feat(auth): add policy caching

Cache policies when the first authorization request happens and delete them when removing policies

Signed-off-by: Rodney Osodo <[email protected]>

auth/README.md

@@ -89,6 +89,8 @@ The service is configured using the environment variables presented in the follo
 | MG_SPICEDB_PORT | SpiceDB host port | 50051 |
 | MG_SPICEDB_PRE_SHARED_KEY | SpiceDB pre-shared key | 12345678 |
 | MG_SPICEDB_SCHEMA_FILE | Path to SpiceDB schema file | ./docker/spicedb/schema.zed |
+| MG_AUTH_CACHE_URL | Cache server URL | "redis://localhost:6379/0" |
+| MG_AUTH_CACHE_KEY_DURATION | Cache key expiration period | "1h" |
 | MG_JAEGER_URL | Jaeger server URL | <http://jaeger:14268/api/traces> |
 | MG_JAEGER_TRACE_RATIO | Jaeger sampling ratio | 1.0 |
 | MG_SEND_TELEMETRY | Send telemetry to magistrala call home server | true |
@@ -142,6 +144,8 @@ MG_SPICEDB_HOST=localhost \
 MG_SPICEDB_PORT=50051 \
 MG_SPICEDB_PRE_SHARED_KEY=12345678 \
 MG_SPICEDB_SCHEMA_FILE=./docker/spicedb/schema.zed \
+MG_AUTH_CACHE_URL=redis://localhost:6379/0 \
+MG_AUTH_CACHE_KEY_DURATION=1h \
 MG_JAEGER_URL=http://localhost:14268/api/traces \
 MG_JAEGER_TRACE_RATIO=1.0 \
 MG_SEND_TELEMETRY=true \

auth/cache/doc.go

@@ -0,0 +1,6 @@
+// Copyright (c) Abstract Machines
+// SPDX-License-Identifier: Apache-2.0
+
+// Package cache contains the domain concept definitions needed to
+// support Magistrala auth cache service functionality.
+package cache

auth/cache/policies.go

@@ -0,0 +1,87 @@
+// Copyright (c) Abstract Machines
+// SPDX-License-Identifier: Apache-2.0
+
+package cache
+
+import (
+ "context"
+ "strings"
+ "time"
+
+ "github.com/absmach/magistrala/auth"
+ "github.com/absmach/magistrala/pkg/errors"
+ repoerr "github.com/absmach/magistrala/pkg/errors/repository"
+ "github.com/go-redis/redis/v8"
+)
+
+const defLimit = 100
+
+var _ auth.Cache = (*policiesCache)(nil)
+
+type policiesCache struct {
+ client *redis.Client
+ keyDuration time.Duration
+}
+
+// NewPoliciesCache returns redis auth cache implementation.
+func NewPoliciesCache(client *redis.Client, duration time.Duration) auth.Cache {
+ return &policiesCache{
+ client: client,
+ keyDuration: duration,
+ }
+}
+
+func (pc *policiesCache) Save(ctx context.Context, key, value string) error {
+ if err := pc.client.Set(ctx, key, value, pc.keyDuration).Err(); err != nil {
+ return errors.Wrap(repoerr.ErrCreateEntity, err)
+ }
+
+ return nil
+}
+
+func (pc *policiesCache) Contains(ctx context.Context, key, value string) bool {
+ rval, err := pc.client.Get(ctx, key).Result()
+ if err != nil {
+ return false
+ }
+ if rval == value {
+ return true
+ }
+
+ return false
+}
+
+func (pc *policiesCache) Remove(ctx context.Context, key string) error {
+ if strings.Contains(key, "*") {
+ return pc.delete(ctx, key)
+ }
+
+ if err := pc.client.Del(ctx, key).Err(); err != nil {
+ return errors.Wrap(repoerr.ErrRemoveEntity, err)
+ }
+
+ return nil
+}
+
+func (pc *policiesCache) delete(ctx context.Context, key string) error {
+ keys, cursor, err := pc.client.Scan(ctx, 0, key, defLimit).Result()
+ if err != nil {
+ return errors.Wrap(repoerr.ErrRemoveEntity, err)
+ }
+ for cursor != 0 {
+ var newKeys []string
+ newKeys, cursor, err = pc.client.Scan(ctx, cursor, key, defLimit).Result()
+ if err != nil {
+ return errors.Wrap(repoerr.ErrRemoveEntity, err)
+ }
+ keys = append(keys, newKeys...)
+ }
+
+ for _, key := range keys {
+ if err := pc.client.Del(ctx, key).Err(); err != nil {
+ return errors.Wrap(repoerr.ErrRemoveEntity, err)
+ }
+ }
+
+ return nil
+}