fixed panic due to concurrent map writes

Fixes #36
This commit is contained in:
Jarek Kowalski 2020-08-17 19:47:58 -07:00 committed by Christoph Polcin
parent 9380631c29
commit 617404b525
4 changed files with 27 additions and 16 deletions

View File

@ -2,6 +2,7 @@ package gowebdav
import (
"encoding/base64"
"net/http"
)
// BasicAuth structure holds our credentials
@ -26,8 +27,8 @@ func (b *BasicAuth) Pass() string {
}
// Authorize the current request
func (b *BasicAuth) Authorize(c *Client, method string, path string) {
func (b *BasicAuth) Authorize(req *http.Request, method string, path string) {
a := b.user + ":" + b.pw
auth := "Basic " + base64.StdEncoding.EncodeToString([]byte(a))
c.headers.Set("Authorization", auth)
req.Header.Set("Authorization", auth)
}

View File

@ -9,6 +9,7 @@ import (
"os"
pathpkg "path"
"strings"
"sync"
"time"
)
@ -17,6 +18,8 @@ type Client struct {
root string
headers http.Header
c *http.Client
authMutex sync.Mutex
auth Authenticator
}
@ -25,7 +28,7 @@ type Authenticator interface {
Type() string
User() string
Pass() string
Authorize(*Client, string, string)
Authorize(*http.Request, string, string)
}
// NoAuth structure holds our credentials
@ -50,12 +53,12 @@ func (n *NoAuth) Pass() string {
}
// Authorize the current request
func (n *NoAuth) Authorize(c *Client, method string, path string) {
func (n *NoAuth) Authorize(req *http.Request, method string, path string) {
}
// NewClient creates a new instance of client
func NewClient(uri, user, pw string) *Client {
return &Client{FixSlash(uri), make(http.Header), &http.Client{}, &NoAuth{user, pw}}
return &Client{FixSlash(uri), make(http.Header), &http.Client{}, sync.Mutex{}, &NoAuth{user, pw}}
}
// SetHeader lets us set arbitrary headers for a given client

View File

@ -33,12 +33,12 @@ func (d *DigestAuth) Pass() string {
}
// Authorize the current request
func (d *DigestAuth) Authorize(c *Client, method string, path string) {
func (d *DigestAuth) Authorize(req *http.Request, method string, path string) {
d.digestParts["uri"] = path
d.digestParts["method"] = method
d.digestParts["username"] = d.user
d.digestParts["password"] = d.pw
c.headers.Set("Authorization", getDigestAuthorization(d.digestParts))
req.Header.Set("Authorization", getDigestAuthorization(d.digestParts))
}
func digestParts(resp *http.Response) map[string]string {

View File

@ -25,14 +25,20 @@ func (c *Client) req(method, path string, body io.Reader, intercept func(*http.R
return nil, err
}
c.auth.Authorize(c, method, path)
for k, vals := range c.headers {
for _, v := range vals {
r.Header.Add(k, v)
}
}
// make sure we read 'c.auth' only once since it will be substituted below
// and that is unsafe to do when multiple goroutines are running at the same time.
c.authMutex.Lock()
auth := c.auth
c.authMutex.Unlock()
auth.Authorize(r, method, path)
if intercept != nil {
intercept(r)
}
@ -42,16 +48,17 @@ func (c *Client) req(method, path string, body io.Reader, intercept func(*http.R
return nil, err
}
if rs.StatusCode == 401 && c.auth.Type() == "NoAuth" {
if rs.StatusCode == 401 && auth.Type() == "NoAuth" {
wwwAuthenticateHeader := strings.ToLower(rs.Header.Get("Www-Authenticate"))
if strings.Index(wwwAuthenticateHeader, "digest") > -1 {
c.auth = &DigestAuth{c.auth.User(), c.auth.Pass(), digestParts(rs)}
c.authMutex.Lock()
c.auth = &DigestAuth{auth.User(), auth.Pass(), digestParts(rs)}
c.authMutex.Unlock()
} else if strings.Index(wwwAuthenticateHeader, "basic") > -1 {
c.auth = &BasicAuth{c.auth.User(), c.auth.Pass()}
c.authMutex.Lock()
c.auth = &BasicAuth{auth.User(), auth.Pass()}
c.authMutex.Unlock()
} else {
return rs, newPathError("Authorize", c.root, rs.StatusCode)
}