aboutsummaryrefslogtreecommitdiffstats
path: root/dashboard/dashapi/dashapi.go
diff options
context:
space:
mode:
authorGreg Steuck <gnezdo@google.com>2021-07-28 14:28:49 -0700
committerDmitry Vyukov <dvyukov@google.com>2021-07-30 18:21:17 +0200
commit75047cf943db20755af0bf9ce3af5502b4040b70 (patch)
tree534bc810655205298d73ed2b749361363c6c74bd /dashboard/dashapi/dashapi.go
parent7fa384c47c7a97db7f667797bfc8e1ea78167f39 (diff)
pkg/auth: create explicit JWT token cache
This will be easier to reuse as it is no longer http-specific.
Diffstat (limited to 'dashboard/dashapi/dashapi.go')
-rw-r--r--dashboard/dashapi/dashapi.go38
1 files changed, 11 insertions, 27 deletions
diff --git a/dashboard/dashapi/dashapi.go b/dashboard/dashapi/dashapi.go
index b583f893d..14fa44faa 100644
--- a/dashboard/dashapi/dashapi.go
+++ b/dashboard/dashapi/dashapi.go
@@ -17,7 +17,6 @@ import (
"net/url"
"reflect"
"strings"
- "sync"
"time"
"github.com/google/syzkaller/pkg/auth"
@@ -47,47 +46,32 @@ type (
// should be used as a bearer token.
func NewCustom(client, addr, key string, ctor RequestCtor, doer RequestDoer,
logger RequestLogger, errorHandler func(error)) (*Dashboard, error) {
+ wrappedDoer := doer
if key == "" {
- token, err := auth.RetrieveJwtToken(ctor, doer)
+ tokenCache, err := auth.MakeCache(ctor, doer)
if err != nil {
return nil, err
}
- doer = attachJwtToken(ctor, doer, token)
+ wrappedDoer = func(req *http.Request) (*http.Response, error) {
+ if token, err := tokenCache.Get(time.Now()); err == nil {
+ req.Header.Add("Authorization", "Bearer "+token)
+ return doer(req)
+ } else {
+ return nil, err
+ }
+ }
}
return &Dashboard{
Client: client,
Addr: addr,
Key: key,
ctor: ctor,
- doer: doer,
+ doer: wrappedDoer,
logger: logger,
errorHandler: errorHandler,
}, nil
}
-// Augments the given doer with an authorization header carrying the
-// given token. The token gets refreshed when it becomes stale.
-func attachJwtToken(ctor RequestCtor, doer RequestDoer, token *auth.ExpiringToken) RequestDoer {
- lock := sync.Mutex{}
- return func(req *http.Request) (*http.Response, error) {
- lock.Lock()
- if token.Expiration.Before(time.Now()) {
- // Keeping the lock while making http request is dubious, but
- // making multiple concurrent requests is not any better.
- t, err := auth.RetrieveJwtToken(ctor, doer)
- if err != nil {
- // Can't get a new token, so returning the error preemptively.
- lock.Unlock()
- return nil, err
- }
- *token = *t
- }
- req.Header.Add("Authorization", "Bearer "+token.Token)
- lock.Unlock()
- return doer(req)
- }
-}
-
// Build describes all aspects of a kernel build.
type Build struct {
Manager string
generated by ggit (джигит) mrf-deployment (git 2.46.0) at 2026-03-11 22:35:53 +0000