remove accounts cache from basic auth middleware

move cache to ocis-pkg add password validation cache to accounts service
2026-05-03 04:52:22 +02:00 · 2020-11-26 13:52:24 +01:00
parent e72328d738
commit 11ba46eb88
6 changed files with 35 additions and 49 deletions
--- a/proxy/pkg/middleware/basic_auth.go
+++ b/proxy/pkg/middleware/basic_auth.go
@@ -1,13 +1,10 @@
 package middleware

 import (
-	"crypto/sha1"
 	"fmt"
-	"github.com/owncloud/ocis/proxy/pkg/cache"
 	"net/http"
 	"strings"
 	"sync"
-	"time"

 	accounts "github.com/owncloud/ocis/accounts/pkg/proto/v0"
 	"github.com/owncloud/ocis/ocis-pkg/log"
@@ -21,7 +18,7 @@ func BasicAuth(optionSetters ...Option) func(next http.Handler) http.Handler {
 	options := newOptions(optionSetters...)
 	logger := options.Logger
 	oidcIss := options.OIDCIss
-	accountsCache := cache.NewCache(cache.Size(5000))
+
 	if options.EnableBasicAuth {
 		options.Logger.Warn().Msg("basic auth enabled, use only for testing or development")
 	}
@@ -30,7 +27,6 @@ func BasicAuth(optionSetters ...Option) func(next http.Handler) http.Handler {
 		logger:         logger,
 		enabled:        options.EnableBasicAuth,
 		accountsClient: options.AccountsClient,
-		accountsCache:  &accountsCache,
 	}

 	return func(next http.Handler) http.Handler {
@@ -63,7 +59,6 @@ type basicAuth struct {
 	logger         log.Logger
 	enabled        bool
 	accountsClient accounts.AccountsService
-	accountsCache  *cache.Cache
 	m              sync.Mutex
 }

@@ -80,38 +75,17 @@ func (m *basicAuth) isBasicAuth(req *http.Request) bool {
 }

 func (m *basicAuth) getAccount(req *http.Request) (*accounts.Account, bool) {
-	var ok bool
-	var hit *cache.Entry
-
 	login, password, _ := req.BasicAuth()

-	h := sha1.New()
-	h.Write([]byte(login))
+	account, status := getAccount(
+		m.logger,
+		m.accountsClient,
+		fmt.Sprintf(
+			"login eq '%s' and password eq '%s'",
+			strings.ReplaceAll(login, "'", "''"),
+			strings.ReplaceAll(password, "'", "''"),
+		),
+	)

-	lookup := fmt.Sprintf("%x", h.Sum([]byte(password)))
-
-	m.m.Lock()
-	defer m.m.Unlock()
-
-	if hit = m.accountsCache.Get(lookup); hit == nil {
-		account, status := getAccount(
-			m.logger,
-			m.accountsClient,
-			fmt.Sprintf(
-				"login eq '%s' and password eq '%s'",
-				strings.ReplaceAll(login, "'", "''"),
-				strings.ReplaceAll(password, "'", "''"),
-			),
-		)
-
-		if ok = status == 0; ok {
-			m.accountsCache.Set(lookup, account, time.Now().Add(10*time.Minute))
-		}
-
-		return account, ok
-	}
-
-	account, ok := hit.V.(*accounts.Account)
-
-	return account, ok
+	return account, status == 0
 }