Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: enforce maximum call depth for local api operations #9315

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

feat: enforce maximum call depth for local api operations #9315

wants to merge 2 commits into from

Conversation

r1tsuu
Copy link
Member

@r1tsuu r1tsuu commented Nov 18, 2024
edited
Loading

What?

Enforces maximum call depth for Local API operations.

This helps to identify hooks like this:

import type { CollectionConfig } from 'payload'

export const InfinityLoop: CollectionConfig = {
  slug: 'infinity-loop',
  fields: [],
  hooks: {
    afterRead: [
      async ({ req, context, doc }) => {
        // fetch self, doesn't have any condition so infinity loop
        await req.payload.findByID({
          req,
          id: doc.id,
          collection: 'infinity-loop',
        })
      },
    ],
  },
}

And now we throw the ReachedMaxCallDepth error if call depth is more than payload.config.maxCallDepth which by default is 30. Can be disabled with providing false.

How?

Uses ALS to track current operations call depth.

@r1tsuu r1tsuu changed the title Feat/enforce max operation depth feat: enforce maximum call depth against infinity loops caused by custom hooks Nov 18, 2024
@r1tsuu r1tsuu marked this pull request as ready for review November 18, 2024 23:37
@r1tsuu r1tsuu changed the title feat: enforce maximum call depth against infinity loops caused by custom hooks feat: enforce maximum call depth for local api operations Nov 18, 2024
@denolfe denolfe removed the v3 label Nov 19, 2024
@r1tsuu
Copy link
Member Author

r1tsuu commented Nov 22, 2024
edited
Loading

If you have performance concerns about running an ALS for each operation, I did some benchmarking, await asl.run() doesn't seem different than await Promise.resolve(1).

@r1tsuu r1tsuu force-pushed the feat/enforce-max-operation-depth branch 2 times, most recently from 8efd954 to 5fe7354 Compare November 26, 2024 14:22
@r1tsuu r1tsuu force-pushed the feat/enforce-max-operation-depth branch from 5fe7354 to 0b05eb8 Compare November 26, 2024 14:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@DanRibbens DanRibbens Awaiting requested review from DanRibbens

Assignees
No one assigned
Labels
created-by: Payload team
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@r1tsuu @denolfe