Remove memory leak from guaranteed unresolved/unrejected Promise.

I question whether or not we want to actually guarantee async execution of this method and not give the opportunity to the user to actually make it block if they'd like to, but we certainly should ensure that Promises should not be created on every request and never resolve or reject, which seems like a prime avenue for a DoS via memory leak. Of course, these should be garbage collected eventually, but we can avoid creating them that way.
apollographql · Nov 15, 2019 · 77021d2 · 77021d2
1 parent 7e84c64
commit 77021d2
Showing 1 changed file with 10 additions and 10 deletions.
diff --git a/packages/apollo-server-plugin-operation-registry/src/ApolloServerPluginOperationRegistry.ts b/packages/apollo-server-plugin-operation-registry/src/ApolloServerPluginOperationRegistry.ts
@@ -163,11 +163,11 @@ for observability purposes, but all operations will be permitted.`,
             requestContext.metrics.registeredOperation = true;
             return;
           } else {
-            if (options.onUnregisteredOperation) {
-              new Promise(() => {
-                if (options.onUnregisteredOperation) {
-                  options.onUnregisteredOperation(requestContext);
-                }
+            // If defined, this method should not block, whether async or not.
+            if (typeof options.onUnregisteredOperation === 'function') {
+              const onUnregisteredOperation = options.onUnregisteredOperation;
+              Promise.resolve().then(() => {
+                 onUnregisteredOperation(requestContext);
               });
             }
           }
@@ -234,11 +234,11 @@ for observability purposes, but all operations will be permitted.`,
           }
 
           if (shouldForbidOperation) {
-            if (options.onForbiddenOperation) {
-              new Promise(() => {
-                if (options.onForbiddenOperation) {
-                  options.onForbiddenOperation(requestContext);
-                }
+            // If defined, this method should not block, whether async or not.
+            if (typeof options.onForbiddenOperation === 'function') {
+              const onForbiddenOperation = options.onForbiddenOperation;
+              Promise.resolve().then(() => {
+                onForbiddenOperation(requestContext);
               });
             }
             if (!options.dryRun) {