letsbe/pn-new-crm
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

fix(P1): GDPR export + Redis eviction policy

Browse Source 
F3: BullMQ 5.x rejects custom job IDs containing `:` (collides with internal
Redis-key namespacing). GDPR export crashed with "Custom Id cannot contain :".
Switched to dash separator. GDPR Article 15 right-to-access now functional.

F4: Redis was configured with `allkeys-lru` eviction in both docker-compose.yml
and docker-compose.prod.yml. BullMQ explicitly requires `noeviction` —
otherwise queue keys can be evicted under memory pressure and jobs vanish
silently. Switched to noeviction with comment pointing at the audit finding.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
Matt
2026-05-14 22:39:16 +02:00
parent 85bd0d82e1
commit e469b2b6a6
3 changed files with 9 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
docker-compose.prod.yml
View File

@@ -32,7 +32,9 @@ services:
redis: redis:
image: redis:7-alpine image: redis:7-alpine
command: redis-server --requirepass ${REDIS_PASSWORD} --maxmemory 256mb --maxmemory-policy allkeys-lru # BullMQ requires `noeviction` — under memory pressure, allkeys-lru
# silently drops queue keys and jobs disappear. See post-audit fix F4.
command: redis-server --requirepass ${REDIS_PASSWORD} --maxmemory 256mb --maxmemory-policy noeviction
volumes: volumes:
- redisdata:/data - redisdata:/data
healthcheck: healthcheck:

4
docker-compose.yml
View File

@@ -18,7 +18,9 @@ services:
redis: redis:
image: redis:7-alpine image: redis:7-alpine
command: redis-server --requirepass ${REDIS_PASSWORD} --maxmemory 256mb --maxmemory-policy allkeys-lru # BullMQ requires `noeviction` — under memory pressure, allkeys-lru
# silently drops queue keys and jobs disappear. See post-audit fix F4.
command: redis-server --requirepass ${REDIS_PASSWORD} --maxmemory 256mb --maxmemory-policy noeviction
volumes: volumes:
- redisdata:/data - redisdata:/data
healthcheck: healthcheck:

4
src/lib/services/gdpr-export.service.ts
View File

@@ -110,7 +110,9 @@ export async function requestGdprExport(input: RequestExportInput): Promise<Requ
emailToClient: input.emailToClient, emailToClient: input.emailToClient,
emailOverride: input.emailOverride ?? null, emailOverride: input.emailOverride ?? null,
}, },
{ jobId: `gdpr-export:${row.id}` }, // BullMQ 5.x rejects custom job IDs containing ':' (Redis-key collision).
// Dash-separator keeps the namespace + the UUID round-trip unambiguous.
{ jobId: `gdpr-export-${row.id}` },
); );
return { export: row }; return { export: row };