fix(server): do not try to validate credentials if the request is canceled (#3650)

Signed-off-by: Deluan <deluan@navidrome.org>
2025-04-04 21:17:37 +03:00 · 2025-01-16 22:32:11 -03:00 · 2025-01-16 22:32:11 -03:00 · 47e3fdb1b8
commit 47e3fdb1b8
parent c37583fa9f
1 changed files with 9 additions and 0 deletions
--- a/server/subsonic/middlewares.go
+++ b/server/subsonic/middlewares.go
@ -2,6 +2,7 @@ package subsonic
 import (
 	"cmp"
 	"context"
 	"crypto/md5"
 	"encoding/hex"
 	"errors"
@ -88,6 +89,10 @@ func authenticate(ds model.DataStore) func(next http.Handler) http.Handler {
 			if username := server.UsernameFromReverseProxyHeader(r); username != "" {
 				usr, err = ds.User(ctx).FindByUsername(username)
 				if errors.Is(err, context.Canceled) {
 					log.Debug(ctx, "API: Request canceled when authenticating", "auth", "reverse-proxy", "username", username, "remoteAddr", r.RemoteAddr, err)
 					return
 				}
 				if errors.Is(err, model.ErrNotFound) {
 					log.Warn(ctx, "API: Invalid login", "auth", "reverse-proxy", "username", username, "remoteAddr", r.RemoteAddr, err)
 				} else if err != nil {
@ -102,6 +107,10 @@ func authenticate(ds model.DataStore) func(next http.Handler) http.Handler {
 				jwt, _ := p.String("jwt")
 				usr, err = ds.User(ctx).FindByUsernameWithPassword(username)
 				if errors.Is(err, context.Canceled) {
 					log.Debug(ctx, "API: Request canceled when authenticating", "auth", "subsonic", "username", username, "remoteAddr", r.RemoteAddr, err)
 					return
 				}
 				if errors.Is(err, model.ErrNotFound) {
 					log.Warn(ctx, "API: Invalid login", "auth", "subsonic", "username", username, "remoteAddr", r.RemoteAddr, err)
 				} else if err != nil {