Cutlery/mealie
1
0
Fork 0
mirror of https://github.com/mealie-recipes/mealie.git synced 2025-07-09 03:04:54 -04:00
Code Issues Packages Projects Releases Wiki Activity

Add time-based caching for JWKS fetching (#3586)

Browse Source
This commit is contained in:
Carter 2024-05-11 21:21:55 -05:00 committed by GitHub
parent dc47145af6
commit 3f263281e7
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 8 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
mealie/core/security/providers/openid_provider.py
View File

@ -1,3 +1,4 @@
import time
from datetime import timedelta
from functools import lru_cache
@ -82,7 +83,7 @@ class OpenIDProvider(AuthProvider[OIDCRequest]):
def get_claims(self, settings: AppSettings) -> JWTClaims | None:
"""Get the claims from the ID token and check if the required claims are present"""
required_claims = {"preferred_username", "name", "email", settings.OIDC_USER_CLAIM}
jwks = OpenIDProvider.get_jwks()
jwks = OpenIDProvider.get_jwks(self.get_ttl_hash()) # cache the key set for 30 minutes
if not jwks:
return None
@ -115,8 +116,9 @@ class OpenIDProvider(AuthProvider[OIDCRequest]):
@lru_cache
@staticmethod
def get_jwks() -> KeySet | None:
"""Get the key set from the open id configuration"""
def get_jwks(ttl_hash=None) -> KeySet | None:
"""Get the key set from the openid configuration"""
del ttl_hash # ttl_hash is used for caching only
settings = get_app_settings()
if not (settings.OIDC_READY and settings.OIDC_CONFIGURATION_URL):
@ -145,3 +147,6 @@ class OpenIDProvider(AuthProvider[OIDCRequest]):
response.raise_for_status()
session.close()
return JsonWebKey.import_key_set(response.json())
def get_ttl_hash(self, seconds=1800):
return time.time() // seconds