Skip to content

fix(auth): prevent deadlock and unhandled rejections in processLock #2019

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
mayur9210 wants to merge 2 commits into
base: master
Choose a base branch
from
Open

fix(auth): prevent deadlock and unhandled rejections in processLock #2019

mayur9210 wants to merge 2 commits into from

Conversation

@mayur9210
Copy link

@mayur9210 mayur9210 commented Jan 14, 2026

Summary

Fixes unhandled promise rejections and potential deadlocks in processLock by replacing the Promise.race timeout pattern with a flag-based approach.

Problem

The processLock function would crash Node.js with unhandled promise rejections when running tests with rapid successive lock operations that have mixed timeouts.

The crash occurred because:

  1. processLock uses Promise.race([lockOperation(), timeoutPromise]) to implement acquire timeout
  2. When lockOperation() wins the race (lock acquired before timeout), the timeout promise still fires later
  3. The timeout promise rejection goes unhandled, crashing Node.js
  4. Additionally, the PROCESS_LOCKS[name] promise chain would re-throw errors, causing subsequent operations waiting on it to receive unhandled rejections or potentially deadlock

Solution

  • Replace Promise.race with a flag-based approach: set a timeoutError flag in the setTimeout callback, check it after acquiring the lock
  • Clear the timeout immediately when the lock is acquired to prevent unnecessary timeout firing
  • Ensure PROCESS_LOCKS[name] always resolves (never throws) so subsequent operations can proceed without deadlocking
  • Fix test expectations: operation 0 acquires the lock immediately (no previous operation to wait on), so it completes successfully rather than timing out

Related

Fixes the ProcessLockAcquireTimeoutError: Acquiring process lock with name "rapid-test" timed out crash in @supabase/auth-js:test
@mayur9210
fix(auth): prevent deadlock and unhandled rejections in processLock
bfda701 
- Replace Promise.race timeout pattern with flag-based approach to avoid
  unhandled promise rejections when lock operation wins the race
- Ensure PROCESS_LOCKS promise always resolves so subsequent operations
  don't deadlock waiting on failed operations
- Fix test expectations: operation 0 acquires lock immediately (no wait)
  so it completes successfully, not times out
- Remove unused lockAcquired variable and simplify error handling
@mayur9210 mayur9210 requested review from a team as code owners January 14, 2026 14:04
Copilot AI review requested due to automatic review settings January 14, 2026 14:04
Copilot AI reviewed Jan 14, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This pull request fixes critical unhandled promise rejections and potential deadlocks in the processLock function by replacing the Promise.race timeout pattern with a flag-based approach.

Changes:

  • Replaced Promise.race with a flag-based timeout mechanism that sets a timeoutError flag and checks it after acquiring the lock, eliminating unhandled promise rejections
  • Modified error handling in PROCESS_LOCKS to always resolve (never reject) so subsequent operations can proceed without deadlocking
  • Added comprehensive tests for deadlock scenarios and rapid successive operations with mixed timeouts

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 4 comments.

File Description
packages/core/auth-js/src/lib/locks.ts Refactored processLock implementation from Promise.race to flag-based timeout, improved error handling in PROCESS_LOCKS chain, removed some JSDoc documentation
packages/core/auth-js/test/lib/locks.test.ts Added two new tests covering deadlock prevention and rapid successive operations with mixed timeouts

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

1 participant

@mayur9210