Browse Source
Cache the public key tokens
Sometimes (esp with token auth) we query the same token multiple times. While this is properly indexed and fast it is still a bit of a waste. Right now it is doing very stupid caching. Which gets invalidate on any update. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>tags/v18.0.0beta1
Roeland Jago Douma
4 years ago
1 changed files with 42 additions and 5 deletions
+ 42
- 5
lib/private/Authentication/Token/PublicKeyTokenProvider.php
View File
| @@ -27,6 +27,7 @@ use OC\Authentication\Exceptions\ExpiredTokenException; | |||
| use OC\Authentication\Exceptions\InvalidTokenException; | |||
| use OC\Authentication\Exceptions\PasswordlessTokenException; | |||
| use OC\Authentication\Exceptions\WipeTokenException; | |||
| use OC\Cache\CappedMemoryCache; | |||
| use OCP\AppFramework\Db\DoesNotExistException; | |||
| use OCP\AppFramework\Utility\ITimeFactory; | |||
| use OCP\IConfig; | |||
| @@ -49,6 +50,9 @@ class PublicKeyTokenProvider implements IProvider { | |||
| /** @var ITimeFactory $time */ | |||
| private $time; | |||
| /** @var CappedMemoryCache */ | |||
| private $cache; | |||
| public function __construct(PublicKeyTokenMapper $mapper, | |||
| ICrypto $crypto, | |||
| IConfig $config, | |||
| @@ -59,6 +63,8 @@ class PublicKeyTokenProvider implements IProvider { | |||
| $this->config = $config; | |||
| $this->logger = $logger; | |||
| $this->time = $time; | |||
| $this->cache = new CappedMemoryCache(); | |||
| } | |||
| /** | |||
| @@ -72,17 +78,26 @@ class PublicKeyTokenProvider implements IProvider { | |||
| int $type = IToken::TEMPORARY_TOKEN, | |||
| int $remember = IToken::DO_NOT_REMEMBER): IToken { | |||
| $dbToken = $this->newToken($token, $uid, $loginName, $password, $name, $type, $remember); | |||
| $this->mapper->insert($dbToken); | |||
| // Add the token to the cache | |||
| $this->cache[$dbToken->getToken()] = $dbToken; | |||
| return $dbToken; | |||
| } | |||
| public function getToken(string $tokenId): IToken { | |||
| try { | |||
| $token = $this->mapper->getToken($this->hashToken($tokenId)); | |||
| } catch (DoesNotExistException $ex) { | |||
| throw new InvalidTokenException(); | |||
| $tokenHash = $this->hashToken($tokenId); | |||
| if (isset($this->cache[$tokenHash])) { | |||
| $token = $this->cache[$tokenHash]; | |||
| } else { | |||
| try { | |||
| $token = $this->mapper->getToken($this->hashToken($tokenId)); | |||
| $this->cache[$token->getToken()] = $token; | |||
| } catch (DoesNotExistException $ex) { | |||
| throw new InvalidTokenException(); | |||
| } | |||
| } | |||
| if ((int)$token->getExpires() !== 0 && $token->getExpires() < $this->time->getTime()) { | |||
| @@ -115,6 +130,8 @@ class PublicKeyTokenProvider implements IProvider { | |||
| } | |||
| public function renewSessionToken(string $oldSessionId, string $sessionId) { | |||
| $this->cache->clear(); | |||
| $token = $this->getToken($oldSessionId); | |||
| if (!($token instanceof PublicKeyToken)) { | |||
| @@ -141,14 +158,20 @@ class PublicKeyTokenProvider implements IProvider { | |||
| } | |||
| public function invalidateToken(string $token) { | |||
| $this->cache->clear(); | |||
| $this->mapper->invalidate($this->hashToken($token)); | |||
| } | |||
| public function invalidateTokenById(string $uid, int $id) { | |||
| $this->cache->clear(); | |||
| $this->mapper->deleteById($uid, $id); | |||
| } | |||
| public function invalidateOldTokens() { | |||
| $this->cache->clear(); | |||
| $olderThan = $this->time->getTime() - (int) $this->config->getSystemValue('session_lifetime', 60 * 60 * 24); | |||
| $this->logger->debug('Invalidating session tokens older than ' . date('c', $olderThan), ['app' => 'cron']); | |||
| $this->mapper->invalidateOld($olderThan, IToken::DO_NOT_REMEMBER); | |||
| @@ -158,6 +181,8 @@ class PublicKeyTokenProvider implements IProvider { | |||
| } | |||
| public function updateToken(IToken $token) { | |||
| $this->cache->clear(); | |||
| if (!($token instanceof PublicKeyToken)) { | |||
| throw new InvalidTokenException(); | |||
| } | |||
| @@ -165,6 +190,8 @@ class PublicKeyTokenProvider implements IProvider { | |||
| } | |||
| public function updateTokenActivity(IToken $token) { | |||
| $this->cache->clear(); | |||
| if (!($token instanceof PublicKeyToken)) { | |||
| throw new InvalidTokenException(); | |||
| } | |||
| @@ -198,6 +225,8 @@ class PublicKeyTokenProvider implements IProvider { | |||
| } | |||
| public function setPassword(IToken $token, string $tokenId, string $password) { | |||
| $this->cache->clear(); | |||
| if (!($token instanceof PublicKeyToken)) { | |||
| throw new InvalidTokenException(); | |||
| } | |||
| @@ -215,6 +244,8 @@ class PublicKeyTokenProvider implements IProvider { | |||
| } | |||
| public function rotate(IToken $token, string $oldTokenId, string $newTokenId): IToken { | |||
| $this->cache->clear(); | |||
| if (!($token instanceof PublicKeyToken)) { | |||
| throw new InvalidTokenException(); | |||
| } | |||
| @@ -274,6 +305,8 @@ class PublicKeyTokenProvider implements IProvider { | |||
| * @throws \RuntimeException when OpenSSL reports a problem | |||
| */ | |||
| public function convertToken(DefaultToken $defaultToken, string $token, $password): PublicKeyToken { | |||
| $this->cache->clear(); | |||
| $pkToken = $this->newToken( | |||
| $token, | |||
| $defaultToken->getUID(), | |||
| @@ -344,6 +377,8 @@ class PublicKeyTokenProvider implements IProvider { | |||
| } | |||
| public function markPasswordInvalid(IToken $token, string $tokenId) { | |||
| $this->cache->clear(); | |||
| if (!($token instanceof PublicKeyToken)) { | |||
| throw new InvalidTokenException(); | |||
| } | |||
| @@ -353,6 +388,8 @@ class PublicKeyTokenProvider implements IProvider { | |||
| } | |||
| public function updatePasswords(string $uid, string $password) { | |||
| $this->cache->clear(); | |||
| if (!$this->mapper->hasExpiredTokens($uid)) { | |||
| // Nothing to do here | |||
| return; | |||
Loading…