fixed issue which could cause API keys to be overwritten in DB if a n…

…ew one is registered quickly after startup
Erudika · Nov 7, 2023 · bc5f91d · bc5f91d
1 parent cddbe4d
commit bc5f91d
Showing 1 changed file with 12 additions and 6 deletions.
diff --git a/src/main/java/com/erudika/scoold/utils/ScooldUtils.java b/src/main/java/com/erudika/scoold/utils/ScooldUtils.java
@@ -1940,12 +1940,7 @@ public boolean isApiKeyRevoked(String jti, boolean expired) {
 		if (StringUtils.isBlank(jti)) {
 			return false;
 		}
-		if (API_KEYS.isEmpty()) {
-			Sysprop s = pc.read("api_keys");
-			if (s != null) {
-				API_KEYS.putAll(s.getProperties());
-			}
-		}
+		loadApiKeysObject(); // prevent overwriting the API keys object
 		if (API_KEYS.containsKey(jti) && expired) {
 			revokeApiKey(jti);
 		}
@@ -1956,11 +1951,13 @@ public void registerApiKey(String jti, String jwt) {
 		if (StringUtils.isBlank(jti) || StringUtils.isBlank(jwt)) {
 			return;
 		}
+		loadApiKeysObject(); // prevent overwriting the API keys object
 		API_KEYS.put(jti, jwt);
 		saveApiKeysObject();
 	}
 
 	public void revokeApiKey(String jti) {
+		loadApiKeysObject(); // prevent overwriting the API keys object
 		API_KEYS.remove(jti);
 		saveApiKeysObject();
 	}
@@ -1989,6 +1986,15 @@ private void saveApiKeysObject() {
 		pc.create(s);
 	}
 
+	private void loadApiKeysObject() {
+		if (API_KEYS.isEmpty()) {
+			Sysprop s = pc.read("api_keys");
+			if (s != null) {
+				API_KEYS.putAll(s.getProperties());
+			}
+		}
+	}
+
 	public Profile getSystemUser() {
 		return API_USER;
 	}