mirror of
https://github.com/screentinker/screentinker.git
synced 2026-06-29 09:23:16 -06:00
101f086204
Gates genuine reconnects PER DEVICE before the heavy register work (DB writes + playlist build) runs, so a single flapping device can no longer saturate the event loop and take down the server. - Actuator is per-device, keyed on device_id (modeled on lastPlayLogAt). A device is flagged only when it exceeds reconnectBaseMax genuine reconnects per window. Same-socket playlist refreshes (isPlaylistRefresh) are exempt. - Load-awareness is BANDED (normal/elevated/critical from the step-2 lag signal), not a continuous controller. The band only MULTIPLIES an already-flagged device's backoff; global lag never gates a healthy device. - Hysteresis: escalate immediately while storming (tighten fast); decay one level per reconnectReleaseMs of calm (release slow). - HARD CEILING per device, independent of band and warm-up — a slow-ramp attacker can't train through it. - COLD START: for reconnectWarmupMs after boot, force the normal band and apply only the hard ceiling, so a full-fleet reconnect after a deploy doesn't throttle healthy screens. State is in-memory, resets on restart. - Observability: every throttle engagement logs device, band, observed vs allowed rate, and backoff. Throttled device gets device:throttled + a deferred disconnect. Tests (api.test.js style): - unit: healthy-never-throttled, storm-throttled-with-growing-backoff, band multiplies backoff, hard-ceiling-even-in-warmup, warm-up leniency, neighbor isolation, slow release. - integration GATE (the required one): full-fleet reconnect right after restart throttles NO healthy device; a single device storming IS throttled; a neighbor stays unaffected while another storms. - also fixes pre-existing test PORT collisions (my new integration files clashed with totp.test.js:3979 and totp-keyrotation.test.js:3980 -> moved to 3982/3983); full suite now green serially AND in parallel. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> |
||
|---|---|---|
| .. | ||
| admin-users.test.js | ||
| agency-digest.test.js | ||
| agency-gate.test.js | ||
| agency-layouts.test.js | ||
| agency-list.test.js | ||
| agency-scope.test.js | ||
| agency.test.js | ||
| ai-design.test.js | ||
| api.test.js | ||
| apitoken-unit.test.js | ||
| branding.test.js | ||
| config-paths.test.js | ||
| device-zone-contract.test.js | ||
| i18n-tokens.test.js | ||
| loop-lag-integration.test.js | ||
| loop-lag.test.js | ||
| mute.test.js | ||
| openapi-contract.test.js | ||
| operator-permissions.test.js | ||
| pair-lockout.test.js | ||
| pip-overlay.test.js | ||
| provisioning.test.js | ||
| reconnect-throttle-integration.test.js | ||
| reconnect-throttle.test.js | ||
| schedule-eval.test.js | ||
| schema-check.test.js | ||
| security-fixes.test.js | ||
| tenant-cascade-migration.test.js | ||
| thumbnail-proxy.test.js | ||
| tizen-eval-drift.test.js | ||
| totp-keyrotation.test.js | ||
| totp-unit.test.js | ||
| totp.test.js | ||
| user-deletion.test.js | ||
| widget-render-xss.test.js | ||