[BUG] Docker Container ssx-server-dev crashes for any log in after the first.

[krhoda]

Is there an existing issue for this?

• I have searched the existing issues

Current Behavior

I'm using the ssx-server-dev container described in the <repo>/docker-compose.yml to attempt to do local development. I've removed the front-end in order to use my own from the docker-compose.yml, so my file looks like:

services:
  ssx-server:
    container_name: ssx-server-dev
    image: spruce/ssx-server-dev
    env_file: .env
    build:
      context: .
      dockerfile: ssx-server.Dockerfile
    ports:
      - "8443:8443"

The container works for the first log in. The container outputs the following log:

ssx-server-dev  | {
ssx-server-dev  |   userId: 'did:pkh:eip155:1:0xdA3176d77c04632F2862B14E35bc6B4717FB5016',
ssx-server-dev  |   type: 'ssx-login',
ssx-server-dev  |   content: {
ssx-server-dev  |     signature: '0xf977aaedd14c0ee9121edce880fd58132cdf580a6eb1966623f3c2b8d66a77e423dec09db2b9b32149bd79e11a99eb8310f3a5db1d541c6b7bd74f1515c6332d1c',
ssx-server-dev  |     siwe: 'localhost wants you to sign in with your Ethereum account:\n' +
ssx-server-dev  |       '0xdA3176d77c04632F2862B14E35bc6B4717FB5016\n' +
ssx-server-dev  |       '\n' +
ssx-server-dev  |       '\n' +
ssx-server-dev  |       'URI: did:key:z6MkpjgcdvifNmcj5gCz39QSVegUM4mzKG8rMTox8vGnJDWY#z6MkpjgcdvifNmcj5gCz39QSVegUM4mzKG8rMTox8vGnJDWY\n' +
ssx-server-dev  |       'Version: 1\n' +
ssx-server-dev  |       'Chain ID: 1\n' +
ssx-server-dev  |       'Nonce: TtC8dYMIK8rzTT6tW\n' +
ssx-server-dev  |       'Issued At: 2023-01-05T20:53:18.905Z',
ssx-server-dev  |     isGnosis: false
ssx-server-dev  |   },
ssx-server-dev  |   timestamp: '2023-01-05T20:53:21.728Z'
ssx-server-dev  | }

If I refresh the client app, then log in again, it crashes with the message:

ssx-server-dev  | /root/ssx/packages/ssx-server/dist/middlewares/express/middleware.js:59
ssx-server-dev  |             const { success: verified, data } = siweMessageVerify;
ssx-server-dev  |                              ^
ssx-server-dev  |
ssx-server-dev  | TypeError: Cannot destructure property 'success' of 'siweMessageVerify' as it is undefined.
ssx-server-dev  |     at /root/ssx/packages/ssx-server/dist/middlewares/express/middleware.js:59:30
ssx-server-dev  |     at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
ssx-server-dev  |
ssx-server-dev  | Node.js v18.12.1
ssx-server-dev exited with code 1

This is consistently reproducible.

Expected Behavior

The ssx-server-dev container can handle a second user logging in or a malformed message without crashing.

Steps To Reproduce

1. Clone the repo.
2. Run the docker container
3. Visit the app
4. Log in
5. Refresh the app
6. Log in again

Anything else?

One major issue is that de-structuring an undefined property in JavaScript causes an unrecoverable error and program wide crash. De-structuring without validation is always going to risk making a recoverable error into a fatal one.

I think we should strive to make them recoverable, in the sense that one malformed message from one user doesn't crash the whole system for other users. That way a useful error can be returned in the case of accidental malformed messages and the system is not vulnerable to one bad message being enough to launch a DoS attack.

[skgbafa]

This bug is related to ssx-server middleware

[krhoda]

Good news, I'm no longer experiencing this issue after the latest changes. I'm going to close this issue.