Stowage/rest-server
2
0
Fork 0
mirror of https://github.com/restic/rest-server.git synced 2025-10-19 07:33:21 +00:00
Code Issues Projects Releases Packages Wiki Activity

Try to zero htpasswd cache entries before deletion

Browse source
This commit is contained in:
Michael Eischer 2021-01-04 19:11:42 +01:00 committed by Leo R. Lundgren
parent 0bdc420e75
commit 1eeca53812
1 changed files with 9 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

9
htpasswd.go
View file

@ -120,8 +120,11 @@ func (h *HtpasswdFile) expiryTimer() {
time.Sleep(5 * time.Second)
now := time.Now()
h.mutex.Lock()
var zeros [sha256.Size]byte
// try to wipe expired cache entries
for user, entry := range h.cache {
if entry.expiry.After(now) {
copy(entry.verifier, zeros[:])
delete(h.cache, user)
}
}
@ -159,7 +162,13 @@ func (h *HtpasswdFile) Reload() error {
// Replace the Users map
h.mutex.Lock()
var zeros [sha256.Size]byte
// try to wipe the old cache entries
for _, entry := range h.cache {
copy(entry.verifier, zeros[:])
}
h.cache = make(map[string]cacheEntry)
h.users = users
h.mutex.Unlock()