Hello,

One of the users on my Drasl instance reported that they were no longer able to use my auth server. I did a small investigation, and lo-and-behold, they had 1.1k rows in the clients table. Obviously, someone not recycling their client token is not proper etiquette, but this will become an issue with long-lived Drasl instances and users resetting their client token due to reinstalls, different computers, different launchers and whatnot. It doesn't cause problems with the login of other users though, so a malicious user can't abuse this to prevent logins from others. They can still fill up your disk space if you don't have very much though.

If this becomes an issue on your own Drasl instance, you can manually delete clients for the user's UUID with a SQLite database management program.

This looks to be a bug in the SQLite library you use:
Unexpected error in POST /auth/authenticate: disk I/O error: permission denied; cannot rollback - no transaction is active

All of the file permissions are correct, and the node has enough storage. As mentioned above, deleting all the clients rows for the offending user fixed this problem.

Here are some solutions (not mutually exclusive!) I came up with for solving this issue:

• Set a reasonable expiration in the JWT access token (instead of the current... 13 years?) and track if the client token has a currently valid access token associated with it and if not remove it from the table.
• Set a limit on the amount of client tokens that may be active at once for one player/user and invalidate (and drop) the oldest one once the limit is reached.
• Report the issue to the SQLite library upstream. This should be used in combination with another solution, otherwise you may eventually run out of disk space.