From 35b073b3a6e4388bb14df8a8178d5b07711fab54 Mon Sep 17 00:00:00 2001
From: buzhimingyonghu <1512049108@qq.com>
Date: Thu, 31 Oct 2024 07:06:48 +0000
Subject: [PATCH 1/8] fix authrequired bug

---
 conf/pika.conf             |  6 ++---
 include/acl.h              |  7 +++---
 include/pika_client_conn.h | 23 ++++++-------------
 src/acl.cc                 | 17 ++++++--------
 src/pika_client_conn.cc    | 46 +++++++++++++++++++++-----------------
 5 files changed, 45 insertions(+), 54 deletions(-)

diff --git a/conf/pika.conf b/conf/pika.conf
index 59aef75fa0..30e34db922 100644
--- a/conf/pika.conf
+++ b/conf/pika.conf
@@ -103,7 +103,7 @@ timeout : 60
 # the value of userpass will be ignored and all users are considered as administrators,
 # in this scenario, users are not subject to the restrictions imposed by the userblacklist.
 # PS: "user password" refers to value of the parameter below: userpass.
-requirepass :
+requirepass : 123
 
 # Password for replication verify, used for authentication when a slave
 # connects to a master to request replication.
@@ -115,14 +115,14 @@ masterauth :
 # the value of this parameter will be ignored and all users are considered as administrators,
 # in this scenario, users are not subject to the restrictions imposed by the userblacklist.
 # PS: "admin password" refers to value of the parameter above: requirepass.
-# userpass :
+userpass :12345
 
 # The blacklist of commands for users that logged in by userpass,
 # the commands that added to this list will not be available for users except for administrator.
 # [Advice] It's recommended to add high-risk commands to this list.
 # [Format] Commands should be separated by ",". For example: FLUSHALL, SHUTDOWN, KEYS, CONFIG
 # By default, this list is empty.
-# userblacklist :
+userblacklist :FLUSHALL
 
 # Running Mode of Pika, The current version only supports running in "classic mode".
 # If set to 'classic', Pika will create multiple DBs whose number is the value of configure item "databases".
diff --git a/include/acl.h b/include/acl.h
index 5aa83d408d..77bd5ba8a3 100644
--- a/include/acl.h
+++ b/include/acl.h
@@ -129,7 +129,7 @@ class AclSelector {
   friend User;
 
  public:
-  explicit AclSelector() : AclSelector(0){};
+  explicit AclSelector() : AclSelector(0) {};
   explicit AclSelector(uint32_t flag);
   explicit AclSelector(const AclSelector& selector);
   ~AclSelector() = default;
@@ -138,7 +138,7 @@ class AclSelector {
   inline bool HasFlags(uint32_t flag) const { return flags_ & flag; };
   inline void AddFlags(uint32_t flag) { flags_ |= flag; };
   inline void DecFlags(uint32_t flag) { flags_ &= ~flag; };
-  bool EqualChannel(const std::vector<std::string> &allChannel);
+  bool EqualChannel(const std::vector<std::string>& allChannel);
 
  private:
   pstd::Status SetSelector(const std::string& op);
@@ -224,8 +224,7 @@ class User {
   ~User() = default;
 
   std::string Name() const;
-
-  //  inline uint32_t Flags() const { return flags_; };
+  // inline uint32_t Flags() const { return flags_; };
   inline bool HasFlags(uint32_t flag) const { return flags_ & flag; };
   inline void AddFlags(uint32_t flag) { flags_ |= flag; };
   inline void DecFlags(uint32_t flag) { flags_ &= ~flag; };
diff --git a/include/pika_client_conn.h b/include/pika_client_conn.h
index 5b912592ab..3124d2036c 100644
--- a/include/pika_client_conn.h
+++ b/include/pika_client_conn.h
@@ -22,25 +22,15 @@ struct TimeStat {
     before_queue_ts_ = 0;
   }
 
-  uint64_t start_ts() const {
-    return enqueue_ts_;
-  }
+  uint64_t start_ts() const { return enqueue_ts_; }
 
-  uint64_t total_time() const {
-    return process_done_ts_ > enqueue_ts_ ? process_done_ts_ - enqueue_ts_ : 0;
-  }
+  uint64_t total_time() const { return process_done_ts_ > enqueue_ts_ ? process_done_ts_ - enqueue_ts_ : 0; }
 
-  uint64_t queue_time() const {
-    return dequeue_ts_ > enqueue_ts_ ? dequeue_ts_ - enqueue_ts_ : 0;
-  }
+  uint64_t queue_time() const { return dequeue_ts_ > enqueue_ts_ ? dequeue_ts_ - enqueue_ts_ : 0; }
 
-  uint64_t process_time() const {
-    return process_done_ts_ > dequeue_ts_ ? process_done_ts_ - dequeue_ts_ : 0;
-  }
+  uint64_t process_time() const { return process_done_ts_ > dequeue_ts_ ? process_done_ts_ - dequeue_ts_ : 0; }
 
-  uint64_t before_queue_time() const {
-    return process_done_ts_ > dequeue_ts_ ? before_queue_ts_ - enqueue_ts_ : 0;
-  }
+  uint64_t before_queue_time() const { return process_done_ts_ > dequeue_ts_ ? before_queue_ts_ - enqueue_ts_ : 0; }
 
   uint64_t enqueue_ts_;
   uint64_t dequeue_ts_;
@@ -94,7 +84,7 @@ class PikaClientConn : public net::RedisConn {
   void UnAuth(const std::shared_ptr<User>& user);
 
   bool IsAuthed() const;
-
+  void InitUser();
   bool AuthRequired() const;
 
   std::string UserName() const;
@@ -123,6 +113,7 @@ class PikaClientConn : public net::RedisConn {
   std::vector<std::shared_ptr<std::string>> resp_array;
 
   std::shared_ptr<TimeStat> time_stat_;
+
  private:
   net::ServerThread* const server_thread_;
   std::string current_db_;
diff --git a/src/acl.cc b/src/acl.cc
index bd6862aa81..dea532b724 100644
--- a/src/acl.cc
+++ b/src/acl.cc
@@ -489,31 +489,28 @@ void Acl::InitLimitUser(const std::string& bl, bool limit_exist) {
   auto u = GetUser(DefaultLimitUser);
   if (limit_exist) {
     if (!bl.empty()) {
-      for(auto& cmd : blacklist) {
+      for (auto& cmd : blacklist) {
         cmd = pstd::StringTrim(cmd, " ");
         u->SetUser("-" + cmd);
       }
       u->SetUser("on");
     }
-    if (!pass.empty()) {
-      u->SetUser(">"+pass);
-    }
   } else {
-    if (pass.empty()) {
-      u->SetUser("nopass");
-    } else {
-      u->SetUser(">"+pass);
-    }
     u->SetUser("on");
     u->SetUser("+@all");
     u->SetUser("~*");
     u->SetUser("&*");
 
-    for(auto& cmd : blacklist) {
+    for (auto& cmd : blacklist) {
       cmd = pstd::StringTrim(cmd, " ");
       u->SetUser("-" + cmd);
     }
   }
+  if (pass.empty()) {
+    u->SetUser("nopass");
+  } else {
+    u->SetUser(">" + pass);
+  }
 }
 // bool Acl::CheckUserCanExec(const std::shared_ptr<Cmd>& cmd, const PikaCmdArgsType& argv) { cmd->name(); }
 
diff --git a/src/pika_client_conn.cc b/src/pika_client_conn.cc
index 37a47bc371..2643cd30af 100644
--- a/src/pika_client_conn.cc
+++ b/src/pika_client_conn.cc
@@ -30,8 +30,7 @@ PikaClientConn::PikaClientConn(int fd, const std::string& ip_port, net::Thread*
     : RedisConn(fd, ip_port, thread, mpx, handle_type, max_conn_rbuf_size),
       server_thread_(reinterpret_cast<net::ServerThread*>(thread)),
       current_db_(g_pika_conf->default_db()) {
-  // client init, set client user is default, and authenticated = false
-  UnAuth(g_pika_server->Acl()->GetUserLock(Acl::DefaultUser));
+  InitUser();
   time_stat_.reset(new TimeStat());
 }
 
@@ -259,7 +258,7 @@ void PikaClientConn::ProcessMonitor(const PikaCmdArgsType& argv) {
 }
 
 bool PikaClientConn::IsInterceptedByRTC(std::string& opt) {
-  //currently we only Intercept: Get, HGet
+  // currently we only Intercept: Get, HGet
   if (opt == kCmdNameGet && g_pika_conf->GetCacheString()) {
     return true;
   }
@@ -289,11 +288,9 @@ void PikaClientConn::ProcessRedisCmds(const std::vector<net::RedisCmdArgsType>&
     bool is_slow_cmd = g_pika_conf->is_slow_cmd(opt);
     bool is_admin_cmd = g_pika_conf->is_admin_cmd(opt);
 
-    //we don't intercept pipeline batch (argvs.size() > 1)
-    if (g_pika_conf->rtc_cache_read_enabled() &&
-        argvs.size() == 1 && IsInterceptedByRTC(opt) &&
-        PIKA_CACHE_NONE != g_pika_conf->cache_mode() &&
-        !IsInTxn()) {
+    // we don't intercept pipeline batch (argvs.size() > 1)
+    if (g_pika_conf->rtc_cache_read_enabled() && argvs.size() == 1 && IsInterceptedByRTC(opt) &&
+        PIKA_CACHE_NONE != g_pika_conf->cache_mode() && !IsInTxn()) {
       // read in cache
       if (ReadCmdInCache(argvs[0], opt)) {
         delete arg;
@@ -358,21 +355,17 @@ bool PikaClientConn::ReadCmdInCache(const net::RedisCmdArgsType& argv, const std
     resp_num--;
     return false;
   }
-  //acl check
+  // acl check
   int8_t subCmdIndex = -1;
   std::string errKey;
   auto checkRes = user_->CheckUserPermission(c_ptr, argv, subCmdIndex, &errKey);
   std::string object;
-  if (checkRes == AclDeniedCmd::CMD ||
-      checkRes == AclDeniedCmd::KEY ||
-      checkRes == AclDeniedCmd::CHANNEL ||
-      checkRes == AclDeniedCmd::NO_SUB_CMD ||
-      checkRes == AclDeniedCmd::NO_AUTH
-      ) {
-    //acl check failed
+  if (checkRes == AclDeniedCmd::CMD || checkRes == AclDeniedCmd::KEY || checkRes == AclDeniedCmd::CHANNEL ||
+      checkRes == AclDeniedCmd::NO_SUB_CMD || checkRes == AclDeniedCmd::NO_AUTH) {
+    // acl check failed
     return false;
   }
-  //only read command(Get, HGet) will reach here, no need of record lock
+  // only read command(Get, HGet) will reach here, no need of record lock
   bool read_status = c_ptr->DoReadCommandInCache();
   auto cmdstat_map = g_pika_cmd_table_manager->GetCommandStatMap();
   resp_num--;
@@ -547,13 +540,24 @@ void PikaClientConn::UnAuth(const std::shared_ptr<User>& user) {
 }
 
 bool PikaClientConn::IsAuthed() const { return authenticated_; }
-
+void PikaClientConn::InitUser() {
+  if (g_pika_conf->requirepass().empty()) {
+    user_ = g_pika_server->Acl()->GetUserLock(Acl::DefaultUser);
+  }
+  user_ = g_pika_server->Acl()->GetUserLock(Acl::DefaultLimitUser);
+  authenticated_ = user_->HasFlags(static_cast<uint32_t>(AclUserFlag::NO_PASS)) &&
+                   !user_->HasFlags(static_cast<uint32_t>(AclUserFlag::DISABLED));
+}
 bool PikaClientConn::AuthRequired() const {
   // If the user does not have a password, and the user is valid, then the user does not need authentication
   // Otherwise, you need to determine whether go has been authenticated
-  return (!user_->HasFlags(static_cast<uint32_t>(AclUserFlag::NO_PASS)) ||
-          user_->HasFlags(static_cast<uint32_t>(AclUserFlag::DISABLED))) &&
-         !IsAuthed();
+  if (user_->HasFlags(static_cast<uint32_t>(AclUserFlag::DISABLED))) {
+    return true;
+  }
+  if (user_->HasFlags(static_cast<uint32_t>(AclUserFlag::NO_PASS))) {
+    return false;
+  }
+  return !IsAuthed();
 }
 std::string PikaClientConn::UserName() const { return user_->Name(); }
 

From 0054e94b72b8c5af67bf13bfdd09f67f0eec0283 Mon Sep 17 00:00:00 2001
From: buzhimingyonghu <1512049108@qq.com>
Date: Thu, 31 Oct 2024 07:35:10 +0000
Subject: [PATCH 2/8] init pika.conf

---
 conf/pika.conf | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/conf/pika.conf b/conf/pika.conf
index 30e34db922..d4f0efb011 100644
--- a/conf/pika.conf
+++ b/conf/pika.conf
@@ -103,7 +103,7 @@ timeout : 60
 # the value of userpass will be ignored and all users are considered as administrators,
 # in this scenario, users are not subject to the restrictions imposed by the userblacklist.
 # PS: "user password" refers to value of the parameter below: userpass.
-requirepass : 123
+requirepass :
 
 # Password for replication verify, used for authentication when a slave
 # connects to a master to request replication.
@@ -115,14 +115,14 @@ masterauth :
 # the value of this parameter will be ignored and all users are considered as administrators,
 # in this scenario, users are not subject to the restrictions imposed by the userblacklist.
 # PS: "admin password" refers to value of the parameter above: requirepass.
-userpass :12345
+# userpass :
 
 # The blacklist of commands for users that logged in by userpass,
 # the commands that added to this list will not be available for users except for administrator.
 # [Advice] It's recommended to add high-risk commands to this list.
 # [Format] Commands should be separated by ",". For example: FLUSHALL, SHUTDOWN, KEYS, CONFIG
 # By default, this list is empty.
-userblacklist :FLUSHALL
+# userblacklist :
 
 # Running Mode of Pika, The current version only supports running in "classic mode".
 # If set to 'classic', Pika will create multiple DBs whose number is the value of configure item "databases".
@@ -691,4 +691,4 @@ dont-compact-sst-created-in-seconds : 20
 # For OBD_Compact 
 # According to the number of sst files in rocksdb, 
 # compact every `compact-every-num-of-files` file.
-best-delete-min-ratio : 10
+best-delete-min-ratio : 10
\ No newline at end of file

From 62754faedf1e5d205d654e37b6ea5e8aa2e4c3a4 Mon Sep 17 00:00:00 2001
From: buzhimingyonghu <1512049108@qq.com>
Date: Thu, 31 Oct 2024 09:25:39 +0000
Subject: [PATCH 3/8] fix InitUser

---
 src/pika_client_conn.cc | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/pika_client_conn.cc b/src/pika_client_conn.cc
index 2643cd30af..35e71e7529 100644
--- a/src/pika_client_conn.cc
+++ b/src/pika_client_conn.cc
@@ -543,8 +543,9 @@ bool PikaClientConn::IsAuthed() const { return authenticated_; }
 void PikaClientConn::InitUser() {
   if (g_pika_conf->requirepass().empty()) {
     user_ = g_pika_server->Acl()->GetUserLock(Acl::DefaultUser);
+  } else {
+    user_ = g_pika_server->Acl()->GetUserLock(Acl::DefaultLimitUser);
   }
-  user_ = g_pika_server->Acl()->GetUserLock(Acl::DefaultLimitUser);
   authenticated_ = user_->HasFlags(static_cast<uint32_t>(AclUserFlag::NO_PASS)) &&
                    !user_->HasFlags(static_cast<uint32_t>(AclUserFlag::DISABLED));
 }

From e643c87c82624370dad489fa7c3be3467647a3d2 Mon Sep 17 00:00:00 2001
From: buzhimingyonghu <1512049108@qq.com>
Date: Thu, 7 Nov 2024 10:01:49 +0000
Subject: [PATCH 4/8] fix InitUser

---
 src/acl.cc              | 13 ++++++++-----
 src/pika_client_conn.cc | 11 +++++++----
 2 files changed, 15 insertions(+), 9 deletions(-)

diff --git a/src/acl.cc b/src/acl.cc
index dea532b724..04226d811c 100644
--- a/src/acl.cc
+++ b/src/acl.cc
@@ -495,7 +495,15 @@ void Acl::InitLimitUser(const std::string& bl, bool limit_exist) {
       }
       u->SetUser("on");
     }
+    if (!pass.empty()) {
+      u->SetUser(">" + pass);
+    }
   } else {
+    if (pass.empty()) {
+      u->SetUser("nopass");
+    } else {
+      u->SetUser(">" + pass);
+    }
     u->SetUser("on");
     u->SetUser("+@all");
     u->SetUser("~*");
@@ -506,11 +514,6 @@ void Acl::InitLimitUser(const std::string& bl, bool limit_exist) {
       u->SetUser("-" + cmd);
     }
   }
-  if (pass.empty()) {
-    u->SetUser("nopass");
-  } else {
-    u->SetUser(">" + pass);
-  }
 }
 // bool Acl::CheckUserCanExec(const std::shared_ptr<Cmd>& cmd, const PikaCmdArgsType& argv) { cmd->name(); }
 
diff --git a/src/pika_client_conn.cc b/src/pika_client_conn.cc
index 35e71e7529..768cb6d5ad 100644
--- a/src/pika_client_conn.cc
+++ b/src/pika_client_conn.cc
@@ -541,10 +541,10 @@ void PikaClientConn::UnAuth(const std::shared_ptr<User>& user) {
 
 bool PikaClientConn::IsAuthed() const { return authenticated_; }
 void PikaClientConn::InitUser() {
-  if (g_pika_conf->requirepass().empty()) {
-    user_ = g_pika_server->Acl()->GetUserLock(Acl::DefaultUser);
-  } else {
+  if (!g_pika_conf->GetUserBlackList().empty()) {
     user_ = g_pika_server->Acl()->GetUserLock(Acl::DefaultLimitUser);
+  } else {
+    user_ = g_pika_server->Acl()->GetUserLock(Acl::DefaultUser);
   }
   authenticated_ = user_->HasFlags(static_cast<uint32_t>(AclUserFlag::NO_PASS)) &&
                    !user_->HasFlags(static_cast<uint32_t>(AclUserFlag::DISABLED));
@@ -552,13 +552,16 @@ void PikaClientConn::InitUser() {
 bool PikaClientConn::AuthRequired() const {
   // If the user does not have a password, and the user is valid, then the user does not need authentication
   // Otherwise, you need to determine whether go has been authenticated
+  if (IsAuthed()) {
+    return false;
+  }
   if (user_->HasFlags(static_cast<uint32_t>(AclUserFlag::DISABLED))) {
     return true;
   }
   if (user_->HasFlags(static_cast<uint32_t>(AclUserFlag::NO_PASS))) {
     return false;
   }
-  return !IsAuthed();
+  return true;
 }
 std::string PikaClientConn::UserName() const { return user_->Name(); }
 

From 19c1c8b97632344ec93bfd4667f8c460cce68c3e Mon Sep 17 00:00:00 2001
From: buzhimingyonghu <1512049108@qq.com>
Date: Thu, 7 Nov 2024 12:00:06 +0000
Subject: [PATCH 5/8] fix no userblacklist

---
 src/acl.cc | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/acl.cc b/src/acl.cc
index 04226d811c..dad50f73e6 100644
--- a/src/acl.cc
+++ b/src/acl.cc
@@ -477,7 +477,11 @@ void Acl::UpdateDefaultUserPassword(const std::string& pass) {
   if (pass.empty()) {
     u->SetUser("nopass");
   } else {
-    u->SetUser(">" + pass);
+    if (g_pika_conf->userpass().empty()) {
+      u->SetUser("nopass");
+    } else {
+      u->SetUser(">" + pass);
+    }
   }
 }
 

From 441ce658b9807b11e43e623cd6ca8429ebd32276 Mon Sep 17 00:00:00 2001
From: buzhimingyonghu <1512049108@qq.com>
Date: Tue, 3 Dec 2024 09:10:59 +0000
Subject: [PATCH 6/8] fix acl

---
 include/acl.h           | 2 +-
 src/acl.cc              | 6 +-----
 src/pika_client_conn.cc | 2 ++
 3 files changed, 4 insertions(+), 6 deletions(-)

diff --git a/include/acl.h b/include/acl.h
index 77bd5ba8a3..0af8e0a585 100644
--- a/include/acl.h
+++ b/include/acl.h
@@ -224,7 +224,7 @@ class User {
   ~User() = default;
 
   std::string Name() const;
-  // inline uint32_t Flags() const { return flags_; };
+  inline uint32_t Flags() const { return flags_; };
   inline bool HasFlags(uint32_t flag) const { return flags_ & flag; };
   inline void AddFlags(uint32_t flag) { flags_ |= flag; };
   inline void DecFlags(uint32_t flag) { flags_ &= ~flag; };
diff --git a/src/acl.cc b/src/acl.cc
index dad50f73e6..04226d811c 100644
--- a/src/acl.cc
+++ b/src/acl.cc
@@ -477,11 +477,7 @@ void Acl::UpdateDefaultUserPassword(const std::string& pass) {
   if (pass.empty()) {
     u->SetUser("nopass");
   } else {
-    if (g_pika_conf->userpass().empty()) {
-      u->SetUser("nopass");
-    } else {
-      u->SetUser(">" + pass);
-    }
+    u->SetUser(">" + pass);
   }
 }
 
diff --git a/src/pika_client_conn.cc b/src/pika_client_conn.cc
index 768cb6d5ad..cccef4ae9b 100644
--- a/src/pika_client_conn.cc
+++ b/src/pika_client_conn.cc
@@ -552,6 +552,8 @@ void PikaClientConn::InitUser() {
 bool PikaClientConn::AuthRequired() const {
   // If the user does not have a password, and the user is valid, then the user does not need authentication
   // Otherwise, you need to determine whether go has been authenticated
+  LOG(INFO) << "IsAuthed: " << IsAuthed();
+  LOG(INFO) << "user_->Flags(): " << user_->Flags();
   if (IsAuthed()) {
     return false;
   }

From a00cba16b4b5b6b50b72e9f4b298d33eff7ffe99 Mon Sep 17 00:00:00 2001
From: buzhimingyonghu <1512049108@qq.com>
Date: Wed, 4 Dec 2024 03:12:27 +0000
Subject: [PATCH 7/8] delete annotation

---
 conf/pika.conf | 1 -
 1 file changed, 1 deletion(-)

diff --git a/conf/pika.conf b/conf/pika.conf
index d4f0efb011..fbf52c30fc 100644
--- a/conf/pika.conf
+++ b/conf/pika.conf
@@ -100,7 +100,6 @@ timeout : 60
 
 # The [password of administrator], which is empty by default.
 # [NOTICE] If this admin password is the same as user password (including both being empty),
-# the value of userpass will be ignored and all users are considered as administrators,
 # in this scenario, users are not subject to the restrictions imposed by the userblacklist.
 # PS: "user password" refers to value of the parameter below: userpass.
 requirepass :

From 2b3793f326a01a6e3599b29d41016ebed6f51740 Mon Sep 17 00:00:00 2001
From: buzhimingyonghu <1512049108@qq.com>
Date: Wed, 4 Dec 2024 06:47:10 +0000
Subject: [PATCH 8/8] fix bug

---
 src/acl.cc | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/src/acl.cc b/src/acl.cc
index dad50f73e6..04226d811c 100644
--- a/src/acl.cc
+++ b/src/acl.cc
@@ -477,11 +477,7 @@ void Acl::UpdateDefaultUserPassword(const std::string& pass) {
   if (pass.empty()) {
     u->SetUser("nopass");
   } else {
-    if (g_pika_conf->userpass().empty()) {
-      u->SetUser("nopass");
-    } else {
-      u->SetUser(">" + pass);
-    }
+    u->SetUser(">" + pass);
   }
 }