Skip to content

perf: Purge JWT cache asynchronously in a separate thread #3889

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 17 commits into from
Apr 18, 2025
Merged

perf: Purge JWT cache asynchronously in a separate thread #3889

Changes from 16 commits
Commits
Show all changes
17 commits
Select commit Hold shift + click to select a range
4a31c9d
Purge JWT cache asynchronously in a separate thread
Jan 30, 2025
a578f3e
Fix build errors: redundant import and ignored return value
Jan 30, 2025
923a69e
Make sure at most one purging thread is running concurrently
Jan 31, 2025
451a18b
Fix compilation issues with forkFinally in Auth.hs
Jan 31, 2025
eda979f
Use liftA2 instead of liftM2 in JwtCacheState initialization
Feb 3, 2025
d72df4c
Use qualified purgeExpired instead of importing unqualified one
Feb 3, 2025
3774dc4
Moved JwtCacheState to Auth/Types.hs
Feb 5, 2025
cb28798
Fix leftover export from AppState
Feb 5, 2025
9601ea6
Removed unused unqualified import from Auth.hs
Feb 5, 2025
ee0000b
Fix build issues after moving JwtCacheState to Auth/Types.hs
Feb 5, 2025
fee0f69
Merge remote-tracking branch 'postgrest/main'
mkleczek Mar 27, 2025
52b058f
Use liftA2 instead of do in JwtCacheState.init
mkleczek Mar 27, 2025
72ffe02
Replace mvar based purge locking with debounce
mkleczek Mar 27, 2025
cb201f8
Removed unnecessary LambdaCase from JwtCache.hs
mkleczek Mar 27, 2025
062efb3
Trigger cache purging after insert of JWT
mkleczek Mar 28, 2025
46532a9
Add some comments to purgeCache action
mkleczek Apr 8, 2025
1ff1daf
Fix comments based on PR review
mkleczek Apr 8, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
32 changes: 24 additions & 8 deletions src/PostgREST/Auth/JwtCache.hs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,8 @@
import qualified Data.Cache as C
import qualified Data.Scientific as Sci

import Control.Debounce

import Data.Time.Clock (UTCTime, nominalDiffTimeToSeconds)
import Data.Time.Clock.POSIX (utcTimeToPOSIXSeconds)
import System.Clock (TimeSpec (..))
Expand All @@ -25,19 +27,29 @@

import Protolude

newtype JwtCacheState = JwtCacheState
{ jwtCache :: C.Cache ByteString AuthResult
-- | JWT Cache and IO action that triggers purging old entries from the cache
data JwtCacheState = JwtCacheState
{ jwtCache :: C.Cache ByteString AuthResult
, purgeCache :: IO ()

Check warning on line 33 in src/PostgREST/Auth/JwtCache.hs

View check run for this annotation

Codecov / codecov/patch

src/PostgREST/Auth/JwtCache.hs#L32-L33 

Added lines #L32 - L33 were not covered by tests
}

-- | Initialize JwtCacheState
init :: IO JwtCacheState
init = do
cache <- C.newCache Nothing -- no default expiration
return $ JwtCacheState cache
cache <- C.newCache Nothing
-- purgeExpired has O(n^2) complexity
-- so we wrap it in debounce to make sure it:
-- 1) is executed asynchronously
-- 2) only a single purge operation is running at a time
debounce <- mkDebounce defaultDebounceSettings
{ debounceAction = C.purgeExpired cache
, debounceEdge = leadingEdge
}
pure $ JwtCacheState cache debounce

-- | Used to retrieve and insert JWT to JWT Cache
lookupJwtCache :: JwtCacheState -> ByteString -> Int -> IO (Either Error AuthResult) -> UTCTime -> IO (Either Error AuthResult)
lookupJwtCache JwtCacheState{jwtCache} token maxLifetime parseJwt utc = do
lookupJwtCache JwtCacheState{jwtCache, purgeCache} token maxLifetime parseJwt utc = do
checkCache <- C.lookup jwtCache token
authResult <- maybe parseJwt (pure . Right) checkCache

Expand All @@ -58,12 +70,16 @@

let timeSpec = getTimeSpec res maxLifetime utc

-- purge expired cache entries
C.purgeExpired jwtCache

-- insert new cache entry
C.insert' jwtCache (Just timeSpec) token res

-- Execute IO action to purge the cache
-- It is assumed this action returns immidiately
-- so that request processing is not blocked.
-- If cache purging is slow it should trigger
-- asynchronous purge operation
purgeCache

_ -> pure ()

return authResult
Expand Down