Skip to content

fix(platfor-290): identity-access-token cleanup #6057

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
PrestigePvP wants to merge 1 commit into
base: main
Choose a base branch
from

fix(platfor-290): identity-access-token cleanup

d7710ff
Select commit
Loading
Failed to load commit list.
Open

fix(platfor-290): identity-access-token cleanup #6057

fix(platfor-290): identity-access-token cleanup
d7710ff
Select commit
Loading
Failed to load commit list.
Claude / Claude Code Review completed Apr 16, 2026 in 11m 38s

Code review found 2 important issues

Found 5 candidates, confirmed 2. See review comments for details.

Details

Severity Count
🔴 Important 2
🟡 Nit 0
🟣 Pre-existing 0
Severity File:Line Issue
🔴 Important backend/src/db/migrations/20260416180000_add-identity-access-token-idle-index.ts:35-39 DROP INDEX without CONCURRENTLY in down migration causes table lock on 64M-row table
🔴 Important backend/src/services/identity-access-token/identity-access-token-dal.ts:215-232 Infinite retry loop in removeIdleTokens when previous batch succeeded

Annotations

Check failure on line 39 in backend/src/db/migrations/20260416180000_add-identity-access-token-idle-index.ts

See this annotation in the file changed.

@claude claude / Claude Code Review

DROP INDEX without CONCURRENTLY in down migration causes table lock on 64M-row table 

The down() migration uses plain `DROP INDEX IF EXISTS` rather than `DROP INDEX CONCURRENTLY IF EXISTS`, which acquires an AccessExclusiveLock that blocks all reads and writes on the `identity_access_tokens` table for the full duration of the drop. On the 64M-row throttled-EBS table this PR explicitly calls out, rolling back this migration in production would cause a write outage on identity access token operations; change line 36 to `DROP INDEX CONCURRENTLY IF EXISTS idx_identity_access_tokens_i

Check failure on line 232 in backend/src/services/identity-access-token/identity-access-token-dal.ts

See this annotation in the file changed.

@claude claude / Claude Code Review

Infinite retry loop in removeIdleTokens when previous batch succeeded 

The do-while loop in `removeIdleTokens` can spin infinitely if any batch succeeds before a permanent DB failure. Once a batch returns N deleted IDs, `deletedTokenIds` remains non-empty forever because the `catch` block never resets it — so even after MAX_RETRY_ON_FAILURE consecutive failures the left-hand condition `deletedTokenIds.length > 0` keeps the loop alive, bypassing the retry guard entirely and hammering the broken database every 500 ms. Fix: add `deletedTokenIds = []` at the top of the
View more details on Claude