Skip to content

fix(openscience): atomic + locked session writes, distinguish logout from read error#131

Merged
Aayam Bansal (aayambansal) merged 1 commit into
mainfrom
fix/session-file-atomic
Jul 7, 2026
Merged

fix(openscience): atomic + locked session writes, distinguish logout from read error#131
Aayam Bansal (aayambansal) merged 1 commit into
mainfrom
fix/session-file-atomic

Conversation

@aayambansal

Copy link
Copy Markdown
Member

Audit finding #12 (High). The session file was written with a plain Bun.write (no temp+rename) and updateSession's read-modify-write held no lock, so two processes writing it concurrently could tear the file — and getSession coerced every read error (including a torn file / EMFILE / permission blip) to null, i.e. "signed out." That mis-classification flips the billing gate to BYOK, diverts usage to the unauthenticated queue, and makes syncServices no-op for a genuinely authenticated user.

  • saveSession → atomic temp+rename (no torn file for a concurrent reader).
  • updateSession → serialized under Lock.write so concurrent patches (interactive last_check_ts vs background cached_v) don't lose each other's field.
  • getSession → a missing file is a real logout (null, silent); a read/parse error is not — it still returns null so callers stay simple, but now logs the failure instead of silently mis-billing.

Tests

test/openscience/session-file.test.ts: null when absent, save→get round-trip, clear→null, and api_key-less session treated as none. Full backend suite (952) green.

…from read error

- saveSession uses atomic temp+rename so a crash or concurrent reader never
  sees a torn session file.
- updateSession serializes its read-modify-write under a lock, so two
  concurrent patches (interactive last_check_ts vs background cached_v) can't
  lose each other's field.
- getSession distinguishes a MISSING file (genuine logout → null) from a
  read/parse error (torn file, EMFILE, permissions): the latter is no longer
  silently mis-read as 'signed out' (which flipped the billing gate to BYOK and
  diverted usage to the unauthenticated queue for an authenticated user) — it
  still returns null so callers stay simple, but logs the failure. (#12)
@vercel

vercel Bot commented Jul 7, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
openscience Ready Ready Preview, Comment Jul 7, 2026 4:24am

Request Review

@aayambansal Aayam Bansal (aayambansal) merged commit 4677199 into main Jul 7, 2026
11 checks passed
@aayambansal Aayam Bansal (aayambansal) deleted the fix/session-file-atomic branch July 7, 2026 04:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant