WS-2124: Update TTL for profile in the cache to match user token exp. date - COMPLETE

Author: ddragosd

src/lua/api-gateway/validation/oauth2/oauthTokenValidator.lua

@@ -16,6 +16,7 @@
 --  1. oauth_token_scope
 --  2. oauth_token_client_id
 --  3. oauth_token_user_id
+--  4. oauth_token_expires_at
 
 local BaseValidator = require "api-gateway.validation.validator"
 local cjson = require "cjson"
@@ -47,8 +48,8 @@ end
 -- @param json Token info object
 --
 function _M:isCachedTokenValid(json)
-    local expires_in_ms = self:getExpiresIn(json.oauth_token_expires_at)
-    return expires_in_ms
+    local expires_in_s = self:getExpiresIn(json.oauth_token_expires_at)
+    return expires_in_s
 end
 
 -- returns the key that should be used when looking up in the cache --
@@ -61,23 +62,32 @@ function _M:getOauthTokenForCaching(token, oauth_host)
     end
 end
 
---- Converts the expire_at into expire_in
--- @param expire_at UTC expiration time in ms
+--- Converts the expire_at into expire_in in seconds
+-- @param expire_at UTC expiration time in seconds
 --
 function _M:getExpiresIn(expire_at)
-    local local_t = os.time() * 1000
-    local expires_in_ms = expire_at - local_t
-    return expires_in_ms
+    if ( expire_at == nil ) then
+        return LOCAL_CACHE_TTL
+    end
+
+    local expire_at_s = expire_at
+    if expire_at_s > 9999999999 then
+        expire_at_s = expire_at / 1000
+    end
+
+    local local_t = os.time()
+    local expires_in_s = expire_at_s - local_t
+    return expires_in_s
 end
 
 function _M:storeTokenInCache(cacheLookupKey, cachingObj, expire_at_ms_utc)
-    local expires_in_ms = self:getExpiresIn(expire_at_ms_utc)
-    if ( expires_in_ms <= 0 ) then
+    local expires_in_s = self:getExpiresIn(expire_at_ms_utc)
+    if ( expires_in_s <= 0 ) then
         ngx.log(ngx.DEBUG, "OAuth Token was not persisted in the cache as it has expired at:" .. tostring(expire_at_ms_utc) .. ", while now is:" .. tostring(os.time() * 1000) .. " ms.")
         return nil
     end
-    local local_expire_in =  math.min( expires_in_ms / 1000, LOCAL_CACHE_TTL )
-    ngx.log(ngx.DEBUG, "Storing a new token expiring in  " .. tostring(local_expire_in) .. " s locally, out of a total validity of " .. tostring(expires_in_ms / 1000) .. " s.")
+    local local_expire_in =  math.min( expires_in_s, LOCAL_CACHE_TTL )
+    ngx.log(ngx.DEBUG, "Storing a new token expiring in  " .. tostring(local_expire_in) .. " s locally, out of a total validity of " .. tostring(expires_in_s) .. " s.")
     local cachingObjString = cjson.encode(cachingObj)
     self:setKeyInLocalCache(cacheLookupKey, cachingObjString, local_expire_in, "cachedOauthTokens")
     self:setKeyInRedis(cacheLookupKey, "token_json", expire_at_ms_utc, cachingObjString)
@@ -157,8 +167,8 @@ function _M:validate_ims_token()
         local obj = cjson.decode(cachedToken)
         local tokenValidity, error = self:isCachedTokenValid(obj)
         if tokenValidity > 0 then
-            local local_expire_in =  math.min( tokenValidity / 1000, LOCAL_CACHE_TTL )
-            ngx.log(ngx.DEBUG, "Caching locally a new token for " .. tostring(local_expire_in) .. " s, out of a total validity of " .. tostring(tokenValidity / 1000) .. " s.")
+            local local_expire_in =  math.min( tokenValidity, LOCAL_CACHE_TTL )
+            ngx.log(ngx.DEBUG, "Caching locally a new token for " .. tostring(local_expire_in) .. " s, out of a total validity of " .. tostring(tokenValidity ) .. " s.")
             self:setKeyInLocalCache(cacheLookupKey, cachedToken, local_expire_in  , "cachedOauthTokens")
             self:setContextProperties(obj)
             return self:exitFn(ngx.HTTP_OK)

src/lua/api-gateway/validation/oauth2/userProfileValidator.lua

@@ -7,6 +7,7 @@
 --   2. ngx.var.authtoken                       - required to be set
 --   3. ngx.var.redis_backend                   - required
 --   4. lua_shared_dict cachedOauthTokens 50m;  - required. The local shared dict to cache user profiles
+--   5. ngx.ctx.oauth_token_expires_at          - optional. This is usually set by the oauthTokenValidator
 --
 -- Properties that can be set by this validator:
 --  1. user_email
@@ -44,6 +45,10 @@ local DEFAULT_COUNTRY_MAP = {
     AP = { "AU", "AF", "AQ", "BH", "BD", "BT", "BN", "MM", "KH", "CN", "CX", "CC", "CK", "TL", "FJ", "PF", "HK", "IN", "ID", "IQ", "IL", "JP", "JO", "KZ", "KI", "KR", "KW", "KG", "LA", "LB", "MO", "MY", "MV", "MH", "FM", "MN", "NR", "NP", "NC", "NZ", "NU", "NF", "OM", "PK", "PG", "PH", "PN", "QA", "RU", "WS", "SA", "SG", "SB", "LK", "TW", "TJ", "TH", "TK", "TO", "TR", "TM", "TV", "AE", "UZ", "VU", "VN", "WF", "YE" }
 }
 
+---
+-- Maximum time in seconds specifying how long to cache a valid token in GW's memory
+local LOCAL_CACHE_TTL = 60
+
 -- returns the key that should be used when looking up in the cache --
 function _M:getCacheToken(token)
     local t = token;
@@ -55,6 +60,24 @@ function _M:getCacheToken(token)
     end
 end
 
+--- Converts the expire_at into expire_in in seconds
+-- @param expire_at UTC expiration time in seconds
+--
+function _M:getExpiresIn(expire_at)
+    if ( expire_at == nil ) then
+        return LOCAL_CACHE_TTL
+    end
+
+    local expire_at_s = expire_at
+    if expire_at_s > 9999999999 then
+        expire_at_s = expire_at / 1000
+    end
+
+    local local_t = os.time()
+    local expires_in_s = expire_at_s - local_t
+    return expires_in_s
+end
+
 function _M:getProfileFromCache(cacheLookupKey)
     local localCacheValue = self:getKeyFromLocalCache(cacheLookupKey, "cachedUserProfiles")
     if ( localCacheValue ~= nil ) then
@@ -64,19 +87,28 @@ function _M:getProfileFromCache(cacheLookupKey)
 
     local redisCacheValue = self:getKeyFromRedis(cacheLookupKey, "user_json")
     if ( redisCacheValue ~= nil ) then
-        -- ngx.log(ngx.WARN, "Found profile in redis cache")
-        self:setKeyInLocalCache(cacheLookupKey, redisCacheValue, 60, "cachedUserProfiles")
+        ngx.log(ngx.DEBUG, "Found User Profile in Redis cache")
+        local oauthTokenExpiration = ngx.ctx.oauth_token_expires_at
+        local expiresIn = self:getExpiresIn(oauthTokenExpiration)
+        local localExpiresIn = math.min( expiresIn, LOCAL_CACHE_TTL )
+        ngx.log(ngx.DEBUG, "Storing cached User Profile in the local cache for " .. tostring(localExpiresIn) .. " s out of a total validity of " .. tostring(expiresIn) .. " s.")
+        self:setKeyInLocalCache(cacheLookupKey, redisCacheValue, localExpiresIn, "cachedUserProfiles")
         return redisCacheValue
     end
     return nil;
 end
 
 function _M:storeProfileInCache(cacheLookupKey, cachingObj)
     local cachingObjString = cjson.encode(cachingObj)
-    -- TODO: find a better way to compute the expiry time
-    self:setKeyInLocalCache(cacheLookupKey, cachingObjString, 60, "cachedUserProfiles")
+
+    local oauthTokenExpiration = ngx.ctx.oauth_token_expires_at
+    local expiresIn = self:getExpiresIn(oauthTokenExpiration)
+    local localExpiresIn = math.min( expiresIn, LOCAL_CACHE_TTL )
+    ngx.log(ngx.DEBUG, "Storing new cached User Profile in the local cache for " .. tostring(localExpiresIn) .. " s out of a total validity of " .. tostring(expiresIn) .. " s.")
+
+    self:setKeyInLocalCache(cacheLookupKey, cachingObjString, localExpiresIn , "cachedUserProfiles")
     -- cache the use profile for 5 minutes
-    self:setKeyInRedis(cacheLookupKey, "user_json", ((os.time() + 300) * 1000 ), cachingObjString)
+    self:setKeyInRedis(cacheLookupKey, "user_json", oauthTokenExpiration or ((os.time() + LOCAL_CACHE_TTL) * 1000 ), cachingObjString)
 end
 
 --- Returns true if the profile is valid for the request context
@@ -106,6 +138,8 @@ end
 
 ---
 -- Returns an object with a set of variables to be saved in the request's context and later in the request's vars
+--  IMPORTANT: This method is only called when fetching a new profile, otherwise the information from the cache
+--             is read and automatically added to the context based on the object returned by this method
 -- @param profile User Profile
 --
 function _M:extractContextVars(profile)