feat: optimistic-lock the revert endpoint

PttCodingMan · claude · PttCodingMan · commit 9d8ba42bd5ee · 2026-04-26T21:29:07.000+08:00
POST /api/pages/{slug}/revert/{num} now accepts an optional base_version
in the request body and returns 409 when it doesn't match the page's
current version. Mirrors the contract of PUT /api/pages/{slug}, so a
concurrent edit during the window between opening the versions page and
clicking revert no longer silently clobbers someone else's change.

GET /api/pages/{slug}/versions also returns page_version so the UI can
pin without an extra round-trip; the versions page now sends it back.

Co-Authored-By: Claude Opus 4.7 (1M context) &lt;noreply@anthropic.com&gt;
diff --git a/backend/app/routers/versions.py b/backend/app/routers/versions.py
@@ -1,5 +1,6 @@
 import difflib
 from fastapi import APIRouter, HTTPException, Depends, Query
+from pydantic import BaseModel
 from app.auth import get_current_user
 from app.database import get_db, write_transaction
 from app.services.acl import require_page_read
@@ -8,6 +9,10 @@
 from app.services.media_ref import parse_and_update_media_refs
 from app.routers.activity import log_activity
 
+
+class RevertRequest(BaseModel):
+    base_version: int | None = None  # for optimistic locking, mirrors PUT /pages/{slug}
+
 router = APIRouter(prefix="/api/pages", tags=["versions"])
 
 
@@ -57,8 +62,14 @@ async def list_versions(
            LIMIT ? OFFSET ?""",
         (page_id, per_page, offset),
     )
+    # Carry the page's current version number so the revert UI can pass
+    # base_version back without an extra round-trip.
+    page_version_row = await db.execute_fetchall(
+        "SELECT version FROM pages WHERE id = ?", (page_id,)
+    )
     return {
         "versions": [dict(v) for v in versions],
+        "page_version": page_version_row[0]["version"] if page_version_row else None,
         "total": total,
         "page": page,
         "per_page": per_page,
@@ -126,7 +137,12 @@ async def diff_versions(
 
 
 @router.post("/{slug}/revert/{num}")
-async def revert_to_version(slug: str, num: int, user=Depends(get_current_user)):
+async def revert_to_version(
+    slug: str,
+    num: int,
+    body: RevertRequest = RevertRequest(),
+    user=Depends(get_current_user),
+):
     if user.get("role") == "viewer":
         raise HTTPException(status_code=403, detail="Viewers cannot revert pages")
 
@@ -145,6 +161,21 @@ async def revert_to_version(slug: str, num: int, user=Depends(get_current_user))
             detail="You do not have write permission on this page",
         )
 
+    # Optimistic lock — same contract as PUT /pages/{slug}. Reverting always
+    # changes content, so the client must pin to a known base_version. If
+    # someone else edited the page between the user opening the versions
+    # page and clicking revert, return 409 instead of silently clobbering.
+    if body.base_version is not None and body.base_version != current["version"]:
+        raise HTTPException(
+            status_code=409,
+            detail={
+                "error": "conflict",
+                "message": "This page was modified by someone else. Reload the versions list and try again.",
+                "current_version": current["version"],
+                "your_version": body.base_version,
+            },
+        )
+
     version = await db.execute_fetchall(
         "SELECT title, content_md FROM page_versions WHERE page_id = ? AND version_num = ?",
         (current["id"], num),
diff --git a/frontend/src/pages/PageVersions.jsx b/frontend/src/pages/PageVersions.jsx
@@ -107,10 +107,12 @@ export default function PageVersions() {
   const [selectedV2, setSelectedV2] = useState(null)
   const [reverting, setReverting] = useState(false)
   const [confirmRevert, setConfirmRevert] = useState(null)
+  const [pageVersion, setPageVersion] = useState(null)
 
   useEffect(() => {
     api.get(`/pages/${slug}/versions`).then((res) => {
       setVersions(res.data.versions)
+      setPageVersion(res.data.page_version)
       setLoading(false)
       // Auto-select latest two for diff
       if (res.data.versions.length >= 2) {
@@ -138,7 +140,9 @@ export default function PageVersions() {
   const handleRevert = async (versionNum) => {
     setReverting(true)
     try {
-      await api.post(`/pages/${slug}/revert/${versionNum}`)
+      // Pin to the page version we loaded so a concurrent edit returns 409
+      // instead of silently clobbering the other user's change.
+      await api.post(`/pages/${slug}/revert/${versionNum}`, { base_version: pageVersion })
       setConfirmRevert(null)
       navigate(`/page/${slug}`)
     } catch (err) {
