go/oauth2-proxy
1
0
Fork 0
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git synced 2025-04-15 11:56:49 +02:00
Code Issues Releases Activity
oauth2-proxy/pkg/sessions/redis/lock.go

85 lines
1.9 KiB
Go
Raw Normal View History

Add redis lock feature (#1063) * Add sensible logging flag to default setup for logger * Add Redis lock * Fix default value flag for sensitive logging * Split RefreshSessionIfNeeded in two methods and use Redis lock * Small adjustments to doc and code * Remove sensible logging * Fix method names in ticket.go * Revert "Fix method names in ticket.go" This reverts commit 408ba1a1a5c55a3cad507a0be8634af1977769cb. * Fix methods name in ticket.go * Remove block in Redis client get * Increase lock time to 1 second * Perform retries, if session store is locked * Reverse if condition, because it should return if session does not have to be refreshed * Update go.sum * Update MockStore * Return error if loading session fails * Fix and update tests * Change validSession to session in docs and strings * Change validSession to session in docs and strings * Fix docs * Fix wrong field name * Fix linting * Fix imports for linting * Revert changes except from locking functionality * Add lock feature on session state * Update from master * Remove errors package, because it is not used * Only pass context instead of request to lock * Use lock key * By default use NoOpLock * Remove debug output * Update ticket_test.go * Map internal error to sessions error * Add ErrLockNotObtained * Enable lock peek for all redis clients * Use lock key prefix consistent * Fix imports * Use exists method for peek lock * Fix imports * Fix imports * Fix imports * Remove own Dockerfile * Fix imports * Fix tests for ticket and session store * Fix session store test * Update pkg/apis/sessions/interfaces.go Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk> * Do not wrap lock method Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk> * Use errors package for lock constants * Use better naming for initLock function * Add comments * Add session store lock test * Fix tests * Fix tests * Fix tests * Fix tests * Add cookies after saving session * Add mock lock * Fix imports for mock_lock.go * Store mock lock for key * Apply elapsed time on mock lock * Check if lock is initially applied * Reuse existing lock * Test all lock methods * Update CHANGELOG.md * Use redis client methods in redis.lock for release an refresh * Use lock key suffix instead of prefix for lock key * Add comments for Lock interface * Update comment for Lock interface * Update CHANGELOG.md * Change LockSuffix to const * Check lock on already loaded session * Use global var for loadedSession in lock tests * Use lock instance for refreshing and releasing of lock * Update possible error type for Refresh Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
2021-06-02 20:08:19 +02:00
package redis
import (
"context"
"errors"
"fmt"
"time"
"github.com/bsm/redislock"
"github.com/go-redis/redis/v8"
"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/apis/sessions"
)
const LockSuffix = "lock"
type Lock struct {
client redis.Cmdable
locker *redislock.Client
lock *redislock.Lock
key string
}
// NewLock instantiate a new lock instance. This will not yet apply a lock on Redis side.
// For that you have to call Obtain(ctx context.Context, expiration time.Duration)
func NewLock(client redis.Cmdable, key string) sessions.Lock {
return &Lock{
client: client,
locker: redislock.New(client),
key: key,
}
}
// Obtain obtains a distributed lock on Redis for the configured key.
func (l *Lock) Obtain(ctx context.Context, expiration time.Duration) error {
lock, err := l.locker.Obtain(ctx, l.lockKey(), expiration, nil)
if errors.Is(err, redislock.ErrNotObtained) {
return sessions.ErrLockNotObtained
}
if err != nil {
return err
}
l.lock = lock
return nil
}
// Refresh refreshes an already existing lock.
func (l *Lock) Refresh(ctx context.Context, expiration time.Duration) error {
if l.lock == nil {
return sessions.ErrNotLocked
}
err := l.lock.Refresh(ctx, expiration, nil)
if errors.Is(err, redislock.ErrNotObtained) {
return sessions.ErrNotLocked
}
return err
}
// Peek returns true, if the lock is still applied.
func (l *Lock) Peek(ctx context.Context) (bool, error) {
v, err := l.client.Exists(ctx, l.lockKey()).Result()
if err != nil {
return false, err
}
if v == 0 {
return false, nil
}
return true, nil
}
// Release releases the lock on Redis side.
func (l *Lock) Release(ctx context.Context) error {
if l.lock == nil {
return sessions.ErrNotLocked
}
err := l.lock.Release(ctx)
if errors.Is(err, redislock.ErrLockNotHeld) {
return sessions.ErrNotLocked
}
return err
}
func (l *Lock) lockKey() string {
return fmt.Sprintf("%s.%s", l.key, LockSuffix)
}
Reference in New Issue Copy Permalink