fix: prevent race condition in objectstore auth sync #859
Conversation
Summary of ChangesHello @shunkakinoki, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! This pull request resolves a critical race condition within the object store's authentication synchronization process. Previously, a full directory wipe during bootstrap could lead to the unintended deletion of authentication files from R2 storage due to interaction with file watchers. The change implements an incremental synchronization approach, ensuring data integrity and preventing permanent loss of authentication data upon service restarts. Highlights
🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console. Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here. You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension. Footnotes
|
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request correctly identifies and fixes a critical race condition that could lead to data loss in the object store. The change to an incremental sync in syncAuthFromBucket is a good approach to prevent the file watcher from erroneously deleting remote auth files. However, this fix introduces a new issue where stale local auth files are no longer cleaned up, which could pose a security risk. I've added a detailed comment with a suggestion on how to address this to make the sync process more robust.
Remove os.RemoveAll() call in syncAuthFromBucket() that was causing a race condition with the file watcher. Problem: 1. syncAuthFromBucket() wipes local auth directory with RemoveAll 2. File watcher detects deletions and propagates them to remote store 3. syncAuthFromBucket() then pulls from remote, but files are now gone Solution: Use incremental sync instead of delete-then-pull. Just ensure the directory exists and overwrite files as they're downloaded. This prevents the watcher from seeing spurious delete events.
shunkakinoki
force-pushed
the
fix/objectstore-sync-race-condition
branch
from
8ed698c to
bc32096
Compare
Simplify the cliproxyapi backup/sync architecture: - hydrate.sh: pull from S3 to local (runs at activation) - backup.sh: push from local to S3 (triggered by WatchPaths) - start.sh: just load .env and start the binary - wrapper.sh: load .env and exec binary for CLI usage Remove complex fallback chains (CCS, dotfiles backup) in favor of S3 as the single source of truth. Depends on: router-for-me/CLIProxyAPI#859 Amp-Thread-ID: https://ampcode.com/threads/T-019b79f0-bfa1-7107-bacc-4f98ddc99f99 Co-authored-by: Amp <[email protected]>
There was a problem hiding this comment.
Pull request overview
This PR fixes a critical race condition in the objectstore authentication synchronization that was causing permanent deletion of auth files from R2 on every service restart.
Key Changes:
- Removed
os.RemoveAll()call that was wiping the local auth directory during sync - Changed to incremental sync approach that overwrites files as they're downloaded from R2
- Updated error message from "recreate auth directory" to "create auth directory" for accuracy
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Simplify the cliproxyapi backup/sync architecture: - hydrate.sh: pull from S3 to local (runs at activation) - backup.sh: push from local to S3 (triggered by WatchPaths) - start.sh: just load .env and start the binary - wrapper.sh: load .env and exec binary for CLI usage Remove complex fallback chains (CCS, dotfiles backup) in favor of S3 as the single source of truth. Depends on: router-for-me/CLIProxyAPI#859 Co-authored-by: Amp <[email protected]> Amp-Thread-ID: https://ampcode.com/threads/T-019b79f0-bfa1-7107-bacc-4f98ddc99f99
Simplify the cliproxyapi backup/sync architecture: - hydrate.sh: pull from S3 to local (runs at activation) - backup.sh: push from local to S3 (triggered by WatchPaths) - start.sh: just load .env and start the binary - wrapper.sh: load .env and exec binary for CLI usage Remove complex fallback chains (CCS, dotfiles backup) in favor of S3 as the single source of truth. Depends on: router-for-me/CLIProxyAPI#859 Co-authored-by: Amp <[email protected]> Amp-Thread-ID: https://ampcode.com/threads/T-019b79f0-bfa1-7107-bacc-4f98ddc99f99
Simplify the cliproxyapi backup/sync architecture: - hydrate.sh: pull from S3 to local (runs at activation) - backup.sh: push from local to S3 (triggered by WatchPaths) - start.sh: just load .env and start the binary - wrapper.sh: load .env and exec binary for CLI usage Remove complex fallback chains (CCS, dotfiles backup) in favor of S3 as the single source of truth. Depends on: router-for-me/CLIProxyAPI#859 Co-authored-by: Amp <[email protected]> Amp-Thread-ID: https://ampcode.com/threads/T-019b79f0-bfa1-7107-bacc-4f98ddc99f99
Simplify the cliproxyapi backup/sync architecture: - hydrate.sh: pull from S3 to local (runs at activation) - backup.sh: push from local to S3 (triggered by WatchPaths) - start.sh: just load .env and start the binary - wrapper.sh: load .env and exec binary for CLI usage Remove complex fallback chains (CCS, dotfiles backup) in favor of S3 as the single source of truth. Depends on: router-for-me/CLIProxyAPI#859 Co-authored-by: Amp <[email protected]> Amp-Thread-ID: https://ampcode.com/threads/T-019b79f0-bfa1-7107-bacc-4f98ddc99f99
Simplify the cliproxyapi backup/sync architecture: - hydrate.sh: pull from S3 to local (runs at activation) - backup.sh: push from local to S3 (triggered by WatchPaths) - start.sh: just load .env and start the binary - wrapper.sh: load .env and exec binary for CLI usage Remove complex fallback chains (CCS, dotfiles backup) in favor of S3 as the single source of truth. Depends on: router-for-me/CLIProxyAPI#859 Co-authored-by: Amp <[email protected]> Amp-Thread-ID: https://ampcode.com/threads/T-019b79f0-bfa1-7107-bacc-4f98ddc99f99
|
@luispater Would love for review 🙇♂️ |
Cherry-picked from upstream PR router-for-me#859
|
@luispater Gently pinging the above 🙏 |
* refactor: simplify cliproxyapi scripts Simplify the cliproxyapi backup/sync architecture: - hydrate.sh: pull from S3 to local (runs at activation) - backup.sh: push from local to S3 (triggered by WatchPaths) - start.sh: just load .env and start the binary - wrapper.sh: load .env and exec binary for CLI usage Remove complex fallback chains (CCS, dotfiles backup) in favor of S3 as the single source of truth. Depends on: router-for-me/CLIProxyAPI#859 Co-authored-by: Amp <[email protected]> Amp-Thread-ID: https://ampcode.com/threads/T-019b79f0-bfa1-7107-bacc-4f98ddc99f99 * refactor: improve script formatting and readability in cliproxyapi --------- Co-authored-by: Amp <[email protected]>
1 participant
Problem
When the objectstore bootstraps,
syncAuthFromBucket()usesos.RemoveAll()to wipe the local auth directory before pulling from S3. This triggers a race condition:syncAuthFromBucket()wipes local auth directory withRemoveAllsyncAuthFromBucket()then pulls from S3, but files are now goneThis causes auth files to be permanently deleted from S3 on every service restart.
Solution
Use incremental sync instead of delete-then-pull. Just ensure the directory exists and overwrite files as they're downloaded from S3. This prevents the watcher from seeing spurious delete events.
Testing