|
|
622b0558b9
|
fix(rbac): fix high-concurrency race conditions in login and cache
1. Login lockout race condition:
- Replace SELECT-then-UPDATE with atomic database operations
- Lockout check now in SQL WHERE clause (DATE_SUB comparison)
- Fail count increment: UPDATE ... SET count = count + 1 (atomic)
- Applied to checkUserPassword, basic_auth, up_login.dspy, phone_login.dspy
2. Cache threading.Lock -> asyncio.Lock:
- LRUCache now uses lazy-init asyncio.Lock
- Prevents blocking the event loop in async environment
- UserPermissions._rp_lock also uses asyncio.Lock
- Double-check pattern in load_roleperms prevents duplicate DB loads
3. Use database NOW() instead of Python curDateString for concurrent updates
|
2026-04-26 10:58:13 +08:00 |
|
|
|
3fdd4efeff
|
feat(rbac): add login tracking, lockout, secure cache
- Add created_at, last_login, login_fail_count, last_login_fail fields
- 3 failed logins locks account for 5 minutes
- LRU+TTL cache for UserPermissions, thread-safe
- All login methods update last_login
- Migration SQL for existing databases
|
2026-04-26 10:49:01 +08:00 |
|
|
|
059df2aef2
|
bugfix
|
2026-03-26 11:49:12 +08:00 |
|
|
|
0c69929a72
|
bugfix
|
2026-03-25 17:40:17 +08:00 |
|
|
|
6eb707d8bf
|
bugfix
|
2026-03-23 11:11:09 +08:00 |
|
yumoqing
|
819618a601
|
bugfix
|
2026-03-21 18:15:56 +08:00 |
|
yumoqing
|
5f805201ea
|
bugfix
|
2026-03-21 15:42:28 +08:00 |
|
yumoqing
|
4e27e9df68
|
bugfix
|
2026-03-21 15:31:36 +08:00 |
|
yumoqing
|
aec602ebd3
|
bugfix
|
2026-03-21 10:17:17 +08:00 |
|
|
|
f27f1ece0b
|
bugfix
|
2026-03-20 12:59:30 +08:00 |
|
|
|
e0c7596444
|
bugfix
|
2026-03-18 14:09:28 +08:00 |
|
