add a user hash function to serve as ID

weaveworks · Oct 4, 2022 · a8da483 · a8da483
1 parent 61b7d2a
commit a8da483
Show file tree

Hide file tree

Showing 4 changed files with 24 additions and 6 deletions.
diff --git a/core/clustersmngr/factory.go b/core/clustersmngr/factory.go
@@ -460,8 +460,8 @@ func (cf *clustersManager) UpdateUserNamespaces(ctx context.Context, user *auth.
 	wg.Wait()
 }
 
-func (cf *clustersManager) UserLock(userID string) *sync.Mutex {
-	actual, _ := cf.usersLock.LoadOrStore(userID, &sync.Mutex{})
+func (cf *clustersManager) LockUser(user *auth.UserPrincipal) *sync.Mutex {
+	actual, _ := cf.usersLock.LoadOrStore(user.Hash(), &sync.Mutex{})
 	lock := actual.(*sync.Mutex)
 	lock.Lock()
 	return lock
@@ -472,7 +472,7 @@ func (cf *clustersManager) GetUserNamespaces(user *auth.UserPrincipal) map[strin
 }
 
 func (cf *clustersManager) userNsList(ctx context.Context, user *auth.UserPrincipal) map[string][]v1.Namespace {
-	userLock := cf.UserLock(user.ID)
+	userLock := cf.LockUser(user)
 	defer userLock.Unlock()
 
 	userNamespaces := cf.GetUserNamespaces(user)

diff --git a/core/clustersmngr/factory_caches.go b/core/clustersmngr/factory_caches.go
@@ -151,5 +151,5 @@ func (un *UsersNamespaces) Clear() {
 }
 
 func (un UsersNamespaces) cacheKey(user *auth.UserPrincipal, cluster string) uint64 {
-	return ttlcache.StringKey(fmt.Sprintf("%s:%s", user.ID, cluster))
+	return ttlcache.StringKey(fmt.Sprintf("%s:%s", user.Hash(), cluster))
 }
diff --git a/pkg/server/auth/auth.go b/pkg/server/auth/auth.go
@@ -2,8 +2,10 @@ package auth
 
 import (
 	"context"
+	"crypto/md5"
 	"crypto/rand"
 	"encoding/base64"
+	"encoding/hex"
 	"fmt"
 	"net/http"
 	"net/url"
@@ -98,6 +100,12 @@ func (p *UserPrincipal) String() string {
 	return fmt.Sprintf("id=%q groups=%v", p.ID, p.Groups)
 }
 
+// Hash returns a unique string using user id,token and groups.
+func (p *UserPrincipal) Hash() string {
+	hash := md5.Sum([]byte(fmt.Sprintf("%s/%s/%v", p.ID, p.Token(), p.Groups)))
+	return hex.EncodeToString(hash[:])
+}
+
 func (p *UserPrincipal) Valid() bool {
 	if p.ID == "" && p.Token() == "" {
 		return false

diff --git a/pkg/server/auth/auth_test.go b/pkg/server/auth/auth_test.go
@@ -331,7 +331,17 @@ func TestUserPrincipal_String(t *testing.T) {
 	// principal is logged out.
 	p := auth.NewUserPrincipal(auth.ID("testing"), auth.Groups([]string{"group1", "group2"}), auth.Token("test-token"))
 
-	if s := p.String(); s != `id="testing" groups=[group1 group2]` {
-		t.Fatalf("principal.String() got %s, want %s", s, `id="testing" groups=[group1 group2]`)
+	want := `id="testing" groups=[group1 group2]`
+	if s := p.String(); s != want {
+		t.Fatalf("principal.String() got %s, want %s", s, want)
+	}
+}
+
+func TestUserPrincipal_Hash(t *testing.T) {
+	p := auth.NewUserPrincipal(auth.ID("testing"), auth.Groups([]string{"group1", "group2"}), auth.Token("test-token"))
+
+	want := "f6b28168aaeae03685db1e9151a397a8"
+	if s := p.Hash(); s != want {
+		t.Fatalf("principal.String() got %s, want %s", s, want)
 	}
 }