Merge pull request #71 from srinandan/master

use shared mem for api keys
apigee · Jan 6, 2018 · 906ed85 · 906ed85
2 parents 4c61aab + 9776cd9
commit 906ed85
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 31 deletions.
diff --git a/monitor/index.js b/monitor/index.js
@@ -6,7 +6,6 @@
 var debug = require('debug')('plugin:monitor');
 var cache = require('memored');
 const lynx = require('lynx');
-const os = require('os');
 
 module.exports.init = function(config, logger, stats) {
 
@@ -16,8 +15,6 @@ module.exports.init = function(config, logger, stats) {
 
     key = key + "." + os.hostname();
     debug('grafana: ' + host + ':' + port);
-
-    const numcpus = os.cpus().length;
 
     const client = new lynx(host, port);
 

diff --git a/oauth/index.js b/oauth/index.js
@@ -5,6 +5,7 @@ var url = require('url');
 var rs = require('jsrsasign');
 var fs = require('fs');
 var path = require('path');
+var cache = require('memored');
 var JWS = rs.jws.JWS;
 var requestLib = require('request');
 var _ = require('lodash');
@@ -25,7 +26,6 @@ var cacheKey = false;
 
 module.exports.init = function(config, logger, stats) {
 
-    var apiKeyCache = {};
     var request = config.request ? requestLib.defaults(config.request) : requestLib;
     var keys = config.jwk_keys ? JSON.parse(config.jwk_keys) : null;
 
@@ -105,21 +105,31 @@ module.exports.init = function(config, logger, stats) {
     var exchangeApiKeyForToken = function(req, res, next, config, logger, stats, middleware, apiKey) {
         var cacheControl = req.headers['cache-control'];
         if (cacheKey || (!cacheControl || (cacheControl && cacheControl.indexOf('no-cache') < 0))) { // caching is allowed
-            var token = apiKeyCache[apiKey];
-            if (token) {
-                if (Date.now() / 1000 < token.exp) { // not expired yet (token expiration is in seconds)
-                    debug('api key cache hit', apiKey);
-                    return authorize(req, res, next, logger, stats, token);
+            cache.read(apiKey, function(err, value) {
+                if (value) {
+                    if (Date.now() / 1000 < value.exp) { // not expired yet (token expiration is in seconds)
+                        debug('api key cache hit', apiKey);
+                        return authorize(req, res, next, logger, stats, value);
+                    } else {
+                        cache.remove(apiKey);
+                        debug('api key cache expired', apiKey);
+                        requestApiKeyJWT(req, res, next, config, logger, stats, middleware, apiKey);
+                    }
                 } else {
-                    delete apiKeyCache[apiKey];
-                    debug('api key cache expired', apiKey);
+                    debug('api key cache miss', apiKey);
+                    requestApiKeyJWT(req, res, next, config, logger, stats, middleware, apiKey);
                 }
-            } else {
-                debug('api key cache miss', apiKey);
-            }
+            });
+        } else {
+            requestApiKeyJWT(req, res, next, config, logger, stats, middleware, apiKey);
         }
 
+    }
+
+    function requestApiKeyJWT(req, res, next, config, logger, stats, middleware, apiKey) {
+
         if (!config.verify_api_key_url) return sendError(req, res, next, logger, stats, 'invalid_request', 'API Key Verification URL not configured');
+
         var api_key_options = {
             url: config.verify_api_key_url,
             method: 'POST',
@@ -130,6 +140,7 @@ module.exports.init = function(config, logger, stats) {
                 'x-dna-api-key': apiKey
             }
         };
+
         if (config.agentOptions) {
             if (config.agentOptions.requestCert) {
                 api_key_options.requestCert = true;
@@ -152,7 +163,7 @@ module.exports.init = function(config, logger, stats) {
                 if (config.agentOptions.passphrase) api_key_options.passphrase = config.agentOptions.passphrase;
             }
         }
-        debug(api_key_options);
+        //debug(api_key_options);
         request(api_key_options, function(err, response, body) {
             if (err) {
                 debug('verify apikey gateway timeout');
@@ -201,21 +212,7 @@ module.exports.init = function(config, logger, stats) {
 
         onrequest: function(req, res, next) {
             middleware(req, res, next);
-        },
-
-        api_key_cache_size: function() {
-            return Object.keys(apiKeyCache).length;
-        },
-
-        api_key_cache_clear: function() {
-            var deleted = 0;
-            Object.keys(apiKeyCache).forEach(function(key) {
-                delete apiKeyCache[key];
-                deleted++;
-            });
-            return deleted;
         }
-
     };
 
     function authorize(req, res, next, logger, stats, decodedToken, apiKey) {
@@ -230,13 +227,13 @@ module.exports.init = function(config, logger, stats) {
                 if (cacheKey || (!cacheControl || (cacheControl && cacheControl.indexOf('no-cache') < 0))) { // caching is allowed
                     // default to now (in seconds) + 30m if not set
                     decodedToken.exp = decodedToken.exp || +(((Date.now() / 1000) + 1800).toFixed(0));
-                    apiKeyCache[apiKey] = decodedToken;
+                    //apiKeyCache[apiKey] = decodedToken;
+                    cache.store(apiKey, decodedToken);
                     debug('api key cache store', apiKey);
                 } else {
                     debug('api key cache skip', apiKey);
                 }
             }
-
             next();
         } else {
             return sendError(req, res, next, logger, stats, 'access_denied');