Add option to skip Checksum verification between doc storage and Redis #751 (#767)

This check should be unnecessary for stores with strong consistency guarantees (virtually everywhere now). --------- Co-authored-by: Florent FAYOLLE <florent.fayolle@beta.gouv.fr>
2026-03-02 04:09:24 +00:00 · 2024-03-07 20:11:17 +01:00
parent 66f025c7df
commit 1e3e076820
3 changed files with 307 additions and 266 deletions
--- a/app/server/lib/ExternalStorage.ts
+++ b/app/server/lib/ExternalStorage.ts
@@ -1,6 +1,8 @@
 import {ObjMetadata, ObjSnapshot, ObjSnapshotWithMetadata} from 'app/common/DocSnapshot';
+import {isAffirmative} from 'app/common/gutil';
 import log from 'app/server/lib/log';
 import {createTmpDir} from 'app/server/lib/uploads';
+
 import {delay} from 'bluebird';
 import * as fse from 'fs-extra';
 import * as path from 'path';
@@ -226,13 +228,27 @@ export class ChecksummedExternalStorage implements ExternalStorage {
          const expectedChecksum = await this._options.sharedHash.load(fromKey);
          // Let null docMD5s pass.  Otherwise we get stuck if redis is cleared.
          // Otherwise, make sure what we've got matches what we expect to get.
-          // S3 is eventually consistent - if you overwrite an object in it, and then read from it,
-          // you may get an old version for some time.
+          // AWS S3 was eventually consistent, but now has stronger guarantees:
+          // https://aws.amazon.com/blogs/aws/amazon-s3-update-strong-read-after-write-consistency/
+          //
+          // Previous to this change, if you overwrote an object in it,
+          // and then read from it, you may have got an old version for some time.
+          // We are confident this should not be the case anymore, though this has to be studied carefully.
          // If a snapshotId was specified, we can skip this check.
          if (expectedChecksum && expectedChecksum !== checksum) {
-            log.error("ext %s download: data for %s has wrong checksum: %s (expected %s)",
-                      this.label, fromKey, checksum, expectedChecksum);
-            return undefined;
+            const message = `ext ${this.label} download: data for ${fromKey} has wrong checksum:` +
+              ` ${checksum} (expected ${expectedChecksum})`;
+
+            // If GRIST_SKIP_REDIS_CHECKSUM_MISMATCH is set, issue a warning only and continue,
+            // rather than issuing an error and failing.
+            // This flag is experimental and should be removed once we are
+            // confident that the checksums verification is useless.
+            if (isAffirmative(process.env.GRIST_SKIP_REDIS_CHECKSUM_MISMATCH)) {
+              log.warn(message);
+            } else {
+              log.error(message);
+              return undefined;
+            }
          }
        }