mirror of https://github.com/cloudreve/Cloudreve
Feat: add read/write lock for authn
HFO4
parent
3ce4b87f2b
commit
ce2a70df68
|
|
@ -4,12 +4,16 @@ import (
|
||||||
model "github.com/HFO4/cloudreve/models"
|
model "github.com/HFO4/cloudreve/models"
|
||||||
"github.com/HFO4/cloudreve/pkg/util"
|
"github.com/HFO4/cloudreve/pkg/util"
|
||||||
"github.com/duo-labs/webauthn/webauthn"
|
"github.com/duo-labs/webauthn/webauthn"
|
||||||
|
"sync"
|
||||||
)
|
)
|
||||||
|
|
||||||
var AuthnInstance *webauthn.WebAuthn
|
var AuthnInstance *webauthn.WebAuthn
|
||||||
|
var Lock sync.RWMutex
|
||||||
|
|
||||||
// Init 初始化webauthn
|
// Init 初始化webauthn
|
||||||
func Init() {
|
func Init() {
|
||||||
|
Lock.Lock()
|
||||||
|
defer Lock.Unlock()
|
||||||
var err error
|
var err error
|
||||||
base := model.GetSiteURL()
|
base := model.GetSiteURL()
|
||||||
AuthnInstance, err = webauthn.New(&webauthn.Config{
|
AuthnInstance, err = webauthn.New(&webauthn.Config{
|
||||||
|
|
|
||||||
|
|
@ -1,7 +1,9 @@
|
||||||
package controllers
|
package controllers
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"github.com/HFO4/cloudreve/pkg/authn"
|
||||||
"github.com/HFO4/cloudreve/pkg/request"
|
"github.com/HFO4/cloudreve/pkg/request"
|
||||||
|
"github.com/HFO4/cloudreve/pkg/serializer"
|
||||||
"github.com/HFO4/cloudreve/service/admin"
|
"github.com/HFO4/cloudreve/service/admin"
|
||||||
"github.com/gin-gonic/gin"
|
"github.com/gin-gonic/gin"
|
||||||
"io"
|
"io"
|
||||||
|
|
@ -57,3 +59,14 @@ func AdminGetGroups(c *gin.Context) {
|
||||||
c.JSON(200, ErrorResponse(err))
|
c.JSON(200, ErrorResponse(err))
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// AdminReloadService 重新加载子服务
|
||||||
|
func AdminReloadService(c *gin.Context) {
|
||||||
|
service := c.Param("service")
|
||||||
|
switch service {
|
||||||
|
case "authn":
|
||||||
|
authn.Init()
|
||||||
|
}
|
||||||
|
|
||||||
|
c.JSON(200, serializer.Response{})
|
||||||
|
}
|
||||||
|
|
|
||||||
|
|
@ -23,7 +23,10 @@ func StartLoginAuthn(c *gin.Context) {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
authn.Lock.RLock()
|
||||||
options, sessionData, err := authn.AuthnInstance.BeginLogin(expectedUser)
|
options, sessionData, err := authn.AuthnInstance.BeginLogin(expectedUser)
|
||||||
|
authn.Lock.RUnlock()
|
||||||
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
c.JSON(200, ErrorResponse(err))
|
c.JSON(200, ErrorResponse(err))
|
||||||
return
|
return
|
||||||
|
|
@ -55,7 +58,9 @@ func FinishLoginAuthn(c *gin.Context) {
|
||||||
var sessionData webauthn.SessionData
|
var sessionData webauthn.SessionData
|
||||||
err = json.Unmarshal(sessionDataJSON, &sessionData)
|
err = json.Unmarshal(sessionDataJSON, &sessionData)
|
||||||
|
|
||||||
|
authn.Lock.RLock()
|
||||||
_, err = authn.AuthnInstance.FinishLogin(expectedUser, sessionData, c.Request)
|
_, err = authn.AuthnInstance.FinishLogin(expectedUser, sessionData, c.Request)
|
||||||
|
authn.Lock.RUnlock()
|
||||||
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
c.JSON(200, serializer.Err(401, "登录验证失败", err))
|
c.JSON(200, serializer.Err(401, "登录验证失败", err))
|
||||||
|
|
@ -71,7 +76,11 @@ func FinishLoginAuthn(c *gin.Context) {
|
||||||
// StartRegAuthn 开始注册WebAuthn信息
|
// StartRegAuthn 开始注册WebAuthn信息
|
||||||
func StartRegAuthn(c *gin.Context) {
|
func StartRegAuthn(c *gin.Context) {
|
||||||
currUser := CurrentUser(c)
|
currUser := CurrentUser(c)
|
||||||
|
|
||||||
|
authn.Lock.RLock()
|
||||||
options, sessionData, err := authn.AuthnInstance.BeginRegistration(currUser)
|
options, sessionData, err := authn.AuthnInstance.BeginRegistration(currUser)
|
||||||
|
authn.Lock.RUnlock()
|
||||||
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
c.JSON(200, ErrorResponse(err))
|
c.JSON(200, ErrorResponse(err))
|
||||||
return
|
return
|
||||||
|
|
@ -97,7 +106,10 @@ func FinishRegAuthn(c *gin.Context) {
|
||||||
var sessionData webauthn.SessionData
|
var sessionData webauthn.SessionData
|
||||||
err := json.Unmarshal(sessionDataJSON, &sessionData)
|
err := json.Unmarshal(sessionDataJSON, &sessionData)
|
||||||
|
|
||||||
|
authn.Lock.RLock()
|
||||||
credential, err := authn.AuthnInstance.FinishRegistration(currUser, sessionData, c.Request)
|
credential, err := authn.AuthnInstance.FinishRegistration(currUser, sessionData, c.Request)
|
||||||
|
authn.Lock.RUnlock()
|
||||||
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
c.JSON(200, ErrorResponse(err))
|
c.JSON(200, ErrorResponse(err))
|
||||||
return
|
return
|
||||||
|
|
|
||||||
|
|
@ -299,6 +299,8 @@ func InitMasterRouter() *gin.Engine {
|
||||||
admin.POST("setting", controllers.AdminGetSetting)
|
admin.POST("setting", controllers.AdminGetSetting)
|
||||||
// 获取用户组列表
|
// 获取用户组列表
|
||||||
admin.GET("groups", controllers.AdminGetGroups)
|
admin.GET("groups", controllers.AdminGetGroups)
|
||||||
|
// 重新加载子服务
|
||||||
|
admin.GET("reload/:service", controllers.AdminReloadService)
|
||||||
}
|
}
|
||||||
|
|
||||||
// 用户
|
// 用户
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue