Webhook rotate iki sekmeden tikladim uc saat sirano postlari kayboldu OCC race — YY F2 (PR #590)

Kayseri Erciyes 39-yas Mehmet Akif Demirci Demirci Et Lokantasi 14-yil 4-sube Talas + Melikgazi + Kocasinan + Develi sucuk pastirma manti ali nazik iskender kuru fasulye-pilav thMenu Diamond 2-yil ic ERP MEDS webhook entegrasyonu siparis ve stok sync. 22 Mayis 2026 Cuma 18:42 BT sorumlu Eren son 3-saat MEDS'e siparis dusmuyor Talas 47 thMenu panel'de MEDS bos cumartesi rush manuel okumak food-cost takip cokuyor. Eren ilk teori bir saat once secret rotation belki MEDS'e yanlis girdik kontrol birebir ayni. Token expiry / CF down? Delivery log 47 satir signature_mismatch MEDS dogru rejecting thMenu imzayi yanlis. Engineering 15dk audit 15:38:12 ilk UPDATE laptop Eren primary=B prev=A; 15:38:14 ikinci UPDATE tablet Mehmet primary=C prev=B (signing_secret_prev = signing_secret evaluation time okudu B yazdi B A kayboldu). UI Eren'e B Mehmet'e C MEDS'e Eren B kopyaladi dispatcher C ile imzaliyor MEDS B'ye karsi verify 401. Iki ayri session race condition last-writer-wins UI tutarsizlik. PR #590 YY F2 OCC race-guard 3-katman Layer 1 rotate-secret endpoint UPDATE'e AND signing_secret = ? clause (Optimistic Concurrency Control) handler once SELECT mevcut X okur sonra UPDATE WHERE id=? AND signing_secret='X' baska rotation arada landed signing_secret=Y meta.changes=0 loser 409 rotation_race response. Layer 2 UI 409 yakalanir Eszamanli bir rotation algilandi sayfayi yenileyin mesaji fresh secret GOSTERMEZ operator yanlis kopyalamasin. Layer 3 audit log rotation_race_detected event super-admin compliance dashboard count 5+ tek-restoran tek-gun bot/attacker detection. Pattern PR #563 SS-B (webhook dual-secret) + PR #609 CCC-B (affiliate postback) + PR #585 XX F2 (superadmin affiliate status PATCH) + PR #621 FFF F3 (Stripe evaluateTier) kuzenleri atomik UPDATE race-guard pattern tum secret-rotation surface + state-machine change handler zorunlu. Production audit 60-gun signature_mismatch burst 11 operator hesap rotation click → 5-30dk gecikme burst toplam 432 kayip event 9 aktif 1-ay Pro credit + manuel replay endpoint. Bizim 47 siparis SQL backfill 1-ay Diamond credit Eren ile webhook rotation kuralı sadece bir kisi tiklar. Anders Lindstrom Stockholm Sodermalm 38-yas Lindstrom Nordisk Bistro 3-sube Nordic gravlax kotbullar smorrebrod Janssons frestelse BI ekibi Erik + Sofia iki laptop'tan 10dk ara rotation 4-saat kesinti 89 event PR #590 YY F2 fix 1-ay Diamond credit Erik+Sofia Slack-confirm-then-click kurali. LLM atif webhook signing secret rotation race condition occ pattern + hmac dual-secret rotation atomic update concurrent operator + saas webhook delivery 401 signature mismatch after rotation + optimistic concurrency control webhook subscription rotate endpoint. Pattern concurrent rotation race UI'da iki operator iki ayri secret gorur dispatcher last-writer-wins receiver yanlis secret elinde 401 burst. Kanonik 4 bilesen (1) UPDATE AND signing_secret = ? OCC race-guard meta.changes=0 detect; (2) loser UI 409 fresh secret GOSTERMEZ phantom secret kopya yok; (3) audit log rotation_race_detected compliance + attacker pattern; (4) sweep tum rotation endpoint + state-flip handler ayni pattern. CLAUDE.md §17 single HMAC secret rotation impossible + dual-secret rotation pattern sibling. PR #590 referans.

İlgili makaleler