yumoqing
622b0558b9
fix(rbac): fix high-concurrency race conditions in login and cache
1. Login lockout race condition:
- Replace SELECT-then-UPDATE with atomic database operations
- Lockout check now in SQL WHERE clause (DATE_SUB comparison)
- Fail count increment: UPDATE ... SET count = count + 1 (atomic)
- Applied to checkUserPassword, basic_auth, up_login.dspy, phone_login.dspy
2. Cache threading.Lock -> asyncio.Lock:
- LRUCache now uses lazy-init asyncio.Lock
- Prevents blocking the event loop in async environment
- UserPermissions._rp_lock also uses asyncio.Lock
- Double-check pattern in load_roleperms prevents duplicate DB loads
3. Use database NOW() instead of Python curDateString for concurrent updates
2026-04-26 10:58:13 +08:00
..
2025-08-01 17:09:41 +08:00
2026-04-26 10:58:13 +08:00
2026-03-24 15:56:41 +08:00
2025-07-16 14:19:12 +08:00
2026-01-07 15:08:54 +08:00
2026-04-23 12:51:51 +08:00
2025-07-16 14:19:12 +08:00
2025-08-07 15:13:55 +08:00
2025-07-16 14:19:12 +08:00
2026-03-21 15:31:36 +08:00
2026-03-21 16:09:48 +08:00
2026-03-21 16:09:48 +08:00
2026-03-25 14:11:46 +08:00
2025-07-16 14:19:12 +08:00
2026-04-26 10:58:13 +08:00
2026-02-25 13:37:26 +08:00
2026-03-20 21:15:39 +08:00
2026-02-25 14:22:35 +08:00
2026-04-26 10:49:01 +08:00
2025-07-16 14:19:12 +08:00