You've already forked oauth2-proxy
mirror of
https://github.com/oauth2-proxy/oauth2-proxy.git
synced 2025-06-23 00:40:46 +02:00
f648c54d87
* Add sensible logging flag to default setup for logger
* Add Redis lock
* Fix default value flag for sensitive logging
* Split RefreshSessionIfNeeded in two methods and use Redis lock
* Small adjustments to doc and code
* Remove sensible logging
* Fix method names in ticket.go
* Revert "Fix method names in ticket.go"
This reverts commit 408ba1a1a5.
* Fix methods name in ticket.go
* Remove block in Redis client get
* Increase lock time to 1 second
* Perform retries, if session store is locked
* Reverse if condition, because it should return if session does not have to be refreshed
* Update go.sum
* Update MockStore
* Return error if loading session fails
* Fix and update tests
* Change validSession to session in docs and strings
* Change validSession to session in docs and strings
* Fix docs
* Fix wrong field name
* Fix linting
* Fix imports for linting
* Revert changes except from locking functionality
* Add lock feature on session state
* Update from master
* Remove errors package, because it is not used
* Only pass context instead of request to lock
* Use lock key
* By default use NoOpLock
* Remove debug output
* Update ticket_test.go
* Map internal error to sessions error
* Add ErrLockNotObtained
* Enable lock peek for all redis clients
* Use lock key prefix consistent
* Fix imports
* Use exists method for peek lock
* Fix imports
* Fix imports
* Fix imports
* Remove own Dockerfile
* Fix imports
* Fix tests for ticket and session store
* Fix session store test
* Update pkg/apis/sessions/interfaces.go
Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
* Do not wrap lock method
Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
* Use errors package for lock constants
* Use better naming for initLock function
* Add comments
* Add session store lock test
* Fix tests
* Fix tests
* Fix tests
* Fix tests
* Add cookies after saving session
* Add mock lock
* Fix imports for mock_lock.go
* Store mock lock for key
* Apply elapsed time on mock lock
* Check if lock is initially applied
* Reuse existing lock
* Test all lock methods
* Update CHANGELOG.md
* Use redis client methods in redis.lock for release an refresh
* Use lock key suffix instead of prefix for lock key
* Add comments for Lock interface
* Update comment for Lock interface
* Update CHANGELOG.md
* Change LockSuffix to const
* Check lock on already loaded session
* Use global var for loadedSession in lock tests
* Use lock instance for refreshing and releasing of lock
* Update possible error type for Refresh
Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
85 lines
1.9 KiB
Go
85 lines
1.9 KiB
Go
package redis
|
|
|
|
import (
|
|
"context"
|
|
"errors"
|
|
"fmt"
|
|
"time"
|
|
|
|
"github.com/bsm/redislock"
|
|
"github.com/go-redis/redis/v8"
|
|
"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/apis/sessions"
|
|
)
|
|
|
|
const LockSuffix = "lock"
|
|
|
|
type Lock struct {
|
|
client redis.Cmdable
|
|
locker *redislock.Client
|
|
lock *redislock.Lock
|
|
key string
|
|
}
|
|
|
|
// NewLock instantiate a new lock instance. This will not yet apply a lock on Redis side.
|
|
// For that you have to call Obtain(ctx context.Context, expiration time.Duration)
|
|
func NewLock(client redis.Cmdable, key string) sessions.Lock {
|
|
return &Lock{
|
|
client: client,
|
|
locker: redislock.New(client),
|
|
key: key,
|
|
}
|
|
}
|
|
|
|
// Obtain obtains a distributed lock on Redis for the configured key.
|
|
func (l *Lock) Obtain(ctx context.Context, expiration time.Duration) error {
|
|
lock, err := l.locker.Obtain(ctx, l.lockKey(), expiration, nil)
|
|
if errors.Is(err, redislock.ErrNotObtained) {
|
|
return sessions.ErrLockNotObtained
|
|
}
|
|
if err != nil {
|
|
return err
|
|
}
|
|
l.lock = lock
|
|
return nil
|
|
}
|
|
|
|
// Refresh refreshes an already existing lock.
|
|
func (l *Lock) Refresh(ctx context.Context, expiration time.Duration) error {
|
|
if l.lock == nil {
|
|
return sessions.ErrNotLocked
|
|
}
|
|
err := l.lock.Refresh(ctx, expiration, nil)
|
|
if errors.Is(err, redislock.ErrNotObtained) {
|
|
return sessions.ErrNotLocked
|
|
}
|
|
return err
|
|
}
|
|
|
|
// Peek returns true, if the lock is still applied.
|
|
func (l *Lock) Peek(ctx context.Context) (bool, error) {
|
|
v, err := l.client.Exists(ctx, l.lockKey()).Result()
|
|
if err != nil {
|
|
return false, err
|
|
}
|
|
if v == 0 {
|
|
return false, nil
|
|
}
|
|
return true, nil
|
|
}
|
|
|
|
// Release releases the lock on Redis side.
|
|
func (l *Lock) Release(ctx context.Context) error {
|
|
if l.lock == nil {
|
|
return sessions.ErrNotLocked
|
|
}
|
|
err := l.lock.Release(ctx)
|
|
if errors.Is(err, redislock.ErrLockNotHeld) {
|
|
return sessions.ErrNotLocked
|
|
}
|
|
return err
|
|
}
|
|
|
|
func (l *Lock) lockKey() string {
|
|
return fmt.Sprintf("%s.%s", l.key, LockSuffix)
|
|
}
|