Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Cache results of group checker #279

Merged
merged 3 commits into from
Jan 10, 2025
Merged

Cache results of group checker #279

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
6eb4c4f
Cache results of group checker
tomrf1 Jan 9, 2025
b3dd8f1
remove debug
tomrf1 Jan 9, 2025
6a9d92e
comment
tomrf1 Jan 9, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
31 changes: 26 additions & 5 deletions play-v29/src/main/scala/com/gu/googleauth/groups.scala
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,8 +3,10 @@ package com.gu.googleauth
import com.google.api.services.directory.Directory
import com.google.api.services.directory.DirectoryScopes.ADMIN_DIRECTORY_GROUP_READONLY
import com.google.auth.oauth2.{GoogleCredentials, ServiceAccountCredentials}
import com.google.common.cache.{CacheBuilder, CacheLoader, LoadingCache}
import com.gu.googleauth.internal.DirectoryService

import java.time.Duration
import scala.concurrent._
import scala.jdk.CollectionConverters._

Expand All @@ -23,15 +25,34 @@ import scala.jdk.CollectionConverters._
*
* @param impersonatedUser a separate domain-user account email address (eg '[email protected]'), the email address
* of the user the application will be impersonating when making calls.
* @param serviceAccountCredentials Google OAuth2 credentials.
* @param cacheDuration how long to cache each user's groups for (defaults to 1 minute).
*
*/
class GoogleGroupChecker(impersonatedUser: String, serviceAccountCredentials: ServiceAccountCredentials) {
class GoogleGroupChecker(
impersonatedUser: String,
serviceAccountCredentials: ServiceAccountCredentials,
cacheDuration: Duration = Duration.ofMinutes(1)
) {

private val googleCredentials: GoogleCredentials = serviceAccountCredentials.createDelegated(impersonatedUser)

private val directoryService: Directory = DirectoryService(googleCredentials, ADMIN_DIRECTORY_GROUP_READONLY)

def retrieveGroupsFor(userEmail: String)(implicit ec: ExecutionContext): Future[Set[String]] = for {
resp <- Future { blocking { directoryService.groups.list.setUserKey(userEmail).execute() } }
} yield resp.getGroups.asScala.map(_.getEmail).toSet

type Email = String
private val cache: LoadingCache[Email, Set[String]] = CacheBuilder.newBuilder()
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Only authed users will end up in the cache, so the unbounded cache size is fine.

.expireAfterWrite(cacheDuration)
.build(
new CacheLoader[Email, Set[String]]() {
// If the loading function throws then nothing is cached, and calls to cache.get() also throw
def load(email: Email): Set[String] = {
val result = directoryService.groups.list.setUserKey(email).execute()
result.getGroups.asScala.map(_.getEmail).toSet
}
}
)

def retrieveGroupsFor(userEmail: String)(implicit ec: ExecutionContext): Future[Set[String]] = Future {
blocking { cache.get(userEmail) }
}
}
Loading