#argon2 - container hangs on without any error message

35 messages · Page 1 of 1 (latest)

compact nebula
#

So, this is the code:

import * as argon2 from 'argon2';

async updateRefreshTokenHash(userId, refresh_token) {
    let hash
    try {
        console.log('ESSSSA')
        hash = await argon2.hash(refresh_token);
        console.log('ESSSSA22222')
    } catch (e) {
        console.error(e)
    }
    console.log(hash);
}

and this is the error:

image.png
#

Any ideas? Docker engine is running on WSL2, and the container is using node:21-alpine

naive briar
#

I've had issues with argon creashing in containers with too little memory, they ended up getting oom killed

# 
docker container inspect <my_container>
#

use this command to see the status of the container that crashed

#

check out the "Status" key

compact nebula
#

That's weird. It doesn't crash, instead it hangs on without any message

#

I'll try to increase memory limit for docker

#

argon2 - container hangs on without any error message

naive briar
#

its still running apparently

#

so its probably not getting oom killed

#

@compact nebula have you fixed it ? can you show me the controller ?

compact nebula
#

Not yet :/ Connection gets closed and every next request is refused

image.png
# 
// auth.controller.ts
import { Controller, UseGuards } from '@nestjs/common';
import { MessagePattern, Payload } from '@nestjs/microservices';
import { TwaGuard } from './guards/twa.guard';
import MessagePatterns from '@shared/constants/MessagePatterns'
import { AuthService } from './auth.service';

@Controller()
export class AuthController {

    constructor(private authService: AuthService) {}

    @UseGuards(TwaGuard)
    @MessagePattern(MessagePatterns.AuthService.IssueTwaTokens)
    issueTwaTokens(@Payload() { user }) {
        return this.authService.issueTwaTokens(user);
    }

}
# 
// auth.service.ts
import * as argon2 from 'argon2';
    ...
    async issueTwaTokens(user) {
        const payload = {
            user: {
                id: user._id,
                firstName: user.metadata.first_name,
                lastName: user.metadata.last_name
            }
        }
        const tokens = await this.getTokens(payload);
        const updatedUser = await this.updateRefreshTokenHash(user._id, tokens.refresh_token)
        return tokens;
    }

    async updateRefreshTokenHash(userId, refresh_token) {
        let hash
        try {
            console.log('ESSSSA')
            hash = await argon2.hash(refresh_token);
            console.log('ESSSSA22222')
        } catch (e) {
            console.error(e)
        }
        console.log(hash)
        const result = await lastValueFrom(this.userServiceClient.send(MessagePatterns.UsersService.UpdateUser, { _id: userId, refreshTokenHash: hash }))
        return result;
    }
  ...
naive briar
#

Can you monitor the resources of the container while it runs that handler with docker stat <container ?

compact nebula
#

@naive briar

image.png
#

I'll try to debug

naive briar
#

Gee, I dont have a clue then mate I'm sorry

#

I'd say try to make a minimum reproductible example (running in docker), see if it still doesn't work and maybe try to open an issue on argon's repo

compact nebula
#

Debugger disconnects on this line

// argon2.js
...
const hash = await bindingsHash(Buffer.from(plain), salt, options);
...
agile tree
#

Why a bindingHash and why a Buffer?

compact nebula
#

It's from argon2 package

agile tree
#

I don't see bindingHash anywhere in argon2's README

#

Or the use of Buffer for the password

compact nebula
#

Check the argon2.js file

agile tree
#

Ah, argon's internal code, gotcha

#

It might depend on your docker container, but you might need to make a reproduction and report this to argon's repo. I know I haven't had an issue with it

plain condor
#

I don't believe argon works with alpine (directly). I sort of flew over this thread, but you might want to try a different distro, like bookworm- slim.

#

I'm using argon2 also and useing bullseye-slim as the base image with no problems.

plain condor
#

I looked a bit further. If you install argon2 with a GCC other than g++-12, then it won't work and Alpine comes with musl-gcc. What does your dockerfile look like?

compact nebula
# 
FROM node:21-alpine AS base
WORKDIR /usr/src/auth-service

FROM base AS development

COPY auth-service/package*.json .
RUN npm install

COPY auth-service/ .

COPY shared/src /usr/src/shared/src
COPY shared/package*.json /usr/src/shared/
RUN npm --prefix /usr/src/shared install

RUN npm run build

FROM base as production

COPY --from=development /usr/src/auth-service/dist .
COPY --from=development package*.json .

RUN npm install --omit=dev

CMD ["node", "dist/auth-service/src/main.js"]
#

Switched to node:21-bookworm-slim and everything works as expected. Thanks for support 👍