fix: address review findings — auth parity, MariaDB timeout, relationship chunking, validator cache

github-actions[bot] · claude-bot · commit 4f03607955fe · 2026-05-01T02:02:38.000Z
- MariaDB: apply session timeout eagerly in setTimeout/clearTimeout
  so direct $stmt-&gt;execute() paths inherit it, mirroring the MySQL
  fix; prevents stale timeouts leaking across pool checkouts.
- Relationships hook: chunk batched updateDocuments/deleteDocuments
  calls by RELATION_QUERY_CHUNK_SIZE so a one-to-many or many-to-many
  diff with thousands of removed peers stays within the validator's
  maxQueryValues ceiling.
- Database::setMaxQueryValues: clear the DocumentsValidator cache when
  the limit changes; the cache key encodes the old value.
- Traits/Documents (find): always restore previous Authorization status
  in the inlined skip toggle so a nested setStatus inside the try block
  cannot leak past the scope.
- Memory adapter: decodeObjectValue returns null on JSON parse miss
  (parity with decodeArrayValue); prevents scalar haystacks reaching
  jsonContains.
- MemoryTest::freshDatabase: use $this-&gt;testDatabase to honor the
  per-process isolation token.
- SQL adapter: clarify spatialCacheKey() comment to match code (tenant
  intentionally excluded; schema is shared across tenants).
diff --git a/src/Database/Adapter/MariaDB.php b/src/Database/Adapter/MariaDB.php
@@ -816,9 +816,25 @@ public function setTimeout(int $milliseconds, Event $event = Event::All): void
             throw new DatabaseException('Timeout must be greater than 0');
         }
 
+        // Apply eagerly so direct $stmt->execute() paths (e.g. exists()) inherit
+        // the new timeout even before the next $this->execute() runs. Lazy
+        // application leaked stale timeouts across pool checkouts under paratest;
+        // mirrors the MySQL adapter's eager-apply fix for the same shape of bug.
+        $seconds = $milliseconds / 1000.0;
+        $this->getPDO()->exec('SET max_statement_time = ' . $seconds);
+        $this->appliedMaxStatementTime = $seconds;
+
         parent::setTimeout($milliseconds, $event);
     }
 
+    public function clearTimeout(Event $event = Event::All): void
+    {
+        $this->getPDO()->exec('SET max_statement_time = 0');
+        $this->appliedMaxStatementTime = 0.0;
+
+        parent::clearTimeout($event);
+    }
+
     /**
      * Size of POINT spatial type
      */
diff --git a/src/Database/Adapter/Memory.php b/src/Database/Adapter/Memory.php
@@ -3150,22 +3150,18 @@ protected function matchesObject(mixed $value, Query $query): bool
         throw new DatabaseException('Query method '.$method->value.' not supported for object attributes');
     }
 
-    protected function decodeObjectValue(mixed $value): mixed
+    protected function decodeObjectValue(mixed $value): ?array
     {
-        if ($value === null) {
-            return null;
-        }
         if (\is_array($value)) {
             return $value;
         }
         if (\is_string($value) && $value !== '' && ($value[0] === '{' || $value[0] === '[')) {
             $decoded = \json_decode($value, true);
-            if (\is_array($decoded)) {
-                return $decoded;
-            }
+
+            return \is_array($decoded) ? $decoded : null;
         }
 
-        return $value;
+        return null;
     }
 
     /**
diff --git a/src/Database/Adapter/SQL.php b/src/Database/Adapter/SQL.php
@@ -3620,9 +3620,11 @@ protected function invalidateSpatialAttributesCache(string $collectionId): void
     }
 
     /**
-     * Compose a cache key scoped to the current database/namespace/tenant so
-     * that Pool sibling adapters reused across tenants never collide on a
-     * shared collection id.
+     * Compose a cache key scoped to the current database and namespace so
+     * that Pool sibling adapters reused across schemas never collide on a
+     * shared collection id. Tenant is intentionally excluded: collection
+     * schema (and therefore the spatial-attribute set) is shared across
+     * tenants under shared tables.
      */
     private function spatialCacheKey(string $collectionId): string
     {
diff --git a/src/Database/Database.php b/src/Database/Database.php
@@ -1098,6 +1098,13 @@ public function isMigrating(): bool
      */
     public function setMaxQueryValues(int $max): self
     {
+        if ($this->maxQueryValues !== $max) {
+            // Validator cache key encodes maxQueryValues; entries built under
+            // the previous limit must be discarded so subsequent validation
+            // honors the new ceiling.
+            $this->documentsValidatorCache = [];
+        }
+
         $this->maxQueryValues = $max;
 
         return $this;
diff --git a/src/Database/Hook/Relationships.php b/src/Database/Hook/Relationships.php
@@ -482,11 +482,16 @@ public function afterDocumentUpdate(Document $collection, Document $old, Documen
                             $removedDocuments = \array_values(\array_diff($oldIds, $newIds));
 
                             if (! empty($removedDocuments)) {
-                                $this->db->getAuthorization()->skip(fn () => $this->db->skipRelationships(fn () => $this->db->updateDocuments(
-                                    $relatedCollection->getId(),
-                                    new Document([$twoWayKey => null]),
-                                    [Query::equal('$id', $removedDocuments)],
-                                )));
+                                // Chunk to honor the validator's maxQueryValues cap; without
+                                // this a relationship update with thousands of removed
+                                // children would throw QueryException.
+                                foreach (\array_chunk($removedDocuments, Database::RELATION_QUERY_CHUNK_SIZE) as $chunk) {
+                                    $this->db->getAuthorization()->skip(fn () => $this->db->skipRelationships(fn () => $this->db->updateDocuments(
+                                        $relatedCollection->getId(),
+                                        new Document([$twoWayKey => null]),
+                                        [Query::equal('$id', $chunk)],
+                                    )));
+                                }
                             }
 
                             $stringRelations = [];
@@ -502,21 +507,28 @@ public function afterDocumentUpdate(Document $collection, Document $old, Documen
                             }
 
                             if (! empty($stringRelations)) {
-                                $existing = $this->db->skipRelationships(
-                                    fn () => $this->db->find($relatedCollection->getId(), [
-                                        Query::select(['$id']),
-                                        Query::equal('$id', $stringRelations),
-                                        Query::limit(\count($stringRelations)),
-                                    ])
-                                );
+                                $existingIds = [];
+                                foreach (\array_chunk($stringRelations, Database::RELATION_QUERY_CHUNK_SIZE) as $chunk) {
+                                    $existing = $this->db->skipRelationships(
+                                        fn () => $this->db->find($relatedCollection->getId(), [
+                                            Query::select(['$id']),
+                                            Query::equal('$id', $chunk),
+                                            Query::limit(\count($chunk)),
+                                        ])
+                                    );
+                                    foreach ($existing as $doc) {
+                                        $existingIds[] = $doc->getId();
+                                    }
+                                }
 
-                                if (! empty($existing)) {
-                                    $existingIds = \array_map(fn (Document $doc) => $doc->getId(), $existing);
-                                    $this->db->skipRelationships(fn () => $this->db->updateDocuments(
-                                        $relatedCollection->getId(),
-                                        new Document([$twoWayKey => $document->getId()]),
-                                        [Query::equal('$id', $existingIds)],
-                                    ));
+                                if (! empty($existingIds)) {
+                                    foreach (\array_chunk($existingIds, Database::RELATION_QUERY_CHUNK_SIZE) as $chunk) {
+                                        $this->db->skipRelationships(fn () => $this->db->updateDocuments(
+                                            $relatedCollection->getId(),
+                                            new Document([$twoWayKey => $document->getId()]),
+                                            [Query::equal('$id', $chunk)],
+                                        ));
+                                    }
                                 }
                             }
 
@@ -620,19 +632,29 @@ public function afterDocumentUpdate(Document $collection, Document $old, Documen
                         if (! empty($removedDocuments)) {
                             $junction = $this->getJunctionCollection($collection, $relatedCollection, $side);
 
-                            $junctions = $this->db->find($junction, [
-                                Query::select(['$id']),
-                                Query::equal($key, $removedDocuments),
-                                Query::equal($twoWayKey, [$document->getId()]),
-                                Query::limit(PHP_INT_MAX),
-                            ]);
+                            // Chunk both the lookup and the delete so a many-to-many
+                            // diff with thousands of removed peers stays within the
+                            // validator's maxQueryValues ceiling.
+                            $junctionIds = [];
+                            foreach (\array_chunk($removedDocuments, Database::RELATION_QUERY_CHUNK_SIZE) as $chunk) {
+                                $junctions = $this->db->find($junction, [
+                                    Query::select(['$id']),
+                                    Query::equal($key, $chunk),
+                                    Query::equal($twoWayKey, [$document->getId()]),
+                                    Query::limit(PHP_INT_MAX),
+                                ]);
+                                foreach ($junctions as $junctionDoc) {
+                                    $junctionIds[] = $junctionDoc->getId();
+                                }
+                            }
 
-                            if (! empty($junctions)) {
-                                $junctionIds = \array_map(fn (Document $junctionDoc) => $junctionDoc->getId(), $junctions);
-                                $this->db->getAuthorization()->skip(fn () => $this->db->deleteDocuments(
-                                    $junction,
-                                    [Query::equal('$id', $junctionIds)],
-                                ));
+                            if (! empty($junctionIds)) {
+                                foreach (\array_chunk($junctionIds, Database::RELATION_QUERY_CHUNK_SIZE) as $chunk) {
+                                    $this->db->getAuthorization()->skip(fn () => $this->db->deleteDocuments(
+                                        $junction,
+                                        [Query::equal('$id', $chunk)],
+                                    ));
+                                }
                             }
                         }
 
diff --git a/src/Database/Traits/Documents.php b/src/Database/Traits/Documents.php
@@ -2337,8 +2337,10 @@ public function find(string $collection, array $queries = [], PermissionType $fo
 
             if (! isset($results)) {
                 // Inline the auth-skip toggle to avoid the per-find Closure
-                // allocation that authorization->skip() requires. Still
-                // restores the original status on exception via try/finally.
+                // allocation that authorization->skip() requires. Mirrors
+                // Authorization::skip's restore semantics: the previous status
+                // is reapplied unconditionally so any nested toggle inside the
+                // try block cannot leak past this scope.
                 if ($skipAuth) {
                     $previousStatus = $this->authorization->getStatus();
                     $this->authorization->disable();
@@ -2355,9 +2357,7 @@ public function find(string $collection, array $queries = [], PermissionType $fo
                             $forPermission
                         );
                     } finally {
-                        if ($previousStatus) {
-                            $this->authorization->enable();
-                        }
+                        $this->authorization->setStatus($previousStatus);
                     }
                 } else {
                     $results = $this->adapter->find(
diff --git a/tests/e2e/Adapter/MemoryTest.php b/tests/e2e/Adapter/MemoryTest.php
@@ -95,7 +95,7 @@ private function freshDatabase(): Database
         $authorization = self::$authorization ?? throw new \RuntimeException('Authorization not initialised');
         $database
             ->setAuthorization($authorization)
-            ->setDatabase('utopiaTests')
+            ->setDatabase($this->testDatabase)
             ->setNamespace('memory_iso_' . uniqid());
         $database->create();
         return $database;

Original file line number	Diff line number	Diff line change
`@@ -3150,22 +3150,18 @@ protected function matchesObject(mixed $value, Query $query): bool`
`3150`	`3150`	`throw new DatabaseException('Query method '.$method->value.' not supported for object attributes');`
`3151`	`3151`	`}`
`3152`	`3152`
`3153`		`- protected function decodeObjectValue(mixed $value): mixed`
	`3153`	`+ protected function decodeObjectValue(mixed $value): ?array`
`3154`	`3154`	`{`
`3155`		`- if ($value === null) {`
`3156`		`- return null;`
`3157`		`- }`
`3158`	`3155`	`if (\is_array($value)) {`
`3159`	`3156`	`return $value;`
`3160`	`3157`	`}`
`3161`	`3158`	`if (\is_string($value) && $value !== '' && ($value[0] === '{' \|\| $value[0] === '[')) {`
`3162`	`3159`	`$decoded = \json_decode($value, true);`
`3163`		`- if (\is_array($decoded)) {`
`3164`		`- return $decoded;`
`3165`		`- }`
	`3160`	`+`
	`3161`	`+ return \is_array($decoded) ? $decoded : null;`
`3166`	`3162`	`}`
`3167`	`3163`
`3168`		`- return $value;`
	`3164`	`+ return null;`
`3169`	`3165`	`}`
`3170`	`3166`
`3171`	`3167`	`/**`
Original file line number	Diff line number	Diff line change
`@@ -3620,9 +3620,11 @@ protected function invalidateSpatialAttributesCache(string $collectionId): void`
`3620`	`3620`	`}`
`3621`	`3621`
`3622`	`3622`	`/**`
`3623`		`- * Compose a cache key scoped to the current database/namespace/tenant so`
`3624`		`- * that Pool sibling adapters reused across tenants never collide on a`
`3625`		`- * shared collection id.`
	`3623`	`+ * Compose a cache key scoped to the current database and namespace so`
	`3624`	`+ * that Pool sibling adapters reused across schemas never collide on a`
	`3625`	`+ * shared collection id. Tenant is intentionally excluded: collection`
	`3626`	`+ * schema (and therefore the spatial-attribute set) is shared across`
	`3627`	`+ * tenants under shared tables.`
`3626`	`3628`	`*/`
`3627`	`3629`	`private function spatialCacheKey(string $collectionId): string`
`3628`	`3630`	`{`