Is this a security issue?
No
Is this an issue with your StackPath account or service?
No
Before continuing
OK
Describe the bug
I have went through the jwt-validation project. I try to use cache in the same way as in the getJWK.js and I quickly realize that Serverless scripts live and die per request; the code is not continuously running in the background. the cache = {} will never store anything.
To reproduce
/******/ (function(modules) { // webpackBootstrap
/******/ // The module cache
/******/ var installedModules = {};
/******/
/******/ // The require function
/******/ function __webpack_require__(moduleId) {
/******/
/******/ // Check if module is in cache
/******/ if(installedModules[moduleId]) {
/******/ return installedModules[moduleId].exports;
/******/ }
/******/ // Create a new module (and put it into the cache)
/******/ var module = installedModules[moduleId] = {
/******/ i: moduleId,
/******/ l: false,
/******/ exports: {}
/******/ };
/******/
/******/ // Execute the module function
/******/ modules[moduleId].call(module.exports, module, module.exports, __webpack_require__);
/******/
/******/ // Flag the module as loaded
/******/ module.l = true;
/******/
/******/ // Return the exports of the module
/******/ return module.exports;
/******/ }
/******/
/******/
/******/ // expose the modules object (__webpack_modules__)
/******/ __webpack_require__.m = modules;
/******/
/******/ // expose the module cache
/******/ __webpack_require__.c = installedModules;
/******/
/******/ // define getter function for harmony exports
/******/ __webpack_require__.d = function(exports, name, getter) {
/******/ if(!__webpack_require__.o(exports, name)) {
/******/ Object.defineProperty(exports, name, { enumerable: true, get: getter });
/******/ }
/******/ };
/******/
/******/ // define __esModule on exports
/******/ __webpack_require__.r = function(exports) {
/******/ if(typeof Symbol !== 'undefined' && Symbol.toStringTag) {
/******/ Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
/******/ }
/******/ Object.defineProperty(exports, '__esModule', { value: true });
/******/ };
/******/
/******/ // create a fake namespace object
/******/ // mode & 1: value is a module id, require it
/******/ // mode & 2: merge all properties of value into the ns
/******/ // mode & 4: return value when already ns object
/******/ // mode & 8|1: behave like require
/******/ __webpack_require__.t = function(value, mode) {
/******/ if(mode & 1) value = __webpack_require__(value);
/******/ if(mode & 8) return value;
/******/ if((mode & 4) && typeof value === 'object' && value && value.__esModule) return value;
/******/ var ns = Object.create(null);
/******/ __webpack_require__.r(ns);
/******/ Object.defineProperty(ns, 'default', { enumerable: true, value: value });
/******/ if(mode & 2 && typeof value != 'string') for(var key in value) __webpack_require__.d(ns, key, function(key) { return value[key]; }.bind(null, key));
/******/ return ns;
/******/ };
/******/
/******/ // getDefaultExport function for compatibility with non-harmony modules
/******/ __webpack_require__.n = function(module) {
/******/ var getter = module && module.__esModule ?
/******/ function getDefault() { return module['default']; } :
/******/ function getModuleExports() { return module; };
/******/ __webpack_require__.d(getter, 'a', getter);
/******/ return getter;
/******/ };
/******/
/******/ // Object.prototype.hasOwnProperty.call
/******/ __webpack_require__.o = function(object, property) { return Object.prototype.hasOwnProperty.call(object, property); };
/******/
/******/ // __webpack_public_path__
/******/ __webpack_require__.p = "";
/******/
/******/
/******/ // Load entry module and return exports
/******/ return __webpack_require__(__webpack_require__.s = 0);
/******/ })
/************************************************************************/
/******/ ([
/* 0 */
/***/ (function(module, __webpack_exports__, __webpack_require__) {
"use strict";
// ESM COMPAT FLAG
__webpack_require__.r(__webpack_exports__);
// CONCATENATED MODULE: ./src/requestHandler.js
const cache = {};
/**
* Handle the HTTP request for the script
*
* This handler will validate that the authorization token provided by the user is a valid JWT
* that was signed by the authorization server. This validation is done by the TokenValidator
* that was created above. If the token is valid, the request is fetched and the response is
* returned to the client. If the token is invalid, a 401 error will be returned back to the client
*
* @param {Request} request
* @returns {Response}
*/
function buildRequestHandler() {
return async function handleRequest(request) {
try {
// Now that we've validated that the user has provided a valid JWT that our authorization
// server provided we can continue processing the user's request
const response = await fetch(request);
console.log('cache',cache);
if(Object.entries(cache).length === 0){
cache['item']= 'test item';
console.log('assigned cache');
}
// Modify the request here if necessary
return response;
} catch (e) {
// TODO: add proper error handling
return new Response(e.stack || e, {
status: 500,
});
}
};
}
// CONCATENATED MODULE: ./src/index.js
// Create the handler for our requests and inject the JWT validator we built
const handleRequest = buildRequestHandler();
// Register the request handler with StackPath's serverless scripting platform
//
// eslint-disable-next-line no-restricted-globals
addEventListener('fetch', (event) => {
event.respondWith(handleRequest(event.request));
});
/***/ })
/******/ ]);
Expected behavior
The console.log('cache', cache); should display the 'test item', but instead it is empty object per request
Actual behavior
There should be a way to use cache, I haven't found a way to do it and the cache used in example is pretty misleading. cloudflare worker does provide cache API for serverless function, which is unavailable in stackpath
System Details (please complete the following information):
N/A
Additional context
N/A