🐛(backend) manage race condition between GET and PATCH content by lunika · Pull Request #2271 · suitenumerique/docs

lunika · 2026-05-05T13:38:17Z

Purpose

When a PATCH and a GET on the content endpoint are made at the same time
for different users a race condition can happen and the metadata returned
by the S3 head_object can be outdated when the object is fetched leading
to an error raised because the Content-Length header does not match the
size of the response body. To avoid this, we no longer used head_object
followed bu get_object, we have to manage
everything in one call with the get_object. The get_object also accepts
as parameters an etag or last-modified header and will return a 304 if
the content has not changed, so we can use this to not return the entire
body if this one has not changed.

Proposal

🐛(backend) manage race condition between GET and PATCH content

When a PATCH and a GET on the content endpoint are made at the same time for different users a race condition can happen and the metadata returned by the S3 head_object can be outdated when the object is fetched leading to an error raised because the Content-Length header does not match the size of the response body. To avoid this, we no longer used head_object followed bu get_object, we have to manage everything in one call with the get_object. The get_object also accepts as parameters an etag or last-modified header and will return a 304 if the content has not changed, so we can use this to not return the entire body if this one has not changed.

jmaupetit

I only have minor comments, else 👏

jmaupetit · 2026-05-06T09:25:32Z

+            if code in ("304", "PreconditionFailed", "NotModified"):
+                return drf_response.Response(status=status.HTTP_304_NOT_MODIFIED)
+            if code in ("NoSuchKey", "404"):
+                return StreamingHttpResponse(b"", content_type="text/plain", status=200)


What about using the amazing match/case syntax? 😍

Suggested change

if code in ("304", "PreconditionFailed", "NotModified"):

return drf_response.Response(status=status.HTTP_304_NOT_MODIFIED)

if code in ("NoSuchKey", "404"):

return StreamingHttpResponse(b"", content_type="text/plain", status=200)

match code:

case "304" | "PreconditionFailed" | "NotModified":

return drf_response.Response(status=status.HTTP_304_NOT_MODIFIED)

case "NoSuchKey" | "404":

return StreamingHttpResponse(b"", content_type="text/plain", status=200)

case _:

raise

I thought it was not allowed by the Geneva Convention to use a switch in Python.

jmaupetit · 2026-05-06T09:28:10Z

+        # Refresh the metadata cache so future conditional requests can
+        # check them earlier


Maybe this would be good enough?

Suggested change

# Refresh the metadata cache so future conditional requests can

# check them earlier

# Refresh the metadata cache

jmaupetit · 2026-05-06T09:29:32Z

-        def _stream(file_key):
-            with default_storage.open(file_key, "rb") as f:
-                while chunk := f.read(8192):
+                while chunk := body.read(8192):


Do you think the chunk size should be configurable?

Also to avoid using a while loop, you can use iter_chunks:

Suggested change

while chunk := body.read(8192):

for chunk in body.iter_chunks(chunk_size):

the iter_chunks is doing the same thing. I have no strong opinion. I would prefer to have a solution to have an async generator.

jmaupetit · 2026-05-06T09:31:05Z

+                while chunk := body.read(8192):
                    yield chunk
+            finally:
+                body.close()


Are you sure the try/finally pattern is required here to close the http response stream (as you return a generator)?

Nop I don't really know. I keep it from the previous implementation.

jmaupetit · 2026-05-06T13:46:09Z

+
+def _request(**headers):
+    """Build a request with the given HTTP headers."""
+    return APIRequestFactory().get("/", headers=headers)


Why not declaring a pytest fixture instead?

jmaupetit · 2026-05-06T13:55:50Z

+    assert if_none_match == '"deadbeef"'
+    assert if_modified_since_dt == dt.datetime(
+        2015, 10, 21, 7, 28, 0, tzinfo=dt.timezone.utc
+    )


All tests here could be configured as one single test using indirect parametrization of the proposed fixture.

lunika requested a review from jmaupetit May 5, 2026 13:38

lunika self-assigned this May 5, 2026

lunika added bug Something isn't working enhancement improve an existing feature labels May 5, 2026

lunika force-pushed the fix/content-race-condition branch from 7bde43e to bae3015 Compare May 5, 2026 13:42

jmaupetit reviewed May 6, 2026

View reviewed changes

		# Refresh the metadata cache so future conditional requests can
		# check them earlier

	# Refresh the metadata cache so future conditional requests can
	# check them earlier
	# Refresh the metadata cache

	while chunk := body.read(8192):
	for chunk in body.iter_chunks(chunk_size):

Conversation

lunika commented May 5, 2026

Purpose

Proposal

Uh oh!

jmaupetit left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants