Fix PR Feedback & Prepare Monorepo

google-labs-jules[bot] · google-labs-jules[bot] · commit 291ff84fa551 · 2025-12-15T12:27:41.000Z
- **Fixes**:
  - Implemented `LRU` cache for manifests (prevent leaks).
  - Added strict input validation for Manifests.
  - Fixed `hex2bin` crash in error handler.
  - Refactored socket cleanup.
  - Added `test/megatorrent-validation.js`.
- **Monorepo**:
  - Moved `ARCHITECTURE.md` to `docs/`.
  - Added `qbittorrent` submodule.
  - Added `README-monorepo.md`.
diff --git a/.gitmodules b/.gitmodules
@@ -0,0 +1,3 @@
+[submodule "qbittorrent"]
+	path = qbittorrent
+	url = https://github.com/robertpelloni/qbittorrent
diff --git a/README-monorepo.md b/README-monorepo.md
@@ -0,0 +1,21 @@
+# Megatorrent Monorepo
+
+This repository contains the reference implementation for the Megatorrent protocol, a decentralized, mutable successor to BitTorrent.
+
+## Structure
+
+*   `docs/`: Architecture and Protocol Specifications.
+*   `tracker/`: Node.js implementation of the Tracker and Reference Client (the root of this repo, historically).
+*   `qbittorrent/`: C++ Client Fork (Submodule).
+
+## Getting Started
+
+### Node.js Tracker & Reference Client
+Run the tracker and client tests:
+```bash
+npm install
+npm test
+```
+
+### qBittorrent Client
+See `qbittorrent/README.md` for C++ build instructions.
diff --git a/docs/ARCHITECTURE.md b/docs/ARCHITECTURE.md
diff --git a/lib/manifest.js b/lib/manifest.js
@@ -10,6 +10,17 @@ export function validateManifest (manifest) {
   if (!manifest || typeof manifest !== 'object') throw new Error('Invalid manifest')
   if (!manifest.publicKey || !manifest.signature) throw new Error('Missing keys')
 
+  // Validation
+  if (typeof manifest.publicKey !== 'string' || !/^[0-9a-fA-F]{64}$/.test(manifest.publicKey)) {
+    throw new Error('Invalid public key format')
+  }
+  if (typeof manifest.signature !== 'string' || !/^[0-9a-fA-F]{128}$/.test(manifest.signature)) {
+    throw new Error('Invalid signature format')
+  }
+  if (typeof manifest.sequence !== 'number') throw new Error('Invalid sequence')
+  if (typeof manifest.timestamp !== 'number') throw new Error('Invalid timestamp')
+  if (!Array.isArray(manifest.collections)) throw new Error('Invalid collections')
+
   // Reconstruct the payload to verify (exclude signature)
   const payload = {
     publicKey: manifest.publicKey,
diff --git a/qbittorrent b/qbittorrent
@@ -0,0 +1 @@
+Subproject commit 5abf458e69ff644b60a205814e3da2b22febf0a8
diff --git a/server.js b/server.js
@@ -15,6 +15,7 @@ import parseHttpRequest from './lib/server/parse-http.js'
 import parseUdpRequest from './lib/server/parse-udp.js'
 import parseWebSocketRequest from './lib/server/parse-websocket.js'
 import { validateManifest } from './lib/manifest.js'
+import { LRUCache } from 'lru-cache'
 
 const debug = Debug('bittorrent-tracker:server')
 const hasOwnProperty = Object.prototype.hasOwnProperty
@@ -54,7 +55,10 @@ class Server extends EventEmitter {
     this.listening = false
     this.destroyed = false
     this.torrents = {}
-    this.manifests = {} // PublicKey -> Manifest
+
+    // LRU Cache for Manifests (max 1000 items)
+    this.manifests = new LRUCache({ max: 1000 })
+
     this.subscriptions = {} // PublicKey -> Set<Socket>
 
     this.http = null
@@ -649,28 +653,32 @@ class Server extends EventEmitter {
         return cb(new Error('Invalid signature'))
       }
     } catch (e) {
-      return cb(e)
+      return cb(new Error('Manifest validation failed: ' + e.message))
     }
 
     const key = params.manifest.publicKey
-    const current = this.manifests[key]
+    const current = this.manifests.get(key)
 
     if (current && params.manifest.sequence <= current.sequence) {
       return cb(new Error('Sequence too low'))
     }
 
     // Store manifest
-    this.manifests[key] = params.manifest
+    this.manifests.set(key, params.manifest)
     debug('Manifest updated for %s seq=%d', key, params.manifest.sequence)
 
     // Broadcast to subscribers
     if (this.subscriptions[key]) {
       this.subscriptions[key].forEach(socket => {
         if (socket.readyState === 1) { // OPEN
-          socket.send(JSON.stringify({
-            action: 'publish',
-            manifest: params.manifest
-          }))
+          try {
+            socket.send(JSON.stringify({
+              action: 'publish',
+              manifest: params.manifest
+            }))
+          } catch (err) {
+            debug('Broadcast failed for peer %s: %s', socket.peerId, err.message)
+          }
         }
       })
     }
@@ -687,22 +695,36 @@ class Server extends EventEmitter {
     }
     this.subscriptions[key].add(socket)
 
+    // Track subscriptions on the socket for efficient cleanup
+    if (!socket.subscribedKeys) {
+      socket.subscribedKeys = new Set()
+    }
+    socket.subscribedKeys.add(key)
+
     // Send latest if available
-    if (this.manifests[key]) {
-      socket.send(JSON.stringify({
-        action: 'publish',
-        manifest: this.manifests[key]
-      }))
+    const cached = this.manifests.get(key)
+    if (cached) {
+      try {
+        socket.send(JSON.stringify({
+          action: 'publish',
+          manifest: cached
+        }))
+      } catch (err) {
+        debug('Initial send failed for peer %s: %s', socket.peerId, err.message)
+      }
     }
 
     // Cleanup on close
     if (!socket._cleanupSetup) {
       socket.on('close', () => {
-        // We have to iterate since we don't store reverse mapping efficiently here
-        // (Optimally we should store subscribed keys on socket)
-        for (const k in this.subscriptions) {
-          this.subscriptions[k].delete(socket)
-          if (this.subscriptions[k].size === 0) delete this.subscriptions[k]
+        if (socket.subscribedKeys) {
+          for (const k of socket.subscribedKeys) {
+            if (this.subscriptions[k]) {
+              this.subscriptions[k].delete(socket)
+              if (this.subscriptions[k].size === 0) delete this.subscriptions[k]
+            }
+          }
+          socket.subscribedKeys.clear()
         }
       })
       socket._cleanupSetup = true
diff --git a/test/megatorrent-validation.js b/test/megatorrent-validation.js
@@ -0,0 +1,83 @@
+import test from 'tape'
+import Server from '../server.js'
+import WebSocket from 'ws'
+import { generateKeypair, sign } from '../reference-client/lib/crypto.js'
+import stringify from 'fast-json-stable-stringify'
+
+function createTracker (opts, cb) {
+  const server = new Server(opts)
+  server.on('listening', () => cb(server))
+  server.listen(0)
+}
+
+test('Megatorrent: Validation and Cleanup', function (t) {
+  t.plan(5)
+
+  createTracker({ udp: false, http: false, ws: true, stats: false }, function (server) {
+    const port = server.ws.address().port
+    const trackerUrl = `ws://localhost:${port}`
+    const keypair = generateKeypair()
+
+    const publisher = new WebSocket(trackerUrl)
+
+    publisher.on('open', () => {
+        // Test 1: Invalid Signature
+        const invalidManifest = {
+            publicKey: keypair.publicKey.toString('hex'),
+            sequence: 1,
+            timestamp: Date.now(),
+            collections: [],
+            signature: Buffer.alloc(64).toString('hex') // invalid sig
+        }
+
+        publisher.send(JSON.stringify({
+            action: 'publish',
+            manifest: invalidManifest
+        }))
+    })
+
+    publisher.on('message', (data) => {
+        const msg = JSON.parse(data)
+
+        if (msg['failure reason']) {
+            // We expect failures for invalid inputs
+            if (msg['failure reason'].includes('Invalid signature') || msg['failure reason'].includes('validation failed')) {
+                t.pass('Rejected invalid signature/manifest')
+
+                // Now proceed to clean up test
+                publisher.close()
+
+                // Test 2: Memory Leak / Cleanup Check
+                // Create a subscriber that subscribes and then disconnects
+                const subscriber = new WebSocket(trackerUrl)
+                subscriber.on('open', () => {
+                    const k = keypair.publicKey.toString('hex')
+                    subscriber.send(JSON.stringify({ action: 'subscribe', key: k }))
+
+                    // Allow server to process
+                    setTimeout(() => {
+                        t.ok(server.subscriptions[k], 'Subscription active')
+                        t.equal(server.subscriptions[k].size, 1, 'One subscriber')
+
+                        subscriber.close()
+
+                        // Wait for cleanup
+                        setTimeout(() => {
+                           if (!server.subscriptions[k]) {
+                               t.pass('Subscription Set removed after last subscriber left')
+                           } else {
+                               t.equal(server.subscriptions[k].size, 0, 'Subscriber removed from set')
+                           }
+
+                           // Test 3: Cache Existence
+                           t.ok(server.manifests, 'LRU Cache exists')
+
+                           server.close()
+                        }, 100)
+                    }, 100)
+                })
+            }
+        }
+    })
+  })
+})

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+[submodule "qbittorrent"]`
	`2`	`+ path = qbittorrent`
	`3`	`+ url = https://github.com/robertpelloni/qbittorrent`