Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enable role and profile caching #2533

Merged
merged 7 commits into from
May 31, 2024
Merged

Enable role and profile caching #2533

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
37d61c7
feat(security): enable role and profile caching
fmauNeko May 21, 2024
508dc52
fix(objectrepository): handle cases where the cache reply is undefine…
fmauNeko May 27, 2024
e3b5099
chore(gitignore): add missing entries
fmauNeko May 27, 2024
571dccf
fix(profilerepository): fix repo implementation for redis cache
fmauNeko May 28, 2024
0ade581
test(profilerepository): remove extraneous tests
fmauNeko May 29, 2024
9cf9d69
fix(profilerepository): do not store optimized policies in cache
fmauNeko May 30, 2024
40985aa
Update test/core/security/profileRepository.test.js
fmauNeko May 31, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 5 additions & 1 deletion .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -125,6 +125,7 @@ lib/core/backend/backendSubscription.js
lib/core/backend/backendVault.js
lib/core/backend/index.js
lib/core/backend/internalLogger.js
lib/core/cache/cacheDbEnum.js
lib/core/debug/kuzzleDebugger.js
lib/core/plugin/pluginContext.js
lib/core/realtime/channel.js
Expand All @@ -135,10 +136,12 @@ lib/core/realtime/subscription.js
lib/core/security/profileRepository.js
lib/core/security/tokenRepository.js
lib/core/shared/KoncordeWrapper.js
lib/core/shared/repository.js
lib/core/shared/ObjectRepository.js
lib/core/shared/sdk/embeddedSdk.js
lib/core/shared/sdk/funnelProtocol.js
lib/core/shared/store.js
lib/core/storage/indexCache.js
lib/core/storage/storeScopeEnum.js
lib/kerror/errors/*.js
lib/kerror/errors/badRequestError.js
lib/kerror/errors/externalServiceError.js
Expand Down Expand Up @@ -208,6 +211,7 @@ lib/types/realtime/RoomList.js
lib/types/RequestPayload.js
lib/types/ResponsePayload.js
lib/types/RoleDefinition.js
lib/types/shared/StoreCollectionsDefinition.js
lib/types/StrategyDefinition.js
lib/types/Target.js
lib/types/Token.js
Expand Down
83 changes: 28 additions & 55 deletions lib/core/security/profileRepository.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,6 @@ import { JSONObject } from "kuzzle-sdk";
import { OptimizedPolicy, Policy } from "../../../index";
import * as kerror from "../../kerror";
import { Profile } from "../../model/security/profile";
import { cacheDbEnum } from "../cache/cacheDbEnum";
import { ObjectRepository } from "../shared/ObjectRepository";

/** @internal */
Expand Down Expand Up @@ -59,19 +58,14 @@ type UpdateOptions = {
*/
export class ProfileRepository extends ObjectRepository<Profile> {
private module: any;
private profiles: Map<string, Profile>;

/**
* @constructor
*/
constructor(securityModule) {
super({
cache: cacheDbEnum.NONE,
store: global.kuzzle.internalIndex,
});
super({ store: global.kuzzle.internalIndex });

this.module = securityModule;
this.profiles = new Map();

this.collection = "profiles";
this.ObjectConstructor = Profile;
Expand Down Expand Up @@ -129,7 +123,7 @@ export class ProfileRepository extends ObjectRepository<Profile> {
* @param {String} [id] - profile identifier
*/
global.kuzzle.onAsk("core:security:profile:invalidate", (id) =>
this.invalidate(id),
this.deleteFromCache(id),
);

/**
Expand Down Expand Up @@ -191,15 +185,29 @@ export class ProfileRepository extends ObjectRepository<Profile> {
* @returns {Promise.<Promise>}
* @throws {NotFoundError} If the corresponding profile doesn't exist
*/
async load(id: string): Promise<Profile> {
if (this.profiles.has(id)) {
return this.profiles.get(id);
}
override async load(
id: string,
options: { key?: string } = {},
): Promise<Profile> {
const profile = await this.loadFromCache(id, options);

if (profile === null) {
const profileFromDatabase = await this.loadOneFromDatabase(id);

if (profileFromDatabase !== null) {
await this.persistToCache(profileFromDatabase);

profileFromDatabase.optimizedPolicies = this.optimizePolicies(
profileFromDatabase.policies,
);
}

const profile = await super.load(id);
return profileFromDatabase;
}

profile.optimizedPolicies = this.optimizePolicies(profile.policies);
this.profiles.set(id, profile);

await this.refreshCacheTTL(profile);

return profile;
}
Expand Down Expand Up @@ -232,16 +240,7 @@ export class ProfileRepository extends ObjectRepository<Profile> {
}

for (const id of profileIds) {
let profile: Profile | Promise<Profile> = this.profiles.get(id);

if (!profile) {
profile = this.loadOneFromDatabase(id).then((p) => {
p.optimizedPolicies = this.optimizePolicies(p.policies);
this.profiles.set(id, p);
return p;
});
}

const profile: Profile | Promise<Profile> = this.load(id);
profiles.push(profile);
}

Expand Down Expand Up @@ -443,7 +442,7 @@ export class ProfileRepository extends ObjectRepository<Profile> {

await this.deleteFromDatabase(profile._id, { refresh });

this.profiles.delete(profile._id);
await this.deleteFromCache(profile._id);
}

/**
Expand Down Expand Up @@ -502,12 +501,12 @@ export class ProfileRepository extends ObjectRepository<Profile> {
});

const updatedProfile = await this.loadOneFromDatabase(profile._id);
await this.persistToCache(updatedProfile);

// Recompute optimized policies based on new policies
updatedProfile.optimizedPolicies = this.optimizePolicies(
updatedProfile.policies,
);

this.profiles.set(profile._id, updatedProfile);
return updatedProfile;
}

Expand Down Expand Up @@ -538,32 +537,6 @@ export class ProfileRepository extends ObjectRepository<Profile> {
return profile;
}

/**
* @override
*/
async truncate(opts: JSONObject) {
try {
await super.truncate(opts);
} finally {
// always clear the RAM cache: even if truncate fails in the middle of it,
// some of the cached profiles might not be valid anymore
this.invalidate();
}
}

/**
* Invalidate the cache entries for the given profile. If none is provided,
* the entire cache is emptied.
* @param {string} [profileId]
*/
invalidate(profileId?: string) {
if (!profileId) {
this.profiles.clear();
} else {
this.profiles.delete(profileId);
}
}

/**
* Optimize each policy to get a O(1) index access time
* and a O(log(n)) collection search time.
Expand Down Expand Up @@ -636,11 +609,11 @@ export class ProfileRepository extends ObjectRepository<Profile> {
// Otherwise we cannot stub them
// ============================================

async toDTO(dto: Profile): Promise<JSONObject> {
toDTO(dto: Profile): JSONObject {
return super.toDTO(dto);
}

async deleteFromDatabase(id: string, options: JSONObject) {
deleteFromDatabase(id: string, options: JSONObject) {
return super.deleteFromDatabase(id, options);
}

Expand Down
2 changes: 1 addition & 1 deletion lib/core/security/roleRepository.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,7 @@ class RoleRepository extends ObjectRepository {
*/
constructor(securityModule) {
super({
cache: cacheDbEnum.NONE,
cache: cacheDbEnum.INTERNAL,
store: global.kuzzle.internalIndex,
});

Expand Down
2 changes: 1 addition & 1 deletion lib/core/shared/ObjectRepository.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -138,7 +138,7 @@ export class ObjectRepository<TObject extends { _id: string }> {
try {
response = await global.kuzzle.ask(`core:cache:${this.cacheDb}:get`, key);

if (response === null) {
if (response === null || response === undefined) {
return null;
}

Expand Down
Loading
Loading