Fix a race condition when pinging and deleting checks at the same time

healthchecks · May 2, 2023 · 6375b0a · 6375b0a
1 parent 5de8d6f
commit 6375b0a
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 4 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -10,6 +10,9 @@ All notable changes to this project will be documented in this file.
 - Update Signal notification template to include more data
 - Add Profile.deletion_scheduled_deleted field, and UI banner when it's set
 
+### Bug Fixes
+- Fix a race condition when pinging and deleting checks at the same time
+
 ## v2.8.1 - 2023-04-11
 
 ### Bug Fixes

diff --git a/hc/api/views.py b/hc/api/views.py
@@ -5,7 +5,7 @@
 from uuid import UUID
 
 from django.conf import settings
-from django.db import connection
+from django.db import connection, transaction
 from django.db.models import Prefetch
 from django.http import (
     Http404,
@@ -317,9 +317,19 @@ def delete_check(request, code):
     if check.project_id != request.project.id:
         return HttpResponseForbidden()
 
-    response = check.to_dict(v=request.v)
-    check.delete()
-    return JsonResponse(response)
+    with transaction.atomic():
+        # Read the check from the database again, this time locking it.
+        # Without the lock, the delete can fail if the check gets
+        # pinged while it is in the process of deletion.
+        #
+        # Alternatively, we could acquire the lock already in get_object_or_404(),
+        # but, in that case, anybody with a valid API key could DOS
+        # us by sending lots of DELETE requests, each DELETE causing a short-lived
+        # database lock.
+        check = Check.objects.select_for_update().get(id=check.id)
+        check.delete()
+
+    return JsonResponse(check.to_dict(v=request.v))
 
 
 @csrf_exempt