fix(identity): copy loadAudiusSdk.cjs into build output#14474
Merged
dylanjeffers merged 2 commits intoJun 15, 2026
Conversation
The production container runs the compiled entrypoint at build/src/index.js, which requires '../loadAudiusSdk.cjs' relative to __dirname (resolving to build/loadAudiusSdk.cjs). Because loadAudiusSdk.cjs lives outside src/ as a plain .cjs file, tsc never emits it into build/, and the copyfiles step only copied src/emails. This caused MODULE_NOT_FOUND at startup in prod. Copy loadAudiusSdk.cjs into build/ during the build so the relative require resolves in both dev (ts-node-dev) and prod (compiled).
|
|
Dependency limit exceeded — report not shown. This pull request scan exceeded the 10,000-dependency limit applied to this scan, so the results are incomplete and may be inaccurate. To avoid reporting false positives, Socket has not posted a report. Upgrade your plan to raise the dependency limit and get complete reports, or view the partial scan in the dashboard. Socket is always free for open source. If this is a non-commercial open source project, contact us to request a free Team account. |
src/utils/disposableEmail.js reads src/data/disposable_email_blocklist.conf at runtime via fs.readFileSync. tsc does not emit .conf files, and the copyfiles step only copied src/emails, so build/src/data/ was missing in the production image. This is a latent ENOENT (the blocklist loads lazily on the first disposable-email check during signup) from the same email verification PR as the loadAudiusSdk.cjs issue. Copy src/data into build/src so the blocklist resolves in prod.
dylanjeffers
added a commit
that referenced
this pull request
Jun 16, 2026
…ers -> .users)
authMiddleware backfills blockchainUserId/handle for users whose identity
row lacks them (the state of any guest / freshly signed-up user) by calling
the SDK. It used `req.app.get('audiusSdk').full.users.getUserAccount(...)`,
but the @audius/sdk instance has no `.full` namespace - `users` is a
top-level API. So `.full` is undefined and `.users` throws a synchronous
TypeError ("Cannot read properties of undefined (reading 'users')") on
EVERY new-user auth request (/users/update, /record_ip, etc).
Confirmed in prod logs:
TypeError: Cannot read properties of undefined (reading 'users')
at authMiddleware (build/src/authMiddleware.js:97:68)
msg: "Failed to update blockchainUserId/handle"
The bad accessor came in with the monorepo import (#14388) and only began
firing once #14474 (6/15) made loadAudiusSdk.cjs available so the SDK
actually initialized - matching the signup regression window. The
surrounding try/catch swallowed the error and called next(), so the
backfill silently never happened for new users.
Fix: use the correct accessor `audiusSdk.users.getUserAccount`. Also wrap
the now-live call in a 3s timeout (deferred into a promise so a
missing/misshapen sdk rejects instead of throwing synchronously), so that
once the call actually runs, a slow discovery lookup for a not-yet-indexed
new user degrades gracefully (logged, then next()) instead of stalling auth.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
dylanjeffers
added a commit
that referenced
this pull request
Jun 16, 2026
…ers -> .users)
authMiddleware backfills blockchainUserId/handle for users whose identity
row lacks them (the state of any guest / freshly signed-up user) by calling
the SDK. It used `req.app.get('audiusSdk').full.users.getUserAccount(...)`,
but the @audius/sdk instance has no `.full` namespace - `users` is a
top-level API. So `.full` is undefined and `.users` throws a synchronous
TypeError ("Cannot read properties of undefined (reading 'users')") on
EVERY new-user auth request (/users/update, /record_ip, etc).
Confirmed in prod logs:
TypeError: Cannot read properties of undefined (reading 'users')
at authMiddleware (build/src/authMiddleware.js:97:68)
msg: "Failed to update blockchainUserId/handle"
The bad accessor came in with the monorepo import (#14388) and only began
firing once #14474 (6/15) made loadAudiusSdk.cjs available so the SDK
actually initialized - matching the signup regression window. The
surrounding try/catch swallowed the error and called next(), so the
backfill silently never happened for new users.
Fix: use the correct accessor `audiusSdk.users.getUserAccount`.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
dylanjeffers
added a commit
that referenced
this pull request
Jun 16, 2026
…ers -> .users) (#14482) ## Problem Users report failing/janky signups, with `POST https://identityservice.audius.co/users/update` misbehaving ([Slack thread](https://audius-internal.slack.com/archives/CA80RCL77/p1781637102823139)). `authMiddleware` (which gates `/users/update`, `/record_ip`, and every other authenticated endpoint) backfills `blockchainUserId`/`handle` for any identity `Users` row that lacks them — i.e. **every guest / freshly signed-up user**. It did this via: ```js req.app.get('audiusSdk').full.users.getUserAccount({ ... }) ``` But the `@audius/sdk` instance **has no `.full` namespace** — `users` is a top-level API (`audiusSdk.users.getUserAccount`). So `.full` is `undefined` and `.users` throws a **synchronous `TypeError`** on every new-user auth request. Confirmed in prod logs: ``` TypeError: Cannot read properties of undefined (reading 'users') at authMiddleware (build/src/authMiddleware.js:97:68) msg: "Failed to update blockchainUserId/handle" ``` The surrounding `try/catch` swallowed it and called `next()`, so the request proceeded but the **backfill silently never happened** — new identity rows never got `blockchainUserId`/`handle` set. ## Why it started now The bad accessor came in with the **monorepo import** of identity-service (#14388, 5/22), which rewrote `authMiddleware` to use `@audius/sdk`. It was dormant until #14474 (6/15) shipped `loadAudiusSdk.cjs` into the build, so the SDK actually initialized and this line began firing — matching the regression window. (identity hadn't been deployed in a while; 6/15 was the first monorepo image promoted to prod.) I verified prod is in the *benign* config otherwise: `environment=production` is set in `identity-service-secret`, so the SDK targets prod discovery — the issue is purely the wrong accessor, not SDK misconfig. ## Fix Use the correct accessor `audiusSdk.users.getUserAccount` in both `authMiddleware` and `parameterizedAuthMiddleware`. One-token change per call site. ## Notes - Ray's `record_ip` hunch is a red herring: `/users/update` doesn't call `recordIP`. (Though `/record_ip` is also gated by `authMiddleware`, so it hit the same TypeError — likely the source of the confusion.) - Same 6/15 batch also fixed a related latent crash: #14378 reads `src/data/disposable_email_blocklist.conf` at signup via an unguarded `fs.readFileSync`; that file wasn't copied into the build until #14474 (same one-liner that also added `loadAudiusSdk.cjs`). Worth hardening that read separately. - The batch's endpoint removals (#14458, #14472) are safe — the legacy `packages/libs` methods that hit them aren't called by any current client. ## Verification - Confirmed `getUserAccount` lives on the top-level `UsersApi` (`audiusSdk.users`) and there is no `.full` in the SDK instance shape (`@audius/sdk` `index.d.ts`). - Confirmed response shape `res.data.user` is still correct (`UserAccountResponse.data: Account`, `Account.user: User`). - Confirmed prod `environment=production`. After deploy, the `TypeError ... reading 'users'` log should disappear and `Failed to update blockchainUserId/handle` should drop to near-zero. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
The identity-service pod crashes on startup with:
Root cause
The production container runs the compiled entrypoint
node build/src/index.js(scripts/start.sh). That file requires the SDK loader via a path relative to__dirname:The
..resolves differently depending on where the entrypoint physically lives:ts-node-devrunssrc/index.ts):__dirname=identity-service/src→ resolves to package-rootloadAudiusSdk.cjs✓noderunsbuild/src/index.js):__dirname=identity-service/build/src→ resolves tobuild/loadAudiusSdk.cjs✗loadAudiusSdk.cjsdeliberately lives outsidesrc/as a plain.cjsfile (sots-node-devdoesn't transpile itsimport()intorequire()and triggerERR_REQUIRE_ESM). Because it isn't a.tsfile,tscnever emits it intobuild/, and thecopyfilesbuild step only copiedsrc/emails. Sobuild/loadAudiusSdk.cjswas never present in the production image →MODULE_NOT_FOUND.Fix
Extend the
copyfilesscript to also copyloadAudiusSdk.cjsintobuild/, so the existing relativerequire('../loadAudiusSdk.cjs')resolves correctly in both dev and prod.Verification
copyfileslocally and confirmedbuild/loadAudiusSdk.cjsis produced.loadAudiusSdk(a function).https://claude.ai/code/session_011oMzUJoMTNRaGUh7qPt1jp
Generated by Claude Code