
const { error } = await admin.auth.admin.updateUserById(id, {
|
||||
ban_duration: banned ? BAN_DURATION : 'none',
|
||||
} as { ban_duration: string });
|
||||
// Retry transient empty-body / poisoned-keep-alive failures so a burst-load
|
||||
// ban/unban doesn't 500. `updateUserById` is idempotent for our use
|
||||
// (ban_duration set to the same value), so a retry is safe.
|
||||
const { error } = await withAdminRetry(() =>
|
||||
admin.auth.admin.updateUserById(id, {
|
||||
ban_duration: banned ? BAN_DURATION : 'none',
|
||||
} as { ban_duration: string }),
|
||||
);
|
||||
if (error) {
|
||||
console.error('admin user.ban failed', error);
|
||||
return jsonNoStore({ error: 'internal error' }, { status: 500 });
|
||||
|
||||
@@ -1,6 +1,7 @@
|
||||
import { type NextRequest } from 'next/server';
|
||||
import { requireAdminApi } from '@/lib/auth/admin-guard';
|
||||
import { getSupabaseAdmin } from '@/lib/supabase/admin';
|
||||
import { withAdminRetry } from '@/lib/admin/retry';
|
||||
import { logAdminAction } from '@/lib/auth/audit';
|
||||
import { isUuid } from '@/lib/admin/validators';
|
||||
import { jsonNoStore } from '@/lib/admin/response';
|
||||
@@ -42,17 +43,24 @@ export async function POST(
|
||||
|
||||
const admin = getSupabaseAdmin();
|
||||
|
||||
// Merge with existing app_metadata so we don't clobber other keys.
|
||||
const { data: existing, error: getErr } =
|
||||
await admin.auth.admin.getUserById(id);
|
||||
// Merge with existing app_metadata so we don't clobber other keys. Retry the
|
||||
// read on transient empty-body responses so a burst-load flake isn't
|
||||
// misreported as a 404; a genuine not-found still falls through below.
|
||||
const { data: existing, error: getErr } = await withAdminRetry(() =>
|
||||
admin.auth.admin.getUserById(id),
|
||||
);
|
||||
if (getErr || !existing.user) {
|
||||
return jsonNoStore({ error: 'user not found' }, { status: 404 });
|
||||
}
|
||||
const merged = { ...(existing.user.app_metadata ?? {}), role };
|
||||
|
||||
const { error } = await admin.auth.admin.updateUserById(id, {
|
||||
app_metadata: merged,
|
||||
});
|
||||
// `updateUserById` is idempotent here (same app_metadata), so retrying a
|
||||
// transient empty-body write is safe.
|
||||
const { error } = await withAdminRetry(() =>
|
||||
admin.auth.admin.updateUserById(id, {
|
||||
app_metadata: merged,
|
||||
}),
|
||||
);
|
||||
if (error) {
|
||||
console.error('admin user.role failed', error);
|
||||
return jsonNoStore({ error: 'internal error' }, { status: 500 });
|
||||
|
||||
@@ -119,11 +119,24 @@ export async function DELETE(
|
||||
|
||||
// Delete the AUTH USER first. Only if that succeeds do we remove the tunnel
|
||||
// row, so a mid-failure never leaves an orphaned auth user with a dangling
|
||||
// tunnel (or half-deletes the tunnel of an already-gone user).
|
||||
const { error: delErr } = await admin.auth.admin.deleteUser(id);
|
||||
// tunnel (or half-deletes the tunnel of an already-gone user). Retry the
|
||||
// delete on transient empty-body / poisoned-keep-alive responses.
|
||||
const { error: delErr } = await withAdminRetry(() =>
|
||||
admin.auth.admin.deleteUser(id),
|
||||
);
|
||||
if (delErr) {
|
||||
console.error('admin user.delete: deleteUser failed', delErr);
|
||||
return jsonNoStore({ error: 'internal error' }, { status: 500 });
|
||||
// The delete may have actually succeeded with a truncated/empty response
|
||||
// body (the transient failure mode). Re-check existence before reporting a
|
||||
// 500: if the user is now gone, the deletion is effectively complete.
|
||||
const { data: recheck, error: recheckErr } = await withAdminRetry(() =>
|
||||
admin.auth.admin.getUserById(id),
|
||||
);
|
||||
if (recheckErr || !recheck?.user) {
|
||||
// User is gone -> delete succeeded despite the truncated body.
|
||||
} else {
|
||||
console.error('admin user.delete: deleteUser failed', delErr);
|
||||
return jsonNoStore({ error: 'internal error' }, { status: 500 });
|
||||
}
|
||||
}
|
||||
|
||||
// The auth user is gone, so no orphaned-user state is possible. Removing the
|
||||
|
||||
Reference in New Issue
Block a user