Fix race condition obtaining an authorization key in meetup/client.go #11
Assignees
Labels
bug
Something isn't working
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Locks are effective at guarding access to resource read/writes, but the problem here is that the code does not currently consider a HTTP request to refresh a token a protected resource. We can enter into a race if a two calls to the client happen at the same time where caller A makes a request to refresh the token at the same time caller B makes a call to refresh the token. If caller A finishes first, then that token is now invalid. Caller B will have a valid token at that point, or could fail the request.
I don't have a good solution at the top of my head other than to lock everything up, and make sure the request timeouts at roughly a second or less to not hold up any threads accessing the next token too much.
Another idea is to leverage effective-go's channels and work out a solution with those. At the present time, this race is very tricky to trigger (requires much-greater scale to really hit it), so submitting an issue here as a reminder to take care of it.
The text was updated successfully, but these errors were encountered: