fix(identity): bound SDK getUserAccount lookup in authMiddleware

authMiddleware backfills blockchainUserId/handle via a blocking
audiusSdk.full.users.getUserAccount() call whenever the identity user
row is missing those fields - the exact state of a user mid-signup.
During signup the on-chain user is often not yet indexed by discovery,
so the SDK blocks on its internal node selection + retries. The
surrounding try/catch only handles rejection, not a hang, so the whole
request (e.g. POST /users/update) stalls until the client times out.

This path went live in prod on 6/15 once #14474 shipped loadAudiusSdk.cjs
into the build, activating the SDK in authMiddleware for the first time.

Wrap the lookup in a 3s timeout so a slow/hanging discovery lookup
degrades gracefully (logged, then next()) instead of stalling auth on
every authenticated endpoint.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

Author: dylanjeffers

packages/identity-service/src/authMiddleware.js

@@ -11,6 +11,20 @@ const models = require('./models')
 const audiusLibsWrapper = require('./audiusLibsInstance')
 const { encodeHashId, decodeHashId } = require('./utils/hashIds')
 
+// Upper bound on the discovery/SDK lookup used to backfill blockchainUserId/handle.
+// During signup the on-chain user is often not yet indexed by discovery, so this
+// call can block on the SDK's internal node selection + retries. Without a bound it
+// stalls the entire request (e.g. /users/update) until the client times out.
+const SDK_USER_LOOKUP_TIMEOUT_MS = 3000
+
+const withTimeout = (promise, ms, message) =>
+  Promise.race([
+    promise,
+    new Promise((_resolve, reject) =>
+      setTimeout(() => reject(new Error(message)), ms)
+    )
+  ])
+
 /**
  * Queries for whether the wallet address has privilege to act as actingUserId
  * @param {number} managerWalletAddress
@@ -114,11 +128,15 @@ async function authMiddleware(req, res, next) {
       // ensuring that the user.handle always represents the latest state on chain
       if (!user.blockchainUserId || !user.handle) {
         try {
-          const res = await req.app.get('audiusSdk').full.users.getUserAccount({
-            wallet: walletAddress,
-            encodedDataMessage,
-            encodedDataSignature: signature
-          })
+          const res = await withTimeout(
+            req.app.get('audiusSdk').full.users.getUserAccount({
+              wallet: walletAddress,
+              encodedDataMessage,
+              encodedDataSignature: signature
+            }),
+            SDK_USER_LOOKUP_TIMEOUT_MS,
+            'audiusSdk.getUserAccount timed out'
+          )
           const discprovUser = res.data.user
           const userId = decodeHashId(discprovUser.id)
           const handle = discprovUser.handle
@@ -181,11 +199,15 @@ const parameterizedAuthMiddleware = ({ shouldRespondBadRequest }) => {
 
       if (!user.blockchainUserId || !user.handle) {
         try {
-          const res = await req.app.get('audiusSdk').full.users.getUserAccount({
-            wallet: walletAddress,
-            encodedDataMessage,
-            encodedDataSignature: signature
-          })
+          const res = await withTimeout(
+            req.app.get('audiusSdk').full.users.getUserAccount({
+              wallet: walletAddress,
+              encodedDataMessage,
+              encodedDataSignature: signature
+            }),
+            SDK_USER_LOOKUP_TIMEOUT_MS,
+            'audiusSdk.getUserAccount timed out'
+          )
           const discprovUser = res.data.user
           const userId = decodeHashId(discprovUser.id)
           const handle = discprovUser.handle