Feat: add read/write lock for authn

5 years ago · ce2a70df68
parent 3ce4b87f2b
commit ce2a70df68
4 changed files with 31 additions and 0 deletions
--- a/pkg/authn/auth.go
+++ b/pkg/authn/auth.go
@ -4,12 +4,16 @@ import (
 	model "github.com/HFO4/cloudreve/models"
 	"github.com/HFO4/cloudreve/pkg/util"
 	"github.com/duo-labs/webauthn/webauthn"
 	"sync"
 )
 var AuthnInstance *webauthn.WebAuthn
 var Lock sync.RWMutex
 // Init 初始化webauthn
 func Init() {
 	Lock.Lock()
 	defer Lock.Unlock()
 	var err error
 	base := model.GetSiteURL()
 	AuthnInstance, err = webauthn.New(&webauthn.Config{
--- a/routers/controllers/admin.go
+++ b/routers/controllers/admin.go
@ -1,7 +1,9 @@
 package controllers
 import (
 	"github.com/HFO4/cloudreve/pkg/authn"
 	"github.com/HFO4/cloudreve/pkg/request"
 	"github.com/HFO4/cloudreve/pkg/serializer"
 	"github.com/HFO4/cloudreve/service/admin"
 	"github.com/gin-gonic/gin"
 	"io"
@ -57,3 +59,14 @@ func AdminGetGroups(c *gin.Context) {
 		c.JSON(200, ErrorResponse(err))
 	}
 }
 // AdminReloadService 重新加载子服务
 func AdminReloadService(c *gin.Context) {
 	service := c.Param("service")
 	switch service {
 	case "authn":
 		authn.Init()
 	}
 	c.JSON(200, serializer.Response{})
 }
--- a/routers/controllers/user.go
+++ b/routers/controllers/user.go
@ -23,7 +23,10 @@ func StartLoginAuthn(c *gin.Context) {
 		return
 	}
 	authn.Lock.RLock()
 	options, sessionData, err := authn.AuthnInstance.BeginLogin(expectedUser)
 	authn.Lock.RUnlock()
 	if err != nil {
 		c.JSON(200, ErrorResponse(err))
 		return
@ -55,7 +58,9 @@ func FinishLoginAuthn(c *gin.Context) {
 	var sessionData webauthn.SessionData
 	err = json.Unmarshal(sessionDataJSON, &sessionData)
 	authn.Lock.RLock()
 	_, err = authn.AuthnInstance.FinishLogin(expectedUser, sessionData, c.Request)
 	authn.Lock.RUnlock()
 	if err != nil {
 		c.JSON(200, serializer.Err(401, "登录验证失败", err))
@ -71,7 +76,11 @@ func FinishLoginAuthn(c *gin.Context) {
 // StartRegAuthn 开始注册WebAuthn信息
 func StartRegAuthn(c *gin.Context) {
 	currUser := CurrentUser(c)
 	authn.Lock.RLock()
 	options, sessionData, err := authn.AuthnInstance.BeginRegistration(currUser)
 	authn.Lock.RUnlock()
 	if err != nil {
 		c.JSON(200, ErrorResponse(err))
 		return
@ -97,7 +106,10 @@ func FinishRegAuthn(c *gin.Context) {
 	var sessionData webauthn.SessionData
 	err := json.Unmarshal(sessionDataJSON, &sessionData)
 	authn.Lock.RLock()
 	credential, err := authn.AuthnInstance.FinishRegistration(currUser, sessionData, c.Request)
 	authn.Lock.RUnlock()
 	if err != nil {
 		c.JSON(200, ErrorResponse(err))
 		return
--- a/routers/router.go
+++ b/routers/router.go
@ -299,6 +299,8 @@ func InitMasterRouter() *gin.Engine {
 				admin.POST("setting", controllers.AdminGetSetting)
 				// 获取用户组列表
 				admin.GET("groups", controllers.AdminGetGroups)
 				// 重新加载子服务
 				admin.GET("reload/:service", controllers.AdminReloadService)
 			}
 			// 用户