fix: resolve critical race conditions in WebSocket proxy #530
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- Add subscription_lock to prevent concurrent subscribe/unsubscribe races - Add adapter_lock to prevent duplicate broker adapter initialization - Add user_lock to protect user_mapping during auth and cleanup - Implement global subscription tracking with reference counting - Add pre-registration before broker subscribe with rollback on failure - Move success log to after broker subscribe completes - Protect ZMQ listener with subscription snapshots - Add existence validation before unsubscribe operations - Create immutable copies before dictionary iteration - Implement proper error handling with state rollback Fixes multiple race conditions that could cause: - Duplicate broker subscriptions - Duplicate adapter connections - Dictionary changed size during iteration errors - Misleading subscription logs - Resource leaks on failed operations All changes maintain backward compatibility with existing clients.
![cubic-dev-ai[bot]](https://avatars.githubusercontent.com/in/1082092?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
5 issues found across 6 files
Prompt for AI agents (all 5 issues)
Understand the root cause of the following 5 issues and fix them.
<file name="websocket_proxy/server.py">
<violation number="1" location="websocket_proxy/server.py:671">
Indexing mode_to_str with the raw client mode will raise a KeyError when the value isn’t 1/2/3 (e.g., clients sending the string "3" worked before but now blows up). Please fall back gracefully when the key is missing so subscriptions keep working.</violation>
</file>
<file name="docs/zmq_new_audit_report.md">
<violation number="1" location="docs/zmq_new_audit_report.md:1191">
The audit report claims the added file is `ZMQ_Audit_Report.md`, but the repository file is named `docs/zmq_new_audit_report.md`, so this reference is inaccurate.</violation>
<violation number="2" location="docs/zmq_new_audit_report.md:1192">
Listing `COMMIT_MESSAGE.md` as an added file is inaccurate because no file with that name is present in the repository.</violation>
</file>
<file name="test/test_improved_zmq_server.py">
<violation number="1" location="test/test_improved_zmq_server.py:984">
This test only counts messages containing "ERROR", but the helper methods record unauthenticated request failures as "...FAILED", so error_count never increases and the test always reports failure even when behavior is correct.</violation>
</file>
<file name="test/test_multi_client_fix.py">
<violation number="1" location="test/test_multi_client_fix.py:146">
The test only logs message counts instead of asserting that other clients continue receiving data after one unsubscribes, so it will silently succeed even when the regression reappears. Please add explicit assertions that detect regressions.</violation>
</file>
Since this is your first cubic review, here's how it works:
- cubic automatically reviews your code and comments on bugs and improvements
- Teach cubic by replying to its comments. cubic learns from your replies and gets better over time
- Ask questions if you need clarification on any suggestion
React with 👍 or 👎 to teach cubic. Mention @cubic-dev-ai to give feedback, ask questions, or re-run the review.
websocket_proxy/server.py
Outdated
| }) | ||
| continue | ||
| else: | ||
| logger.info(f"First client subscribed to {symbol}.{exchange}.{mode_to_str[mode]}, broker subscribe successful") |
Contributor
There was a problem hiding this comment.
Indexing mode_to_str with the raw client mode will raise a KeyError when the value isn’t 1/2/3 (e.g., clients sending the string "3" worked before but now blows up). Please fall back gracefully when the key is missing so subscriptions keep working.
Prompt for AI agents
Address the following comment on websocket_proxy/server.py at line 671:
<comment>Indexing mode_to_str with the raw client mode will raise a KeyError when the value isn’t 1/2/3 (e.g., clients sending the string "3" worked before but now blows up). Please fall back gracefully when the key is missing so subscriptions keep working.</comment>
<file context>
@@ -614,22 +610,82 @@ async def subscribe_client(self, client_id, data):
+ })
+ continue
+ else:
+ logger.info(f"First client subscribed to {symbol}.{exchange}.{mode_to_str[mode]}, broker subscribe successful")
+ except Exception as e:
+ self._remove_global_subscription(client_id, user_id, symbol, exchange, mode)
</file context>
Suggested change
| logger.info(f"First client subscribed to {symbol}.{exchange}.{mode_to_str[mode]}, broker subscribe successful") | |
| logger.info(f"First client subscribed to {symbol}.{exchange}.{mode_to_str.get(mode, mode)}, broker subscribe successful") |
✅ Addressed in 963e9de
docs/zmq_new_audit_report.md
Outdated
|
|
||
| ### Files Added | ||
| - `ZMQ_Audit_Report.md` - This comprehensive audit report | ||
| - `COMMIT_MESSAGE.md` - Detailed commit message |
Contributor
There was a problem hiding this comment.
Listing COMMIT_MESSAGE.md as an added file is inaccurate because no file with that name is present in the repository.
Prompt for AI agents
Address the following comment on docs/zmq_new_audit_report.md at line 1192:
<comment>Listing `COMMIT_MESSAGE.md` as an added file is inaccurate because no file with that name is present in the repository.</comment>
<file context>
@@ -0,0 +1,1328 @@
+
+### Files Added
+- `ZMQ_Audit_Report.md` - This comprehensive audit report
+- `COMMIT_MESSAGE.md` - Detailed commit message
+
+### Dependencies
</file context>
✅ Addressed in 963e9de
docs/zmq_new_audit_report.md
Outdated
| - `server.py` - Core WebSocket proxy server (128 lines changed) | ||
|
|
||
| ### Files Added | ||
| - `ZMQ_Audit_Report.md` - This comprehensive audit report |
Contributor
There was a problem hiding this comment.
The audit report claims the added file is ZMQ_Audit_Report.md, but the repository file is named docs/zmq_new_audit_report.md, so this reference is inaccurate.
Prompt for AI agents
Address the following comment on docs/zmq_new_audit_report.md at line 1191:
<comment>The audit report claims the added file is `ZMQ_Audit_Report.md`, but the repository file is named `docs/zmq_new_audit_report.md`, so this reference is inaccurate.</comment>
<file context>
@@ -0,0 +1,1328 @@
+- `server.py` - Core WebSocket proxy server (128 lines changed)
+
+### Files Added
+- `ZMQ_Audit_Report.md` - This comprehensive audit report
+- `COMMIT_MESSAGE.md` - Detailed commit message
+
</file context>
Suggested change
| - `ZMQ_Audit_Report.md` - This comprehensive audit report | |
| - `docs/zmq_new_audit_report.md` - This comprehensive audit report |
✅ Addressed in 963e9de
test/test_improved_zmq_server.py
Outdated
|
|
||
| time.sleep(1) | ||
| results = client.get_test_results() | ||
| error_count = sum(1 for result in results if "ERROR" in result) |
Contributor
There was a problem hiding this comment.
This test only counts messages containing "ERROR", but the helper methods record unauthenticated request failures as "...FAILED", so error_count never increases and the test always reports failure even when behavior is correct.
Prompt for AI agents
Address the following comment on test/test_improved_zmq_server.py at line 984:
<comment>This test only counts messages containing "ERROR", but the helper methods record unauthenticated request failures as "...FAILED", so error_count never increases and the test always reports failure even when behavior is correct.</comment>
<file context>
@@ -0,0 +1,1364 @@
+
+ time.sleep(1)
+ results = client.get_test_results()
+ error_count = sum(1 for result in results if "ERROR" in result)
+
+ if error_count > 0:
</file context>
Suggested change
| error_count = sum(1 for result in results if "ERROR" in result) | |
| error_count = sum(1 for result in results if "ERROR" in result or "FAILED" in result) |
✅ Addressed in 963e9de
|
|
||
| # Check that all clients are receiving data | ||
| for i, client in enumerate(clients): | ||
| market_data_count = len([msg for msg in client.received_messages if msg.get('type') == 'market_data']) |
Contributor
There was a problem hiding this comment.
The test only logs message counts instead of asserting that other clients continue receiving data after one unsubscribes, so it will silently succeed even when the regression reappears. Please add explicit assertions that detect regressions.
Prompt for AI agents
Address the following comment on test/test_multi_client_fix.py at line 146:
<comment>The test only logs message counts instead of asserting that other clients continue receiving data after one unsubscribes, so it will silently succeed even when the regression reappears. Please add explicit assertions that detect regressions.</comment>
<file context>
@@ -0,0 +1,198 @@
+
+ # Check that all clients are receiving data
+ for i, client in enumerate(clients):
+ market_data_count = len([msg for msg in client.received_messages if msg.get('type') == 'market_data'])
+ logger.info(f"Client {client.client_id} received {market_data_count} market data messages")
+
</file context>
✅ Addressed in 963e9de
- Fix KeyError in websocket proxy when mode_to_str receives invalid keys - Improve test error detection to catch both ERROR and FAILED messages - Add assertions to multi-client test to detect subscription regressions - Correct inaccurate file references in ZMQ audit report documentation - Remove unnecessary comment in Angel broker adapter Resolves issues identified in zmq_new_audit_report.md audit findings.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary by cubic
Fixes critical race conditions in the WebSocket proxy using locks and reference counting to stabilize multi-client streaming. Also corrects Angel OHLC fields and returns structured API errors; adds tests and an audit report.
Bug Fixes
Refactors