Fixed-time verification of aborted tokens

Author: isoos

app/lib/task/backend.dart

@@ -1190,18 +1190,18 @@ PackageVersionStateInfo _authorizeWorkerCallback(
   PackageState state,
   String token,
 ) {
+  // fixed-time verification of aborted tokens
+  final isKnownAbortedToken = state.abortedTokens
+      ?.map((t) => t.isAuthorized(token))
+      .fold<bool>(false, (a, b) => a || b);
+  if (isKnownAbortedToken ?? false) {
+    throw TaskAbortedException('$package/$version has been aborted.');
+  }
+
   final versionState = state.versions![version];
   if (versionState == null) {
-    // check if the task was aborted
-    final abortedToken =
-        state.abortedTokens?.firstWhereOrNull((t) => t.token == token);
-    if (abortedToken != null && abortedToken.expires.isBefore(clock.now())) {
-      throw TaskAbortedException('$package/$version has been aborted.');
-    }
-    // otherwise throw a generic not found error
     throw NotFoundException.resource('$package/$version');
   }
-
   // Check the secret token
   if (!versionState.isAuthorized(token)) {
     throw AuthenticationException.authenticationRequired();

app/lib/task/models.dart

@@ -7,6 +7,7 @@ import 'dart:convert' show json;
 import 'package:clock/clock.dart';
 import 'package:json_annotation/json_annotation.dart';
 import 'package:pub_dev/admin/actions/actions.dart';
+import 'package:pub_dev/shared/utils.dart';
 
 import '../shared/datastore.dart' as db;
 import '../shared/versions.dart' as shared_versions;
@@ -433,6 +434,10 @@ class AbortedTokenInfo {
   Map<String, dynamic> toJson() => _$AbortedTokenInfoToJson(this);
 
   bool get isNotExpired => clock.now().isBefore(expires);
+
+  bool isAuthorized(String token) {
+    return fixedTimeEquals(this.token, token) && isNotExpired;
+  }
 }
 
 /// A [db.Property] encoding a List os [AbortedTokenInfo] as JSON.