Commit b7d3a9f6 authored by ale's avatar ale

Merge branch 'cache' into 'master'

Cache

See merge request !5
parents 84dd0c08 76d7bc9c
Pipeline #2843 passed with stages
in 4 minutes and 20 seconds
package cachebackend
import (
"context"
"time"
"github.com/patrickmn/go-cache"
"golang.org/x/sync/singleflight"
as "git.autistici.org/ai3/accountserver"
ct "git.autistici.org/ai3/go-common/ldap/compositetypes"
)
var (
defaultExpiration = 600 * time.Second
cleanupInterval = 180 * time.Second
)
// cacheBackend implements a simple in-memory cache of user objects
// (not resources yet), in order to reduce the database and processing
// load in presence of a heavily read-oriented workload. The cache is
// very simple, and any update to a user or its resources cause us to
// go back to the database backend.
//
// User objects are kept in memory for a short while and periodically
// cleaned up. Memory usage thus depends on the load and is difficult
// to estimate in advance.
//
type cacheBackend struct {
as.Backend
cache *cache.Cache
}
// Wrap a Backend with a cache.
func Wrap(b as.Backend) as.Backend {
c := cache.New(defaultExpiration, cleanupInterval)
return &cacheBackend{
Backend: b,
cache: c,
}
}
func (b *cacheBackend) NewTransaction() (as.TX, error) {
innerTX, err := b.Backend.NewTransaction()
if err != nil {
return nil, err
}
return &cacheTX{TX: innerTX, cache: b.cache}, nil
}
type cacheTX struct {
as.TX
cache *cache.Cache
}
func (c *cacheTX) invalidateUser(username string) {
c.cache.Delete(username)
}
var update singleflight.Group
func (c *cacheTX) GetUser(ctx context.Context, name string) (*as.RawUser, error) {
obj, ok := c.cache.Get(name)
if ok {
return obj.(*as.RawUser), nil
}
tmp, err, _ := update.Do(name, func() (interface{}, error) {
user, err := c.TX.GetUser(ctx, name)
if err != nil {
return nil, err
}
c.cache.Set(name, user, cache.DefaultExpiration)
return user, nil
})
if err != nil {
return nil, err
}
return tmp.(*as.RawUser), nil
}
func (c *cacheTX) UpdateUser(ctx context.Context, user *as.User) error {
err := c.TX.UpdateUser(ctx, user)
if err == nil {
c.invalidateUser(user.Name)
}
return err
}
func (c *cacheTX) SetUserPassword(ctx context.Context, user *as.User, pw string) error {
err := c.TX.SetUserPassword(ctx, user, pw)
if err == nil {
c.invalidateUser(user.Name)
}
return err
}
func (c *cacheTX) SetAccountRecoveryHint(ctx context.Context, user *as.User, rh, ra string) error {
err := c.TX.SetAccountRecoveryHint(ctx, user, rh, ra)
if err == nil {
c.invalidateUser(user.Name)
}
return err
}
func (c *cacheTX) DeleteAccountRecoveryHint(ctx context.Context, user *as.User) error {
err := c.TX.DeleteAccountRecoveryHint(ctx, user)
if err == nil {
c.invalidateUser(user.Name)
}
return err
}
func (c *cacheTX) SetUserEncryptionKeys(ctx context.Context, user *as.User, keys []*ct.EncryptedKey) error {
err := c.TX.SetUserEncryptionKeys(ctx, user, keys)
if err == nil {
c.invalidateUser(user.Name)
}
return err
}
func (c *cacheTX) SetUserEncryptionPublicKey(ctx context.Context, user *as.User, pubKey []byte) error {
err := c.TX.SetUserEncryptionPublicKey(ctx, user, pubKey)
if err == nil {
c.invalidateUser(user.Name)
}
return err
}
func (c *cacheTX) SetApplicationSpecificPassword(ctx context.Context, user *as.User, asp *as.AppSpecificPasswordInfo, pw string) error {
err := c.TX.SetApplicationSpecificPassword(ctx, user, asp, pw)
if err == nil {
c.invalidateUser(user.Name)
}
return err
}
func (c *cacheTX) DeleteApplicationSpecificPassword(ctx context.Context, user *as.User, pw string) error {
err := c.TX.DeleteApplicationSpecificPassword(ctx, user, pw)
if err == nil {
c.invalidateUser(user.Name)
}
return err
}
func (c *cacheTX) SetUserTOTPSecret(ctx context.Context, user *as.User, secret string) error {
err := c.TX.SetUserTOTPSecret(ctx, user, secret)
if err == nil {
c.invalidateUser(user.Name)
}
return err
}
func (c *cacheTX) DeleteUserTOTPSecret(ctx context.Context, user *as.User) error {
err := c.TX.DeleteUserTOTPSecret(ctx, user)
if err == nil {
c.invalidateUser(user.Name)
}
return err
}
func (c *cacheTX) UpdateResource(ctx context.Context, r *as.Resource) error {
err := c.TX.UpdateResource(ctx, r)
// TODO: invalidate user, but we currently do not know who it is!
return err
}
func (c *cacheTX) CreateResources(ctx context.Context, user *as.User, resources []*as.Resource) ([]*as.Resource, error) {
result, err := c.TX.CreateResources(ctx, user, resources)
if err == nil && user != nil {
c.invalidateUser(user.Name)
}
return result, err
}
//func (c *cacheTX) CreateUser(_ context.Context, user *as.User) (*as.User, error) {}
//func (c *cacheTX) GetResource(_ context.Context, id as.ResourceID) (*as.RawResource, error) {}
//func (c *cacheTX) SetResourcePassword(_ context.Context, r *as.Resource, pw string) error {}
//func (c *cacheTX) HasAnyResource(_ context.Context, f []as.FindResourceRequest) (bool, error) {}
//func (c *cacheTX) SearchUser(_ context.Context, string) ([]string, error) {}
//func (c *cacheTX) SearchResource(_ context.Context, string) ([]*as.RawResource, error) {}
//func (c *cacheTX) CanAccessResource(_ context.Context, principal string, r *as.Resource) bool {}
//func (c *cacheTX) NextUID(_ context.Context) (int, error) {}
......@@ -13,6 +13,7 @@ import (
"git.autistici.org/ai3/go-common/serverutil"
"gopkg.in/yaml.v2"
cachebackend "git.autistici.org/ai3/accountserver/backend/cache"
ldapbackend "git.autistici.org/ai3/accountserver/backend/ldap"
"git.autistici.org/ai3/accountserver/server"
)
......@@ -30,6 +31,9 @@ type config struct {
BindPwFile string `yaml:"bind_pw_file"`
BaseDN string `yaml:"base_dn"`
} `yaml:"ldap"`
Cache struct {
Enabled bool `yaml:"enabled"`
} `yaml:"cache"`
AccountServerConfig accountserver.Config `yaml:",inline"`
ServerConfig *serverutil.ServerConfig `yaml:"http_server"`
PwHash struct {
......@@ -159,6 +163,10 @@ func main() {
log.Fatal(err)
}
if config.Cache.Enabled {
be = cachebackend.Wrap(be)
}
service, err := accountserver.NewAccountService(be, &config.AccountServerConfig)
if err != nil {
log.Fatal(err)
......
......@@ -131,17 +131,28 @@ func runChangeUserPasswordTest(t *testing.T, username string, cfg as.Config) *as
}
func TestIntegration_AccountRecovery(t *testing.T) {
runAccountRecoveryTest(t, "uno@investici.org")
runAccountRecoveryTest(t, "uno@investici.org", false)
}
func TestIntegration_AccountRecovery_WithEncryptionKeys(t *testing.T) {
user := runAccountRecoveryTest(t, "due@investici.org")
user := runAccountRecoveryTest(t, "due@investici.org", false)
if !user.HasEncryptionKeys {
t.Fatalf("encryption keys not enabled after account recovery")
}
}
func runAccountRecoveryTest(t *testing.T, username string) *as.RawUser {
func TestIntegration_AccountRecovery_WithCache(t *testing.T) {
runAccountRecoveryTest(t, "uno@investici.org", true)
}
func TestIntegration_AccountRecovery_WithEncryptionKeysAndCache(t *testing.T) {
user := runAccountRecoveryTest(t, "due@investici.org", true)
if !user.HasEncryptionKeys {
t.Fatalf("encryption keys not enabled after account recovery")
}
}
func runAccountRecoveryTest(t *testing.T, username string, enableCache bool) *as.RawUser {
stop, be, c := startService(t)
defer stop()
......
......@@ -15,7 +15,8 @@ import (
"time"
as "git.autistici.org/ai3/accountserver"
"git.autistici.org/ai3/accountserver/backend"
cachebackend "git.autistici.org/ai3/accountserver/backend/cache"
ldapbackend "git.autistici.org/ai3/accountserver/backend/ldap"
"git.autistici.org/ai3/accountserver/ldaptest"
"git.autistici.org/ai3/accountserver/server"
ct "git.autistici.org/ai3/go-common/ldap/compositetypes"
......@@ -45,7 +46,7 @@ func withSSO(t testing.TB) (func(), sso.Signer, string) {
if err != nil {
t.Fatal(err)
}
tmpf.Write(pub)
tmpf.Write(pub) // nolint
tmpf.Close()
signer, err := sso.NewSigner(priv)
......@@ -101,7 +102,7 @@ func (c *testClient) request(uri string, req, out interface{}) error {
return json.Unmarshal(data, out)
}
func startServiceWithConfig(t testing.TB, svcConfig as.Config) (func(), as.Backend, *testClient) {
func startServiceWithConfigAndCache(t testing.TB, svcConfig as.Config, enableCache bool) (func(), as.Backend, *testClient) {
stop := ldaptest.StartServer(t, &ldaptest.Config{
Dir: "../ldaptest",
Port: testLDAPPort,
......@@ -114,10 +115,13 @@ func startServiceWithConfig(t testing.TB, svcConfig as.Config) (func(), as.Backe
},
})
be, err := backend.NewLDAPBackend(testLDAPAddr, "cn=manager,dc=example,dc=com", "password", "dc=example,dc=com")
be, err := ldapbackend.NewLDAPBackend(testLDAPAddr, "cn=manager,dc=example,dc=com", "password", "dc=example,dc=com")
if err != nil {
t.Fatal("NewLDAPBackend", err)
}
if enableCache {
be = cachebackend.Wrap(be)
}
ssoStop, signer, ssoPubKeyFile := withSSO(t)
......@@ -163,6 +167,10 @@ func startServiceWithConfig(t testing.TB, svcConfig as.Config) (func(), as.Backe
}, be, c
}
func startServiceWithConfig(t testing.TB, svcConfig as.Config) (func(), as.Backend, *testClient) {
return startServiceWithConfigAndCache(t, svcConfig, false)
}
func startService(t testing.TB) (func(), as.Backend, *testClient) {
return startServiceWithConfig(t, as.Config{})
}
......
This is a list of people who have contributed code to go-cache. They, or their
employers, are the copyright holders of the contributed code. Contributed code
is subject to the license restrictions listed in LICENSE (as they were when the
code was contributed.)
Dustin Sallings <dustin@spy.net>
Jason Mooberry <jasonmoo@me.com>
Sergey Shepelev <temotor@gmail.com>
Alex Edwards <ajmedwards@gmail.com>
Copyright (c) 2012-2018 Patrick Mylund Nielsen and the go-cache contributors
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.
# go-cache
go-cache is an in-memory key:value store/cache similar to memcached that is
suitable for applications running on a single machine. Its major advantage is
that, being essentially a thread-safe `map[string]interface{}` with expiration
times, it doesn't need to serialize or transmit its contents over the network.
Any object can be stored, for a given duration or forever, and the cache can be
safely used by multiple goroutines.
Although go-cache isn't meant to be used as a persistent datastore, the entire
cache can be saved to and loaded from a file (using `c.Items()` to retrieve the
items map to serialize, and `NewFrom()` to create a cache from a deserialized
one) to recover from downtime quickly. (See the docs for `NewFrom()` for caveats.)
### Installation
`go get github.com/patrickmn/go-cache`
### Usage
```go
import (
"fmt"
"github.com/patrickmn/go-cache"
"time"
)
func main() {
// Create a cache with a default expiration time of 5 minutes, and which
// purges expired items every 10 minutes
c := cache.New(5*time.Minute, 10*time.Minute)
// Set the value of the key "foo" to "bar", with the default expiration time
c.Set("foo", "bar", cache.DefaultExpiration)
// Set the value of the key "baz" to 42, with no expiration time
// (the item won't be removed until it is re-set, or removed using
// c.Delete("baz")
c.Set("baz", 42, cache.NoExpiration)
// Get the string associated with the key "foo" from the cache
foo, found := c.Get("foo")
if found {
fmt.Println(foo)
}
// Since Go is statically typed, and cache values can be anything, type
// assertion is needed when values are being passed to functions that don't
// take arbitrary types, (i.e. interface{}). The simplest way to do this for
// values which will only be used once--e.g. for passing to another
// function--is:
foo, found := c.Get("foo")
if found {
MyFunction(foo.(string))
}
// This gets tedious if the value is used several times in the same function.
// You might do either of the following instead:
if x, found := c.Get("foo"); found {
foo := x.(string)
// ...
}
// or
var foo string
if x, found := c.Get("foo"); found {
foo = x.(string)
}
// ...
// foo can then be passed around freely as a string
// Want performance? Store pointers!
c.Set("foo", &MyStruct, cache.DefaultExpiration)
if x, found := c.Get("foo"); found {
foo := x.(*MyStruct)
// ...
}
}
```
### Reference
`godoc` or [http://godoc.org/github.com/patrickmn/go-cache](http://godoc.org/github.com/patrickmn/go-cache)
This diff is collapsed.
package cache
import (
"crypto/rand"
"math"
"math/big"
insecurerand "math/rand"
"os"
"runtime"
"time"
)
// This is an experimental and unexported (for now) attempt at making a cache
// with better algorithmic complexity than the standard one, namely by
// preventing write locks of the entire cache when an item is added. As of the
// time of writing, the overhead of selecting buckets results in cache
// operations being about twice as slow as for the standard cache with small
// total cache sizes, and faster for larger ones.
//
// See cache_test.go for a few benchmarks.
type unexportedShardedCache struct {
*shardedCache
}
type shardedCache struct {
seed uint32
m uint32
cs []*cache
janitor *shardedJanitor
}
// djb2 with better shuffling. 5x faster than FNV with the hash.Hash overhead.
func djb33(seed uint32, k string) uint32 {
var (
l = uint32(len(k))
d = 5381 + seed + l
i = uint32(0)
)
// Why is all this 5x faster than a for loop?
if l >= 4 {
for i < l-4 {
d = (d * 33) ^ uint32(k[i])
d = (d * 33) ^ uint32(k[i+1])
d = (d * 33) ^ uint32(k[i+2])
d = (d * 33) ^ uint32(k[i+3])
i += 4
}
}
switch l - i {
case 1:
case 2:
d = (d * 33) ^ uint32(k[i])
case 3:
d = (d * 33) ^ uint32(k[i])
d = (d * 33) ^ uint32(k[i+1])
case 4:
d = (d * 33) ^ uint32(k[i])
d = (d * 33) ^ uint32(k[i+1])
d = (d * 33) ^ uint32(k[i+2])
}
return d ^ (d >> 16)
}
func (sc *shardedCache) bucket(k string) *cache {
return sc.cs[djb33(sc.seed, k)%sc.m]
}
func (sc *shardedCache) Set(k string, x interface{}, d time.Duration) {
sc.bucket(k).Set(k, x, d)
}
func (sc *shardedCache) Add(k string, x interface{}, d time.Duration) error {
return sc.bucket(k).Add(k, x, d)
}
func (sc *shardedCache) Replace(k string, x interface{}, d time.Duration) error {
return sc.bucket(k).Replace(k, x, d)
}
func (sc *shardedCache) Get(k string) (interface{}, bool) {
return sc.bucket(k).Get(k)
}
func (sc *shardedCache) Increment(k string, n int64) error {
return sc.bucket(k).Increment(k, n)
}
func (sc *shardedCache) IncrementFloat(k string, n float64) error {
return sc.bucket(k).IncrementFloat(k, n)
}
func (sc *shardedCache) Decrement(k string, n int64) error {
return sc.bucket(k).Decrement(k, n)
}
func (sc *shardedCache) Delete(k string) {
sc.bucket(k).Delete(k)
}
func (sc *shardedCache) DeleteExpired() {
for _, v := range sc.cs {
v.DeleteExpired()
}
}
// Returns the items in the cache. This may include items that have expired,
// but have not yet been cleaned up. If this is significant, the Expiration
// fields of the items should be checked. Note that explicit synchronization
// is needed to use a cache and its corresponding Items() return values at
// the same time, as the maps are shared.
func (sc *shardedCache) Items() []map[string]Item {
res := make([]map[string]Item, len(sc.cs))
for i, v := range sc.cs {
res[i] = v.Items()
}
return res
}
func (sc *shardedCache) Flush() {
for _, v := range sc.cs {
v.Flush()
}
}
type shardedJanitor struct {
Interval time.Duration
stop chan bool
}
func (j *shardedJanitor) Run(sc *shardedCache) {
j.stop = make(chan bool)
tick := time.Tick(j.Interval)
for {
select {
case <-tick:
sc.DeleteExpired()
case <-j.stop:
return
}
}
}
func stopShardedJanitor(sc *unexportedShardedCache) {
sc.janitor.stop <- true
}
func runShardedJanitor(sc *shardedCache, ci time.Duration) {
j := &shardedJanitor{
Interval: ci,
}
sc.janitor = j
go j.Run(sc)
}
func newShardedCache(n int, de time.Duration) *shardedCache {
max := big.NewInt(0).SetUint64(uint64(math.MaxUint32))
rnd, err := rand.Int(rand.Reader, max)
var seed uint32
if err != nil {
os.Stderr.Write([]byte("WARNING: go-cache's newShardedCache failed to read from the system CSPRNG (/dev/urandom or equivalent.) Your system's security may be compromised. Continuing with an insecure seed.\n"))
seed = insecurerand.Uint32()
} else {
seed = uint32(rnd.Uint64())
}
sc := &shardedCache{
seed: seed,
m: uint32(n),
cs: make([]*cache, n),
}
for i := 0; i < n; i++ {
c := &cache{
defaultExpiration: de,
items: map[string]Item{},
}
sc.cs[i] = c
}
return sc
}
func unexportedNewSharded(defaultExpiration, cleanupInterval time.Duration, shards int) *unexportedShardedCache {
if defaultExpiration == 0 {
defaultExpiration = -1
}
sc := newShardedCache(shards, defaultExpiration)
SC := &unexportedShardedCache{sc}
if cleanupInterval > 0 {
runShardedJanitor(sc, cleanupInterval)
runtime.SetFinalizer(SC, stopShardedJanitor)
}
return SC
}
......@@ -219,6 +219,12 @@
"revision": "3793c981d4f621c0e3eb1457acffa2c1cc591384",
"revisionTime": "2018-11-07T13:50:50Z"
},
{
"checksumSHA1": "W8mzTLRjnooGtHwWaxSX8eq8hlY=",
"path": "github.com/patrickmn/go-cache",
"revision": "5633e0862627c011927fa39556acae8b1f1df58a",
"revisionTime": "2018-08-15T05:31:27Z"
},
{
"checksumSHA1": "L3iXlt9SyaGtInA6xl2Uh5UA26s=",
"path": "github.com/pquerna/otp",
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment