add mutex around peer tags

2025-09-06 21:24:16 +08:00 · 2025-02-18 22:10:03 +04:00 · 2025-02-18 22:10:03 +04:00 · 7dd4c048c3
commit 7dd4c048c3
parent 252de61aa7
2 changed files with 6 additions and 1 deletions
--- a/controllers/hosts.go
+++ b/controllers/hosts.go
@ -316,7 +316,7 @@ func hostUpdateFallback(w http.ResponseWriter, r *http.Request) {
 	var hostUpdate models.HostUpdate
 	err = json.NewDecoder(r.Body).Decode(&hostUpdate)
 	if err != nil {
-		logger.Log(0, r.Header.Get("user"), "failed to update a host:", err.Error())
+		slog.Error("failed to update a host:", "user", r.Header.Get("user"), "error", err.Error(), "host", currentHost.Name)
 		logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
 		return
 	}
--- a/logic/acls.go
+++ b/logic/acls.go
@ -17,6 +17,7 @@ import (
 var (
 	aclCacheMutex = &sync.RWMutex{}
 	aclCacheMap   = make(map[string]models.Acl)
+	aclTagsMutex  = &sync.RWMutex{}
 )

 func MigrateAclPolicies() {
@ -575,8 +576,10 @@ func IsPeerAllowed(node, peer models.Node, checkDefaultPolicy bool) bool {
 	if peer.IsStatic {
 		peer = peer.StaticNode.ConvertToStaticNode()
 	}
+	aclTagsMutex.RLock()
 	peerTags := maps.Clone(peer.Tags)
 	nodeTags := maps.Clone(node.Tags)
+	aclTagsMutex.RUnlock()
 	if checkDefaultPolicy {
 		// check default policy if all allowed return true
 		defaultPolicy, err := GetDefaultPolicy(models.NetworkID(node.Network), models.DevicePolicy)
@ -658,8 +661,10 @@ func IsNodeAllowedToCommunicate(node, peer models.Node, checkDefaultPolicy bool)
 	if peer.IsStatic {
 		peer = peer.StaticNode.ConvertToStaticNode()
 	}
+	aclTagsMutex.RLock()
 	peerTags := maps.Clone(peer.Tags)
 	nodeTags := maps.Clone(node.Tags)
+	aclTagsMutex.RUnlock()
 	if checkDefaultPolicy {
 		// check default policy if all allowed return true
 		defaultPolicy, err := GetDefaultPolicy(models.NetworkID(node.Network), models.DevicePolicy)