mirror of https://github.com/go-redis/redis.git
feat: provide a username and password callback method, so that the plaintext username and password will not be stored in the memory, and the username and password will only be generated once when the CredentialsProvider is called. After the method is executed, the username and password strings on the stack will be released. (#2097)
Co-authored-by: janbar <janbar@163.com>
This commit is contained in:
parent
2465baaab5
commit
56a3dbc7b6
|
@ -51,6 +51,9 @@ type Options struct {
|
||||||
// or the User Password when connecting to a Redis 6.0 instance, or greater,
|
// or the User Password when connecting to a Redis 6.0 instance, or greater,
|
||||||
// that is using the Redis ACL system.
|
// that is using the Redis ACL system.
|
||||||
Password string
|
Password string
|
||||||
|
// CredentialsProvider allows the username and password to be updated
|
||||||
|
// before reconnecting. It should return the current username and password.
|
||||||
|
CredentialsProvider func() (username string, password string)
|
||||||
|
|
||||||
// Database to be selected after connecting to the server.
|
// Database to be selected after connecting to the server.
|
||||||
DB int
|
DB int
|
||||||
|
|
15
redis.go
15
redis.go
|
@ -217,7 +217,12 @@ func (c *baseClient) initConn(ctx context.Context, cn *pool.Conn) error {
|
||||||
}
|
}
|
||||||
cn.Inited = true
|
cn.Inited = true
|
||||||
|
|
||||||
if c.opt.Password == "" &&
|
username, password := c.opt.Username, c.opt.Password
|
||||||
|
if c.opt.CredentialsProvider != nil {
|
||||||
|
username, password = c.opt.CredentialsProvider()
|
||||||
|
}
|
||||||
|
|
||||||
|
if password == "" &&
|
||||||
c.opt.DB == 0 &&
|
c.opt.DB == 0 &&
|
||||||
!c.opt.readOnly &&
|
!c.opt.readOnly &&
|
||||||
c.opt.OnConnect == nil {
|
c.opt.OnConnect == nil {
|
||||||
|
@ -228,11 +233,11 @@ func (c *baseClient) initConn(ctx context.Context, cn *pool.Conn) error {
|
||||||
conn := newConn(ctx, c.opt, connPool)
|
conn := newConn(ctx, c.opt, connPool)
|
||||||
|
|
||||||
_, err := conn.Pipelined(ctx, func(pipe Pipeliner) error {
|
_, err := conn.Pipelined(ctx, func(pipe Pipeliner) error {
|
||||||
if c.opt.Password != "" {
|
if password != "" {
|
||||||
if c.opt.Username != "" {
|
if username != "" {
|
||||||
pipe.AuthACL(ctx, c.opt.Username, c.opt.Password)
|
pipe.AuthACL(ctx, username, password)
|
||||||
} else {
|
} else {
|
||||||
pipe.Auth(ctx, c.opt.Password)
|
pipe.Auth(ctx, password)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue