Make token store writes atomic

credentials/u2m/cache/file.go

@@ -103,7 +103,7 @@ func (c *fileTokenCache) Store(key string, t *oauth2.Token) error {
 	if err != nil {
 		return fmt.Errorf("marshal: %w", err)
 	}
-	return os.WriteFile(c.fileLocation, raw, ownerReadWrite)
+	return c.atomicWriteFile(raw)
 }
 
 // Lookup implements the TokenCache interface.
@@ -151,7 +151,7 @@ func (c *fileTokenCache) init() error {
 		if err != nil {
 			return fmt.Errorf("marshal: %w", err)
 		}
-		if err := os.WriteFile(c.fileLocation, raw, ownerReadWrite); err != nil {
+		if err := c.atomicWriteFile(raw); err != nil {
 			return fmt.Errorf("write: %w", err)
 		}
 	}
@@ -177,3 +177,43 @@ func (c *fileTokenCache) load() (*tokenCacheFile, error) {
 	}
 	return f, nil
 }
+
+// atomicWriteFile writes data to the file atomically by first writing to a
+// temporary file in the same directory and then renaming it to the target.
+// This prevents corruption from interrupted writes.
+func (c *fileTokenCache) atomicWriteFile(data []byte) error {
+	dir := filepath.Dir(c.fileLocation)
+	tmp, err := os.CreateTemp(dir, ".token-cache-*.tmp")
+	if err != nil {
+		return fmt.Errorf("create temp file: %w", err)
+	}
+	tmpName := tmp.Name()
+
+	success := false
+	defer func() {
+		if !success {
+			os.Remove(tmpName)
+		}
+	}()
+
+	if err := tmp.Chmod(ownerReadWrite); err != nil {
+		tmp.Close()
+		return fmt.Errorf("chmod temp file: %w", err)
+	}
+
+	if _, err := tmp.Write(data); err != nil {
+		tmp.Close()
+		return fmt.Errorf("write temp file: %w", err)
+	}
+
+	if err := tmp.Close(); err != nil {
+		return fmt.Errorf("close temp file: %w", err)
+	}
+
+	if err := os.Rename(tmpName, c.fileLocation); err != nil {
+		return fmt.Errorf("rename temp file: %w", err)
+	}
+
+	success = true
+	return nil
+}