Skip to content

Commit

Permalink
fix: fail gracefully when no cache headers are available (#623)
Browse files Browse the repository at this point in the history
* fix: fail gracefully when no cache headers

* PR fixes
  • Loading branch information
lahirumaramba authored May 23, 2024
1 parent a886851 commit be294e6
Show file tree
Hide file tree
Showing 4 changed files with 18 additions and 2,500 deletions.
14 changes: 6 additions & 8 deletions auth/token_verifier.go
Original file line number Diff line number Diff line change
Expand Up @@ -432,10 +432,7 @@ func (k *httpKeySource) refreshKeys(ctx context.Context) error {
return err
}

maxAge, err := findMaxAge(resp)
if err != nil {
return err
}
maxAge := findMaxAge(resp)

k.CachedKeys = append([]*publicKey(nil), newKeys...)
k.ExpiryTime = k.Clock.Now().Add(*maxAge)
Expand Down Expand Up @@ -476,19 +473,20 @@ func parsePublicKey(kid string, key []byte) (*publicKey, error) {
return &publicKey{kid, pk}, nil
}

func findMaxAge(resp *http.Response) (*time.Duration, error) {
func findMaxAge(resp *http.Response) *time.Duration {
cc := resp.Header.Get("cache-control")
for _, value := range strings.Split(cc, ",") {
value = strings.TrimSpace(value)
if strings.HasPrefix(value, "max-age=") {
sep := strings.Index(value, "=")
seconds, err := strconv.ParseInt(value[sep+1:], 10, 64)
if err != nil {
return nil, err
seconds = 0
}
duration := time.Duration(seconds) * time.Second
return &duration, nil
return &duration
}
}
return nil, errors.New("Could not find expiry time from HTTP headers")
defaultDuration := time.Duration(0) * time.Second
return &defaultDuration
}
31 changes: 9 additions & 22 deletions auth/token_verifier_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -140,38 +140,25 @@ func TestFindMaxAge(t *testing.T) {
{"max-age=100", 100},
{"public, max-age=100", 100},
{"public,max-age=100", 100},
{"public, max-age=100, must-revalidate, no-transform", 100},
{"", 0},
{"max-age 100", 0},
{"max-age: 100", 0},
{"max-age2=100", 0},
{"max-age=foo", 0},
{"private,", 0},
}
for _, tc := range cases {
resp := &http.Response{
Header: http.Header{"Cache-Control": {tc.cc}},
}
age, err := findMaxAge(resp)
if err != nil {
t.Errorf("findMaxAge(%q) = %v", tc.cc, err)
} else if *age != (time.Duration(tc.want) * time.Second) {
age := findMaxAge(resp)
if *age != (time.Duration(tc.want) * time.Second) {
t.Errorf("findMaxAge(%q) = %v; want = %v", tc.cc, *age, tc.want)
}
}
}

func TestFindMaxAgeError(t *testing.T) {
cases := []string{
"",
"max-age 100",
"max-age: 100",
"max-age2=100",
"max-age=foo",
}
for _, tc := range cases {
resp := &http.Response{
Header: http.Header{"Cache-Control": []string{tc}},
}
if age, err := findMaxAge(resp); age != nil || err == nil {
t.Errorf("findMaxAge(%q) = (%v, %v); want = (nil, err)", tc, age, err)
}
}
}

func TestParsePublicKeys(t *testing.T) {
b, err := ioutil.ReadFile("../testdata/public_certs.json")
if err != nil {
Expand Down
2 changes: 1 addition & 1 deletion go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ require (
go.opentelemetry.io/otel/metric v1.24.0 // indirect
go.opentelemetry.io/otel/trace v1.24.0 // indirect
golang.org/x/crypto v0.21.0 // indirect
golang.org/x/net v0.22.0 // indirect
golang.org/x/net v0.23.0 // indirect
golang.org/x/sync v0.6.0 // indirect
golang.org/x/sys v0.18.0 // indirect
golang.org/x/text v0.14.0 // indirect
Expand Down
Loading

0 comments on commit be294e6

Please sign in to comment.