EditPost: file rename leaves DB and disk inconsistent on partial failure #17

New issue

Open

opened 2026-04-13 15:58:22 +02:00 by arne · 0 comments

arne commented 2026-04-13 15:58:22 +02:00

Owner

Copy link

`internal/web/handler.go` `EditPost` does the metadata UPDATE before the file rename. If the rename fails (typically because `book.FilePath` in the DB has drifted from disk), the user sees an error but the metadata write has already committed. Subsequent edits hit the same stale path and re-error.

Concrete repro from prod: book #110 had `file_path = "Scott, James C.;/Seeing Like a State.epub"` in DB while the actual file lived at `James C. Scott/Seeing Like a State.epub` (presumably from an earlier rename that updated DB but failed mid-way, or a manual move). Editing the author to "James C. Scott" then triggered:

```
file rename failed: open /opt/books/library/Scott, James C.;/Seeing Like a State.epub: no such file or directory
```

Two things worth doing:

1. Defensive rename. When `lib.Rename` finds the source missing AND the computed destination already exists, treat it as a successful no-op and let the handler update `file_path`/`cover_path` to match. (Risky if the destination collision is unrelated — collision-free naming uses " (2)" suffixing, so this case strongly suggests prior rename to the same path.)

2. Atomic metadata + rename. Don't commit the metadata UPDATE until the file rename succeeds, OR rollback the metadata change when rename fails. Today the partial-failure window leaves DB ahead of disk and every subsequent edit re-errors.

Workaround for stuck rows: `UPDATE books SET file_path='', cover_path='' WHERE id=` directly against SQLite.

\`internal/web/handler.go\` \`EditPost\` does the metadata UPDATE before the file rename. If the rename fails (typically because \`book.FilePath\` in the DB has drifted from disk), the user sees an error but the metadata write has already committed. Subsequent edits hit the same stale path and re-error. Concrete repro from prod: book #110 had \`file_path = "Scott, James C.;/Seeing Like a State.epub"\` in DB while the actual file lived at \`James C. Scott/Seeing Like a State.epub\` (presumably from an earlier rename that updated DB but failed mid-way, or a manual move). Editing the author to "James C. Scott" then triggered: \`\`\` file rename failed: open /opt/books/library/Scott, James C.;/Seeing Like a State.epub: no such file or directory \`\`\` Two things worth doing: 1. **Defensive rename.** When \`lib.Rename\` finds the source missing AND the computed destination already exists, treat it as a successful no-op and let the handler update \`file_path\`/\`cover_path\` to match. (Risky if the destination collision is unrelated — collision-free naming uses " (2)" suffixing, so this case strongly suggests prior rename to the same path.) 2. **Atomic metadata + rename.** Don't commit the metadata UPDATE until the file rename succeeds, OR rollback the metadata change when rename fails. Today the partial-failure window leaves DB ahead of disk and every subsequent edit re-errors. Workaround for stuck rows: \`UPDATE books SET file_path='<correct>', cover_path='<correct>' WHERE id=<n>\` directly against SQLite.

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

fix-conf-d-export

fix-sha256-verify

first-login-owner

bases-support

remove-marginalia-top-border

description-reveal-and-dropcap-fix

openlibrary-integration

shelf-redesign

goodreads-arrow-text-style

small-fixes

htmx-shelve-search

admin-api-spec

auth-admin-htmx-roadmap

author-series-pages

shelf-progress-and-metadata

state-debug

v0.1.3

v0.1.2

v0.1.1

v0.1.0

v0.0.1

Labels

Clear labels

No items

No labels

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

arne/books#17

No description provided.