From 3494cabafdccb71e7c82e15b5034751d20658875 Mon Sep 17 00:00:00 2001
From: Tak Wai Wong <64229756+tak-hntlabs@users.noreply.github.com>
Date: Tue, 5 Jul 2022 18:18:04 -0400
Subject: [PATCH] fix concurrency issue when checking session ID (#14)

Co-authored-by: Tak Wai Wong <tak@hntlabs.com>
---
 clientapi/routing/register.go           | 7 +++++++
 clientapi/routing/register_publickey.go | 2 +-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/clientapi/routing/register.go b/clientapi/routing/register.go
index f8fa0dad3..af8d14f13 100644
--- a/clientapi/routing/register.go
+++ b/clientapi/routing/register.go
@@ -156,6 +156,13 @@ func (d *sessionsDict) startTimer(duration time.Duration, sessionID string) {
 	})
 }
 
+func (d *sessionsDict) hasSession(sessionID string) bool {
+	d.RLock()
+	defer d.RUnlock()
+	_, ok := d.sessions[sessionID]
+	return ok
+}
+
 // addCompletedSessionStage records that a session has completed an auth stage
 // also starts a timer to delete the session once done.
 func (d *sessionsDict) addCompletedSessionStage(sessionID string, stage authtypes.LoginType) {
diff --git a/clientapi/routing/register_publickey.go b/clientapi/routing/register_publickey.go
index 258a47249..f5c972bb1 100644
--- a/clientapi/routing/register_publickey.go
+++ b/clientapi/routing/register_publickey.go
@@ -62,7 +62,7 @@ func handlePublicKeyRegistration(
 		return false, authtypes.LoginStagePublicKeyNewRegistration, nil
 	}
 
-	if _, ok := sessions.sessions[authHandler.GetSession()]; !ok {
+	if !sessions.hasSession(authHandler.GetSession()) {
 		return false, "", &util.JSONResponse{
 			Code: http.StatusUnauthorized,
 			JSON: jsonerror.Unknown("the session ID is missing or unknown."),