yumoqing/rbac
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
157 Commits 1 Branch 0 Tags
Commit Graph

157 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
yumoqing
90e9e943b2 bugfix 2026-04-26 15:14:33 +08:00
yumoqing
7b36e2d159 bugfix 2026-04-26 15:02:32 +08:00
yumoqing
59f68c3141 bugfix 2026-04-26 15:01:05 +08:00
yumoqing
afceb713b7 bugfix 2026-04-26 12:29:35 +08:00
yumoqing
c0c9d0a489 fix: change datetime.now() to datetime.datetime.now() in up_login.dspy 
ahserver pre-loads 'import datetime' module, so datetime class must be
accessed as datetime.datetime, not directly as datetime (which was only
valid when 'from datetime import datetime' was used).
 2026-04-26 11:37:30 +08:00
yumoqing
1b5ae8aba9 fix: remove unnecessary 'from datetime import datetime' in up_login.dspy 
datetime module is pre-loaded by ahserver framework, import statements
are not needed and not supported in .dspy files.
 2026-04-26 11:32:48 +08:00
yumoqing
8aada101ca fix(rbac): remove MySQL-specific SQL for cross-database compatibility 
- Replace DATE_SUB(NOW(), INTERVAL 300 SECOND) with Python-level time check
- Replace NOW() with parameterized timestamps from Python
- Lockout check now done in _is_locked() function (DB-agnostic)
- All UPDATE statements use parameterized values, not DB functions
- Works with MySQL, PostgreSQL, SQLite, SQL Server, Oracle
 2026-04-26 11:04:15 +08:00
yumoqing
622b0558b9 fix(rbac): fix high-concurrency race conditions in login and cache 
1. Login lockout race condition:
   - Replace SELECT-then-UPDATE with atomic database operations
   - Lockout check now in SQL WHERE clause (DATE_SUB comparison)
   - Fail count increment: UPDATE ... SET count = count + 1 (atomic)
   - Applied to checkUserPassword, basic_auth, up_login.dspy, phone_login.dspy

2. Cache threading.Lock -> asyncio.Lock:
   - LRUCache now uses lazy-init asyncio.Lock
   - Prevents blocking the event loop in async environment
   - UserPermissions._rp_lock also uses asyncio.Lock
   - Double-check pattern in load_roleperms prevents duplicate DB loads

3. Use database NOW() instead of Python curDateString for concurrent updates
 2026-04-26 10:58:13 +08:00
yumoqing
3fdd4efeff feat(rbac): add login tracking, lockout, secure cache 
- Add created_at, last_login, login_fail_count, last_login_fail fields
- 3 failed logins locks account for 5 minutes
- LRU+TTL cache for UserPermissions, thread-safe
- All login methods update last_login
- Migration SQL for existing databases
 2026-04-26 10:49:01 +08:00
yumoqing
a8a5199c25 bugfix 2026-04-23 12:51:51 +08:00
yumoqing
fde83da96f chore: 添加setup.py配置文件 2026-04-16 14:36:29 +08:00
yumoqing
4876288fce chore: 添加.gitignore排除构建产物 2026-04-16 14:35:39 +08:00
yumoqing
704f7f3700 bugfix 2026-04-15 15:37:08 +08:00
yumoqing
4fa991b70f bugfix 2026-04-08 11:09:30 +08:00
yumoqing
188ce21b83 bugfix 2026-04-01 18:20:46 +08:00
yumoqing
593f60a7a0 bugfix 2026-04-01 18:19:16 +08:00
yumoqing
3098c3dd7e bugfix 2026-04-01 18:05:51 +08:00
yumoqing
059df2aef2 bugfix 2026-03-26 11:49:12 +08:00
yumoqing
0c69929a72 bugfix 2026-03-25 17:40:17 +08:00
yumoqing
1315064bd7 bugfix 2026-03-25 14:14:47 +08:00
yumoqing
4bc14dfee1 bugfix 2026-03-25 14:11:46 +08:00
yumoqing
877c7bbe19 bugfix 2026-03-24 16:02:57 +08:00
yumoqing
6e7098a3ef bugfix 2026-03-24 16:01:43 +08:00
yumoqing
d4d742ad53 bugfix 2026-03-24 16:00:32 +08:00
yumoqing
dbafd2cf71 bugfix 2026-03-24 15:58:54 +08:00
yumoqing
6ad1abd5cf bugfix 2026-03-24 15:56:41 +08:00
yumoqing
5280e5fef9 bugfix 2026-03-24 15:54:05 +08:00
yumoqing
7d0898ee07 bugfix 2026-03-24 15:46:21 +08:00
yumoqing
75207ce85d bugfix 2026-03-24 15:43:24 +08:00
yumoqing
6eb707d8bf bugfix 2026-03-23 11:11:09 +08:00
yumoqing
819618a601 bugfix 2026-03-21 18:15:56 +08:00
yumoqing
dabaec4fb6 bugfix 2026-03-21 16:14:51 +08:00
yumoqing
668e29b579 bugfix 2026-03-21 16:14:23 +08:00
yumoqing
f3caac310d bugfix 2026-03-21 16:09:48 +08:00
yumoqing
d07ba9fbdb bugfix 2026-03-21 16:06:12 +08:00
yumoqing
73e4aac4be bugfix 2026-03-21 16:03:09 +08:00
yumoqing
5f805201ea bugfix 2026-03-21 15:42:28 +08:00
yumoqing
4e27e9df68 bugfix 2026-03-21 15:31:36 +08:00
yumoqing
40c4a46b3d bugfix 2026-03-21 15:21:36 +08:00
yumoqing
8ddbca2a36 bugfix 2026-03-21 13:25:13 +08:00
yumoqing
ca7834abf2 bugfix 2026-03-21 13:23:49 +08:00
yumoqing
1897adeba4 bugfix 2026-03-21 12:42:12 +08:00
yumoqing
aec602ebd3 bugfix 2026-03-21 10:17:17 +08:00
yumoqing
cbb4c527e8 bugfix 2026-03-21 09:42:00 +08:00
yumoqing
c4e169d2bf bugfix 2026-03-21 09:35:56 +08:00
yumoqing
8e531eaad9 bugfix 2026-03-21 09:04:30 +08:00
yumoqing
41e334021c bugfix 2026-03-21 08:46:03 +08:00
yumoqing
9a454eed85 bugfix 2026-03-20 21:44:37 +08:00
yumoqing
ebd3765a45 bugfix 2026-03-20 21:39:59 +08:00
yumoqing
fcb5cd8c6a bugfix 2026-03-20 21:36:58 +08:00