Conversation
…ramScopeTracker
ParamsScope instances are shared across requests (definition-time objects).
The mutable `@index` and `@params_meeting_dependency` ivars were being
written during request processing, creating a race condition under concurrent
requests.
Introduces `ParamScopeTracker` which stores all per-request mutable state
(array indices + qualifying params) in a `Fiber[FIBER_KEY]` entry, isolating
each request's state from others. `Endpoint#run_validators` sets up the
tracker via `ParamScopeTracker.track {}`. `AttributesIterator#store_indices`
writes to it; `ParamsScope#full_name` and `#qualifying_params` read from it.
Uses `Fiber[]` (not `Thread.current[]`) so fiber-based servers (e.g. Falcon)
correctly isolate per-request state within each fiber.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Danger ReportNo issues found. |
Member
|
👏 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
ParamsScopeinstances are shared across requests (they're definition-time objects). Two mutable ivars were being written during request processing, creating a race condition under concurrent requests:@index— set byAttributesIteratorwhile iterating array params@params_meeting_dependency— set bymeets_dependency?to track qualifying array paramsFix
Introduces
Grape::Validations::ParamScopeTracker— a lightweight object that holds all per-request mutable state in aFiber[FIBER_KEY]entry:Endpoint#run_validatorscallsParamScopeTracker.track {}to set up a fresh tracker for each request, restoring the previous value on exit (reentrant/nested-safe viaensure)AttributesIterator#store_indiceswrites current and ancestor array indices into the trackerParamsScope#full_nameand#qualifying_paramsread from the tracker instead of@index/@params_meeting_dependencyFiber[](Ruby 3.0+) is used instead ofThread.current[]so that fiber-based servers (e.g. Falcon with async) correctly isolate per-request state within each fiber rather than sharing it across all fibers on the same thread.Both trackers use
{}.compare_by_identitysoParamsScopeobjects are keyed by object identity, not value equality.Test plan
spec/grape/validations/param_scope_tracker_spec.rb— new unit tests covering lifecycle, reentrance, index/qualifying-params storagebundle exec rspec) passes — 2221 examples, 0 failures🤖 Generated with Claude Code