fix(matchmaking): self-heal a missing session instead of 401#33
Open
ChronoFinale wants to merge 1 commit into
Open
fix(matchmaking): self-heal a missing session instead of 401#33ChronoFinale wants to merge 1 commit into
ChronoFinale wants to merge 1 commit into
Conversation
The matchmaking routes looked up the player's in-memory session with a strict getSession() and threw "Session not found" (401) when it was absent. Sessions are in-memory only, so they are lost on a server restart and reaped by the EMQX disconnect webhook for non-lobby players, while the player's JWT is stateless and outlives them. The result: a still-authenticated player is permanently stranded with no recovery path (the client never re-auths on a valid token). Route the lookup through a shared ensureSession(), which rebuilds the session from the durable player record when it is missing — the same self-healing pattern the auth endpoints already use. A player who does not exist in the DB at all is genuinely unknown and still rejected (404). - add ensure-session.ts (reuses the existing dbPlayerToSessionInit mapper) - use ensureSession() in /queue, /matches/:id/start, /matches/:id/result - export dbPlayerToSessionInit so the helper can share it (no duplication) - add regression tests: heals a known player to 200, rejects unknown 404 Refs Balatro-Multiplayer#32 Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Fixes the "Session not found" (401) that strands an authenticated player in matchmaking (#32).
A player's session is an in-memory cache of their
playersrow. It's wiped on a server restart and reaped by the EMQX disconnect webhook for non-lobby players — but the player's JWT is stateless and outlives it. The matchmaking routes looked the session up with a strictgetSession()and threwSession not foundwhen it was absent, with no recovery path (the client never re-auths on a still-valid token).This routes the lookup through a shared
ensureSession()that rebuilds the session from the durable player record on a miss — the same self-healing pattern/auth/refreshand the auth endpoints already use. A player who genuinely doesn't exist in the DB is still rejected (404).Changes
ensure-session.ts(reuses the existingdbPlayerToSessionInitmapper — no duplicated logic)ensureSession()in/queue,/matches/:id/start,/matches/:id/resultexportdbPlayerToSessionInitso the helper can share itWhy this is safe / cheap
/auth/refreshalready self-heal this exact way; matchmaking was the inconsistent gate.Scope
This is the minimal, tested fix for the reported symptom. The same
hasActiveSession-or-deny pattern also exists in the EMQX auth webhook (so MQTT reconnection can't self-heal either) — that, plus client-side re-auth on a 401, is the deeper root fix. Those are noted in #32 as proposed follow-ups since they touch a broader boundary.Refs #32
🤖 Generated with Claude Code