fix: enforce status transition atomically to prevent TOCTOU race

wheeljackz · ampcode-com · wheeljackz · commit f9d2d1cd8c3e · 2026-02-28T02:43:10.000+07:00
Amp-Thread-ID: https://ampcode.com/threads/T-019ca09f-32dc-76ab-b793-4096a1f407fe Co-authored-by: Amp <amp@ampcode.com>
diff --git a/app/models/transaction.ts b/app/models/transaction.ts
@@ -102,10 +102,26 @@ export async function getTransactionById(
 export async function updateTransactionStatus(
   id: string,
   notes: string,
-  status: TransactionStatus
+  status: TransactionStatus,
+  allowedCurrentStatuses?: TransactionStatus[]
 ) {
-  return await db.transaction.update({
-    where: { id },
-    data: { notes, status },
-  })
+  try {
+    return await db.transaction.update({
+      where: allowedCurrentStatuses
+        ? { id, status: { in: allowedCurrentStatuses } }
+        : { id },
+      data: { notes, status },
+    })
+  } catch (e: unknown) {
+    // Prisma P2025: record not found (concurrent status change)
+    if (
+      e instanceof Error &&
+      'code' in e &&
+      (e as { code: string }).code === 'P2025'
+    ) {
+      return null
+    }
+
+    throw e
+  }
 }
diff --git a/app/routes/__tests__/dashboard.transactions.$transactionId.$action.test.ts b/app/routes/__tests__/dashboard.transactions.$transactionId.$action.test.ts
@@ -129,7 +129,8 @@ describe('dashboard.transactions.$transactionId.$action action', () => {
     expect(updateTransactionStatus).toHaveBeenCalledWith(
       'tx-1',
       'Catatan verifikasi',
-      TRANSACTION_STATUS.VERIFIED
+      TRANSACTION_STATUS.VERIFIED,
+      [TRANSACTION_STATUS.SUBMITTED, TRANSACTION_STATUS.REJECTED]
     )
   })
 })
diff --git a/app/routes/dashboard.transactions.$transactionId.$action.tsx b/app/routes/dashboard.transactions.$transactionId.$action.tsx
@@ -103,10 +103,15 @@ export const action: ActionFunction = async ({ request, params }) => {
   const transaction = await updateTransactionStatus(
     transactionId,
     notes,
-    status
+    status as TransactionStatus,
+    status === TRANSACTION_STATUS.REJECTED
+      ? [TRANSACTION_STATUS.SUBMITTED]
+      : [TRANSACTION_STATUS.SUBMITTED, TRANSACTION_STATUS.REJECTED]
   )
   if (!transaction) {
-    throw json({ transaction, notes, status }, { status: 500 })
+    throw json('Transaksi gagal diperbarui karena status sudah berubah.', {
+      status: 409,
+    })
   }
 
   if (transaction.status === TRANSACTION_STATUS.VERIFIED) {
