Throttle E2EE Decryption Errors to Prevent Memory Leak (#1720)

CSantosM · web-flow · commit 9c082be6cba9 · 2025-11-10T09:52:27.000+01:00
diff --git a/src/e2ee/worker/FrameCryptor.ts b/src/e2ee/worker/FrameCryptor.ts
@@ -70,6 +70,19 @@ export class FrameCryptor extends BaseFrameCryptor {
 
   private isTransformActive: boolean = false;
 
+  /**
+   * Throttling mechanism for decryption errors to prevent memory leaks
+   */
+  private lastErrorTimestamp: Map<string, number> = new Map();
+
+  private errorCounts: Map<string, number> = new Map();
+
+  private readonly ERROR_THROTTLE_MS = 1000; // Emit error at most once per second
+
+  private readonly MAX_ERRORS_PER_MINUTE = 5; // Maximum errors to emit per minute per key
+
+  private readonly ERROR_WINDOW_MS = 60000; // 1 minute window
+
   constructor(opts: {
     keys: ParticipantKeyHandler;
     participantIdentity: string;
@@ -119,6 +132,8 @@ export class FrameCryptor extends BaseFrameCryptor {
   unsetParticipant() {
     workerLogger.debug('unsetting participant', this.logContext);
     this.participantIdentity = undefined;
+    this.lastErrorTimestamp = new Map();
+    this.errorCounts = new Map();
   }
 
   isEnabled() {
@@ -210,6 +225,66 @@ export class FrameCryptor extends BaseFrameCryptor {
     this.sifTrailer = trailer;
   }
 
+  /**
+   * Checks if we should emit an error based on throttling rules to prevent memory leaks
+   * @param errorKey - unique key identifying the error context
+   * @returns true if the error should be emitted, false otherwise
+   */
+  private shouldEmitError(errorKey: string): boolean {
+    const now = Date.now();
+    const lastErrorTime = this.lastErrorTimestamp.get(errorKey) ?? 0;
+    const errorCount = this.errorCounts.get(errorKey) ?? 0;
+
+    // Reset count if we're in a new time window
+    if (now - lastErrorTime > this.ERROR_WINDOW_MS) {
+      this.errorCounts.set(errorKey, 0);
+      this.lastErrorTimestamp.set(errorKey, now);
+      return true;
+    }
+
+    // Check if we've exceeded the throttle time
+    if (now - lastErrorTime < this.ERROR_THROTTLE_MS) {
+      return false;
+    }
+
+    // Check if we've exceeded the max errors per window
+    if (errorCount >= this.MAX_ERRORS_PER_MINUTE) {
+      // Only log a warning once when hitting the limit
+      if (errorCount === this.MAX_ERRORS_PER_MINUTE) {
+        workerLogger.warn(`Suppressing further decryption errors for ${this.participantIdentity}`, {
+          ...this.logContext,
+          errorKey,
+        });
+        this.errorCounts.set(errorKey, errorCount + 1);
+      }
+      return false;
+    }
+
+    // Update tracking
+    this.lastErrorTimestamp.set(errorKey, now);
+    this.errorCounts.set(errorKey, errorCount + 1);
+    return true;
+  }
+
+  /**
+   * Emits a throttled error to prevent memory leaks from repeated decryption failures
+   * @param error - the CryptorError to emit
+   */
+  private emitThrottledError(error: CryptorError) {
+    const errorKey = `${this.participantIdentity}-${error.reason}-decrypt`;
+
+    if (this.shouldEmitError(errorKey)) {
+      const errorCount = this.errorCounts.get(errorKey) ?? 0;
+      if (errorCount > 1) {
+        workerLogger.debug(`Decryption error (${errorCount} occurrences in window)`, {
+          ...this.logContext,
+          reason: CryptorErrorReason[error.reason],
+        });
+      }
+      this.emit(CryptorEvent.Error, error);
+    }
+  }
+
   /**
    * Function that will be injected in a stream and will encrypt the given encoded frames.
    *
@@ -245,8 +320,7 @@ export class FrameCryptor extends BaseFrameCryptor {
     }
     const keySet = this.keys.getKeySet();
     if (!keySet) {
-      this.emit(
-        CryptorEvent.Error,
+      this.emitThrottledError(
         new CryptorError(
           `key set not found for ${
             this.participantIdentity
@@ -318,8 +392,7 @@ export class FrameCryptor extends BaseFrameCryptor {
       }
     } else {
       workerLogger.debug('failed to encrypt, emitting error', this.logContext);
-      this.emit(
-        CryptorEvent.Error,
+      this.emitThrottledError(
         new CryptorError(
           `encryption key missing for encoding`,
           CryptorErrorReason.MissingKey,
@@ -379,7 +452,7 @@ export class FrameCryptor extends BaseFrameCryptor {
         if (error instanceof CryptorError && error.reason === CryptorErrorReason.InvalidKey) {
           // emit an error if the key handler thinks we have a valid key
           if (this.keys.hasValidKey) {
-            this.emit(CryptorEvent.Error, error);
+            this.emitThrottledError(error);
             this.keys.decryptionFailure(keyIndex);
           }
         } else {
@@ -389,8 +462,7 @@ export class FrameCryptor extends BaseFrameCryptor {
     } else {
       // emit an error if the key index is out of bounds but the key handler thinks we still have a valid key
       workerLogger.warn(`skipping decryption due to missing key at index ${keyIndex}`);
-      this.emit(
-        CryptorEvent.Error,
+      this.emitThrottledError(
         new CryptorError(
           `missing key at index ${keyIndex} for participant ${this.participantIdentity}`,
           CryptorErrorReason.MissingKey,
