basicauth: Minor internal improvements (#3861)

* nitpicks and small improvements in basicauth module

1:
roll two if statements into one, since err will be nil in the second case anyhow

2:
unlock cache mutex after reading the key, as this happens by-value and reduces code complexity

3:
switch cache sync.Mutex to sync.RWMutex for better concurrency on cache fast track

* allocate the right kind of mutex
This commit is contained in:
Aurelia 2020-11-13 23:28:21 +01:00 committed by GitHub
parent 95af4262a8
commit 7a3d9d81fe
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 9 deletions

View File

@ -134,7 +134,7 @@ func (hba *HTTPBasicAuth) Provision(ctx caddy.Context) error {
if hba.HashCache != nil { if hba.HashCache != nil {
hba.HashCache.cache = make(map[string]bool) hba.HashCache.cache = make(map[string]bool)
hba.HashCache.mu = new(sync.Mutex) hba.HashCache.mu = new(sync.RWMutex)
} }
return nil return nil
@ -156,12 +156,9 @@ func (hba HTTPBasicAuth) Authenticate(w http.ResponseWriter, req *http.Request)
} }
same, err := hba.correctPassword(account, []byte(plaintextPasswordStr)) same, err := hba.correctPassword(account, []byte(plaintextPasswordStr))
if err != nil { if err != nil || !same || !accountExists {
return hba.promptForCredentials(w, err) return hba.promptForCredentials(w, err)
} }
if !same || !accountExists {
return hba.promptForCredentials(w, nil)
}
return User{ID: username}, true, nil return User{ID: username}, true, nil
} }
@ -180,13 +177,12 @@ func (hba HTTPBasicAuth) correctPassword(account Account, plaintextPassword []by
cacheKey := hex.EncodeToString(append(append(account.password, account.salt...), plaintextPassword...)) cacheKey := hex.EncodeToString(append(append(account.password, account.salt...), plaintextPassword...))
// fast track: if the result of the input is already cached, use it // fast track: if the result of the input is already cached, use it
hba.HashCache.mu.Lock() hba.HashCache.mu.RLock()
same, ok := hba.HashCache.cache[cacheKey] same, ok := hba.HashCache.cache[cacheKey]
hba.HashCache.mu.RUnlock()
if ok { if ok {
hba.HashCache.mu.Unlock()
return same, nil return same, nil
} }
hba.HashCache.mu.Unlock()
// slow track: do the expensive op, then add it to the cache // slow track: do the expensive op, then add it to the cache
same, err := compare() same, err := compare()
@ -219,7 +215,7 @@ func (hba HTTPBasicAuth) promptForCredentials(w http.ResponseWriter, err error)
// helpful for secure password hashes which can be expensive to // helpful for secure password hashes which can be expensive to
// compute on every HTTP request. // compute on every HTTP request.
type Cache struct { type Cache struct {
mu *sync.Mutex mu *sync.RWMutex
// map of concatenated hashed password + plaintext password + salt, to result // map of concatenated hashed password + plaintext password + salt, to result
cache map[string]bool cache map[string]bool