mirror of
https://github.com/goharbor/harbor.git
synced 2025-01-02 05:59:18 +01:00
53 lines
1.5 KiB
Go
53 lines
1.5 KiB
Go
/*
|
|
Copyright (c) 2016 VMware, Inc. All Rights Reserved.
|
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
you may not use this file except in compliance with the License.
|
|
You may obtain a copy of the License at
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
Unless required by applicable law or agreed to in writing, software
|
|
distributed under the License is distributed on an "AS IS" BASIS,
|
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
See the License for the specific language governing permissions and
|
|
limitations under the License.
|
|
*/
|
|
|
|
package auth
|
|
|
|
import (
|
|
"sync"
|
|
"time"
|
|
)
|
|
|
|
// UserLock maintains a lock to block user from logging in within a short period of time.
|
|
type UserLock struct {
|
|
failures map[string]time.Time
|
|
d time.Duration
|
|
rw *sync.RWMutex
|
|
}
|
|
|
|
// NewUserLock ...
|
|
func NewUserLock(freeze time.Duration) *UserLock {
|
|
return &UserLock{
|
|
make(map[string]time.Time),
|
|
freeze,
|
|
&sync.RWMutex{},
|
|
}
|
|
}
|
|
|
|
// Lock marks a new login failure with the time it happens
|
|
func (ul *UserLock) Lock(username string) {
|
|
ul.rw.Lock()
|
|
defer ul.rw.Unlock()
|
|
ul.failures[username] = time.Now()
|
|
}
|
|
|
|
// IsLocked checks whether a login request is happened within a period of time or not
|
|
// if it is, the authenticator should ignore the login request and return a failure immediately
|
|
func (ul *UserLock) IsLocked(username string) bool {
|
|
ul.rw.RLock()
|
|
defer ul.rw.RUnlock()
|
|
return time.Now().Sub(ul.failures[username]) <= ul.d
|
|
}
|