Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: LRU cache key #504

Merged
merged 7 commits into from
Nov 20, 2024
Merged

feat: LRU cache key #504

Show file tree
Hide file tree
Changes from 3 commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
aa23c18
feat: token hasher option
ilteoood Nov 12, 2024
3895f0d
chore: verifier
ilteoood Nov 12, 2024
2aae9c6
chore: renamed parameter
ilteoood Nov 13, 2024
4da7e7a
Update README.md
ilteoood Nov 14, 2024
d3acb86
chore: performance of cacheKeyBuilder
ilteoood Nov 20, 2024
6deb458
Merge remote-tracking branch 'origin/master' into feat/lru-cache-key
ilteoood Nov 20, 2024
5bcfb61
Merge remote-tracking branch 'origin/master' into feat/lru-cache-key
ilteoood Nov 20, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -176,6 +176,8 @@ Create a verifier function by calling `createVerifier` and providing one or more

- `clockTolerance`: Timespan in milliseconds is the tolerance to apply to the current timestamp when performing time comparisons. Default is `0`.

- `cacheKeyBuilder`: The function that will be used to create the [cache's key](#caching). To avoid sensitive informations leaking, by default is used [the hashToken function](./src/utils.js).
ilteoood marked this conversation as resolved.
Show resolved Hide resolved

The verifier is a function which accepts a token (as Buffer or string) and returns the payload or the sections of the token.

If the `key` option is a function, the signer will also accept a Node style callback and will return a promise, supporting therefore both callback and async/await styles.
Expand Down
23 changes: 14 additions & 9 deletions src/verifier.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -80,7 +80,8 @@ function cacheSet(
maxAge,
clockTimestamp,
clockTolerance,
errorCacheTTL
errorCacheTTL,
cacheKeyBuilder
},
value
) {
Expand All @@ -93,7 +94,7 @@ function cacheSet(
if (value instanceof TokenError) {
const ttl = typeof errorCacheTTL === 'function' ? errorCacheTTL(value) : errorCacheTTL
cacheValue[2] = (clockTimestamp || Date.now()) + clockTolerance + ttl
cache.set(hashToken(token), cacheValue)
cache.set(cacheKeyBuilder(token), cacheValue)
return value
}

Expand All @@ -116,7 +117,7 @@ function cacheSet(
const maxTTL = (clockTimestamp || Date.now()) + clockTolerance + cacheTTL
cacheValue[2] = cacheValue[2] === 0 ? maxTTL : Math.min(cacheValue[2], maxTTL)

cache.set(hashToken(token), cacheValue)
cache.set(cacheKeyBuilder(token), cacheValue)

return value
}
Expand Down Expand Up @@ -258,7 +259,8 @@ function verify(
decode,
cache,
requiredClaims,
errorCacheTTL
errorCacheTTL,
cacheKeyBuilder
},
token,
cb
Expand All @@ -275,12 +277,13 @@ function verify(
ignoreNotBefore,
maxAge,
clockTimestamp,
clockTolerance
clockTolerance,
cacheKeyBuilder
}

// Check the cache
if (cache) {
const [value, min, max] = cache.get(hashToken(token)) || [undefined, 0, 0]
const [value, min, max] = cache.get(cacheKeyBuilder(token)) || [undefined, 0, 0]
const now = clockTimestamp || Date.now()

// Validate time range
Expand Down Expand Up @@ -392,8 +395,9 @@ module.exports = function createVerifier(options) {
allowedIss,
allowedSub,
allowedNonce,
requiredClaims
} = { cacheTTL: 600000, clockTolerance: 0, errorCacheTTL: -1, ...options }
requiredClaims,
cacheKeyBuilder
} = { cacheTTL: 600000, clockTolerance: 0, errorCacheTTL: -1, cacheKeyBuilder: hashToken, ...options }

// Validate options
if (!Array.isArray(allowedAlgorithms)) {
Expand Down Expand Up @@ -516,7 +520,8 @@ module.exports = function createVerifier(options) {
validators,
decode: createDecoder({ complete: true }),
cache: createCache(cacheSize),
requiredClaims
requiredClaims,
cacheKeyBuilder
}

// Return the verifier
Expand Down
21 changes: 21 additions & 0 deletions test/verifier.spec.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1021,6 +1021,27 @@ test('caching - sync', t => {
t.assert.ok(verifier.cache.get(hashToken(invalidToken))[0] instanceof TokenError)
})

test('caching - sync - custom cacheKeyBuilder', t => {
const token = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhIjoxfQ.57TF7smP9XDhIexBqPC-F1toZReYZLWb_YRU5tv0sxM'
const invalidToken = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhIjoxfQ.aaa'

const verifier = createVerifier({ key: 'secret', cache: true, cacheKeyBuilder: (id) => id })

t.assert.equal(verifier.cache.size, 0)
t.assert.deepStrictEqual(verifier(token), { a: 1 })
t.assert.equal(verifier.cache.size, 1)
t.assert.deepStrictEqual(verifier(token), { a: 1 })
t.assert.equal(verifier.cache.size, 1)

t.assert.throws(() => verifier(invalidToken), { message: 'The token signature is invalid.' })
t.assert.equal(verifier.cache.size, 2)
t.assert.throws(() => verifier(invalidToken), { message: 'The token signature is invalid.' })
t.assert.equal(verifier.cache.size, 2)

t.assert.deepStrictEqual(verifier.cache.get(token)[0], { a: 1 })
t.assert.ok(verifier.cache.get(invalidToken)[0] instanceof TokenError)
})

test('caching - async', async t => {
const token = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhIjoxfQ.57TF7smP9XDhIexBqPC-F1toZReYZLWb_YRU5tv0sxM'
const invalidToken = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhIjoxfQ.aaa'
Expand Down
Loading