From df9eb337d3c027e6c78ceb0041b699bbb0101e62 Mon Sep 17 00:00:00 2001
From: Michael Eischer <michael.eischer@fau.de>
Date: Mon, 4 Jan 2021 19:16:27 +0100
Subject: [PATCH] Extend htpasswd auth cache entry expiry on use

---
 htpasswd.go | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/htpasswd.go b/htpasswd.go
index af27147..7c700d9 100644
--- a/htpasswd.go
+++ b/htpasswd.go
@@ -234,6 +234,14 @@ func (h *HtpasswdFile) Validate(user string, password string) bool {
 	}
 
 	if cacheExists && subtle.ConstantTimeCompare(entry.verifier, hash.Sum(nil)) == 1 {
+		h.mutex.Lock()
+		// repurpose mutex to prevent concurrent cache updates
+		// extend cache entry
+		cache[user] = cacheEntry{
+			verifier: entry.verifier,
+			expiry:   time.Now().Add(PasswordCacheDuration),
+		}
+		h.mutex.Unlock()
 		return true
 	}