forked from TrueCloudLab/distribution
Add token cache
Token cache prevents the need to get a new token for every registry interaction. Since the tokens are short lived, the cache expires after only a minute. Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
This commit is contained in:
parent
5bf94a6438
commit
9c24fc93ad
1 changed files with 20 additions and 3 deletions
23
docs/auth.go
23
docs/auth.go
|
@ -10,6 +10,8 @@ import (
|
|||
"os"
|
||||
"path"
|
||||
"strings"
|
||||
"sync"
|
||||
"time"
|
||||
|
||||
log "github.com/Sirupsen/logrus"
|
||||
"github.com/docker/docker/utils"
|
||||
|
@ -43,6 +45,10 @@ type RequestAuthorization struct {
|
|||
resource string
|
||||
scope string
|
||||
actions []string
|
||||
|
||||
tokenLock sync.Mutex
|
||||
tokenCache string
|
||||
tokenExpiration time.Time
|
||||
}
|
||||
|
||||
func NewRequestAuthorization(authConfig *AuthConfig, registryEndpoint *Endpoint, resource, scope string, actions []string) *RequestAuthorization {
|
||||
|
@ -56,7 +62,14 @@ func NewRequestAuthorization(authConfig *AuthConfig, registryEndpoint *Endpoint,
|
|||
}
|
||||
|
||||
func (auth *RequestAuthorization) getToken() (string, error) {
|
||||
// TODO check if already has token and before expiration
|
||||
auth.tokenLock.Lock()
|
||||
defer auth.tokenLock.Unlock()
|
||||
now := time.Now()
|
||||
if now.Before(auth.tokenExpiration) {
|
||||
log.Debugf("Using cached token for %s", auth.authConfig.Username)
|
||||
return auth.tokenCache, nil
|
||||
}
|
||||
|
||||
client := &http.Client{
|
||||
Transport: &http.Transport{
|
||||
DisableKeepAlives: true,
|
||||
|
@ -80,14 +93,18 @@ func (auth *RequestAuthorization) getToken() (string, error) {
|
|||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
// TODO cache token and set expiration to one minute from now
|
||||
auth.tokenCache = token
|
||||
auth.tokenExpiration = now.Add(time.Minute)
|
||||
|
||||
return token, nil
|
||||
default:
|
||||
log.Infof("Unsupported auth scheme: %q", challenge.Scheme)
|
||||
}
|
||||
}
|
||||
// TODO no expiration, do not reattempt to get a token
|
||||
|
||||
// Do not expire cache since there are no challenges which use a token
|
||||
auth.tokenExpiration = time.Now().Add(time.Hour * 24)
|
||||
|
||||
return "", nil
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in a new issue