nethcti-server: auth REST listener can become permanently unresponsive after a reload

[edospadoni]

Problem

The authentication REST listener of nethcti-server (port 20060) can become permanently unresponsive after a single internal reload event. Once in that state, every login request fails with ECONNREFUSED and the only way out is a full process restart.

The failure is the combination of three independent issues, each individually benign:

1. Response not closed on header errors (nethcti-server)

The sendHttp* helpers in plugins/util/util.js wrap their body in a try/catch and log from the catch but never call resp.end(). If resp.writeHead() throws — for example because a value passed in an HTTP header contains a character not allowed in header content — the response is never finalized and the underlying TCP connection is kept open.

2. Listener does not recover when connections are hanging (nethcti-server)

reset() in plugins/com_authentication_rest/server_com_authentication_rest.js calls start() only from the server.close() callback. The Node.js close() callback only fires after every existing connection has ended, so a single hanging request (such as one left over by #1) is enough to prevent it from firing — and to prevent the listener from being re-bound to its port indefinitely.

3. No timeout on the login backend HTTP client (nethcti-middleware)

The http.Client used in middleware/middleware.go to forward /login requests to the legacy backend was created without Timeout. If the backend leaves the response unfinished (as in #1), the goroutine handling the login stays parked and the TCP connection to the backend is kept open with no upper bound.

Combined effect

A request that triggers #1 leaves a TCP connection open between middleware and backend (because of #3). Any later reload event on the auth component then triggers #2, and the listener never comes back up.

Fix

• fix(auth): recover REST listener and close response on errors nethesis/nethcti-server#349 — addresses (1) and (2).
• fix(auth): add timeout to login backend HTTP client nethesis/nethcti-middleware#52 — addresses (3).
• chore: bump nethcti-server and nethcti-middleware refs to fix branches nethesis/ns8-nethvoice#829 — bumps the module refs to the fix branches so the combined fix can be tested end-to-end (to be reverted to stable refs once both upstream PRs are merged and released).

[edospadoni]

Test cases

1. Smoke test — normal login still works

• Log in via the CTI UI with a valid user.
• Expected: login succeeds, the user lands on the home page, websocket connects.

2. sendHttp401 no longer leaks the response on bad header values

• Send a POST /api/login with a username containing a character not allowed in HTTP header content (e.g. a literal CR/LF or null byte), so that resp.writeHead(401, { message: ... }) would throw.
• Expected:
  • The client receives a 401 response (instead of the connection staying open).
  • The connection to the auth REST listener (127.0.0.1:20060) closes cleanly (ss -tn 'dport = :20060' from inside the container should not show a stuck ESTAB accumulating over time).
  • No [util] used by [plugins_rest/authentication]: TypeError [ERR_INVALID_CHAR] followed by hanging requests in the logs.

3. reset() always re-binds the listener

• With the service running, trigger a reload of the auth component (for instance by causing one ECONNREFUSED on 127.0.0.1:20060 so that http_proxy.js emits reloadComp, or by emitting reloadComp manually for testing).
• Expected:
  • In the logs: [server_com_authentication_rest] server closed (optional, depending on connection state), then [server_com_authentication_rest] restify listening at http://127.0.0.1:20060 and [server_com_authentication_rest] reloaded.
  • ss -tln '( sport = :20060 )' shows LISTEN on 127.0.0.1:20060 again.
  • Subsequent logins succeed.

4. Listener recovers even with hanging connections

• Manually open a TCP connection to 127.0.0.1:20060 and keep it idle, then trigger a reload of the auth component.
• Expected:
  • The listener is re-bound immediately (it does not wait for the idle connection to close).
  • On Node ≥ 18.2, the idle connection is force-closed by closeAllConnections() and the old Server instance is collected.

5. Middleware does not hang on an unresponsive backend

• Make the upstream /webrest/authentication/login endpoint deliberately hang (e.g. point the middleware to a backend that accepts the connection but never writes a response).
• Send a POST /api/login to the middleware.
• Expected: the request fails within ~30 s with [AUTH] Failed to send request to NetCTI, instead of staying parked indefinitely. The TCP connection from middleware to backend is closed.

6. Regression — login still works under load

• Run a small load test (e.g. 50 concurrent logins of a valid user) and confirm none of them hang and the listener stays up.

[edospadoni]

Testing image:

• ghcr.io/nethesis/nethvoice:fix-auth-listener-test-refs

Install command:

• api-cli run update-module --data '{"module_url":"ghcr.io/nethesis/nethvoice:fix-auth-listener-test-refs" , "instances":["nethvoice<ID>"], "force": true}'