From f3a2bf787da36f1840df620a01c325f6b7f25da5 Mon Sep 17 00:00:00 2001
From: Nick Craig-Wood <nick@craig-wood.com>
Date: Thu, 24 Oct 2024 10:55:02 +0100
Subject: [PATCH] Narrow the locking window when accessing v4AuthPair map

In this commit

d6abc178be563f2a Fix race condition when updating v4AuthPair map

See: https://forum.rclone.org/t/can-rclone-serve-s3-handle-more-than-one-client/48329/
We put in locking to access the v4AuthPair map. However this locking
extended over the HTTP request which means that it effectively made
the server single threaded in certain cases.

This fix narrows the locking window to fix the problem.
---
 gofakes3.go | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/gofakes3.go b/gofakes3.go
index 2200c30..c11592c 100644
--- a/gofakes3.go
+++ b/gofakes3.go
@@ -41,8 +41,8 @@ type GoFakeS3 struct {
 	log                     Logger
 
 	// simple v4 signature
+	mu         sync.RWMutex // protects vAuthPair map only
 	v4AuthPair map[string]string
-	mu         sync.RWMutex
 }
 
 // New creates a new GoFakeS3 using the supplied Backend. Backends are pluggable.
@@ -120,8 +120,9 @@ func (g *GoFakeS3) DelAuthKeys(p []string) {
 func (g *GoFakeS3) authMiddleware(handler http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, rq *http.Request) {
 		g.mu.RLock()
-		defer g.mu.RUnlock()
-		if len(g.v4AuthPair) > 0 {
+		haveAuth := len(g.v4AuthPair) > 0
+		g.mu.RUnlock()
+		if haveAuth {
 			if result := signature.V4SignVerify(rq); result != signature.ErrNone {
 				g.log.Print(LogWarn, "Access Denied:", rq.RemoteAddr, "=>", rq.URL)