diff options
author | John Cai <jcai@gitlab.com> | 2020-05-27 04:48:41 +0300 |
---|---|---|
committer | John Cai <jcai@gitlab.com> | 2020-05-27 04:48:41 +0300 |
commit | 4c76ddae755402fa819aa8cd719a2b201abee02b (patch) | |
tree | 460272999559f91b8dca31454f6401900cb01655 | |
parent | a08561eebea15f32dd4217ca122ce0fc2364a2d6 (diff) |
Expire connections after 30 secondsjc-fix-auth-token-expiration
-rw-r--r-- | auth/token.go | 4 | ||||
-rw-r--r-- | internal/service/repository/replicate.go | 21 | ||||
-rw-r--r-- | internal/service/repository/server.go | 5 |
3 files changed, 15 insertions, 15 deletions
diff --git a/auth/token.go b/auth/token.go index dee53227c..d802a58e1 100644 --- a/auth/token.go +++ b/auth/token.go @@ -17,7 +17,7 @@ import ( ) const ( - timestampThreshold = 30 * time.Second + TimestampThreshold = 30 * time.Second ) var ( @@ -58,7 +58,7 @@ func CheckToken(ctx context.Context, secret string, targetTime time.Time) error } if authInfo.Version == "v2" { - if v2HmacInfoValid(authInfo.Message, authInfo.SignedMessage, []byte(secret), targetTime, timestampThreshold) { + if v2HmacInfoValid(authInfo.Message, authInfo.SignedMessage, []byte(secret), targetTime, TimestampThreshold) { return nil } } diff --git a/internal/service/repository/replicate.go b/internal/service/repository/replicate.go index 3952bd242..24d1c060b 100644 --- a/internal/service/repository/replicate.go +++ b/internal/service/repository/replicate.go @@ -8,6 +8,7 @@ import ( "os" "os/exec" "path/filepath" + "time" "github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus" gitalyauth "gitlab.com/gitlab-org/gitaly/auth" @@ -261,8 +262,8 @@ func (s *server) getOrCreateConnection(address, token string) (*grpc.ClientConn, cc, ok := s.connsByAddress[address] s.connsMtx.RUnlock() - if ok { - return cc, nil + if ok && time.Since(cc.issuedAt) < gitalyauth.TimestampThreshold { + return cc.conn, nil } s.connsMtx.Lock() @@ -274,17 +275,17 @@ func (s *server) getOrCreateConnection(address, token string) (*grpc.ClientConn, connOpts = append(connOpts, grpc.WithPerRPCCredentials(gitalyauth.RPCCredentialsV2(token))) } - cc, ok = s.connsByAddress[address] - if ok { - return cc, nil - } - - cc, err := client.Dial(address, connOpts) + clientConn, err := client.Dial(address, connOpts) if err != nil { return nil, fmt.Errorf("could not dial source: %v", err) } - s.connsByAddress[address] = cc + s.connsByAddress[address] = &cachedConn{conn: clientConn, issuedAt: time.Now()} + + return clientConn, nil +} - return cc, nil +type cachedConn struct { + conn *grpc.ClientConn + issuedAt time.Time } diff --git a/internal/service/repository/server.go b/internal/service/repository/server.go index 563b9c2a1..f86b20906 100644 --- a/internal/service/repository/server.go +++ b/internal/service/repository/server.go @@ -7,20 +7,19 @@ import ( "gitlab.com/gitlab-org/gitaly/internal/helper" "gitlab.com/gitlab-org/gitaly/internal/rubyserver" "gitlab.com/gitlab-org/gitaly/proto/go/gitalypb" - "google.golang.org/grpc" ) type server struct { ruby *rubyserver.Server gitalypb.UnimplementedRepositoryServiceServer - connsByAddress map[string]*grpc.ClientConn + connsByAddress map[string]*cachedConn connsMtx sync.RWMutex internalGitalySocket string } // NewServer creates a new instance of a gRPC repo server func NewServer(rs *rubyserver.Server, internalGitalySocket string) gitalypb.RepositoryServiceServer { - return &server{ruby: rs, connsByAddress: make(map[string]*grpc.ClientConn), internalGitalySocket: internalGitalySocket} + return &server{ruby: rs, connsByAddress: make(map[string]*cachedConn), internalGitalySocket: internalGitalySocket} } func (*server) FetchHTTPRemote(context.Context, *gitalypb.FetchHTTPRemoteRequest) (*gitalypb.FetchHTTPRemoteResponse, error) { |