Salastil/odysseus
1
0
Fork 0
mirror of https://github.com/pewdiepie-archdaemon/odysseus.git synced 2026-06-17 10:15:27 -04:00
Code Issues Packages Projects Releases Wiki Activity

fix: add _setup_lock to prevent race condition in first-run setup (#508)

Browse Source
This commit is contained in:
roxsand12
2026-06-01 15:29:03 +02:00
committed by GitHub
parent 508fabcb3b
commit 766ddcaa99
1 changed files with 7 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
core/auth.py
+4
View File
@@ -60,6 +60,9 @@ class AuthManager:
# Guards mutations of self._sessions and the on-disk sessions.json. # Guards mutations of self._sessions and the on-disk sessions.json.
# Validate/create/revoke run concurrently from the FastAPI threadpool. # Validate/create/revoke run concurrently from the FastAPI threadpool.
self._sessions_lock = threading.RLock() self._sessions_lock = threading.RLock()
# Guards the first-run setup check-and-write so concurrent requests
# cannot both observe is_configured==False and both create admin accounts.
self._setup_lock = threading.Lock()
self._load() self._load()
self._load_sessions() self._load_sessions()
self._migrate_single_user() self._migrate_single_user()
@@ -157,6 +160,7 @@ class AuthManager:
def setup(self, username: str, password: str) -> bool: def setup(self, username: str, password: str) -> bool:
"""First-run admin setup. Only works if no users exist.""" """First-run admin setup. Only works if no users exist."""
with self._setup_lock:
if self.is_configured: if self.is_configured:
return False return False
return self.create_user(username, password, is_admin=True) return self.create_user(username, password, is_admin=True)