Browse Source
Cache the public key tokens
Sometimes (esp with token auth) we query the same token multiple times. While this is properly indexed and fast it is still a bit of a waste. Right now it is doing very stupid caching. Which gets invalidate on any update. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>tags/v18.0.0beta1
Roeland Jago Douma
4 years ago
1 changed files with 42 additions and 5 deletions
+ 42
- 5
lib/private/Authentication/Token/PublicKeyTokenProvider.php
View File
| use OC\Authentication\Exceptions\InvalidTokenException; | use OC\Authentication\Exceptions\InvalidTokenException; | ||||
| use OC\Authentication\Exceptions\PasswordlessTokenException; | use OC\Authentication\Exceptions\PasswordlessTokenException; | ||||
| use OC\Authentication\Exceptions\WipeTokenException; | use OC\Authentication\Exceptions\WipeTokenException; | ||||
| use OC\Cache\CappedMemoryCache; | |||||
| use OCP\AppFramework\Db\DoesNotExistException; | use OCP\AppFramework\Db\DoesNotExistException; | ||||
| use OCP\AppFramework\Utility\ITimeFactory; | use OCP\AppFramework\Utility\ITimeFactory; | ||||
| use OCP\IConfig; | use OCP\IConfig; | ||||
| /** @var ITimeFactory $time */ | /** @var ITimeFactory $time */ | ||||
| private $time; | private $time; | ||||
| /** @var CappedMemoryCache */ | |||||
| private $cache; | |||||
| public function __construct(PublicKeyTokenMapper $mapper, | public function __construct(PublicKeyTokenMapper $mapper, | ||||
| ICrypto $crypto, | ICrypto $crypto, | ||||
| IConfig $config, | IConfig $config, | ||||
| $this->config = $config; | $this->config = $config; | ||||
| $this->logger = $logger; | $this->logger = $logger; | ||||
| $this->time = $time; | $this->time = $time; | ||||
| $this->cache = new CappedMemoryCache(); | |||||
| } | } | ||||
| /** | /** | ||||
| int $type = IToken::TEMPORARY_TOKEN, | int $type = IToken::TEMPORARY_TOKEN, | ||||
| int $remember = IToken::DO_NOT_REMEMBER): IToken { | int $remember = IToken::DO_NOT_REMEMBER): IToken { | ||||
| $dbToken = $this->newToken($token, $uid, $loginName, $password, $name, $type, $remember); | $dbToken = $this->newToken($token, $uid, $loginName, $password, $name, $type, $remember); | ||||
| $this->mapper->insert($dbToken); | $this->mapper->insert($dbToken); | ||||
| // Add the token to the cache | |||||
| $this->cache[$dbToken->getToken()] = $dbToken; | |||||
| return $dbToken; | return $dbToken; | ||||
| } | } | ||||
| public function getToken(string $tokenId): IToken { | public function getToken(string $tokenId): IToken { | ||||
| try { | |||||
| $token = $this->mapper->getToken($this->hashToken($tokenId)); | |||||
| } catch (DoesNotExistException $ex) { | |||||
| throw new InvalidTokenException(); | |||||
| $tokenHash = $this->hashToken($tokenId); | |||||
| if (isset($this->cache[$tokenHash])) { | |||||
| $token = $this->cache[$tokenHash]; | |||||
| } else { | |||||
| try { | |||||
| $token = $this->mapper->getToken($this->hashToken($tokenId)); | |||||
| $this->cache[$token->getToken()] = $token; | |||||
| } catch (DoesNotExistException $ex) { | |||||
| throw new InvalidTokenException(); | |||||
| } | |||||
| } | } | ||||
| if ((int)$token->getExpires() !== 0 && $token->getExpires() < $this->time->getTime()) { | if ((int)$token->getExpires() !== 0 && $token->getExpires() < $this->time->getTime()) { | ||||
| } | } | ||||
| public function renewSessionToken(string $oldSessionId, string $sessionId) { | public function renewSessionToken(string $oldSessionId, string $sessionId) { | ||||
| $this->cache->clear(); | |||||
| $token = $this->getToken($oldSessionId); | $token = $this->getToken($oldSessionId); | ||||
| if (!($token instanceof PublicKeyToken)) { | if (!($token instanceof PublicKeyToken)) { | ||||
| } | } | ||||
| public function invalidateToken(string $token) { | public function invalidateToken(string $token) { | ||||
| $this->cache->clear(); | |||||
| $this->mapper->invalidate($this->hashToken($token)); | $this->mapper->invalidate($this->hashToken($token)); | ||||
| } | } | ||||
| public function invalidateTokenById(string $uid, int $id) { | public function invalidateTokenById(string $uid, int $id) { | ||||
| $this->cache->clear(); | |||||
| $this->mapper->deleteById($uid, $id); | $this->mapper->deleteById($uid, $id); | ||||
| } | } | ||||
| public function invalidateOldTokens() { | public function invalidateOldTokens() { | ||||
| $this->cache->clear(); | |||||
| $olderThan = $this->time->getTime() - (int) $this->config->getSystemValue('session_lifetime', 60 * 60 * 24); | $olderThan = $this->time->getTime() - (int) $this->config->getSystemValue('session_lifetime', 60 * 60 * 24); | ||||
| $this->logger->debug('Invalidating session tokens older than ' . date('c', $olderThan), ['app' => 'cron']); | $this->logger->debug('Invalidating session tokens older than ' . date('c', $olderThan), ['app' => 'cron']); | ||||
| $this->mapper->invalidateOld($olderThan, IToken::DO_NOT_REMEMBER); | $this->mapper->invalidateOld($olderThan, IToken::DO_NOT_REMEMBER); | ||||
| } | } | ||||
| public function updateToken(IToken $token) { | public function updateToken(IToken $token) { | ||||
| $this->cache->clear(); | |||||
| if (!($token instanceof PublicKeyToken)) { | if (!($token instanceof PublicKeyToken)) { | ||||
| throw new InvalidTokenException(); | throw new InvalidTokenException(); | ||||
| } | } | ||||
| } | } | ||||
| public function updateTokenActivity(IToken $token) { | public function updateTokenActivity(IToken $token) { | ||||
| $this->cache->clear(); | |||||
| if (!($token instanceof PublicKeyToken)) { | if (!($token instanceof PublicKeyToken)) { | ||||
| throw new InvalidTokenException(); | throw new InvalidTokenException(); | ||||
| } | } | ||||
| } | } | ||||
| public function setPassword(IToken $token, string $tokenId, string $password) { | public function setPassword(IToken $token, string $tokenId, string $password) { | ||||
| $this->cache->clear(); | |||||
| if (!($token instanceof PublicKeyToken)) { | if (!($token instanceof PublicKeyToken)) { | ||||
| throw new InvalidTokenException(); | throw new InvalidTokenException(); | ||||
| } | } | ||||
| } | } | ||||
| public function rotate(IToken $token, string $oldTokenId, string $newTokenId): IToken { | public function rotate(IToken $token, string $oldTokenId, string $newTokenId): IToken { | ||||
| $this->cache->clear(); | |||||
| if (!($token instanceof PublicKeyToken)) { | if (!($token instanceof PublicKeyToken)) { | ||||
| throw new InvalidTokenException(); | throw new InvalidTokenException(); | ||||
| } | } | ||||
| * @throws \RuntimeException when OpenSSL reports a problem | * @throws \RuntimeException when OpenSSL reports a problem | ||||
| */ | */ | ||||
| public function convertToken(DefaultToken $defaultToken, string $token, $password): PublicKeyToken { | public function convertToken(DefaultToken $defaultToken, string $token, $password): PublicKeyToken { | ||||
| $this->cache->clear(); | |||||
| $pkToken = $this->newToken( | $pkToken = $this->newToken( | ||||
| $token, | $token, | ||||
| $defaultToken->getUID(), | $defaultToken->getUID(), | ||||
| } | } | ||||
| public function markPasswordInvalid(IToken $token, string $tokenId) { | public function markPasswordInvalid(IToken $token, string $tokenId) { | ||||
| $this->cache->clear(); | |||||
| if (!($token instanceof PublicKeyToken)) { | if (!($token instanceof PublicKeyToken)) { | ||||
| throw new InvalidTokenException(); | throw new InvalidTokenException(); | ||||
| } | } | ||||
| } | } | ||||
| public function updatePasswords(string $uid, string $password) { | public function updatePasswords(string $uid, string $password) { | ||||
| $this->cache->clear(); | |||||
| if (!$this->mapper->hasExpiredTokens($uid)) { | if (!$this->mapper->hasExpiredTokens($uid)) { | ||||
| // Nothing to do here | // Nothing to do here | ||||
| return; | return; |
Loading…