yumoqing/rbac
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
180 Commits 2 Branches 0 Tags
Commit Graph

29 Commits

Author SHA1 Message Date
yumoqing
15079c356b feat: 支持x-api-key header认证模式 
- getAuthenticationUserid增加x-api-key header检查
- 优先调用dapi模块注册的x_api_key_auth处理函数
 2026-05-11 15:37:23 +08:00
yumoqing
5781621331 bugfix 2026-04-26 17:05:46 +08:00
yumoqing
8aada101ca fix(rbac): remove MySQL-specific SQL for cross-database compatibility 
- Replace DATE_SUB(NOW(), INTERVAL 300 SECOND) with Python-level time check
- Replace NOW() with parameterized timestamps from Python
- Lockout check now done in _is_locked() function (DB-agnostic)
- All UPDATE statements use parameterized values, not DB functions
- Works with MySQL, PostgreSQL, SQLite, SQL Server, Oracle
 2026-04-26 11:04:15 +08:00
yumoqing
622b0558b9 fix(rbac): fix high-concurrency race conditions in login and cache 
1. Login lockout race condition:
   - Replace SELECT-then-UPDATE with atomic database operations
   - Lockout check now in SQL WHERE clause (DATE_SUB comparison)
   - Fail count increment: UPDATE ... SET count = count + 1 (atomic)
   - Applied to checkUserPassword, basic_auth, up_login.dspy, phone_login.dspy

2. Cache threading.Lock -> asyncio.Lock:
   - LRUCache now uses lazy-init asyncio.Lock
   - Prevents blocking the event loop in async environment
   - UserPermissions._rp_lock also uses asyncio.Lock
   - Double-check pattern in load_roleperms prevents duplicate DB loads

3. Use database NOW() instead of Python curDateString for concurrent updates
 2026-04-26 10:58:13 +08:00
yumoqing
3fdd4efeff feat(rbac): add login tracking, lockout, secure cache 
- Add created_at, last_login, login_fail_count, last_login_fail fields
- 3 failed logins locks account for 5 minutes
- LRU+TTL cache for UserPermissions, thread-safe
- All login methods update last_login
- Migration SQL for existing databases
 2026-04-26 10:49:01 +08:00
yumoqing
4fa991b70f bugfix 2026-04-08 11:09:30 +08:00
yumoqing
dabaec4fb6 bugfix 2026-03-21 16:14:51 +08:00
yumoqing
668e29b579 bugfix 2026-03-21 16:14:23 +08:00
yumoqing
fcb5cd8c6a bugfix 2026-03-20 21:36:58 +08:00
yumoqing
ad546f863c bugfix 2026-03-20 21:36:06 +08:00
yumoqing
4f2dd05196 bugfix 2026-03-20 21:25:53 +08:00
yumoqing
469bb1191c bugfix 2026-03-20 21:18:41 +08:00
yumoqing
5b1317d515 buggfix 2026-03-20 21:11:41 +08:00
yumoqing
f27f1ece0b bugfix 2026-03-20 12:59:30 +08:00
yumoqing
cfbe37f2b6 bugfix 2026-03-17 17:43:21 +08:00
yumoqing
7fac9e3977 bugfix 2026-03-17 14:55:30 +08:00
yumoqing
3f5ec6b1c7 bugfix 2025-12-25 15:41:24 +08:00
yumoqing
d1fd9ea89f bugfix 2025-10-21 18:15:04 +08:00
yumoqing
afaf08dbee bugfix 2025-09-02 13:30:03 +08:00
yumoqing
9c7d55f855 bugfix 2025-08-27 18:58:24 +08:00
yumoqing
22e6e11fb9 bugfix 2025-08-27 18:42:09 +08:00
yumoqing
ebc972fb80 bugfix 2025-07-31 15:58:13 +08:00
yumoqing
3b5ef09c3c bugfix 2025-07-28 16:27:28 +08:00
yumoqing
04b8dec115 bugfix 2025-07-26 20:59:19 +08:00
yumoqing
ce90af0b81 bugfix 2025-07-26 20:52:51 +08:00
yumoqing
5b2945921f bugfix 2025-07-23 18:01:30 +08:00
yumoqing
cef89a6332 bugfix 2025-07-23 17:57:58 +08:00
yumoqing
6b08a63eb8 bugfix 2025-07-23 16:45:12 +08:00
yumoqing
b46426abe0 first commit 2025-07-16 14:19:12 +08:00