From f4fcd0c67c727f3e60d0d96b7a045b2ce0a0597a Mon Sep 17 00:00:00 2001 From: Daniel Date: Fri, 10 Jul 2020 11:46:59 +0200 Subject: [PATCH 1/5] Add Path to Token Cookie From PR Review https://github.com/safing/portbase/pull/55 --- api/authentication.go | 1 + 1 file changed, 1 insertion(+) diff --git a/api/authentication.go b/api/authentication.go index 8e48d71b..97c86c80 100644 --- a/api/authentication.go +++ b/api/authentication.go @@ -114,6 +114,7 @@ func authMiddleware(next http.Handler) http.Handler { http.SetCookie(w, &http.Cookie{ Name: cookieName, Value: tokenString, + Path: "/", HttpOnly: true, SameSite: http.SameSiteStrictMode, MaxAge: int(cookieTTL.Seconds()), From 5f2c861e2d0b32ae271f26d6fe6d830bc198c318 Mon Sep 17 00:00:00 2001 From: Daniel Date: Fri, 10 Jul 2020 11:48:50 +0200 Subject: [PATCH 2/5] Move forceCnt into the goroutine From PR Review https://github.com/safing/portbase/pull/56 --- run/main.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/run/main.go b/run/main.go index a319e08c..f7c92be8 100644 --- a/run/main.go +++ b/run/main.go @@ -74,9 +74,9 @@ signalLoop: fmt.Println(" ") log.Warning("main: program was interrupted, shutting down.") - forceCnt := 5 // catch signals during shutdown go func() { + forceCnt := 5 for { <-signalCh forceCnt-- From eb0cbf58a8ce49370f238aa42672154583d2ee8a Mon Sep 17 00:00:00 2001 From: Daniel Date: Fri, 10 Jul 2020 12:02:55 +0200 Subject: [PATCH 3/5] Rename Cnt() to Size() and split up tests From PR Review https://github.com/safing/portbase/pull/57 --- utils/stablepool.go | 4 ++-- utils/stablepool_test.go | 9 ++++++--- 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/utils/stablepool.go b/utils/stablepool.go index 68fb6057..d253d658 100644 --- a/utils/stablepool.go +++ b/utils/stablepool.go @@ -104,8 +104,8 @@ func (p *StablePool) Get() interface{} { return nil } -// Cnt returns the amount of items the pool currently holds. -func (p *StablePool) Cnt() int { +// Size returns the amount of items the pool currently holds. +func (p *StablePool) Size() int { p.lock.Lock() defer p.lock.Unlock() diff --git a/utils/stablepool_test.go b/utils/stablepool_test.go index c3ffb7e9..32d69d1c 100644 --- a/utils/stablepool_test.go +++ b/utils/stablepool_test.go @@ -9,8 +9,7 @@ import ( "github.com/stretchr/testify/assert" ) -func TestStablePool(t *testing.T) { - +func TestStablePoolRealWorld(t *testing.T) { // "real world" simulation cnt := 0 @@ -55,7 +54,7 @@ func TestStablePool(t *testing.T) { // wait for round to finish testWorkerWg.Wait() } - t.Logf("real world simulation: cnt=%d p.cnt=%d p.max=%d\n", cnt, testPool.Cnt(), testPool.Max()) + t.Logf("real world simulation: cnt=%d p.cnt=%d p.max=%d\n", cnt, testPool.Size(), testPool.Max()) assert.GreaterOrEqual(t, 200, cnt, "should not use more than 200 values") assert.GreaterOrEqual(t, 100, testPool.Max(), "pool should have at most this max size") @@ -71,7 +70,9 @@ func TestStablePool(t *testing.T) { } } assert.Equal(t, 100, optPool.Max(), "pool should have exactly this max size") +} +func TestStablePoolFuzzing(t *testing.T) { // fuzzing test fuzzPool := &StablePool{} @@ -97,7 +98,9 @@ func TestStablePool(t *testing.T) { fuzzWg.Done() // wait for all to finish fuzzWorkerWg.Wait() +} +func TestStablePoolBreaking(t *testing.T) { // try to break it breakPool := &StablePool{} From 2fa29789de3b54c523f2c8238cf4ce8de90dd5e2 Mon Sep 17 00:00:00 2001 From: Daniel Date: Fri, 10 Jul 2020 13:21:10 +0200 Subject: [PATCH 4/5] Improve authenticator error handling From PR Review https://github.com/safing/portbase/pull/59 --- api/authentication.go | 2 +- api/main.go | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/api/authentication.go b/api/authentication.go index 97c86c80..a7c2232e 100644 --- a/api/authentication.go +++ b/api/authentication.go @@ -38,7 +38,7 @@ type Authenticator func(ctx context.Context, s *http.Server, r *http.Request) (e // SetAuthenticator sets an authenticator function for the API endpoint. If none is set, all requests will be permitted. func SetAuthenticator(fn Authenticator) error { if module.Online() { - return ErrAuthenticationAlreadySet + return ErrAuthenticationImmutable } authFnLock.Lock() diff --git a/api/main.go b/api/main.go index e022f89b..9b7fdc33 100644 --- a/api/main.go +++ b/api/main.go @@ -14,7 +14,8 @@ var ( // API Errors var ( - ErrAuthenticationAlreadySet = errors.New("the authentication function has already been set (or must be set earlier)") + ErrAuthenticationAlreadySet = errors.New("the authentication function has already been set") + ErrAuthenticationImmutable = errors.New("the authentication function can only be set before the api has started") ) func init() { From 6fcd1d3ef718085e969e7b64bd23b27d689adf93 Mon Sep 17 00:00:00 2001 From: Daniel Date: Sat, 11 Jul 2020 14:20:04 +0200 Subject: [PATCH 5/5] Make DB registry persistence optional This increases resilience when persistence is not needed. --- database/location.go | 1 - database/main.go | 11 +++++------ database/registry.go | 17 +++++++++++++---- 3 files changed, 18 insertions(+), 11 deletions(-) delete mode 100644 database/location.go diff --git a/database/location.go b/database/location.go deleted file mode 100644 index 636bab89..00000000 --- a/database/location.go +++ /dev/null @@ -1 +0,0 @@ -package database diff --git a/database/main.go b/database/main.go index 74c31a38..ad73f1e6 100644 --- a/database/main.go +++ b/database/main.go @@ -40,14 +40,13 @@ func Initialize(dirStructureRoot *utils.DirStructure) error { return fmt.Errorf("could not create/open database directory (%s): %s", rootStructure.Path, err) } - err = loadRegistry() - if err != nil { - return fmt.Errorf("could not load database registry (%s): %s", filepath.Join(rootStructure.Path, registryFileName), err) + if registryPersistence.IsSet() { + err = loadRegistry() + if err != nil { + return fmt.Errorf("could not load database registry (%s): %s", filepath.Join(rootStructure.Path, registryFileName), err) + } } - // start registry writer - go registryWriter() - return nil } return errors.New("database already initialized") diff --git a/database/registry.go b/database/registry.go index 22e6bab0..8b65f7e0 100644 --- a/database/registry.go +++ b/database/registry.go @@ -19,9 +19,10 @@ const ( ) var ( - writeRegistrySoon = abool.NewBool(false) + registryPersistence = abool.NewBool(false) + writeRegistrySoon = abool.NewBool(false) - registry map[string]*Database + registry = make(map[string]*Database) registryLock sync.Mutex nameConstraint = regexp.MustCompile("^[A-Za-z0-9_-]{4,}$") @@ -67,7 +68,7 @@ func Register(new *Database) (*Database, error) { save = true } - if save { + if save && registryPersistence.IsSet() { if ok { registeredDB.Updated() } @@ -99,6 +100,15 @@ func getDatabase(name string) (*Database, error) { return registeredDB, nil } +// EnableRegistryPersistence enables persistence of the database registry. +func EnableRegistryPersistence() { + if registryPersistence.SetToIf(false, true) { + // start registry writer + go registryWriter() + // TODO: make an initial write if database system is already initialized + } +} + func loadRegistry() error { registryLock.Lock() defer registryLock.Unlock() @@ -108,7 +118,6 @@ func loadRegistry() error { data, err := ioutil.ReadFile(filePath) if err != nil { if os.IsNotExist(err) { - registry = make(map[string]*Database) return nil } return err