A subtle bug with Go's errgroup
15 days ago
- #Debugging
- #Programming
- #Go
- The author encountered a bug while working on Kratos, which was caught by a test before merging.
- The issue was minimized into a 100-line standalone program for password validation.
- Passwords are stored as hashes to prevent brute-force attacks, with performance optimizations using errgroup for concurrent tasks.
- A bug was found where the context was canceled prematurely, preventing a password leak check from running.
- Two fixes were proposed: running the HTTP check within the errgroup or avoiding context shadowing.
- The author emphasizes the importance of reading API documentation thoroughly and understanding the fine print.
- The blog post is open-source and encourages contributions or support from readers.