Race Condition , accepting new requests before the session of first user finishes
Mohammad-Orabi opened this issue · comments
If 2 users are choosing their gmail at the same time while the prompt is open
user 1 is taking the info of user 2 and vice versa ,
I even set a mutex but still
here is my code
const mutex = new Mutex();
export const linkGmailController = async (req: Request, res: Response) => {
const release = await mutex.acquire();
try {
passport.use(
new GoogleStrategy(
{
clientID: process.env.GOOGLE_AUTH_CLIENT_ID,
clientSecret: process.env.GOOGLE_AUTH_CLIENT_SECRET,
callbackURL: `${process.env.BASE_URL}/api/v1/auth/google/callback`
},
async (accessToken, refreshToken, profile, done) => {
const { email, name, given_name, family_name } = profile._json;
if (!email) {
return done(new Error('Email not found'));
}
const { redirect_link, userId } = req.query;
if (!userId) {
throw new NotFoundError("User Id can't be empty in query");
}
const transaction = await prisma.$transaction([
prisma.user.findUnique({ where: { id: userId as string } }),
prisma.user.update({
where: { id: userId as string },
data: {
gmail: email,
isEmailVerified: true,
primaryEmail: email,
name: name || given_name,
surname: family_name
}
})
]);
const updatedUser = transaction[1];
console.log(updatedUser);
if (updatedUser) {
return done(null, updatedUser, {
message: redirect_link as string
});
}
}
)
);
passport.authenticate('google', { scope: ['profile', 'email'] })(req, res);
} finally {
release();
}
};
This is an application-level concern, and pertains to how the verify function is implemented and how user data is persisted. It's not an issue with this package. Closing.