|
|
622b0558b9
|
fix(rbac): fix high-concurrency race conditions in login and cache
1. Login lockout race condition:
- Replace SELECT-then-UPDATE with atomic database operations
- Lockout check now in SQL WHERE clause (DATE_SUB comparison)
- Fail count increment: UPDATE ... SET count = count + 1 (atomic)
- Applied to checkUserPassword, basic_auth, up_login.dspy, phone_login.dspy
2. Cache threading.Lock -> asyncio.Lock:
- LRUCache now uses lazy-init asyncio.Lock
- Prevents blocking the event loop in async environment
- UserPermissions._rp_lock also uses asyncio.Lock
- Double-check pattern in load_roleperms prevents duplicate DB loads
3. Use database NOW() instead of Python curDateString for concurrent updates
|
2026-04-26 10:58:13 +08:00 |
|
|
|
3fdd4efeff
|
feat(rbac): add login tracking, lockout, secure cache
- Add created_at, last_login, login_fail_count, last_login_fail fields
- 3 failed logins locks account for 5 minutes
- LRU+TTL cache for UserPermissions, thread-safe
- All login methods update last_login
- Migration SQL for existing databases
|
2026-04-26 10:49:01 +08:00 |
|
|
|
303c70e5ca
|
bugfix
|
2026-02-24 19:42:52 +08:00 |
|
|
|
4d07f61842
|
bugfix
|
2026-01-28 16:30:14 +08:00 |
|
|
|
82ca04a760
|
bugfix
|
2026-01-28 16:26:50 +08:00 |
|
yumoqing
|
a7a0f49bc7
|
bugfix
|
2026-01-14 09:50:00 +08:00 |
|
yumoqing
|
a300f56411
|
bugfix
|
2026-01-14 09:41:56 +08:00 |
|
yumoqing
|
f3c57839c0
|
bugfix
|
2026-01-14 09:28:53 +08:00 |
|
|
|
e8037bb16f
|
bugfix
|
2025-07-28 15:41:07 +08:00 |
|
|
|
85e9bb9466
|
bugfix
|
2025-07-20 19:06:17 +08:00 |
|
|
|
4d2e026461
|
bugfix
|
2025-07-20 19:04:50 +08:00 |
|
|
|
b46426abe0
|
first commit
|
2025-07-16 14:19:12 +08:00 |
|
