Commit 312863f8 authored by Jan Köster's avatar Jan Köster
Browse files

test

parent 6afabd10
Loading
Loading
Loading
Loading
+25 −3
Original line number Diff line number Diff line
@@ -333,7 +333,16 @@ bool webedit::Server::isAuthenticated(const std::string &authid) {
    if (authid.empty() || _authPools.empty())
        return false;

    auto now = std::chrono::steady_clock::now();
    {
        std::lock_guard<std::mutex> lk(_authCacheMtx);
        auto it = _authCache.find(authid);
        if (it != _authCache.end() && now <= it->second.expiry)
            return it->second.valid;
    }

    uuid::uuid sid(authid.c_str());
    bool result = false;

    for (size_t i = 0; i < _authPools.size(); ++i) {
        try {
@@ -343,7 +352,8 @@ bool webedit::Server::isAuthenticated(const std::string &authid) {
            try {
                if (pooled.client().ClientAuth() &&
                    pooled.client().GPOcheck(uuid::uuid("e7d3b8b3-4825-11f0-ae2b-3cecefce9cb6"))) {
                    return true;
                    result = true;
                    break;
                }
            } catch (...) {
                // Reconnect and retry once
@@ -351,14 +361,25 @@ bool webedit::Server::isAuthenticated(const std::string &authid) {
                pooled.setSessionID(sid);
                if (pooled.client().ClientAuth() &&
                    pooled.client().GPOcheck(uuid::uuid("e7d3b8b3-4825-11f0-ae2b-3cecefce9cb6"))) {
                    return true;
                    result = true;
                    break;
                }
            }
        } catch (...) {
            continue;
        }
    }
    return false;

    {
        std::lock_guard<std::mutex> lk(_authCacheMtx);
        _authCache[authid] = { result, now + std::chrono::seconds(60) };
    }
    return result;
}

void webedit::Server::invalidateAuthCache(const std::string &authid) {
    std::lock_guard<std::mutex> lk(_authCacheMtx);
    _authCache.erase(authid);
}

void webedit::Server::ensureSessionFromAuthid(const std::string &authid,
@@ -569,6 +590,7 @@ void webedit::Server::handleLogout(libhttppp::HttpRequest &curreq,
        _session.delData(sessionid, "authid");
        _session.delData(sessionid, "uid");
        _session.delData(sessionid, "username");
        invalidateAuthCache(authid);
    }

    // Clear the authid cookie
+13 −0
Original line number Diff line number Diff line
@@ -27,7 +27,10 @@

#pragma once

#include <chrono>
#include <map>
#include <memory>
#include <mutex>
#include <vector>
#include <httppp/httpd.h>
#include <httppp/http.h>
@@ -60,6 +63,7 @@ namespace webedit {
        std::string resolveAuthId(libhttppp::HttpRequest &curreq, const std::string &sessionid);

        bool isAuthenticated(const std::string &authid);
        void invalidateAuthCache(const std::string &authid);
        void ensureSessionFromAuthid(const std::string &authid, const std::string &sessionid);
        void handleLogin(libhttppp::HttpRequest &curreq, const std::string &sessionid);
        void handleLogout(libhttppp::HttpRequest &curreq, const std::string &sessionid);
@@ -81,6 +85,15 @@ namespace webedit {

        // Connection pools per auth source (indexed same as _config auth sources)
        std::vector<std::unique_ptr<authdb::client::ConnectionPool>> _authPools;

        // Short-lived cache for isAuthenticated results (60s TTL) to avoid
        // authdb pool exhaustion when many concurrent media preview requests arrive.
        struct AuthCacheEntry {
            bool valid;
            std::chrono::steady_clock::time_point expiry;
        };
        std::map<std::string, AuthCacheEntry> _authCache;
        std::mutex _authCacheMtx;
    };

}