Qualys refresh: threading lock + 409 if already running

app/routers/qualys.py

@@ -529,7 +529,11 @@ def qualys_agents_refresh(request: Request, db=Depends(get_db)):
     from ..services.qualys_service import refresh_all_agents
     try:
         stats = refresh_all_agents(db)
-        return JSONResponse({"ok": True, "msg": f"{stats.get('created',0)} créés, {stats.get('updated',0)} mis à jour", "stats": stats})
+        if stats.get("busy"):
+            return JSONResponse(stats, status_code=409)
+        if not stats.get("ok"):
+            return JSONResponse(stats, status_code=500)
+        return JSONResponse({"ok": True, "msg": stats.get("msg") or f"{stats.get('created',0)} créés, {stats.get('updated',0)} mis à jour", "stats": stats})
     except Exception as e:
         import traceback; traceback.print_exc()
         return JSONResponse({"ok": False, "msg": str(e)[:200]}, status_code=500)

app/services/qualys_service.py

@@ -1,6 +1,10 @@
 """Service Qualys — sync tags pour un serveur via API + cache memoire"""
 import re
 import requests
+import threading
+
+_refresh_lock = threading.Lock()
+_refresh_running = False
 import urllib3
 from sqlalchemy import text
 from .secrets_service import get_secret
@@ -536,6 +540,19 @@ def get_cache_stats():
 
 def refresh_all_agents(db):
     """Rafraichit tous les agents depuis l'API Qualys QPS (bulk, paginé)"""
+    global _refresh_running
+    if not _refresh_lock.acquire(blocking=False):
+        return {"ok": False, "msg": "Une synchronisation Qualys est déjà en cours", "busy": True}
+    _refresh_running = True
+    try:
+        return _refresh_all_agents_impl(db)
+    finally:
+        _refresh_running = False
+        _refresh_lock.release()
+
+
+def _refresh_all_agents_impl(db):
+    """Implémentation réelle du refresh (appelée sous verrou)"""
     qualys_url, qualys_user, qualys_pass, qualys_proxy = _get_qualys_creds(db)
     if not qualys_user:
         return {"ok": False, "msg": "Credentials Qualys non configurés"}