Invalidate socket tokens on close#2
Merged
Conversation
samuel-williams-shopify
force-pushed
the
socket-token-close-invalidates
branch
2 times, most recently
from
03255fc to
d78a2b9
Compare
samuel-williams-shopify
force-pushed
the
socket-token-close-invalidates
branch
from
d78a2b9 to
57b10b9
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What?
This PR updates
Falcon::Limiter::Socket#closeto callAsync::Limiter::Token#closeinstead ofrelease, and bumps the dependency toasync-limiter ~> 2.3.The socket still exposes the original async-limiter token, so the long-task release/re-acquire path continues to work while the socket is open. Once the socket closes, the token is released and invalidated by async-limiter so cached references cannot re-acquire a permit.
Why?
Storefront can cache
socket.tokenfor long-task coordination. With plainrelease, a cached token could later re-acquire accept capacity after the owning socket had already closed, leaving no future socket-close event to release that permit. Repeated disconnects during started long tasks could leak accept permits.Verification
Verified against released
async-limiter 2.3.0with:PATH=/Users/samuel/.rubies/ruby-3.4.4/bin:$PATH BUNDLE_GEMFILE=gems.rb COVERAGE=PartialSummary bundle exec susPATH=/Users/samuel/.rubies/ruby-3.4.4/bin:$PATH BUNDLE_GEMFILE=gems.rb bundle exec bake covered:validate --paths .covered.db \;PATH=/Users/samuel/.rubies/ruby-3.4.4/bin:$PATH BUNDLE_GEMFILE=gems.rb bundle exec rubocopPATH=/Users/samuel/.rubies/ruby-3.4.4/bin:$PATH BUNDLE_GEMFILE=gems.rb bundle exec bake decode:index:coverage lib