From 3f263281e72356f66ce463fd710824a4f14b2ff6 Mon Sep 17 00:00:00 2001
From: Carter <35710697+cmintey@users.noreply.github.com>
Date: Sat, 11 May 2024 21:21:55 -0500
Subject: [PATCH] Add time-based caching for JWKS fetching (#3586)

---
 mealie/core/security/providers/openid_provider.py | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/mealie/core/security/providers/openid_provider.py b/mealie/core/security/providers/openid_provider.py
index 15fdb5900c9c..f1176cb0c0b2 100644
--- a/mealie/core/security/providers/openid_provider.py
+++ b/mealie/core/security/providers/openid_provider.py
@@ -1,3 +1,4 @@
+import time
 from datetime import timedelta
 from functools import lru_cache
 
@@ -82,7 +83,7 @@ class OpenIDProvider(AuthProvider[OIDCRequest]):
     def get_claims(self, settings: AppSettings) -> JWTClaims | None:
         """Get the claims from the ID token and check if the required claims are present"""
         required_claims = {"preferred_username", "name", "email", settings.OIDC_USER_CLAIM}
-        jwks = OpenIDProvider.get_jwks()
+        jwks = OpenIDProvider.get_jwks(self.get_ttl_hash())  # cache the key set for 30 minutes
         if not jwks:
             return None
 
@@ -115,8 +116,9 @@ class OpenIDProvider(AuthProvider[OIDCRequest]):
 
     @lru_cache
     @staticmethod
-    def get_jwks() -> KeySet | None:
-        """Get the key set from the open id configuration"""
+    def get_jwks(ttl_hash=None) -> KeySet | None:
+        """Get the key set from the openid configuration"""
+        del ttl_hash  # ttl_hash is used for caching only
         settings = get_app_settings()
 
         if not (settings.OIDC_READY and settings.OIDC_CONFIGURATION_URL):
@@ -145,3 +147,6 @@ class OpenIDProvider(AuthProvider[OIDCRequest]):
         response.raise_for_status()
         session.close()
         return JsonWebKey.import_key_set(response.json())
+
+    def get_ttl_hash(self, seconds=1800):
+        return time.time() // seconds