[patch] Fix cache bug (#75)

* Fix cache bug * Fix cache bug * Add const * Fix test
yahoojapan · Aug 21, 2020 · 4588db3 · 4588db3
1 parent 908920f
commit 4588db3
Show file tree

Hide file tree

Showing 3 changed files with 295 additions and 31 deletions.
diff --git a/authorizerd.go b/authorizerd.go
@@ -109,7 +109,8 @@ type authority struct {
 type mode uint8
 
 const (
-	roleToken mode = iota
+	cacheKeyDelimiter      = ':'
+	roleToken         mode = iota
 	accessToken
 )
 
@@ -354,21 +355,30 @@ func (a *authority) AuthorizeAccessToken(ctx context.Context, tok, act, res stri
 }
 
 func (a *authority) authorize(ctx context.Context, m mode, tok, act, res string, cert *x509.Certificate) (Principal, error) {
-	var key string
+	var key strings.Builder
+	key.WriteString(tok)
+
+	if cert != nil {
+		key.WriteRune(cacheKeyDelimiter)
+		key.WriteString(cert.Issuer.CommonName)
+		key.WriteRune(cacheKeyDelimiter)
+		key.WriteString(cert.Subject.CommonName)
+	}
 
-	if a.disablePolicyd {
-		key = tok
-	} else {
+	if !a.disablePolicyd {
 		if act == "" || res == "" {
 			return nil, errors.Wrap(ErrInvalidParameters, "empty action / resource")
 		}
-		key = tok + act + res
+		key.WriteRune(cacheKeyDelimiter)
+		key.WriteString(act)
+		key.WriteRune(cacheKeyDelimiter)
+		key.WriteString(res)
 	}
 
 	// check if exists in verification success cache
-	cached, ok := a.cache.Get(key)
+	cached, ok := a.cache.Get(key.String())
 	if ok {
-		glg.Debugf("use cached result. tok: %s, key: %s", tok, key)
+		glg.Debugf("use cached result. tok: %s, key: %s", tok, key.String())
 		return cached.(Principal), nil
 	}
 
@@ -421,7 +431,7 @@ func (a *authority) authorize(ctx context.Context, m mode, tok, act, res string,
 		}
 	}
 	glg.Debugf("set token result. tok: %s, act: %s, res: %s", tok, act, res)
-	a.cache.SetWithExpire(key, p, a.cacheExp)
+	a.cache.SetWithExpire(key.String(), p, a.cacheExp)
 	return p, nil
 }
 

diff --git a/authorizerd_mock_test.go b/authorizerd_mock_test.go
@@ -116,11 +116,11 @@ func (rpm *RoleProcessorMock) ParseAndValidateRoleToken(tok string) (*role.Token
 type AccessProcessorMock struct {
 	access.Processor
 	wantErr error
-	act     *access.OAuth2AccessTokenClaim
+	atc     *access.OAuth2AccessTokenClaim
 }
 
 func (apm *AccessProcessorMock) ParseAndValidateOAuth2AccessToken(cred string, cert *x509.Certificate) (*access.OAuth2AccessTokenClaim, error) {
-	return apm.act, apm.wantErr
+	return apm.atc, apm.wantErr
 }
 
 type JwkdMock struct {