Skip to content

Commit

Permalink
Use sha256 and make token cache global
Browse files Browse the repository at this point in the history
  • Loading branch information
ishank011 committed Sep 20, 2021
1 parent 154fd3b commit 00345c7
Show file tree
Hide file tree
Showing 2 changed files with 15 additions and 15 deletions.
4 changes: 2 additions & 2 deletions changelog/unreleased/jwt-token-hash.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ We encode the complete CS3APIs user object along with the scopes the user has
access to in the JWT token. In case the list of scopes is long or the user
belongs to a lot of groups, the token size got pretty big previously, and for
use-cases where we needed to pass it as a URI parameter, led to server limits
on the size of the URI being hit. Now we cache the token return its hash, which
makes the size of the token constant.
on the size of the URI being hit. Now we cache the token and return its hash,
which makes its size constant.

https://github.com/cs3org/reva/pull/1935
26 changes: 13 additions & 13 deletions pkg/token/manager/jwt/jwt.go
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,8 @@ package jwt

import (
"context"
"crypto/sha1"
"crypto/sha256"
"encoding/hex"
"time"

"github.com/bluele/gcache"
Expand All @@ -37,6 +38,8 @@ import (

const defaultExpiration int64 = 86400 // 1 day

var tokenCache = gcache.New(1000000).LFU().Build()

func init() {
registry.Register("jwt", New)
}
Expand All @@ -47,8 +50,7 @@ type config struct {
}

type manager struct {
conf *config
tokenCache gcache.Cache
conf *config
}

// claims are custom claims for the JWT token.
Expand Down Expand Up @@ -84,11 +86,7 @@ func New(value map[string]interface{}) (token.Manager, error) {
return nil, errors.New("jwt: secret for signing payloads is not defined in config")
}

m := &manager{
conf: c,
tokenCache: gcache.New(1000000).LFU().Build(),
}
return m, nil
return &manager{conf: c}, nil
}

func (m *manager) MintToken(ctx context.Context, u *user.User, scope map[string]*auth.Scope) (string, error) {
Expand Down Expand Up @@ -136,15 +134,17 @@ func (m *manager) DismantleToken(ctx context.Context, tkn string) (*user.User, m
}

func (m *manager) cacheAndReturnHash(token string) (string, error) {
h := sha1.New()
h.Write([]byte(token))
hash := string(h.Sum(nil))
err := m.tokenCache.SetWithExpire(hash, token, time.Second*time.Duration(m.conf.Expires))
h := sha256.New()
if _, err := h.Write([]byte(token)); err != nil {
return "", err
}
hash := hex.EncodeToString(h.Sum(nil))
err := tokenCache.SetWithExpire(hash, token, time.Second*time.Duration(m.conf.Expires))
return hash, err
}

func (m *manager) getCachedToken(hashedToken string) (string, error) {
if tknIf, err := m.tokenCache.Get(hashedToken); err == nil {
if tknIf, err := tokenCache.Get(hashedToken); err == nil {
return tknIf.(string), nil
}
return "", errtypes.InvalidCredentials("invalid token")
Expand Down

0 comments on commit 00345c7

Please sign in to comment.