[management] fix some concurrency potential issues (#5584)

2026-03-31 06:34:14 -04:00 · 2026-03-12 15:57:36 +01:00
parent d3d6a327e0
commit 8f389fef19
4 changed files with 38 additions and 12 deletions
--- a/management/server/account_request_buffer.go
+++ b/management/server/account_request_buffer.go
@@ -63,11 +63,20 @@ func (ac *AccountRequestBuffer) GetAccountWithBackpressure(ctx context.Context,

 	log.WithContext(ctx).Tracef("requesting account %s with backpressure", accountID)
 	startTime := time.Now()
-	ac.getAccountRequestCh <- req

-	result := <-req.ResultChan
-	log.WithContext(ctx).Tracef("got account with backpressure after %s", time.Since(startTime))
-	return result.Account, result.Err
+	select {
+	case <-ctx.Done():
+		return nil, ctx.Err()
+	case ac.getAccountRequestCh <- req:
+	}
+
+	select {
+	case <-ctx.Done():
+		return nil, ctx.Err()
+	case result := <-req.ResultChan:
+		log.WithContext(ctx).Tracef("got account with backpressure after %s", time.Since(startTime))
+		return result.Account, result.Err
+	}
 }

 func (ac *AccountRequestBuffer) processGetAccountBatch(ctx context.Context, accountID string) {
--- a/management/server/http/middleware/bypass/bypass.go
+++ b/management/server/http/middleware/bypass/bypass.go
@@ -51,19 +51,28 @@ func GetList() []string {
 // This can be used to bypass authz/authn middlewares for certain paths, such as webhooks that implement their own authentication.
 func ShouldBypass(requestPath string, h http.Handler, w http.ResponseWriter, r *http.Request) bool {
 	byPassMutex.RLock()
-	defer byPassMutex.RUnlock()
-
+	var matched bool
 	for bypassPath := range bypassPaths {
-		matched, err := path.Match(bypassPath, requestPath)
+		m, err := path.Match(bypassPath, requestPath)
 		if err != nil {
-			log.WithContext(r.Context()).Errorf("Error matching path %s with %s from %s: %v", bypassPath, requestPath, GetList(), err)
+			list := make([]string, 0, len(bypassPaths))
+			for k := range bypassPaths {
+				list = append(list, k)
+			}
+			log.WithContext(r.Context()).Errorf("Error matching path %s with %s from %v: %v", bypassPath, requestPath, list, err)
 			continue
 		}
-		if matched {
-			h.ServeHTTP(w, r)
-			return true
+		if m {
+			matched = true
+			break
 		}
 	}
+	byPassMutex.RUnlock()
+
+	if matched {
+		h.ServeHTTP(w, r)
+		return true
+	}

 	return false
 }
--- a/management/server/job/channel.go
+++ b/management/server/job/channel.go
@@ -28,7 +28,13 @@ func NewChannel() *Channel {
 	return jc
 }

-func (jc *Channel) AddEvent(ctx context.Context, responseWait time.Duration, event *Event) error {
+func (jc *Channel) AddEvent(ctx context.Context, responseWait time.Duration, event *Event) (err error) {
+	defer func() {
+		if r := recover(); r != nil {
+			err = ErrJobChannelClosed
+		}
+	}()
+
 	select {
 	case <-ctx.Done():
 		return ctx.Err()
--- a/management/server/types/network.go
+++ b/management/server/types/network.go
@@ -152,6 +152,8 @@ func (n *Network) CurrentSerial() uint64 {
 }

 func (n *Network) Copy() *Network {
+	n.Mu.Lock()
+	defer n.Mu.Unlock()
 	return &Network{
 		Identifier: n.Identifier,
 		Net:        n.Net,