Skip to content

fix(online): thread-safe fileMap with TTL cleanup, SLF4J logging, and Content-Length header#24011

Merged
wing328 merged 7 commits into
OpenAPITools:masterfrom
vikas0686:f/vikas/openapi-generator/use-concurrent-hash-map
Jun 28, 2026
Merged

fix(online): thread-safe fileMap with TTL cleanup, SLF4J logging, and Content-Length header#24011
wing328 merged 7 commits into
OpenAPITools:masterfrom
vikas0686:f/vikas/openapi-generator/use-concurrent-hash-map

Conversation

@vikas0686

@vikas0686 vikas0686 commented Jun 12, 2026

Copy link
Copy Markdown
Contributor

What changed?

  1. Thread-safe fileMap with 24h TTL cleanup (GenApiService): Replaced static HashMap with ConcurrentHashMap to
    prevent data races under concurrent requests. Added a @Scheduled cleanup task (runs every hour) that evicts
    entries older than 24 hours and deletes their associated temp files. Without this, the map and temp files on disk
    grew unbounded for the lifetime of the server — a memory and disk leak on any long-running instance. Added
    null-check guard in downloadFile so expired/missing entries return a clean 404 NOT_FOUND with message "File not
    found or has expired" instead of an NPE.
  2. Replace System.out.println with SLF4J logger: All System.out.println calls in GenApiService replaced with
    LOGGER.debug/warn, consistent with the rest of the codebase.
  3. Add Content-Length header to download response: The header was commented out in downloadFile(). Since
    ByteArrayResource holds the full content in memory, the size is always known — wired in via
    .contentLength(resource.contentLength()).

Why?

  • HashMap under concurrent requests can corrupt state or silently lose entries.
  • Unbounded fileMap growth was a memory and disk leak with no cleanup path.
  • System.out.println bypasses the logging framework, making log levels and destinations uncontrollable.
  • Missing Content-Length breaks clients that rely on it for progress bars or payload validation.

Breaking changes?

None. Generated links are valid for 24 hours. If a user requests a download after expiry, they receive a 404 with
a descriptive message.

Tests added:

  • fileMapIsConcurrentHashMap — asserts map type via reflection.
  • cleanExpiredFilesRemovesOldEntries — verifies TTL eviction (entry set 25h in the past).
  • downloadExpiredFileReturns404 — asserts clean 404 for missing/expired file IDs.
  • concurrentGenerationDoesNotLoseEntries — 5 concurrent threads, all get unique codes.
  • downloadHasContentLengthHeader — asserts Content-Length is present and > 0.

Suggestion for follow-up:

Currently the API response (ResponseCode) does not communicate the expiry window to callers. Consider adding an
expiresIn field to the response:

   {
     "code": "d40029be-...",
     "link": "http://.../api/gen/download/d40029be-...",
     "expiresIn": "24 hours"
   }

This would make the time-limited nature of the link explicit to API consumers without requiring them to read the
documentation.

Thanks for the the review and feedback


Summary by cubic

Enforces a 24h TTL for generated downloads with hourly cleanup, switches to SLF4J logging, and adds the Content-Length header. Uses a thread-safe file map and retains entries if temp dir deletion fails so cleanup can retry; missing/expired links now return 404.

  • Bug Fixes

    • Replaced static HashMap with ConcurrentHashMap and added hourly @Scheduled cleanup that evicts >24h entries and deletes temp dirs; retain entry when deletion fails to retry later.
    • Enforced TTL in downloadFile; missing/expired file IDs return 404 "File not found or has expired".
    • Added contentLength(resource.contentLength()) so downloads include the Content-Length header.
    • Tests: added hermetic service tests using local petstore.json for eviction/retention/recent entries/404s/concurrency, plus a controller test for Content-Length.
  • Refactors

    • Switched System.out.println calls to SLF4J logger.
    • Added createdAt on Generated (defaults to now) to support TTL checks.

Written for commit 53abb23. Summary will update on new commits.

Review in cubic

@cubic-dev-ai cubic-dev-ai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

2 issues found across 3 files

Reply with feedback, questions, or to request a fix.

Re-trigger cubic

@cubic-dev-ai cubic-dev-ai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

2 issues found across 4 files (changes from recent commits).

Tip: Review your code locally with the cubic CLI to iterate faster.

Re-trigger cubic

@cubic-dev-ai cubic-dev-ai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

1 issue found across 4 files

Reply with feedback, questions, or to request a fix.

Re-trigger cubic

@cubic-dev-ai cubic-dev-ai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

2 issues found across 4 files

Reply with feedback, questions, or to request a fix.

Re-trigger cubic

@wing328

wing328 commented Jun 28, 2026

Copy link
Copy Markdown
Member

thanks for the contribution to improve the openapi generator web services.

let's give it a try

@wing328 wing328 merged commit 0e40c62 into OpenAPITools:master Jun 28, 2026
14 of 15 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants