Comments (7)
Update; we have been running the above version in production across all our customers integrating with various SAML 2.0 providers (Google Workspace, Okta, Azure AD, and more). We have not observed any memory leak after switching to https://www.npmjs.com/package/samlify-validator-js (github)
from samlify-node-xmllint.
I took the job of forking this library and in-lined "node-xmllint" (orginal repo is removed). I manually patched the memory leak in node-xmllint.
This is the result, currently validating in a real application:
https://www.npmjs.com/package/samlify-validator-js
from samlify-node-xmllint.
I'm trying to figure why my app memory usage is growing slowly but quite linear . This is Node-Express app transpiled via TypeScript. I made a shell-script for recording mem usage (via pm2) :
2021-10-05 09:20:01 ==> 117.5mb
2021-10-05 09:30:01 ==> 117.7mb
2021-10-05 09:40:01 ==> 117.8mb
2021-10-05 09:50:01 ==> 116.7mb
2021-10-05 10:00:01 ==> 130.0mb
2021-10-05 10:10:01 ==> 148.1mb
2021-10-05 10:20:01 ==> 147.7mb
2021-10-05 10:25:01 ==> 158.9mb
2021-10-05 10:30:01 ==> 156.1mb
2021-10-05 10:35:01 ==> 164.2mb
There was several authentication tasks while this test, and one to suspect specially is :
node-xmllint : Handler is registered with each reference to this library which might lead to memory leaks.
Does anyone know how can I ensure this happening, because there are also other possibilities for growing mem usage.
from samlify-node-xmllint.
Think it's fixed now.
I had set schemaValidator to :
const validator = require('@authenio/samlify-validate-with-xmllint');
and now removed it totally, and skipped whole validation by :
samlify.setSchemaValidator({
validate: (response: string) => {
return Promise.resolve('skipped');
}
});
Mem usage seems to be ok now, and linear growing has disappered.
Could you add some warning to docs, maybe Deprecated, to @authenio/samlify-validate-with-xmllint
.
I bet it can harm similar Express apps like this, if used.
from samlify-node-xmllint.
@netmiller Does this mean you're not doing any XML validation at all?
from samlify-node-xmllint.
True. My only IdP is national security authority, and I can suppose the XML they provide is valid and checked properly.
from samlify-node-xmllint.
I also encountered the issue very randomly - running HAPI web server on Node. Sometimes when logging has a big payload, on drain of stdout event node-xmllint quits the process like nothing happened, no exception!!!
Workaround with turning off validation works, but would appreciate a long term fix.
from samlify-node-xmllint.
Related Issues (4)
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from samlify-node-xmllint.