fix(qualys/dashboard): insert pending row dans la route avant spawn thread (no race)

2026-04-25 00:07:22 +00:00 · 2026-04-25 00:07:22 +00:00 · 9a7f446637
commit 9a7f446637
parent daf87891a7
2 changed files with 17 additions and 12 deletions
--- a/app/routers/qualys.py
+++ b/app/routers/qualys.py
@ -1219,15 +1219,20 @@ async def qualys_dashboard_refresh(request: Request, db=Depends(get_db)):
        WHERE status='pending' AND run_at > now() - interval '15 minutes' LIMIT 1""")).fetchone()
    if pending:
        return RedirectResponse(url="/qualys/dashboard?msg=already_running", status_code=303)
+    # Insert pending immediatement (route, pas thread) pour eviter race condition
+    run_id = db.execute(text("""INSERT INTO qualys_vuln_snapshot_run (status, triggered_by)
+        VALUES ('pending', :tb) RETURNING id"""),
+        {"tb": f"manual:{user.username}"}).scalar()
+    db.commit()
    import threading
-    def _runner():
+    def _runner(rid):
        from app.database import SessionLocal
        s = SessionLocal()
        try:
-            compute_vuln_dashboard(s, triggered_by=f"manual:{user.username}")
+            compute_vuln_dashboard(s, triggered_by=f"manual:{user.username}", run_id=rid)
        finally:
            s.close()
-    threading.Thread(target=_runner, daemon=True).start()
+    threading.Thread(target=_runner, args=(run_id,), daemon=True).start()
    return RedirectResponse(url="/qualys/dashboard?msg=refresh_started", status_code=303)


--- a/app/services/qualys_service.py
+++ b/app/services/qualys_service.py
@ -889,8 +889,8 @@ def _is_scanned(asset_row, has_vuln_data):
        return True
    return False

-def compute_vuln_dashboard(db, triggered_by="manual"):
-    """Calcule un nouveau snapshot (insert run + snapshot rows).
+def compute_vuln_dashboard(db, triggered_by="manual", run_id=None):
+    """Calcule un nouveau snapshot. Si run_id fourni, l'utilise (sinon en cree un).
    Retourne dict {ok, msg, run_id, asset_count, duration_sec}."""
    global _dashboard_running
    if _dashboard_running:
@ -899,9 +899,9 @@ def compute_vuln_dashboard(db, triggered_by="manual"):
    _dashboard_running = True
    import time
    t0 = time.time()
-    run_id = None
    try:
-        # 1. Creer le run en pending
+        # 1. Creer le run en pending si pas deja fourni
+        if run_id is None:
            run_id = db.execute(text("""
                INSERT INTO qualys_vuln_snapshot_run (status, triggered_by)
                VALUES ('pending', :tb) RETURNING id