Protect changing in parallel using HTTP 412 precondition failed

2025-11-27 23:27:29 +02:00 · 2025-11-27 23:27:29 +02:00 · 03b9459a49
parent 90d896e1cc
commit 03b9459a49
2 changed files with 46 additions and 2 deletions
--- a/examples/base/main.go
+++ b/examples/base/main.go
@ -116,6 +116,12 @@ func main() {
 		Priority: 999, // execute as latest as possible to allow users to provide their own route
 	})

+	app.OnRecordViewRequest().BindFunc(addLastModified)
+
+	app.OnRecordUpdateRequest().BindFunc(ifUnmodifiedSince)
+
+	app.OnRecordDeleteRequest().BindFunc(ifUnmodifiedSince)
+
 	if err := app.Start(); err != nil {
 		log.Fatal(err)
 	}
@ -129,3 +135,33 @@ func defaultPublicDir() string {

 	return filepath.Join(os.Args[0], "../pb_public")
 }
+
+func addLastModified(e *core.RecordRequestEvent) error {
+	updated := e.Record.GetString("updated")
+
+	if updated != "" {
+		e.Response.Header().Add("Last-Modified", updated)
+	}
+
+	return e.Next()
+}
+
+func ifUnmodifiedSince(e *core.RecordRequestEvent) error {
+	updated := e.Record.GetString("updated")
+
+	if updated != "" {
+		header := e.Request.Header.Get("If-Unmodified-Since")
+
+		if header == "" || header != updated {
+			e.Response.Header().Add("Last-Modified", updated)
+
+			if header == "" {
+				return e.Error(http.StatusPreconditionRequired, "Header If-Unmodified-Since is required", nil)
+			} else if header != updated {
+				return e.Error(http.StatusPreconditionFailed, "Record was modified after retrieval", nil)
+			}
+		}
+	}
+
+	return e.Next()
+}
--- a/ui/src/components/records/RecordUpsertPanel.svelte
+++ b/ui/src/components/records/RecordUpsertPanel.svelte
@ -278,7 +278,11 @@
            if (isNew) {
                result = await ApiClient.collection(collection.id).create(data);
            } else {
-                result = await ApiClient.collection(collection.id).update(record.id, data);
+                result = await ApiClient.collection(collection.id).update(record.id, data, {
+                    headers: {
+                        "If-Unmodified-Since": record.updated,
+                    },
+                });
            }

            addSuccessToast(isNew ? "Successfully created record." : "Successfully updated record.");
@ -318,7 +322,11 @@

        confirm(`Do you really want to delete the selected record?`, () => {
            return ApiClient.collection(original.collectionId)
-                .delete(original.id)
+                .delete(original.id, {
+                    headers: {
+                        "If-Unmodified-Since": record.updated,
+                    },
+                })
                .then(() => {
                    forceHide();
                    addSuccessToast("Successfully deleted record.");