From 11ee71a51c1085f8372729fd00530c41ebc980c4 Mon Sep 17 00:00:00 2001 From: Aaron van Meerten Date: Fri, 7 Aug 2020 11:51:44 -0500 Subject: [PATCH] FEAT: jwt pubkey cache inside object Allows each module that does token validation to have its own cache --- resources/prosody-plugins/token/util.lib.lua | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/resources/prosody-plugins/token/util.lib.lua b/resources/prosody-plugins/token/util.lib.lua index 4c53df85b..cfb188b2a 100644 --- a/resources/prosody-plugins/token/util.lib.lua +++ b/resources/prosody-plugins/token/util.lib.lua @@ -19,7 +19,6 @@ local http_headers = { -- TODO: Figure out a less arbitrary default cache size. local cacheSize = module:get_option_number("jwt_pubkey_cache_size", 128); -local cache = require"util.cache".new(cacheSize); local Util = {} Util.__index = Util @@ -38,6 +37,8 @@ function Util.new(module) self.asapKeyServer = module:get_option_string("asap_key_server"); self.allowEmptyToken = module:get_option_boolean("allow_empty_token"); + self.cache = require"util.cache".new(cacheSize); + --[[ Multidomain can be supported in some deployments. In these deployments there is a virtual conference muc, which address contains the subdomain @@ -108,7 +109,7 @@ end -- @param keyId the key ID to request -- @return the public key (the content of requested resource) or nil function Util:get_public_key(keyId) - local content = cache:get(keyId); + local content = self.cache:get(keyId); if content == nil then -- If the key is not found in the cache. module:log("debug", "Cache miss for key: "..keyId); @@ -117,7 +118,10 @@ function Util:get_public_key(keyId) local function cb(content_, code_, response_, request_) content, code = content_, code_; if code == 200 or code == 204 then - cache:set(keyId, content); + self.cache:set(keyId, content); + else + module:log("warn", "Error on public key request: Code %s, Content %s", + code_, content_); end done(); end @@ -138,7 +142,9 @@ function Util:get_public_key(keyId) -- TODO: This check is racey. Not likely to be a problem, but we should -- still stick a mutex on content / code at some point. if code == nil then - http.destroy_request(request); + -- no longer works in prosody 0.11 + -- @TODO: work with prosody devs to determine better timeout mechanism for timing out active http requests + -- http.destroy_request(request); done(); end end