fix(persistence): address PR #117 review feedback
Adopt 8 PR-agent (Qodo) findings; 4 declined (concurrency already guarded by the putSyncedRecord/markRecordSynced guards + RPC optimistic concurrency; SQL-injection / won-equality / microtask-race are false positives — see PR reply). - markRecordSynced: guard on updatedAt too — softDeleteStory doesn't bump rev, so a same-rev newer local tombstone must not be marked synced by an older push's ack (symmetric with putSyncedRecord's guard) - recordToEnvelope: fallback timestamps to 0 not Date.now() (a corrupt record should lose LWW, not win as "now") - push/delete routes: validate rev/updatedAt as finite -> 400 (was silent 200); push: Content-Length pre-check before buffering the body - pushDeletion: idbGet a single record instead of a full-store scan - manifest: Cache-Control private,no-store + client fetch cache:no-store - cloudSyncClient: Array.isArray narrowing on items/blobs - RPC: `if found` instead of `v_row.id is not null` after RETURNING INTO Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
@@ -251,10 +251,15 @@ export async function putSyncedRecord(
|
||||
* the rev we pushed. A newer local edit (rev moved past what we pushed) is left
|
||||
* pending so the next reconcile re-pushes the newer content. No-op if the
|
||||
* record is gone or already synced (Req 8.1). */
|
||||
export async function markRecordSynced(id: string, rev: number): Promise<void> {
|
||||
export async function markRecordSynced(id: string, rev: number, updatedAt: number): Promise<void> {
|
||||
const rec = await idbGet<StoryRecord>(STORIES_STORE, id);
|
||||
if (!rec) return;
|
||||
// Guard on BOTH rev and updatedAt. softDeleteStory bumps updatedAt WITHOUT
|
||||
// bumping rev, so a same-rev-but-newer local tombstone produced while a push
|
||||
// was in flight must NOT be marked synced by that older push's ack (it still
|
||||
// owes a delete push). Symmetric with putSyncedRecord's concurrency guard.
|
||||
if ((rec.rev ?? 1) !== rev) return;
|
||||
if (coerceEpoch(rec.updatedAt, 0) !== coerceEpoch(updatedAt, 0)) return;
|
||||
if (rec.syncState === "synced") return;
|
||||
await idbPut(STORIES_STORE, { ...rec, syncState: "synced" });
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user