search

suborbital / e2core

Server for sandboxed third-party plugins, powered by WebAssembly
https://suborbital.dev
Apache License 2.0
721 stars 42 forks source link

chore(auth): Rework auth cache solutions #401

Open javorszky opened 1 year ago

javorszky commented 1 year ago

Fixes #395

This PR reworks the authentication. Previously it was

request -> API authentication -> cache check?

Now it's

request -> Auth Cache? -> API auth check if cache didn't have it

This way the cache layer only needs to know that there is an embedded, or a deeper authorizer implementation, but it doesn't need to know, or care, what that is. Technically we could have 3847 layers of caching before we do an API call. It's interfaces all the way down.

Cache implementations

There are two of them:

They are well tested, concurrently usable, and fast. We also can then remove the custom cache implementation, which is also part of this PR.

Why?

More maintainability, composability, decoupling the cache from the live version, and removing homegrown code and relying on well tested community codebases. In go-cache's case, slight performance improvement too!

Bench test results

On my computer, it is as follows:

goos: darwin
goarch: arm64
pkg: github.com/suborbital/e2core/e2core/auth
Benchmark
Benchmark/using_Go_cache
Benchmark/using_Go_cache-10          2328092       506.5 ns/op
Benchmark/using_Big_cache
Benchmark/using_Big_cache-10          121790      9769   ns/op

// this is the current implementation. Does not exist in this codebase
BenchmarkCachedAuthorizer
BenchmarkCachedAuthorizer-10         2102755       576.6 ns/op
// end of current implementation

PASS

For benchmark code for current implementation, see #402