C
C#17mo ago
linqisnice

❔ How would I best make this request idempotent/prevent multiple triggers

https://paste.mod.gg/nmyjoxukfxhl/0 I feel like it'd be possible (but not probable) to time out internet connection right before savechanges, whcih would make this spammable. That's obviously not great... I'm not sure which of these solutions would be better? 1: Some form of pessimistic locking(?) (so save changes BEFORE the PayoutToHost call, and then rolling back to escrow.ReleasedAt = null if !IsSuccess) 
 escrow.ReleasedAt = _clock.Now();
        await _dbContext.SaveChangesAsync();

        var payoutToHostDetails = await _paymentGateway.PayoutToHost(escrow.CancelledAmount is not null ? (decimal)escrow.CancelledAmount : escrow.FullAmount,
                                                                     escrow.Id,
                                                                     escrow.Currency,
                                                                     host.StripeConnectAccountId!);

        if (!payoutToHostDetails.IsSuccess)
        {
            // Roll back the pending record if the transaction fails
            escrow.ReleasedAt = null;
            await _dbContext.SaveChangesAsync();

            return new BadRequestObjectResult(payoutToHostDetails.Error.Message);
        }
 escrow.ReleasedAt = _clock.Now();
        await _dbContext.SaveChangesAsync();

        var payoutToHostDetails = await _paymentGateway.PayoutToHost(escrow.CancelledAmount is not null ? (decimal)escrow.CancelledAmount : escrow.FullAmount,
                                                                     escrow.Id,
                                                                     escrow.Currency,
                                                                     host.StripeConnectAccountId!);

        if (!payoutToHostDetails.IsSuccess)
        {
            // Roll back the pending record if the transaction fails
            escrow.ReleasedAt = null;
            await _dbContext.SaveChangesAsync();

            return new BadRequestObjectResult(payoutToHostDetails.Error.Message);
        }
2. Idempotent key from client + rate limit (and then I'd have to log/check suspicious activity) 3. Something entirely different? something more robust? Or is it generally not a problem?
1 Reply
Accord
Accord17mo ago
Looks like nothing has happened here. I will mark this as stale and this post will be archived until there is new activity.
Want results from more Discord servers?
Add your server