auth/rpc: sync.Mutex

auth/rpc/go.sum

@@ -54,6 +54,7 @@ github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINE
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
+github.com/stretchr/objx v0.1.0 h1:4G4v2dO3VZwixGIRoQ5Lfboy6nUhCyYzaqnIAPPhYs4=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/testify v1.5.1 h1:nOGnQDM7FYENwehXlg/kFVnos3rEvtKTjRvOWSzb6H4=
 github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=

auth/rpc/server.go

@@ -3,6 +3,7 @@ package rpc
 import (
 	"context"
 	"sort"
+	"sync"
 
 	"github.com/keys-pub/go-libfido2"
 	"github.com/keys-pub/keys-ext/auth/fido2"
@@ -14,6 +15,7 @@ import (
 // Server ...
 type Server struct {
 	fido2.UnimplementedAuthServer
+	sync.Mutex
 }
 
 // NewAuthServer creates an AuthServer.
@@ -23,6 +25,9 @@ func NewAuthServer() fido2.AuthServer {
 
 // Devices ...
 func (s *Server) Devices(ctx context.Context, req *fido2.DevicesRequest) (*fido2.DevicesResponse, error) {
+	s.Lock()
+	defer s.Unlock()
+
 	devices, err := libfido2.DeviceLocations()
 	if err != nil {
 		return nil, err
@@ -47,6 +52,9 @@ func findDevice(path string) (*libfido2.Device, error) {
 
 // DeviceType ...
 func (s *Server) DeviceType(ctx context.Context, req *fido2.DeviceTypeRequest) (*fido2.DeviceTypeResponse, error) {
+	s.Lock()
+	defer s.Unlock()
+
 	device, err := findDevice(req.Device)
 	if err != nil {
 		return nil, err
@@ -74,6 +82,9 @@ func (s *Server) DeviceType(ctx context.Context, req *fido2.DeviceTypeRequest) (
 
 // DeviceInfo ...
 func (s *Server) DeviceInfo(ctx context.Context, req *fido2.DeviceInfoRequest) (*fido2.DeviceInfoResponse, error) {
+	s.Lock()
+	defer s.Unlock()
+
 	device, err := findDevice(req.Device)
 	if err != nil {
 		return nil, err
@@ -91,6 +102,9 @@ func (s *Server) DeviceInfo(ctx context.Context, req *fido2.DeviceInfoRequest) (
 
 // MakeCredential ...
 func (s *Server) MakeCredential(ctx context.Context, req *fido2.MakeCredentialRequest) (*fido2.MakeCredentialResponse, error) {
+	s.Lock()
+	defer s.Unlock()
+
 	device, err := findDevice(req.Device)
 	if err != nil {
 		return nil, err
@@ -135,6 +149,9 @@ func (s *Server) MakeCredential(ctx context.Context, req *fido2.MakeCredentialRe
 
 // SetPIN ...
 func (s *Server) SetPIN(ctx context.Context, req *fido2.SetPINRequest) (*fido2.SetPINResponse, error) {
+	s.Lock()
+	defer s.Unlock()
+
 	device, err := findDevice(req.Device)
 	if err != nil {
 		return nil, err
@@ -149,6 +166,9 @@ func (s *Server) SetPIN(ctx context.Context, req *fido2.SetPINRequest) (*fido2.S
 
 // Reset ...
 func (s *Server) Reset(ctx context.Context, req *fido2.ResetRequest) (*fido2.ResetResponse, error) {
+	s.Lock()
+	defer s.Unlock()
+
 	device, err := findDevice(req.Device)
 	if err != nil {
 		return nil, err
@@ -163,6 +183,9 @@ func (s *Server) Reset(ctx context.Context, req *fido2.ResetRequest) (*fido2.Res
 
 // RetryCount ...
 func (s *Server) RetryCount(ctx context.Context, req *fido2.RetryCountRequest) (*fido2.RetryCountResponse, error) {
+	s.Lock()
+	defer s.Unlock()
+
 	device, err := findDevice(req.Device)
 	if err != nil {
 		return nil, err
@@ -180,6 +203,9 @@ func (s *Server) RetryCount(ctx context.Context, req *fido2.RetryCountRequest) (
 
 // Assertion ...
 func (s *Server) Assertion(ctx context.Context, req *fido2.AssertionRequest) (*fido2.AssertionResponse, error) {
+	s.Lock()
+	defer s.Unlock()
+
 	device, err := findDevice(req.Device)
 	if err != nil {
 		return nil, err
@@ -210,6 +236,9 @@ func (s *Server) Assertion(ctx context.Context, req *fido2.AssertionRequest) (*f
 
 // CredentialsInfo ...
 func (s *Server) CredentialsInfo(ctx context.Context, req *fido2.CredentialsInfoRequest) (*fido2.CredentialsInfoResponse, error) {
+	s.Lock()
+	defer s.Unlock()
+
 	device, err := findDevice(req.Device)
 	if err != nil {
 		return nil, err
@@ -230,6 +259,9 @@ func (s *Server) CredentialsInfo(ctx context.Context, req *fido2.CredentialsInfo
 
 // Credentials ...
 func (s *Server) Credentials(ctx context.Context, req *fido2.CredentialsRequest) (*fido2.CredentialsResponse, error) {
+	s.Lock()
+	defer s.Unlock()
+
 	device, err := findDevice(req.Device)
 	if err != nil {
 		return nil, err
@@ -274,6 +306,9 @@ func (s *Server) Credentials(ctx context.Context, req *fido2.CredentialsRequest)
 
 // RelyingParties ...
 func (s *Server) RelyingParties(ctx context.Context, req *fido2.RelyingPartiesRequest) (*fido2.RelyingPartiesResponse, error) {
+	s.Lock()
+	defer s.Unlock()
+
 	device, err := findDevice(req.Device)
 	if err != nil {
 		return nil, err
@@ -355,6 +390,9 @@ func (s *Server) GenerateHMACSecret(ctx context.Context, req *fido2.GenerateHMAC
 
 // HMACSecret ...
 func (s *Server) HMACSecret(ctx context.Context, req *fido2.HMACSecretRequest) (*fido2.HMACSecretResponse, error) {
+	s.Lock()
+	defer s.Unlock()
+
 	device, err := findDevice(req.Device)
 	if err != nil {
 		return nil, err

auth/rpc/server_test.go

@@ -4,6 +4,7 @@ import (
 	context "context"
 	"log"
 	"os"
+	"sync"
 	"testing"
 
 	"github.com/keys-pub/keys-ext/auth/fido2"
@@ -39,6 +40,48 @@ func TestInfo(t *testing.T) {
 	}
 }
 
+func TestConcurrent(t *testing.T) {
+	ctx := context.TODO()
+	server := rpc.NewAuthServer()
+
+	resp, err := server.Devices(ctx, &fido2.DevicesRequest{})
+	require.NoError(t, err)
+
+	wg := &sync.WaitGroup{}
+
+	fn := func() {
+		defer wg.Done()
+		for _, device := range resp.Devices {
+			t.Logf("Device: %+v", device.Path)
+			require.NotEmpty(t, device.Path)
+
+			typeResp, err := server.DeviceType(ctx, &fido2.DeviceTypeRequest{
+				Device: device.Path,
+			})
+			require.NoError(t, err)
+			if typeResp.Type != fido2.FIDO2 {
+				continue
+			}
+
+			infoResp, err := server.DeviceInfo(ctx, &fido2.DeviceInfoRequest{
+				Device: device.Path,
+			})
+			require.NoError(t, err)
+			t.Logf("Info: %+v", infoResp.Info)
+			require.NotEmpty(t, infoResp.Info.AAGUID)
+		}
+	}
+
+	wg.Add(5)
+	go fn()
+	go fn()
+	go fn()
+	go fn()
+	go fn()
+
+	wg.Wait()
+}
+
 func ExampleAuthServer_SetPIN() {
 	if os.Getenv("FIDO2_EXAMPLES") != "1" {
 		return