chihlasm/resolutionflow
1
0
Fork 0
Code Issues 23 Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Files
299dff8bfca45d4ed584fddba57cb9bc4719a9da
resolutionflow/docs
History
chihlasm 4727106141 fix: race condition hardening across auth, counters, and data fetching (#102) 
* fix: prevent race conditions in token operations and auth flows

Backend:
- Refresh token rotation: use atomic UPDATE...WHERE revoked_at IS NULL
  to prevent concurrent refresh requests from both succeeding
- Account invite codes: SELECT FOR UPDATE to prevent double-spend
- Platform invite codes: SELECT FOR UPDATE to prevent double-spend
- Password reset tokens: SELECT FOR UPDATE to prevent double-use
- Email verification tokens: SELECT FOR UPDATE to prevent double-use

Frontend:
- Token refresh subscriber arrays: swap before iterating so a throwing
  callback doesn't leave the queue in a dirty state

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: atomic counters, plan limit re-check, and double-submit guard

Backend:
- Tree usage_count: use SQL-level UPDATE (Tree.usage_count + 1) instead
  of Python-level increment to prevent lost updates under concurrency
- Tag usage_count: same SQL-level atomic increment/decrement in both
  create_tree and update_tree (delete_tree already used this pattern)
- Plan tree limit: re-check count after db.flush() to close the TOCTOU
  window where two concurrent creates could both pass the pre-check

Frontend:
- TreeEditorPage: add isSaving early-return guard inside handleSaveDraft
  and handlePublish callbacks so Ctrl+S can't bypass the button disabled
  prop and fire duplicate save requests

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: prevent stale API responses from overwriting newer data

- SessionHistoryPage: move loadSessions into effect with cancelled flag
  so rapid filter/tab changes discard outdated responses
- TreeLibraryPage: add request ID ref to loadTrees so stale responses
  from previous filter selections are discarded
- QuickStartPage: add request ID ref to debounced search so out-of-order
  responses don't overwrite newer search results

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* docs: add flexible intake design — deferred variables + prepared sessions

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-10 01:57:22 -04:00
..
archive
feat: add procedural flows with intake forms, navigation, and seed templates
2026-02-14 04:13:52 -05:00
plans
fix: race condition hardening across auth, counters, and data fetching (#102)
2026-03-10 01:57:22 -04:00
DATABASE-MIGRATIONS.md
docs: add database migration strategy guide
2026-02-08 17:48:38 -05:00
GITHUB-ISSUES-MIGRATION.md
feat: add next_steps column and update session schemas
2026-02-13 08:32:20 -05:00
IMPLEMENTATION-PLAN-STEP-LIBRARY-FRONTEND.md
docs: Refine implementation plan and document draft feature
2026-02-03 18:51:27 -05:00
PERFORMANCE-HEALTH-CHECK.md
Updated documentation; added PERFORMANCE-HEALTH-CHECK.md
2026-02-04 21:46:32 -05:00
PROJECT-REVIEW-2026-02-02.md
docs: Add implementation plan and project review from stale branches
2026-02-03 18:17:44 -05:00
RBAC-IMPLEMENTATION-QUESTIONS.md
feat: implement RBAC permissions system
2026-02-05 02:42:44 -05:00
tailwind-v4-migration.md
chore: Tailwind CSS v3 → v4 migration (#99)
2026-03-07 22:10:44 -05:00