Skip to content

fix(subscriptions): Fix subscriptions creation race condition #3809

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jun 10, 2025
Merged

fix(subscriptions): Fix subscriptions creation race condition #3809

merged 1 commit into from
Jun 10, 2025

Conversation

ivannovosad
Copy link
Contributor

Context

There was a possible race condition when calling this API endpoint multiple times with the same plan_code:

POST /api/v1/subscriptions

Duplicate subscriptions were created

Description

Add lock to customer to Subscriptions::CreateService

@ivannovosad ivannovosad marked this pull request as ready for review June 10, 2025 12:31
@ivannovosad ivannovosad requested a review from Copilot June 10, 2025 12:36
Copilot

This comment was marked as outdated.

Sign in to view

@ivannovosad ivannovosad requested a review from Copilot June 10, 2025 12:37
Copilot
Copilot AI reviewed Jun 10, 2025
View reviewed changes
Copy link

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR adds a database lock around subscription creation to prevent duplicate records under concurrent requests.

  • Wraps currency update and subscription handling in a customer.with_lock block
  • Refreshes @current_subscription inside the lock to avoid stale reads
  • Nested the lock inside an existing transaction
Comments suppressed due to low confidence (2)

app/services/subscriptions/create_service.rb:35

  • [nitpick] with_lock already starts its own transaction. You may be able to remove the explicit ActiveRecord::Base.transaction wrapper to simplify nested transaction handling.
ActiveRecord::Base.transaction do

app/services/subscriptions/create_service.rb:41

  • [nitpick] Add or update specs that simulate concurrent POST /api/v1/subscriptions requests to verify that only one subscription record is created under race conditions.
# Refresh current_subscription inside the lock to avoid stale data

@ivannovosad ivannovosad force-pushed the fix-subscription-create branch from 31411c7 to c2c9d6a Compare June 10, 2025 14:16
@ivannovosad ivannovosad force-pushed the fix-subscription-create branch from c2c9d6a to dbbf14c Compare June 10, 2025 14:17
@ivannovosad ivannovosad merged commit 07566b0 into main Jun 10, 2025
14 checks passed
@ivannovosad ivannovosad deleted the fix-subscription-create branch June 10, 2025 14:46
rsempe pushed a commit that referenced this pull request Jun 11, 2025
@ivannovosad @rsempe
fix(subscriptions): Fix subscriptions creation race condition (#3809)
0867200 
## Context

There was a possible race condition when calling this API endpoint
multiple times with the same `plan_code`:

```
POST /api/v1/subscriptions
```

Duplicate subscriptions were created 

## Description

Add lock to customer to `Subscriptions::CreateService`
diegocharles pushed a commit that referenced this pull request Jul 11, 2025
@ivannovosad @diegocharles
fix(subscriptions): Fix subscriptions creation race condition (#3809)
7277c76 
## Context

There was a possible race condition when calling this API endpoint
multiple times with the same `plan_code`:

```
POST /api/v1/subscriptions
```

Duplicate subscriptions were created 

## Description

Add lock to customer to `Subscriptions::CreateService`
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

Copilot code review Copilot Copilot left review comments

@julienbourdeau julienbourdeau julienbourdeau approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ivannovosad @julienbourdeau