Bug: Timeout middleware registered after catch-all routes — never fires #54
Labels
No Label
P0 Critical
P1 High
P2 Medium
P3 Low
accessibility
backend
bug
content
data-integrity
enhancement
frontend
infra
integration
owner
owner-input
performance
performance
phase-7
phase-8
security
seo
ui
ux
No Milestone
No project
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: null/Queue-North-Website#54
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Problem
In
server/index.js, thetimeoutMiddlewareis registered viaapp.use(timeoutMiddleware)after the 404 catch-all for API routes and the SPA catch-allapp.get('*'). Since Express processes middleware in registration order, by the time a request reaches the timeout middleware, a response has already been sent by one of the earlier route handlers. The timeout middleware will never fire.Location
server/index.js— theapp.use(timeoutMiddleware)call is at line ~545, after:app.use((req, res, next) => { if (req.path.startsWith('/api'))... })(404 catch-all)app.use(express.static(...))(static files)app.get('*', ...)(SPA catch-all)Fix
Move
app.use(timeoutMiddleware)to before the route definitions (before the API routes), so it can actually enforce timeouts on requests. Example:Severity
Medium — currently no request timeouts are enforced. In production, a slow or hung request could consume a connection indefinitely.