Cutlery/mealie
1
0
Fork 0
mirror of https://github.com/mealie-recipes/mealie.git synced 2025-07-09 03:04:54 -04:00
Code Issues Packages Projects Releases Wiki Activity

Add time-based caching for JWKS fetching (#3586)

Browse Source
This commit is contained in:
Carter 2024-05-11 21:21:55 -05:00 committed by GitHub
parent dc47145af6
commit 3f263281e7
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 8 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
mealie/core/security/providers/openid_provider.py
View File

@ -1,3 +1,4 @@
import time
from datetime import timedelta from datetime import timedelta
from functools import lru_cache from functools import lru_cache
@ -82,7 +83,7 @@ class OpenIDProvider(AuthProvider[OIDCRequest]):
def get_claims(self, settings: AppSettings) -> JWTClaims | None: def get_claims(self, settings: AppSettings) -> JWTClaims | None:
"""Get the claims from the ID token and check if the required claims are present""" """Get the claims from the ID token and check if the required claims are present"""
required_claims = {"preferred_username", "name", "email", settings.OIDC_USER_CLAIM} required_claims = {"preferred_username", "name", "email", settings.OIDC_USER_CLAIM}
jwks = OpenIDProvider.get_jwks() jwks = OpenIDProvider.get_jwks(self.get_ttl_hash()) # cache the key set for 30 minutes
if not jwks: if not jwks:
return None return None
@ -115,8 +116,9 @@ class OpenIDProvider(AuthProvider[OIDCRequest]):
@lru_cache @lru_cache
@staticmethod @staticmethod
def get_jwks() -> KeySet | None: def get_jwks(ttl_hash=None) -> KeySet | None:
"""Get the key set from the open id configuration""" """Get the key set from the openid configuration"""
del ttl_hash # ttl_hash is used for caching only
settings = get_app_settings() settings = get_app_settings()
if not (settings.OIDC_READY and settings.OIDC_CONFIGURATION_URL): if not (settings.OIDC_READY and settings.OIDC_CONFIGURATION_URL):
@ -145,3 +147,6 @@ class OpenIDProvider(AuthProvider[OIDCRequest]):
response.raise_for_status() response.raise_for_status()
session.close() session.close()
return JsonWebKey.import_key_set(response.json()) return JsonWebKey.import_key_set(response.json())
def get_ttl_hash(self, seconds=1800):
return time.time() // seconds