Skip to content

fix: fix refresh token deadlock#30828

Merged
crazywoola merged 1 commit intolanggenius:mainfrom
fatelei:issue-30827
Jan 12, 2026
Merged

fix: fix refresh token deadlock#30828
crazywoola merged 1 commit intolanggenius:mainfrom
fatelei:issue-30827

Conversation

@fatelei
Copy link
Contributor

@fatelei fatelei commented Jan 11, 2026

Important

  1. Make sure you have read our contribution guidelines
  2. Ensure there is an associated issue and you have been assigned to it
  3. Use the correct syntax to link this PR: Fixes #<issue number>.

Summary

fix #30827

fix refresh token deadlock, always delete refresh token

Screenshots

Before After
... ...

Checklist

  • This change requires a documentation update, included: Dify Document
  • I understand that this PR may be closed in case there was no previous discussion or issues. (This doesn't apply to typos!)
  • I've added a test for each change that was introduced, and I tried as much as possible to make a single atomic change.
  • I've updated the documentation accordingly.
  • I ran make lint and make type-check (backend) and cd web && npx lint-staged (frontend) to appease the lint gods
@fatelei fatelei requested a review from iamjoel as a code owner January 11, 2026 15:13
@dosubot dosubot bot added the size:S This PR changes 10-29 lines, ignoring generated files. label Jan 11, 2026
@gemini-code-assist
Copy link
Contributor

gemini-code-assist bot commented Jan 11, 2026

Summary of Changes

Hello @fatelei, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request provides a critical fix for a refresh token deadlock, particularly in multi-tab browsing environments. By ensuring that the refresh lock is always cleared, the system prevents potential deadlocks caused by stale lock states, thereby improving the robustness and reliability of token management.

Highlights

  • Deadlock Resolution: This pull request addresses and fixes a refresh token deadlock issue, specifically targeting scenarios that might occur across multiple browser tabs.
  • Unconditional Lock Release: The releaseRefreshLock function has been modified to unconditionally clear the refresh lock, including setting isRefreshing to false and removing related items from localStorage.
  • Cross-Tab Safety: The change ensures that the refresh lock is always cleared, which is crucial for preventing cross-tab deadlocks and maintaining consistent token management.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature Command Description
Code Review /gemini review Performs a code review for the current pull request in its current state.
Pull Request Summary /gemini summary Provides a summary of the current pull request in its current state.
Comment @gemini-code-assist Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help /gemini help Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

  1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution.

gemini-code-assist[bot]
gemini-code-assist bot reviewed Jan 11, 2026
View reviewed changes
Copy link
Contributor

@gemini-code-assist gemini-code-assist bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request effectively resolves a potential deadlock in the cross-tab token refresh logic. By removing the conditional check in releaseRefreshLock, the function now always clears the refresh lock from localStorage. This prevents waiting tabs from getting stuck if their own refresh attempt times out, which is a robust solution to the deadlock problem. The added comment clearly explains the reasoning behind this change. The fix is well-implemented and improves the overall resilience of the authentication mechanism.
@dosubot dosubot bot added the lgtm This PR has been approved by a maintainer label Jan 12, 2026
@crazywoola crazywoola merged commit 0c2729d into langgenius:main Jan 12, 2026
10 checks passed
@fatelei fatelei deleted the issue-30827 branch January 12, 2026 03:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

lgtm This PR has been approved by a maintainer size:S This PR changes 10-29 lines, ignoring generated files.

2 participants

@fatelei @crazywoola