simplify: replace mutex + ON CONFLICT with a single DB transaction
Remove the sync.Mutex and CreateUserAtomic (INSERT ON CONFLICT) in favor of a single DB transaction in CreateFirstUser that atomically checks for existing users and inserts. SQLite serializes write transactions, so this is sufficient to prevent the race condition without application-level locking.
This commit is contained in:
user
@@ -10,7 +10,6 @@ import (
|
||||
"log/slog"
|
||||
"net/http"
|
||||
"strings"
|
||||
"sync"
|
||||
"time"
|
||||
|
||||
"github.com/gorilla/sessions"
|
||||
@@ -61,11 +60,10 @@ type ServiceParams struct {
|
||||
|
||||
// Service provides authentication functionality.
|
||||
type Service struct {
|
||||
log *slog.Logger
|
||||
db *database.Database
|
||||
store *sessions.CookieStore
|
||||
params *ServiceParams
|
||||
setupMu sync.Mutex
|
||||
log *slog.Logger
|
||||
db *database.Database
|
||||
store *sessions.CookieStore
|
||||
params *ServiceParams
|
||||
}
|
||||
|
||||
// New creates a new auth Service.
|
||||
@@ -165,36 +163,21 @@ func (svc *Service) IsSetupRequired(ctx context.Context) (bool, error) {
|
||||
}
|
||||
|
||||
// CreateUser creates the initial admin user.
|
||||
// It uses a mutex and INSERT ... ON CONFLICT to prevent race conditions
|
||||
// where multiple concurrent requests could create duplicate admin users.
|
||||
// It uses a DB transaction to atomically check that no users exist and insert
|
||||
// the new admin user, preventing race conditions from concurrent setup requests.
|
||||
func (svc *Service) CreateUser(
|
||||
ctx context.Context,
|
||||
username, password string,
|
||||
) (*models.User, error) {
|
||||
// Serialize setup attempts to prevent TOCTOU race conditions.
|
||||
svc.setupMu.Lock()
|
||||
defer svc.setupMu.Unlock()
|
||||
|
||||
// Check if any user already exists (setup already completed).
|
||||
exists, err := models.UserExists(ctx, svc.db)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("failed to check if user exists: %w", err)
|
||||
}
|
||||
|
||||
if exists {
|
||||
return nil, ErrUserExists
|
||||
}
|
||||
|
||||
// Hash password
|
||||
// Hash password before starting transaction.
|
||||
hash, err := svc.HashPassword(password)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("failed to hash password: %w", err)
|
||||
}
|
||||
|
||||
// Use INSERT ... ON CONFLICT to handle any remaining race at the DB level.
|
||||
// This is defense-in-depth: the mutex above prevents the Go-level race,
|
||||
// and the UNIQUE constraint + ON CONFLICT prevents the DB-level race.
|
||||
user, err := models.CreateUserAtomic(ctx, svc.db, username, hash)
|
||||
// Use a transaction so the "no users exist" check and the insert are atomic.
|
||||
// SQLite serializes write transactions, so concurrent requests will block here.
|
||||
user, err := models.CreateFirstUser(ctx, svc.db, username, hash)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("failed to create user: %w", err)
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user