Modify: create Web Authn instance when needed

bootstrap/init.go

@@ -4,7 +4,6 @@ import (
 	model "github.com/HFO4/cloudreve/models"
 	"github.com/HFO4/cloudreve/pkg/aria2"
 	"github.com/HFO4/cloudreve/pkg/auth"
-	"github.com/HFO4/cloudreve/pkg/authn"
 	"github.com/HFO4/cloudreve/pkg/cache"
 	"github.com/HFO4/cloudreve/pkg/conf"
 	"github.com/HFO4/cloudreve/pkg/crontab"
@@ -24,7 +23,6 @@ func Init(path string) {
 	cache.Init()
 	if conf.SystemConfig.Mode == "master" {
 		model.Init()
-		authn.Init()
 		task.Init()
 		aria2.Init()
 		email.Init()

pkg/authn/auth.go

@@ -2,26 +2,15 @@ package authn
 
 import (
 	model "github.com/HFO4/cloudreve/models"
-	"github.com/HFO4/cloudreve/pkg/util"
 	"github.com/duo-labs/webauthn/webauthn"
-	"sync"
 )
 
-var AuthnInstance *webauthn.WebAuthn
-var Lock sync.RWMutex
-
-// Init 初始化webauthn
-func Init() {
-	Lock.Lock()
-	defer Lock.Unlock()
-	var err error
+// NewAuthnInstance 新建Authn实例
+func NewAuthnInstance() (*webauthn.WebAuthn, error) {
 	base := model.GetSiteURL()
-	AuthnInstance, err = webauthn.New(&webauthn.Config{
+	return webauthn.New(&webauthn.Config{
 		RPDisplayName: model.GetSettingByName("siteName"), // Display Name for your site
 		RPID:          base.Hostname(),                    // Generally the FQDN for your site
 		RPOrigin:      base.String(),                      // The origin URL for WebAuthn requests
 	})
-	if err != nil {
-		util.Log().Error("无法初始化WebAuthn, %s", err)
-	}
 }

pkg/authn/auth_test.go

@@ -10,8 +10,7 @@ func TestInit(t *testing.T) {
 	asserts := assert.New(t)
 	cache.Set("setting_siteURL", "http://cloudreve.org", 0)
 	cache.Set("setting_siteName", "Cloudreve", 0)
-	asserts.NotPanics(func() {
-		Init()
-	})
-	asserts.NotNil(AuthnInstance)
+	res, err := NewAuthnInstance()
+	asserts.NotNil(res)
+	asserts.NoError(err)
 }

routers/controllers/admin.go

 package controllers
 
 import (
-	"github.com/HFO4/cloudreve/pkg/authn"
 	"github.com/HFO4/cloudreve/pkg/request"
 	"github.com/HFO4/cloudreve/pkg/serializer"
 	"github.com/HFO4/cloudreve/service/admin"
@@ -64,8 +63,6 @@ func AdminGetGroups(c *gin.Context) {
 func AdminReloadService(c *gin.Context) {
 	service := c.Param("service")
 	switch service {
-	case "authn":
-		authn.Init()
 	}
 
 	c.JSON(200, serializer.Response{})

routers/controllers/user.go

@@ -23,9 +23,13 @@ func StartLoginAuthn(c *gin.Context) {
 		return
 	}
 
-	authn.Lock.RLock()
-	options, sessionData, err := authn.AuthnInstance.BeginLogin(expectedUser)
-	authn.Lock.RUnlock()
+	instance, err := authn.NewAuthnInstance()
+	if err != nil {
+		c.JSON(200, serializer.Err(serializer.CodeInternalSetting, "无法初始化Authn", err))
+		return
+	}
+
+	options, sessionData, err := instance.BeginLogin(expectedUser)
 
 	if err != nil {
 		c.JSON(200, ErrorResponse(err))
@@ -58,9 +62,13 @@ func FinishLoginAuthn(c *gin.Context) {
 	var sessionData webauthn.SessionData
 	err = json.Unmarshal(sessionDataJSON, &sessionData)
 
-	authn.Lock.RLock()
-	_, err = authn.AuthnInstance.FinishLogin(expectedUser, sessionData, c.Request)
-	authn.Lock.RUnlock()
+	instance, err := authn.NewAuthnInstance()
+	if err != nil {
+		c.JSON(200, serializer.Err(serializer.CodeInternalSetting, "无法初始化Authn", err))
+		return
+	}
+
+	_, err = instance.FinishLogin(expectedUser, sessionData, c.Request)
 
 	if err != nil {
 		c.JSON(200, serializer.Err(401, "登录验证失败", err))
@@ -77,9 +85,13 @@ func FinishLoginAuthn(c *gin.Context) {
 func StartRegAuthn(c *gin.Context) {
 	currUser := CurrentUser(c)
 
-	authn.Lock.RLock()
-	options, sessionData, err := authn.AuthnInstance.BeginRegistration(currUser)
-	authn.Lock.RUnlock()
+	instance, err := authn.NewAuthnInstance()
+	if err != nil {
+		c.JSON(200, serializer.Err(serializer.CodeInternalSetting, "无法初始化Authn", err))
+		return
+	}
+
+	options, sessionData, err := instance.BeginRegistration(currUser)
 
 	if err != nil {
 		c.JSON(200, ErrorResponse(err))
@@ -106,9 +118,13 @@ func FinishRegAuthn(c *gin.Context) {
 	var sessionData webauthn.SessionData
 	err := json.Unmarshal(sessionDataJSON, &sessionData)
 
-	authn.Lock.RLock()
-	credential, err := authn.AuthnInstance.FinishRegistration(currUser, sessionData, c.Request)
-	authn.Lock.RUnlock()
+	instance, err := authn.NewAuthnInstance()
+	if err != nil {
+		c.JSON(200, serializer.Err(serializer.CodeInternalSetting, "无法初始化Authn", err))
+		return
+	}
+
+	credential, err := instance.FinishRegistration(currUser, sessionData, c.Request)
 
 	if err != nil {
 		c.JSON(200, ErrorResponse(err))