UNPKG

syncguard

Version:

Functional TypeScript library for distributed locking across microservices. Prevents race conditions with Redis, PostgreSQL, Firestore, and custom backends. Features automatic lock management, timeout handling, and extensible architecture.

kriasoft.com/syncguard/

kriasoft/syncguard

98 lines (97 loc) 4.22 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
// SPDX-FileCopyrightText: 2025-present Kriasoft // SPDX-License-Identifier: MIT import { FAILURE_REASON } from "../../common/backend-semantics.js"; import { LockError, validateLockId, } from "../../common/backend.js"; import { TIME_TOLERANCE_MS, isLive } from "../../common/time-predicates.js"; import { checkAborted, mapPostgresError } from "../errors.js"; /** * Creates PostgreSQL release operation with atomic transaction and ownership verification. * * **Implementation Pattern:** * - Atomic transaction: Query by lockId → verify ownership → check liveness → delete * - TOCTOU protection: All steps within single `sql.begin()` transaction * - Ownership verification: Explicit `data.lock_id === opts.lockId` check (ADR-003) * - AbortSignal: Manual cancellation checks via `checkAborted()` at strategic points * * Transaction flow: * 1. Get server time for authoritative liveness check * 2. Query by lockId using index (FOR UPDATE for row-level lock) * 3. Verify ownership (data.lock_id === lockId) * 4. Check liveness using isLive() predicate * 5. If all checks pass, delete the lock * 6. Return simplified result with optional telemetry reason * * @param sql - postgres.js SQL instance * @param config - PostgreSQL backend configuration * @returns Release operation function * * @see docs/specs/interface.md#release-operation-requirements - Normative TOCTOU requirements */ export function createReleaseOperation(sql, config) { return async (opts) => { try { // Pre-transaction abort check checkAborted(opts.signal); // Validate lockId format (22-char base64url) validateLockId(opts.lockId); // Atomic transaction: lookup → verify → delete const result = await sql.begin(async (sql) => { // Check abort signal inside transaction checkAborted(opts.signal); // Get server time (authoritative time source) const timeResult = await sql `SELECT EXTRACT(EPOCH FROM NOW()) * 1000 AS now_ms`; const timeRow = timeResult[0]; if (!timeRow) { throw new LockError("Internal", "Failed to get server time"); } const nowMs = Math.floor(Number(timeRow.now_ms)); // Query by lockId index (FOR UPDATE for row-level lock) const rows = await sql ` SELECT * FROM ${sql(config.tableName)} WHERE lock_id = ${opts.lockId} FOR UPDATE `; // Check if lock exists if (rows.length === 0) { const result = { ok: false }; result[FAILURE_REASON] = { reason: "not-found" }; return result; } const data = rows[0]; if (!data) { const result = { ok: false }; result[FAILURE_REASON] = { reason: "not-found" }; return result; } // Explicit ownership verification (ADR-003: defense-in-depth) if (data.lock_id !== opts.lockId) { const result = { ok: false }; result[FAILURE_REASON] = { reason: "not-found" }; return result; } // Check liveness const expiresAtMs = Number(data.expires_at_ms); if (!isLive(expiresAtMs, nowMs, TIME_TOLERANCE_MS)) { const result = { ok: false }; result[FAILURE_REASON] = { reason: "expired" }; return result; } // Check abort signal before write checkAborted(opts.signal); // All checks passed - delete the lock await sql ` DELETE FROM ${sql(config.tableName)} WHERE key = ${data.key} `; return { ok: true }; }); return result; } catch (error) { if (error instanceof LockError) { throw error; } throw mapPostgresError(error); } }; }