yumoqing/rbac
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
rbac/wwwroot/user
History
yumoqing 622b0558b9 fix(rbac): fix high-concurrency race conditions in login and cache 
1. Login lockout race condition:
   - Replace SELECT-then-UPDATE with atomic database operations
   - Lockout check now in SQL WHERE clause (DATE_SUB comparison)
   - Fail count increment: UPDATE ... SET count = count + 1 (atomic)
   - Applied to checkUserPassword, basic_auth, up_login.dspy, phone_login.dspy

2. Cache threading.Lock -> asyncio.Lock:
   - LRUCache now uses lazy-init asyncio.Lock
   - Prevents blocking the event loop in async environment
   - UserPermissions._rp_lock also uses asyncio.Lock
   - Double-check pattern in load_roleperms prevents duplicate DB loads

3. Use database NOW() instead of Python curDateString for concurrent updates
2026-04-26 10:58:13 +08:00
..
reset_password
bugfix
2026-01-07 15:20:48 +08:00
userapikey
first commit
2025-07-16 14:19:12 +08:00
login.ui
bugfix
2026-04-23 12:51:51 +08:00
logout.dspy
bugfix
2026-01-14 10:36:40 +08:00
myrole.ui
first commit
2025-07-16 14:19:12 +08:00
register.dspy
bugfix
2026-04-01 18:20:46 +08:00
register.ui
first commit
2025-07-16 14:19:12 +08:00
up_login.dspy
fix(rbac): fix high-concurrency race conditions in login and cache
2026-04-26 10:58:13 +08:00
user_panel.ui
first commit
2025-07-16 14:19:12 +08:00
user.ui
bugfix
2026-01-14 09:42:57 +08:00
userinfo.ui
bugfix
2026-01-14 09:41:56 +08:00
wechat_login.ui
first commit
2025-07-16 14:19:12 +08:00