⚡ In memory auth context cache

.idea/workspace.xml

@@ -4,7 +4,20 @@
     <option name="autoReloadType" value="ALL" />
   </component>
   <component name="ChangeListManager">
-    <list default="true" id="3fefb2c4-b6f9-466b-a523-53352e8d6f95" name="更改" comment=":sparkles: Permission check" />
+    <list default="true" id="3fefb2c4-b6f9-466b-a523-53352e8d6f95" name="更改" comment=":sparkles: Permission check">
+      <change beforePath="$PROJECT_DIR$/.idea/workspace.xml" beforeDir="false" afterPath="$PROJECT_DIR$/.idea/workspace.xml" afterDir="false" />
+      <change beforePath="$PROJECT_DIR$/go.mod" beforeDir="false" afterPath="$PROJECT_DIR$/go.mod" afterDir="false" />
+      <change beforePath="$PROJECT_DIR$/go.sum" beforeDir="false" afterPath="$PROJECT_DIR$/go.sum" afterDir="false" />
+      <change beforePath="$PROJECT_DIR$/pkg/cmd/main.go" beforeDir="false" afterPath="$PROJECT_DIR$/pkg/cmd/main.go" afterDir="false" />
+      <change beforePath="$PROJECT_DIR$/pkg/database/source.go" beforeDir="false" afterPath="$PROJECT_DIR$/pkg/database/source.go" afterDir="false" />
+      <change beforePath="$PROJECT_DIR$/pkg/models/auth.go" beforeDir="false" afterPath="$PROJECT_DIR$/pkg/models/auth.go" afterDir="false" />
+      <change beforePath="$PROJECT_DIR$/pkg/server/accounts_api.go" beforeDir="false" afterPath="$PROJECT_DIR$/pkg/server/accounts_api.go" afterDir="false" />
+      <change beforePath="$PROJECT_DIR$/pkg/server/ui/personalize.go" beforeDir="false" afterPath="$PROJECT_DIR$/pkg/server/ui/personalize.go" afterDir="false" />
+      <change beforePath="$PROJECT_DIR$/pkg/services/accounts.go" beforeDir="false" afterPath="$PROJECT_DIR$/pkg/services/accounts.go" afterDir="false" />
+      <change beforePath="$PROJECT_DIR$/pkg/services/auth.go" beforeDir="false" afterPath="$PROJECT_DIR$/pkg/services/auth.go" afterDir="false" />
+      <change beforePath="$PROJECT_DIR$/pkg/services/ticker_maintainer.go" beforeDir="false" afterPath="$PROJECT_DIR$/pkg/services/ticker_maintainer.go" afterDir="false" />
+      <change beforePath="$PROJECT_DIR$/settings.toml" beforeDir="false" afterPath="$PROJECT_DIR$/settings.toml" afterDir="false" />
+    </list>
     <option name="SHOW_DIALOG" value="false" />
     <option name="HIGHLIGHT_CONFLICTS" value="true" />
     <option name="HIGHLIGHT_NON_ACTIVE_CHANGELIST" value="false" />

go.mod

@@ -9,15 +9,18 @@ require (
 	github.com/gofiber/fiber/v2 v2.52.4
 	github.com/gofiber/template/html/v2 v2.1.1
 	github.com/golang-jwt/jwt/v5 v5.2.0
+	github.com/gomarkdown/markdown v0.0.0-20240419095408-642f0ee99ae2
 	github.com/google/uuid v1.6.0
 	github.com/jordan-wright/email v4.0.1-0.20210109023952-943e75fe5223+incompatible
 	github.com/json-iterator/go v1.1.12
+	github.com/nicksnyder/go-i18n/v2 v2.4.0
 	github.com/robfig/cron/v3 v3.0.1
 	github.com/rs/zerolog v1.31.0
 	github.com/samber/lo v1.39.0
 	github.com/spf13/viper v1.18.1
-	go.etcd.io/bbolt v1.3.9
+	github.com/sujit-baniya/flash v0.1.8
 	golang.org/x/crypto v0.21.0
+	golang.org/x/text v0.14.0
 	google.golang.org/api v0.153.0
 	google.golang.org/grpc v1.59.0
 	google.golang.org/protobuf v1.31.0
@@ -45,7 +48,6 @@ require (
 	github.com/gofiber/utils v1.1.0 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/golang/protobuf v1.5.3 // indirect
-	github.com/gomarkdown/markdown v0.0.0-20240419095408-642f0ee99ae2 // indirect
 	github.com/google/s2a-go v0.1.7 // indirect
 	github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect
 	github.com/googleapis/gax-go/v2 v2.12.0 // indirect
@@ -65,7 +67,6 @@ require (
 	github.com/mitchellh/mapstructure v1.5.0 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
-	github.com/nicksnyder/go-i18n/v2 v2.4.0 // indirect
 	github.com/pelletier/go-toml/v2 v2.1.1 // indirect
 	github.com/philhofer/fwd v1.1.2 // indirect
 	github.com/rivo/uniseg v0.4.7 // indirect
@@ -77,7 +78,6 @@ require (
 	github.com/spf13/cast v1.6.0 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
 	github.com/subosito/gotenv v1.6.0 // indirect
-	github.com/sujit-baniya/flash v0.1.8 // indirect
 	github.com/tinylib/msgp v1.1.8 // indirect
 	github.com/valyala/bytebufferpool v1.0.0 // indirect
 	github.com/valyala/fasthttp v1.52.0 // indirect
@@ -89,7 +89,6 @@ require (
 	golang.org/x/oauth2 v0.15.0 // indirect
 	golang.org/x/sync v0.5.0 // indirect
 	golang.org/x/sys v0.19.0 // indirect
-	golang.org/x/text v0.14.0 // indirect
 	golang.org/x/time v0.5.0 // indirect
 	golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 // indirect
 	google.golang.org/appengine v1.6.7 // indirect

go.sum

@@ -16,6 +16,8 @@ cloud.google.com/go/storage v1.35.1/go.mod h1:M6M/3V/D3KpzMTJyPOR/HU6n2Si5QdaXYE
 firebase.google.com/go v3.13.0+incompatible h1:3TdYC3DDi6aHn20qoRkxwGqNgdjtblwVAyRLQwGn/+4=
 firebase.google.com/go v3.13.0+incompatible/go.mod h1:xlah6XbEyW6tbfSklcfe5FHJIwjt8toICdV5Wh9ptHs=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
+github.com/BurntSushi/toml v1.3.2 h1:o7IhLm0Msx3BaB+n3Ag7L8EVlByGnpq14C4YWiu/gL8=
+github.com/BurntSushi/toml v1.3.2/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
 github.com/andybalholm/brotli v1.0.4/go.mod h1:fO7iG3H7G2nSZ7m0zPUDn85XEX2GTukHGRSepvi9Eig=
 github.com/andybalholm/brotli v1.1.0 h1:eLKJA0d02Lf0mVpIDgYnqXcUn0GqVmEFny3VuID1U3M=
 github.com/andybalholm/brotli v1.1.0/go.mod h1:sms7XGricyQI9K10gOSf56VKKWS4oLer58Q+mhRPtnY=
@@ -129,8 +131,6 @@ github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnr
 github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
 github.com/klauspost/compress v1.15.0/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk=
 github.com/klauspost/compress v1.15.9/go.mod h1:PhcZ0MbTNciWF3rruxRgKxI5NkcHHrHUDtV4Yw2GlzU=
-github.com/klauspost/compress v1.17.7 h1:ehO88t2UGzQK66LMdE8tibEd1ErmzZjNEqWkjLAKQQg=
-github.com/klauspost/compress v1.17.7/go.mod h1:Di0epgTjJY877eYKx5yC51cX2A2Vl2ibi7bDH9ttBbw=
 github.com/klauspost/compress v1.17.8 h1:YcnTYrq7MikUT7k0Yb5eceMmALQPYBW/Xltxn0NAMnU=
 github.com/klauspost/compress v1.17.8/go.mod h1:Di0epgTjJY877eYKx5yC51cX2A2Vl2ibi7bDH9ttBbw=
 github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
@@ -224,8 +224,6 @@ github.com/valyala/fasthttp v1.52.0/go.mod h1:hf5C4QnVMkNXMspnsUlfM3WitlgYflyhHY
 github.com/valyala/tcplisten v1.0.0 h1:rBHj/Xf+E1tRGZyWIWwJDiRY0zc1Js+CV5DqwacVSA8=
 github.com/valyala/tcplisten v1.0.0/go.mod h1:T0xQ8SeCZGxckz9qRXTfG43PvQ/mcWh7FwZEA7Ioqkc=
 github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
-go.etcd.io/bbolt v1.3.9 h1:8x7aARPEXiXbHmtUwAIv7eV2fQFHrLLavdiJ3uzJXoI=
-go.etcd.io/bbolt v1.3.9/go.mod h1:zaO32+Ti0PK1ivdPtgMESzuzL2VPoIG1PCQNvOdo/dE=
 go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0=
 go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo=
 go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0=
@@ -284,8 +282,6 @@ golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4=
-golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.19.0 h1:q5f1RH2jigJ1MoAWp2KTp3gm5zAGFUTarQZ5U386+4o=
 golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
@@ -353,6 +349,8 @@ gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntN
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
 gopkg.in/ini.v1 v1.67.0 h1:Dgnx+6+nfE+IfzjUEISNeydPJh9AXNNsWbGP9KzCsOA=
 gopkg.in/ini.v1 v1.67.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
+gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
+gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=

pkg/cmd/main.go

@@ -44,9 +44,6 @@ func main() {
 	} else if err := database.RunMigration(database.C); err != nil {
 		log.Fatal().Err(err).Msg("An error occurred when running database auto migration.")
 	}
-	if err := database.NewBolt(); err != nil {
-		log.Fatal().Err(err).Msg("An error occurred when init bolt db.")
-	}
 
 	// External
 	// All the things are optional so when error occurred the server won't crash
@@ -70,8 +67,8 @@ func main() {
 	// Configure timed tasks
 	quartz := cron.New(cron.WithLogger(cron.VerbosePrintfLogger(&log.Logger)))
 	quartz.AddFunc("@every 60m", services.DoAutoSignoff)
-	quartz.AddFunc("@every 60m", services.DoAutoAuthCleanup)
 	quartz.AddFunc("@every 60m", services.DoAutoDatabaseCleanup)
+	quartz.AddFunc("@every 60s", services.RecycleAuthContext)
 	quartz.AddFunc("@every 5m", services.KexCleanup)
 	quartz.Start()
 
@@ -85,6 +82,4 @@ func main() {
 	log.Info().Msgf("Passport v%s is quitting...", pkg.AppVersion)
 
 	quartz.Stop()
-
-	database.B.Close()
 }

pkg/database/source.go

@@ -4,7 +4,6 @@ import (
 	"github.com/rs/zerolog/log"
 	"github.com/samber/lo"
 	"github.com/spf13/viper"
-	"go.etcd.io/bbolt"
 	"gorm.io/driver/postgres"
 	"gorm.io/gorm"
 	"gorm.io/gorm/logger"
@@ -27,14 +26,3 @@ func NewGorm() error {
 
 	return err
 }
-
-var B *bbolt.DB
-
-func NewBolt() error {
-	var err error
-
-	dsn := viper.GetString("database.bolt")
-	B, err = bbolt.Open(dsn, 0600, nil)
-
-	return err
-}

pkg/models/auth.go

@@ -60,5 +60,5 @@ func (v AuthTicket) IsAvailable() error {
 type AuthContext struct {
 	Ticket     AuthTicket `json:"ticket"`
 	Account    Account    `json:"account"`
-	ExpiredAt time.Time  `json:"expired_at"`
+	LastUsedAt time.Time  `json:"last_used_at"`
 }

pkg/server/accounts_api.go

@@ -108,6 +108,8 @@ func editUserinfo(c *fiber.Ctx) error {
 		return fiber.NewError(fiber.StatusInternalServerError, err.Error())
 	}
 
+	services.InvalidAuthCacheWithUser(account.ID)
+
 	return c.SendStatus(fiber.StatusOK)
 }
 

pkg/server/ui/personalize.go

@@ -4,6 +4,7 @@ import (
 	"fmt"
 	"git.solsynth.dev/hydrogen/passport/pkg/database"
 	"git.solsynth.dev/hydrogen/passport/pkg/models"
+	"git.solsynth.dev/hydrogen/passport/pkg/services"
 	"git.solsynth.dev/hydrogen/passport/pkg/utils"
 	"github.com/gofiber/fiber/v2"
 	"github.com/nicksnyder/go-i18n/v2/i18n"
@@ -92,6 +93,8 @@ func personalizeAction(c *fiber.Ctx) error {
 		}).Redirect("/users/me/personalize")
 	}
 
+	services.InvalidAuthCacheWithUser(account.ID)
+
 	return flash.WithInfo(c, fiber.Map{
 		"message": "your account has been personalized",
 	}).Redirect("/users/me")

pkg/services/accounts.go

@@ -116,6 +116,8 @@ func ConfirmAccount(code string) error {
 			return err
 		}
 
+		InvalidAuthCacheWithUser(user.ID)
+
 		return nil
 	})
 }

pkg/services/auth.go

@@ -4,15 +4,12 @@ import (
 	"fmt"
 	"time"
 
-	"git.solsynth.dev/hydrogen/passport/pkg/database"
 	"git.solsynth.dev/hydrogen/passport/pkg/models"
 	"github.com/gofiber/fiber/v2"
-	jsoniter "github.com/json-iterator/go"
 	"github.com/rs/zerolog/log"
-	"go.etcd.io/bbolt"
 )
 
-const authContextBucket = "AuthContext"
+var authContextCache = make(map[string]models.AuthContext)
 
 func Authenticate(access, refresh string, depth int) (user models.Account, perms map[string]any, newAccess, newRefresh string, err error) {
 	var claims PayloadClaims
@@ -44,7 +41,7 @@ func Authenticate(access, refresh string, depth int) (user models.Account, perms
 
 	ctx, err = GrantAuthContext(claims.ID)
 	if err == nil {
-		log.Debug().Str("jti", claims.ID).Err(lookupErr).Msg("Missed auth context cache once!")
+
 		perms = FilterPermNodes(ctx.Account.PermNodes, ctx.Ticket.Claims)
 		user = ctx.Account
 		return
@@ -58,26 +55,14 @@ func GetAuthContext(jti string) (models.AuthContext, error) {
 	var err error
 	var ctx models.AuthContext
 
-	err = database.B.View(func(tx *bbolt.Tx) error {
+	if val, ok := authContextCache[jti]; ok {
-		bucket := tx.Bucket([]byte(authContextBucket))
+		ctx = val
-		if bucket == nil {
+		ctx.LastUsedAt = time.Now()
-			return fmt.Errorf("unable to find auth context bucket")
+		authContextCache[jti] = ctx
-		}
+		log.Debug().Str("jti", jti).Msg("Used an auth context cache")
-
+	} else {
-		raw := bucket.Get([]byte(jti))
+		ctx, err = GrantAuthContext(jti)
-		if raw == nil {
+		log.Debug().Str("jti", jti).Msg("Created a new auth context cache")
-			return fmt.Errorf("unable to find auth context")
-		} else if err := jsoniter.Unmarshal(raw, &ctx); err != nil {
-			return fmt.Errorf("unable to unmarshal auth context: %v", err)
-		}
-
-		return nil
-	})
-
-	if err == nil && time.Now().Unix() >= ctx.ExpiredAt.Unix() {
-		_ = RevokeAuthContext(jti)
-
-		return ctx, fmt.Errorf("auth context has been expired")
 	}
 
 	return ctx, err
@@ -99,37 +84,37 @@ func GrantAuthContext(jti string) (models.AuthContext, error) {
 		return ctx, fmt.Errorf("invalid account: %v", err)
 	}
 
-	// Every context should expire in some while
-	// Once user update their account info, this will have delay to update
 	ctx = models.AuthContext{
 		Ticket:     ticket,
 		Account:    user,
-		ExpiredAt: time.Now().Add(5 * time.Minute),
+		LastUsedAt: time.Now(),
 	}
 
-	// Save data into KV cache
+	// Put the data into memory for cache
-	return ctx, database.B.Update(func(tx *bbolt.Tx) error {
+	authContextCache[jti] = ctx
-		bucket, err := tx.CreateBucketIfNotExists([]byte(authContextBucket))
+
-		if err != nil {
+	return ctx, nil
-			return err
 }
 
-		raw, err := jsoniter.Marshal(ctx)
+func RecycleAuthContext() {
-		if err != nil {
+	if len(authContextCache) == 0 {
-			return err
+		return
 	}
 
-		return bucket.Put([]byte(jti), raw)
+	affected := 0
-	})
+	for key, val := range authContextCache {
+		if val.LastUsedAt.Add(60*time.Second).Unix() < time.Now().Unix() {
+			affected++
+			delete(authContextCache, key)
+		}
+	}
+	log.Debug().Int("affected", affected).Msg("Recycled auth context...")
 }
 
-func RevokeAuthContext(jti string) error {
+func InvalidAuthCacheWithUser(userId uint) {
-	return database.B.Update(func(tx *bbolt.Tx) error {
+	for key, val := range authContextCache {
-		bucket, err := tx.CreateBucketIfNotExists([]byte(authContextBucket))
+		if val.Account.ID == userId {
-		if err != nil {
+			delete(authContextCache, key)
-			return err
+		}
 	}
-
-		return bucket.Delete([]byte(jti))
-	})
 }

pkg/services/ticker_maintainer.go

@@ -3,10 +3,8 @@ package services
 import (
 	"git.solsynth.dev/hydrogen/passport/pkg/database"
 	"git.solsynth.dev/hydrogen/passport/pkg/models"
-	jsoniter "github.com/json-iterator/go"
 	"github.com/rs/zerolog/log"
 	"github.com/spf13/viper"
-	"go.etcd.io/bbolt"
 	"time"
 )
 
@@ -24,36 +22,3 @@ func DoAutoSignoff() {
 		log.Debug().Int64("affected", tx.RowsAffected).Msg("Auto sign off accomplished.")
 	}
 }
-
-func DoAutoAuthCleanup() {
-	log.Debug().Msg("Now cleaning up cached auth context...")
-
-	count := 0
-	err := database.B.Batch(func(tx *bbolt.Tx) error {
-		bucket := tx.Bucket([]byte(authContextBucket))
-		if bucket == nil {
-			return nil
-		}
-
-		cursor := bucket.Cursor()
-
-		var ctx models.AuthContext
-		for key, val := cursor.First(); key != nil; key, val = cursor.Next() {
-			if err := jsoniter.Unmarshal(val, &ctx); err != nil {
-				bucket.Delete(key)
-				count++
-			} else if time.Now().Unix() >= ctx.ExpiredAt.Unix() {
-				bucket.Delete(key)
-				count++
-			}
-		}
-
-		return nil
-	})
-
-	if err != nil {
-		log.Error().Err(err).Msg("An error occurred when running auth context cleanup...")
-	} else {
-		log.Debug().Int("affected", count).Msg("Clean up auth context accomplished.")
-	}
-}

settings.toml

@@ -34,7 +34,6 @@ refresh_token_duration = 2592000
 [database]
 dsn = "host=localhost dbname=hy_passport port=5432 sslmode=disable"
 prefix = "passport_"
-bolt = "uploads/bolt.db"
 
 [permissions.default]
 CreatePaperclipAttachments = 1048576