feat: provide a username and password callback method, so that the plaintext username and password will not be stored in the memory, and the username and password will only be generated once when the CredentialsProvider is called. After the method is executed, the username and password strings on the stack will be released. (#2097)

Co-authored-by: janbar <janbar@163.com>
2025-07-28 06:42:00 +03:00 · 2022-06-04 15:26:04 +08:00
parent 2465baaab5
commit 56a3dbc7b6
2 changed files with 13 additions and 5 deletions
--- a/redis.go
+++ b/redis.go
@ -217,7 +217,12 @@ func (c *baseClient) initConn(ctx context.Context, cn *pool.Conn) error {
 	}
 	cn.Inited = true

-	if c.opt.Password == "" &&
+	username, password := c.opt.Username, c.opt.Password
+	if c.opt.CredentialsProvider != nil {
+		username, password = c.opt.CredentialsProvider()
+	}
+
+	if password == "" &&
 		c.opt.DB == 0 &&
 		!c.opt.readOnly &&
 		c.opt.OnConnect == nil {
@ -228,11 +233,11 @@ func (c *baseClient) initConn(ctx context.Context, cn *pool.Conn) error {
 	conn := newConn(ctx, c.opt, connPool)

 	_, err := conn.Pipelined(ctx, func(pipe Pipeliner) error {
-		if c.opt.Password != "" {
-			if c.opt.Username != "" {
-				pipe.AuthACL(ctx, c.opt.Username, c.opt.Password)
+		if password != "" {
+			if username != "" {
+				pipe.AuthACL(ctx, username, password)
 			} else {
-				pipe.Auth(ctx, c.opt.Password)
+				pipe.Auth(ctx, password)
 			}
 		}