Nonce value is not reliable #4
Comments
|
Suggested solution: use Date.now() instead; it's still a bit susceptible to servertime drift but should be Ok for most situations. I patched the library and it seems to be working Ok now both in my local and remote environments. If you're using Ubuntu on EC2 make sure to install NTP |
|
Care to submit a pull request and a test case? |
|
So, the reason we moved to an hrtime() based approach was because Date.now() breaks down on a single machine where multiple requests happen faster than the precision of Date.now(): 6ee61e4 Have another suggestion that would work for both single machine and multi-machine cases? |
|
Possibly a multi-machine flag when you initialize it? For our use case we are doing low-frequency ops so millisecond time limits aren't a large issue. You could also use an internal counter that increments after each api call. So something like Date.now()*1000+(counter++)%1000 I'm not sure why but date.now() was randomly failing with a 401 sometimes as well. Not sure if my change maybe didn't get one of the hrtime()s changed. We ended up giving each machine its own api key which works for now but will be a headache to automate if we want to, for instance, do autoscaling of our infrastructure in the future. — On Mon, Apr 14, 2014 at 8:51 AM, Matt Walters notifications@github.com
|
|
Are you sure you won't still have the same problem, essentially that you have two machines using the same algorithm to provide increasingly incremented values over time - but one machine thinks the current time is earlier than another? The point of the new method was to give higher resolution, making it harder to have multiple calls between ticks. It sounds to me like your second machine is just sending an outdated nonce because the first is ahead of it. Perhaps the solution is to ensure your servers are time synced: https://help.ubuntu.com/10.04/serverguide/NTP.html |
|
Yeah that was a suggestion for combining the new strategy with your need for more than one call per millisecond. Date.now() works if the servers' time is synced to within less than the precision of the time between calls (for us that is multiple seconds since it is triggered by a hit on a we page) On Mon, Apr 14, 2014 at 9:04 AM, Matt Walters notifications@github.com
|
|
If you've got a branch you'd like me to look at, shoot me a link or make a PR. |
|
@mateodelnorte I've stumbled upon an issue where two synced servers gave me two totally different values of |
|
@fragphace, @yeldarby take a comments in #5. If the changes in https://github.com/mateodelnorte/coinbase/tree/feature/enhanced-nonce work for you, I'll bump version, push to master, and publish asap. Thx. |
|
Closing. Fixed by #7 |
In trying to test both locally and on a server I ran into an issue where coinbase would return 401 unauthrorized. I pinned this down to the requirement that nonce values are strictly higher than any nonce value submitted before.
Looks like this library is using
process.hrtime()to generate the nonce. While this works Ok on a single machine it is not consistent from machine to machine.The text was updated successfully, but these errors were encountered: