Merge branch 'master' into dependabot/gradle/all-deps-da665e90de

nais · Sep 25, 2023 · cad29b0 · cad29b0
2 parents 0b0fc23 + 8ee2af6
commit cad29b0
Show file tree

Hide file tree

Showing 3 changed files with 26 additions and 4 deletions.
diff --git a/src/main/kotlin/io/nais/security/oauth2/TokenExchangeApp.kt b/src/main/kotlin/io/nais/security/oauth2/TokenExchangeApp.kt
@@ -7,6 +7,7 @@ import com.nimbusds.oauth2.sdk.ErrorObject
 import com.nimbusds.oauth2.sdk.OAuth2Error
 import io.ktor.client.HttpClient
 import io.ktor.client.engine.cio.CIO
+import io.ktor.client.plugins.HttpRequestRetry
 import io.ktor.http.HttpHeaders
 import io.ktor.http.HttpStatusCode
 import io.ktor.serialization.jackson.jackson
@@ -57,9 +58,11 @@ import org.slf4j.event.Level
 import java.util.UUID
 import java.util.concurrent.TimeUnit.SECONDS
 import kotlin.system.exitProcess
+import io.ktor.client.plugins.contentnegotiation.ContentNegotiation as ClientContentNegotiation
 
 private val log = KotlinLogging.logger { }
 
+const val httpClientMaxRetries = 10
 const val shutdownGracePeriod = 10L
 const val shutdownMaxWait = 20L
 
@@ -141,12 +144,15 @@ fun Application.tokenExchangeApp(config: AppConfiguration, routing: ApiRouting)
                     val includeErrorDetails = isNonProd()
                     call.respondWithError(cause, includeErrorDetails)
                 }
+
                 is BadRequestException -> {
                     call.respond(HttpStatusCode.BadRequest, "invalid request content")
                 }
+
                 is JsonProcessingException -> {
                     call.respond(HttpStatusCode.BadRequest, "invalid request content")
                 }
+
                 else -> {
                     call.respond(HttpStatusCode.InternalServerError, "unknown internal server error")
                 }
@@ -195,10 +201,23 @@ private fun ErrorObject.toGeneric(): ErrorObject =
     )
 
 internal val defaultHttpClient = HttpClient(CIO) {
-    install(io.ktor.client.plugins.contentnegotiation.ContentNegotiation) {
+    install(ClientContentNegotiation) {
         jackson() {
             setSerializationInclusion(NON_NULL)
             configure(FAIL_ON_UNKNOWN_PROPERTIES, false)
         }
     }
 }
+
+internal val retryingHttpClient = HttpClient(CIO) {
+    install(ClientContentNegotiation) {
+        jackson() {
+            setSerializationInclusion(NON_NULL)
+            configure(FAIL_ON_UNKNOWN_PROPERTIES, false)
+        }
+    }
+    install(HttpRequestRetry) {
+        retryOnExceptionOrServerErrors(maxRetries = httpClientMaxRetries)
+        exponentialDelay()
+    }
+}
diff --git a/src/main/kotlin/io/nais/security/oauth2/config/AppConfiguration.kt b/src/main/kotlin/io/nais/security/oauth2/config/AppConfiguration.kt
@@ -13,7 +13,6 @@ import io.nais.security.oauth2.authentication.BearerTokenAuth
 import io.nais.security.oauth2.config.JwkCache.BUCKET_SIZE
 import io.nais.security.oauth2.config.JwkCache.CACHE_SIZE
 import io.nais.security.oauth2.config.JwkCache.EXPIRES_IN
-import io.nais.security.oauth2.defaultHttpClient
 import io.nais.security.oauth2.health.DatabaseHealthCheck
 import io.nais.security.oauth2.health.HealthCheck
 import io.nais.security.oauth2.keystore.RotatingKeyStore
@@ -23,6 +22,7 @@ import io.nais.security.oauth2.model.ClaimMappings
 import io.nais.security.oauth2.model.WellKnown
 import io.nais.security.oauth2.registration.ClientRegistry
 import io.nais.security.oauth2.registration.ClientRegistryPostgres
+import io.nais.security.oauth2.retryingHttpClient
 import io.nais.security.oauth2.token.TokenIssuer
 import kotlinx.coroutines.runBlocking
 import mu.KotlinLogging
@@ -85,7 +85,7 @@ class AuthProvider(
         fun fromWellKnown(wellKnownUrl: String): AuthProvider {
             val wellKnown: WellKnown = runBlocking {
                 log.info("getting OpenID Connect server metadata from well-known url=$wellKnownUrl")
-                defaultHttpClient.get(wellKnownUrl).body()
+                retryingHttpClient.get(wellKnownUrl).body()
             }
             val jwk = JwkProviderBuilder(URL(wellKnown.jwksUri))
                 .cached(CACHE_SIZE, EXPIRES_IN, TimeUnit.HOURS)
@@ -130,7 +130,7 @@ class AuthorizationServerProperties(
 class SubjectTokenIssuer(private val wellKnownUrl: String, val subjectTokenClaimMappings: ClaimMappings = emptyMap()) {
     val wellKnown: WellKnown = runBlocking {
         log.info("getting OAuth2 server metadata from well-known url=$wellKnownUrl")
-        defaultHttpClient.get(wellKnownUrl).body()
+        retryingHttpClient.get(wellKnownUrl).body()
     }
     val issuer = wellKnown.issuer
     val cacheProperties = CacheProperties(

diff --git a/src/main/kotlin/io/nais/security/oauth2/config/DatabaseConfig.kt b/src/main/kotlin/io/nais/security/oauth2/config/DatabaseConfig.kt
@@ -4,6 +4,7 @@ import com.zaxxer.hikari.HikariConfig
 import com.zaxxer.hikari.HikariDataSource
 import io.nais.security.oauth2.config.HikariProperties.CONNECTION_TIMEOUT
 import io.nais.security.oauth2.config.HikariProperties.IDLE_TIMEOUT
+import io.nais.security.oauth2.config.HikariProperties.INITIALIZATION_FAIL_TIMEOUT
 import io.nais.security.oauth2.config.HikariProperties.MAX_LIFETIME
 import io.nais.security.oauth2.config.HikariProperties.MAX_POOL_SIZE
 import io.nais.security.oauth2.config.HikariProperties.MIN_IDLE_CONNECTIONS
@@ -36,6 +37,7 @@ private fun hikariConfig(databaseConfig: DatabaseConfig) =
         maxLifetime = MAX_LIFETIME
         username = databaseConfig.user
         password = databaseConfig.password
+        initializationFailTimeout = INITIALIZATION_FAIL_TIMEOUT
     }
 
 object HikariProperties {
@@ -44,4 +46,5 @@ object HikariProperties {
     const val MAX_LIFETIME = 30001L
     const val MAX_POOL_SIZE = 10
     const val MIN_IDLE_CONNECTIONS = 5
+    const val INITIALIZATION_FAIL_TIMEOUT = 10000L
 }