Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: LRU cache key #504

Merged
merged 7 commits into from
Nov 20, 2024
Merged
Show file tree
Hide file tree
Changes from 2 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -176,6 +176,8 @@ Create a verifier function by calling `createVerifier` and providing one or more

- `clockTolerance`: Timespan in milliseconds is the tolerance to apply to the current timestamp when performing time comparisons. Default is `0`.

- `tokenHasher`: The function that will be used to hash the token. By default is used [the hashToken function](./src/utils.js).
ilteoood marked this conversation as resolved.
Show resolved Hide resolved

The verifier is a function which accepts a token (as Buffer or string) and returns the payload or the sections of the token.

If the `key` option is a function, the signer will also accept a Node style callback and will return a promise, supporting therefore both callback and async/await styles.
Expand Down
23 changes: 14 additions & 9 deletions src/verifier.js
Original file line number Diff line number Diff line change
Expand Up @@ -80,7 +80,8 @@ function cacheSet(
maxAge,
clockTimestamp,
clockTolerance,
errorCacheTTL
errorCacheTTL,
tokenHasher
},
value
) {
Expand All @@ -93,7 +94,7 @@ function cacheSet(
if (value instanceof TokenError) {
const ttl = typeof errorCacheTTL === 'function' ? errorCacheTTL(value) : errorCacheTTL
cacheValue[2] = (clockTimestamp || Date.now()) + clockTolerance + ttl
cache.set(hashToken(token), cacheValue)
cache.set(tokenHasher(token), cacheValue)
return value
}

Expand All @@ -116,7 +117,7 @@ function cacheSet(
const maxTTL = (clockTimestamp || Date.now()) + clockTolerance + cacheTTL
cacheValue[2] = cacheValue[2] === 0 ? maxTTL : Math.min(cacheValue[2], maxTTL)

cache.set(hashToken(token), cacheValue)
cache.set(tokenHasher(token), cacheValue)

return value
}
Expand Down Expand Up @@ -258,7 +259,8 @@ function verify(
decode,
cache,
requiredClaims,
errorCacheTTL
errorCacheTTL,
tokenHasher
},
token,
cb
Expand All @@ -275,12 +277,13 @@ function verify(
ignoreNotBefore,
maxAge,
clockTimestamp,
clockTolerance
clockTolerance,
tokenHasher
}

// Check the cache
if (cache) {
const [value, min, max] = cache.get(hashToken(token)) || [undefined, 0, 0]
const [value, min, max] = cache.get(tokenHasher(token)) || [undefined, 0, 0]
const now = clockTimestamp || Date.now()

// Validate time range
Expand Down Expand Up @@ -392,8 +395,9 @@ module.exports = function createVerifier(options) {
allowedIss,
allowedSub,
allowedNonce,
requiredClaims
} = { cacheTTL: 600000, clockTolerance: 0, errorCacheTTL: -1, ...options }
requiredClaims,
tokenHasher
} = { cacheTTL: 600000, clockTolerance: 0, errorCacheTTL: -1, tokenHasher: hashToken, ...options }

// Validate options
if (!Array.isArray(allowedAlgorithms)) {
Expand Down Expand Up @@ -516,7 +520,8 @@ module.exports = function createVerifier(options) {
validators,
decode: createDecoder({ complete: true }),
cache: createCache(cacheSize),
requiredClaims
requiredClaims,
tokenHasher
}

// Return the verifier
Expand Down
21 changes: 21 additions & 0 deletions test/verifier.spec.js
Original file line number Diff line number Diff line change
Expand Up @@ -1021,6 +1021,27 @@ test('caching - sync', t => {
t.assert.ok(verifier.cache.get(hashToken(invalidToken))[0] instanceof TokenError)
})

test('caching - sync - custom tokenHasher', t => {
const token = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhIjoxfQ.57TF7smP9XDhIexBqPC-F1toZReYZLWb_YRU5tv0sxM'
const invalidToken = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhIjoxfQ.aaa'

const verifier = createVerifier({ key: 'secret', cache: true, tokenHasher: (id) => id })

t.assert.equal(verifier.cache.size, 0)
t.assert.deepStrictEqual(verifier(token), { a: 1 })
t.assert.equal(verifier.cache.size, 1)
t.assert.deepStrictEqual(verifier(token), { a: 1 })
t.assert.equal(verifier.cache.size, 1)

t.assert.throws(() => verifier(invalidToken), { message: 'The token signature is invalid.' })
t.assert.equal(verifier.cache.size, 2)
t.assert.throws(() => verifier(invalidToken), { message: 'The token signature is invalid.' })
t.assert.equal(verifier.cache.size, 2)

t.assert.deepStrictEqual(verifier.cache.get(token)[0], { a: 1 })
t.assert.ok(verifier.cache.get(invalidToken)[0] instanceof TokenError)
})

test('caching - async', async t => {
const token = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhIjoxfQ.57TF7smP9XDhIexBqPC-F1toZReYZLWb_YRU5tv0sxM'
const invalidToken = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhIjoxfQ.aaa'
Expand Down
Loading