fix: resolve thread-safety issues in uptoken package (#171)

* fix: resolve thread-safety issues in uptoken package

Fixes #169

This commit addresses data races in both signer and parser implementations:

1. signer.onceGetUpToken: Added sync.Once to protect concurrent upToken generation
   - Added onceUpToken sync.Once field
   - Added upTokenErr field to store initialization errors
   - Ensures token is generated exactly once across all goroutines

2. parser.GetPutPolicy: Added sync.Once to protect json.Unmarshal
   - Added oncePutPolicy sync.Once field
   - Added putPolicyErr field to store parsing errors
   - Prevents concurrent access to putPolicy field

3. parser.GetAccessKey: Added sync.Once for thread-safe access
   - Added onceAccessKey sync.Once field
   - Added accessKeyErr field to store errors
   - Protects accessKey field from concurrent writes

4. parser.onceGetSplits: Added sync.Once for thread-safe parsing
   - Added onceSplits sync.Once field
   - Added splitsValid field to track parsing result
   - Ensures splits are parsed exactly once

All lazy initialization patterns now use sync.Once which guarantees:
- Thread-safe initialization
- Exactly-once execution
- Proper memory barriers

Generated with [codeagent](https://github.com/qbox/codeagent)
Co-authored-by: zhangzqs <34616640+zhangzqs@users.noreply.github.com>

* refactor: remove error fields from structs, use mutex instead of sync.Once

Replace sync.Once + error fields pattern with sync.Mutex + initialization flags.
This removes all xxxErr fields (upTokenErr, putPolicyErr, accessKeyErr) from
the structs while maintaining thread-safety through mutex locks.

Generated with [codeagent](https://github.com/qbox/codeagent)
Co-authored-by: zhangzqs <34616640+zhangzqs@users.noreply.github.com>

* refactor: use sync.Once pattern for thread-safe lazy initialization

- Replace sync.Mutex + boolean flags with sync.Once + error fields
- Ensures initialization happens exactly once across all goroutines
- Properly captures and returns errors from initialization
- Reduces code complexity and improves readability
- Eliminates double-checked locking race conditions

Generated with [codeagent](https://github.com/qbox/codeagent)
Co-authored-by: YangSen-qn <49863787+YangSen-qn@users.noreply.github.com>

* refactor: remove error fields and enable retry on failure

- Remove credentialsErr, upTokenErr, putPolicyErr, accessKeyErr, splitsErr fields
- Replace sync.Once with sync.Mutex for retry capability
- Check if value was successfully obtained (non-empty/non-nil)
- Allow retry if previous attempt failed to get value
- Maintain thread-safety through mutex locks

Generated with [codeagent](https://github.com/qbox/codeagent)
Co-authored-by: YangSen-qn <49863787+YangSen-qn@users.noreply.github.com>

---------

Co-authored-by: xgopilot <noreply@goplus.org>
Co-authored-by: zhangzqs <34616640+zhangzqs@users.noreply.github.com>
Co-authored-by: yangsen <yang_sen_ys@163.com>
Co-authored-by: YangSen-qn <49863787+YangSen-qn@users.noreply.github.com>

Author: 4 people

storagev2/uptoken/uploadtoken.go

@@ -36,12 +36,13 @@ type (
 	signer struct {
 		putPolicy           PutPolicy
 		credentialsProvider credentials.CredentialsProvider
-		onceCredentials     sync.Once
-		upToken             string
+		mu                  sync.Mutex
 		credentials         *credentials.Credentials
+		upToken             string
 	}
 	parser struct {
 		upToken   string
+		mu        sync.Mutex
 		putPolicy PutPolicy
 		accessKey string
 		splits    []string
@@ -60,93 +61,156 @@ func (signer *signer) GetPutPolicy(context.Context) (PutPolicy, error) {
 }
 
 func (signer *signer) GetAccessKey(ctx context.Context) (string, error) {
-	var err error
-	credentials, err := signer.onceGetCredentials(ctx)
+	credentials, err := signer.getCredentials(ctx)
 	if err != nil {
 		return "", err
 	}
 	return credentials.AccessKey, nil
 }
 
 func (signer *signer) GetUpToken(ctx context.Context) (string, error) {
-	return signer.onceGetUpToken(ctx)
-}
-
-func (signer *signer) onceGetCredentials(ctx context.Context) (*credentials.Credentials, error) {
-	var err error
-	signer.onceCredentials.Do(func() {
-		if signer.credentialsProvider != nil {
-			signer.credentials, err = signer.credentialsProvider.Get(ctx)
-		} else if defaultCreds := credentials.Default(); defaultCreds != nil {
-			signer.credentials = defaultCreds
-		}
-	})
-	return signer.credentials, err
-}
-
-func (signer *signer) onceGetUpToken(ctx context.Context) (string, error) {
-	var err error
+	signer.mu.Lock()
 	if signer.upToken != "" {
+		defer signer.mu.Unlock()
 		return signer.upToken, nil
 	}
-	credentials, err := signer.onceGetCredentials(ctx)
+	signer.mu.Unlock()
+
+	credentials, err := signer.getCredentials(ctx)
 	if err != nil {
-		return "", nil
+		return "", err
 	}
+
 	putPolicyJson, err := json.Marshal(signer.putPolicy)
 	if err != nil {
-		return "", nil
+		return "", err
+	}
+
+	upToken := credentials.SignWithData(putPolicyJson)
+
+	signer.mu.Lock()
+	if signer.upToken == "" {
+		signer.upToken = upToken
 	}
-	signer.upToken = credentials.SignWithData(putPolicyJson)
+	signer.mu.Unlock()
+
 	return signer.upToken, nil
 }
 
+func (signer *signer) getCredentials(ctx context.Context) (*credentials.Credentials, error) {
+	signer.mu.Lock()
+	if signer.credentials != nil {
+		defer signer.mu.Unlock()
+		return signer.credentials, nil
+	}
+	signer.mu.Unlock()
+
+	var creds *credentials.Credentials
+	var err error
+	if signer.credentialsProvider != nil {
+		creds, err = signer.credentialsProvider.Get(ctx)
+		if err != nil {
+			return nil, err
+		}
+	} else if defaultCreds := credentials.Default(); defaultCreds != nil {
+		creds = defaultCreds
+	}
+
+	if creds != nil {
+		signer.mu.Lock()
+		if signer.credentials == nil {
+			signer.credentials = creds
+		}
+		signer.mu.Unlock()
+	}
+
+	return creds, nil
+}
+
 // NewParser 创建上传凭证签发器
 func NewParser(upToken string) Provider {
 	return &parser{upToken: upToken}
 }
 
-func (parser *parser) GetPutPolicy(context.Context) (PutPolicy, error) {
+func (parser *parser) GetPutPolicy(ctx context.Context) (PutPolicy, error) {
+	parser.mu.Lock()
 	if parser.putPolicy != nil {
+		defer parser.mu.Unlock()
 		return parser.putPolicy, nil
 	}
-	splits, ok := parser.onceGetSplits()
-	if !ok {
-		return nil, ErrInvalidUpToken
+	parser.mu.Unlock()
+
+	splits, err := parser.getSplits()
+	if err != nil {
+		return PutPolicy{}, err
 	}
+
 	putPolicyJson, err := base64.URLEncoding.DecodeString(splits[2])
 	if err != nil {
-		return nil, ErrInvalidUpToken
+		return PutPolicy{}, ErrInvalidUpToken
+	}
+
+	var putPolicy PutPolicy
+	if err := json.Unmarshal(putPolicyJson, &putPolicy); err != nil {
+		return PutPolicy{}, err
 	}
-	err = json.Unmarshal(putPolicyJson, &parser.putPolicy)
-	return parser.putPolicy, err
+
+	parser.mu.Lock()
+	if parser.putPolicy == nil {
+		parser.putPolicy = putPolicy
+	}
+	parser.mu.Unlock()
+
+	return parser.putPolicy, nil
 }
 
-func (parser *parser) GetAccessKey(context.Context) (string, error) {
+func (parser *parser) GetAccessKey(ctx context.Context) (string, error) {
+	parser.mu.Lock()
 	if parser.accessKey != "" {
+		defer parser.mu.Unlock()
 		return parser.accessKey, nil
 	}
-	splits, ok := parser.onceGetSplits()
-	if !ok {
-		return "", ErrInvalidUpToken
+	parser.mu.Unlock()
+
+	splits, err := parser.getSplits()
+	if err != nil {
+		return "", err
+	}
+
+	accessKey := splits[0]
+
+	parser.mu.Lock()
+	if parser.accessKey == "" {
+		parser.accessKey = accessKey
 	}
-	parser.accessKey = splits[0]
+	parser.mu.Unlock()
+
 	return parser.accessKey, nil
 }
 
-func (parser *parser) onceGetSplits() ([]string, bool) {
+func (parser *parser) getSplits() ([]string, error) {
+	parser.mu.Lock()
 	if len(parser.splits) > 0 {
-		return parser.splits, true
+		defer parser.mu.Unlock()
+		return parser.splits, nil
 	}
+	parser.mu.Unlock()
+
 	splits := strings.Split(parser.upToken, ":")
 	if len(splits) == 5 && splits[0] == "" {
 		splits = splits[2:]
 	}
 	if len(splits) != 3 {
-		return nil, false
+		return nil, ErrInvalidUpToken
 	}
-	parser.splits = splits
-	return parser.splits, true
+
+	parser.mu.Lock()
+	if len(parser.splits) == 0 {
+		parser.splits = splits
+	}
+	parser.mu.Unlock()
+
+	return parser.splits, nil
 }
 
 func (parser *parser) GetUpToken(context.Context) (string, error) {