diff options
author | Robert Newson <rnewson@apache.org> | 2017-05-09 17:26:59 +0100 |
---|---|---|
committer | Robert Newson <rnewson@apache.org> | 2017-05-09 17:27:16 +0100 |
commit | 25bfdc3c9a4262d64bed2e11d53997ad0c838551 (patch) | |
tree | 68de673124cf6e1a292e6d09bbaae3c2deae89e7 | |
parent | 69e1ce2b3e92f87c4b2ca19c182256d8f9ac1c92 (diff) | |
download | couchdb-25bfdc3c9a4262d64bed2e11d53997ad0c838551.tar.gz |
make jwks simpler, caching can happen elsewhere
-rw-r--r-- | priv/stats_descriptions.cfg | 12 | ||||
-rw-r--r-- | src/jwks.erl | 99 | ||||
-rw-r--r-- | src/jwtf.app.src | 1 |
3 files changed, 4 insertions, 108 deletions
diff --git a/priv/stats_descriptions.cfg b/priv/stats_descriptions.cfg deleted file mode 100644 index 7aa5cab5d..000000000 --- a/priv/stats_descriptions.cfg +++ /dev/null @@ -1,12 +0,0 @@ -{[jkws, hit], [ - {type, counter}, - {desc, <<"cache hit for JKWS key lookup">>} -]}. -{[jkws, miss], [ - {type, counter}, - {desc, <<"cache miss for JKWS key lookup">>} -]}. -{[jkws, latency], [ - {type, histogram}, - {desc, <<"distribution of latencies for calls to retrieve JKWS keys">>} -]}. diff --git a/src/jwks.erl b/src/jwks.erl index 1c416dced..1820ab669 100644 --- a/src/jwks.erl +++ b/src/jwks.erl @@ -11,114 +11,24 @@ % the License. % @doc -% This module parses JSON Web Key Sets (JWKS) and caches them for -% performance reasons. To use the module, include it in your -% supervision tree. +% This module fetches and parses JSON Web Key Sets (JWKS). -module(jwks). --behaviour(gen_server). -export([ - start_link/1, - get_key/2 + get_keyset/1 ]). --export([ - init/1, - handle_call/3, - handle_cast/2, - handle_info/2, - code_change/3, - terminate/2 -]). - -start_link(JWKSUrl) -> - gen_server:start_link({local, ?MODULE}, ?MODULE, JWKSUrl, []). - - -get_key(Pid, Kid) -> - case lookup(Kid) of - {ok, Key} -> - couch_stats:increment_counter([jkws, hit]), - {ok, Key}; - {error, not_found} -> - couch_stats:increment_counter([jkws, miss]), - Url = gen_server:call(Pid, get_url), - case get_keyset(Url) of - {ok, KeySet} -> - ok = gen_server:call(Pid, {replace_keyset, KeySet}), - lookup(Kid); - {error, Reason} -> - {error, Reason} - end - end. - - -lookup(Kid) -> - case ets:lookup(?MODULE, Kid) of - [{Kid, Key}] -> - {ok, Key}; - [] -> - {error, not_found} - end. - - - -%% gen_server functions - -init(Url) -> - ?MODULE = ets:new(?MODULE, [protected, named_table, {read_concurrency, true}]), - KeySet = get_keyset(Url), - set_keyset(KeySet), - {ok, Url}. - - -handle_call({replace_keyset, KeySet}, _From, State) -> - set_keyset(KeySet), - {reply, ok, State}; - -handle_call(get_url, _From, State) -> - {reply, State, State}; - -handle_call(_Msg, _From, State) -> - {noreply, State}. - - -handle_cast(_Msg, State) -> - {noreply, State}. - - -handle_info(_Msg, State) -> - {noreply, State}. - - -code_change(_OldVsn, State, _Extra) -> - {ok, State}. - - -terminate(_Reason, _State) -> - ok. - -%% private functions - get_keyset(Url) -> ReqHeaders = [], - T0 = os:timestamp(), case ibrowse:send_req(Url, ReqHeaders, get) of {ok, "200", _RespHeaders, RespBody} -> - Latency = timer:now_diff(os:timestamp(), T0) / 1000, - couch_stats:update_histogram([jkws, latency], Latency), {ok, parse_keyset(RespBody)}; _Else -> {error, get_keyset_failed} end. -set_keyset(KeySet) -> - true = ets:delete_all_objects(?MODULE), - true = ets:insert(?MODULE, KeySet). - - parse_keyset(Body) -> {Props} = jiffy:decode(Body), Keys = proplists:get_value(<<"keys">>, Props), @@ -142,8 +52,7 @@ decode_number(Base64) -> -include_lib("eunit/include/eunit.hrl"). jwks_test() -> - application:start(ibrowse), - jwks:start_link("https://iam.eu-gb.bluemix.net/oidc/keys"), - ?assertMatch({ok, _}, jwks:get_key(?MODULE, <<"20170402-00:00:00">>)). + application:ensure_all_started(ibrowse), + ?assertMatch({ok, _}, get_keyset("https://iam.eu-gb.bluemix.net/oidc/keys")). -endif. diff --git a/src/jwtf.app.src b/src/jwtf.app.src index 87d9aafba..304bb9e0a 100644 --- a/src/jwtf.app.src +++ b/src/jwtf.app.src @@ -18,7 +18,6 @@ kernel, stdlib, b64url, - couch_stats, crypto, jiffy, public_key |