Skip to content
This repository has been archived by the owner on Jul 30, 2024. It is now read-only.

lock jsVM to prevent concurrent map writes in otto #75

Merged
merged 1 commit into from
Jan 11, 2024
Merged

lock jsVM to prevent concurrent map writes in otto #75

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 8 additions & 1 deletion auth/handler.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@ import (
"io"
"net/http"
"strings"
"sync"
"time"

"github.com/dgrijalva/jwt-go"
Expand All @@ -48,7 +49,8 @@ type AuthenticationHandler struct {

expCache *cache.Cache

jsVM *otto.Otto
jsVM *otto.Otto
jsVMLock *sync.Mutex
}

type JWTResponse struct {
Expand All @@ -71,6 +73,7 @@ func NewAuthenticationHandler(
logger: logger,
verifier: verifier,
expCache: cache.New(cache.NoExpiration, 5*time.Minute),
jsVMLock: &sync.Mutex{},
}

if cfg.ProviderConfig.PreAuthenticationHook != "" {
Expand Down Expand Up @@ -113,17 +116,21 @@ func (h *AuthenticationHandler) Authenticate(username string, password string, a
requestURL := h.config.ProviderConfig.Url + "/authenticate"

if h.hookPreAuth != nil {
h.jsVMLock.Lock()
_, err := h.jsVM.Run(h.hookPreAuth)
if err != nil {
h.jsVMLock.Unlock()
return nil, err
}

export, _ := h.jsVM.Get("exports")
if !export.IsFunction() {
h.jsVMLock.Unlock()
return nil, fmt.Errorf("hook script must export a function!")
}

hookResult, err := export.Call(otto.UndefinedValue(), username, password, additionalBodyProperties)
h.jsVMLock.Unlock()
if err != nil {
return nil, fmt.Errorf("error while calling hook function: %s", err.Error())
}
Expand Down
Loading