From 5506b9406db7847ffd0892a0cda1c042b3157a6a Mon Sep 17 00:00:00 2001
From: ThibG <thib@sitedethib.com>
Date: Mon, 11 Mar 2019 00:50:31 +0100
Subject: [PATCH] Avoid race conditions when creating backups (#10234)

Under load, multiple backups for a single user could be planned, which
is very expensive.
---
 app/controllers/settings/exports_controller.rb | 18 ++++++++++++++++--
 1 file changed, 16 insertions(+), 2 deletions(-)

diff --git a/app/controllers/settings/exports_controller.rb b/app/controllers/settings/exports_controller.rb
index 0135f2189..3012fbf77 100644
--- a/app/controllers/settings/exports_controller.rb
+++ b/app/controllers/settings/exports_controller.rb
@@ -13,11 +13,25 @@ class Settings::ExportsController < Settings::BaseController
   end
 
   def create
-    authorize :backup, :create?
+    raise Mastodon::NotPermittedError unless user_signed_in?
+
+    backup = nil
+
+    RedisLock.acquire(lock_options) do |lock|
+      if lock.acquired?
+        authorize :backup, :create?
+        backup = current_user.backups.create!
+      else
+        raise Mastodon::RaceConditionError
+      end
+    end
 
-    backup = current_user.backups.create!
     BackupWorker.perform_async(backup.id)
 
     redirect_to settings_export_path
   end
+
+  def lock_options
+    { redis: Redis.current, key: "backup:#{current_user.id}" }
+  end
 end