Skip to content
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
27 changes: 20 additions & 7 deletions src/core/auth/store/file-store.ts
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ import type { TokenStore, StoredToken } from './token-store.ts';

export class FileTokenStore implements TokenStore {
private readonly path: string;
private writeLock: Promise<void> = Promise.resolve();

constructor(path: string = '.zoho-tokens.json') {
this.path = path;
Expand All @@ -23,21 +24,33 @@ export class FileTokenStore implements TokenStore {
await writeFile(this.path, JSON.stringify(tokens, null, 2), 'utf-8');
}

private withLock<T>(fn: () => Promise<T>): Promise<T> {
let resolve!: () => void;
const next = new Promise<void>((r) => (resolve = r));
const result = this.writeLock.then(fn).finally(resolve);
this.writeLock = next;
return result;
}

async findToken(clientId: string, orgId: string): Promise<StoredToken | null> {
const tokens = await this.read();
return tokens.find((t) => t.clientId === clientId && t.orgId === orgId) ?? null;
Comment on lines 36 to 37

Copilot AI Apr 17, 2026

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The new write lock only serializes save/delete, but findToken still reads the file concurrently with writeFile. Since writeFile truncates and rewrites the JSON, a concurrent read can observe partial contents and JSON.parse will throw. Consider either (a) using the same lock for findToken/read operations, or (b) making writes atomic (write to a temp file and rename) so reads are always valid JSON.

Suggested change
const tokens = await this.read();
return tokens.find((t) => t.clientId === clientId && t.orgId === orgId) ?? null;
return this.withLock(async () => {
const tokens = await this.read();
return tokens.find((t) => t.clientId === clientId && t.orgId === orgId) ?? null;
});

Copilot uses AI. Check for mistakes.
}

async saveToken(token: StoredToken): Promise<void> {
const tokens = await this.read();
const idx = tokens.findIndex((t) => t.clientId === token.clientId && t.orgId === token.orgId);
if (idx >= 0) tokens[idx] = token;
else tokens.push(token);
await this.write(tokens);
return this.withLock(async () => {
const tokens = await this.read();
const idx = tokens.findIndex((t) => t.clientId === token.clientId && t.orgId === token.orgId);
if (idx >= 0) tokens[idx] = token;
else tokens.push(token);
await this.write(tokens);
});
}

async deleteToken(clientId: string, orgId: string): Promise<void> {
const tokens = await this.read();
await this.write(tokens.filter((t) => !(t.clientId === clientId && t.orgId === orgId)));
return this.withLock(async () => {
const tokens = await this.read();
await this.write(tokens.filter((t) => !(t.clientId === clientId && t.orgId === orgId)));
});
}
}
Loading