fix https://github.com/kataras/iris/issues/1590

2025-03-14 11:06:27 +01:00 · 2020-08-15 15:40:41 +03:00 · 2020-08-15 15:40:41 +03:00 · ab226d925a
commit ab226d925a
parent c22cb3a188
2 changed files with 12 additions and 2 deletions
--- a/middleware/basicauth/basicauth.go
+++ b/middleware/basicauth/basicauth.go
@ -6,6 +6,7 @@ package basicauth
 import (
 	"encoding/base64"
 	"strconv"
+	"sync"
 	"time"

 	"github.com/kataras/iris/v12"
@ -22,6 +23,7 @@ type (
 		Username    string
 		logged      bool
 		expires     time.Time
+		mu          sync.RWMutex
 	}
 	encodedUsers []*encodedUser

@ -117,11 +119,19 @@ func (b *basicAuthMiddleware) Serve(ctx *context.Context) {
 	// all ok
 	if b.expireEnabled {
 		if !auth.logged {
+			auth.mu.Lock()
 			auth.expires = time.Now().Add(b.config.Expires)
 			auth.logged = true
+			auth.mu.Unlock()
 		}

-		if time.Now().After(auth.expires) {
+		auth.mu.RLock()
+		expired := time.Now().After(auth.expires)
+		auth.mu.RUnlock()
+		if expired {
+			auth.mu.Lock()
+			auth.logged = false
+			auth.mu.Unlock()
 			b.askForCredentials(ctx) // ask for authentication again
 			ctx.StopExecution()
 			return
--- a/middleware/basicauth/config.go
+++ b/middleware/basicauth/config.go
@ -20,7 +20,7 @@ type Config struct {
 	Users map[string]string
 	// Realm http://tools.ietf.org/html/rfc2617#section-1.2. Default is "Authorization Required"
 	Realm string
-	// Expires expiration duration, default is 0 never expires
+	// Expires expiration duration, default is 0 never expires.
 	Expires time.Duration

 	// OnAsk fires each time the server asks to the client for credentials in order to gain access and continue to the next handler.