Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Bug]: Different tokens share the cache #257

Open
MazeXP opened this issue Nov 26, 2022 · 3 comments · May be fixed by #289
Open

[Bug]: Different tokens share the cache #257

MazeXP opened this issue Nov 26, 2022 · 3 comments · May be fixed by #289
Labels
bug Something isn't working

Comments

@MazeXP
Copy link
Contributor

MazeXP commented Nov 26, 2022

Description

When using Remora.Discord with different Bearer tokens then the cache
will be shared among all tokens.

Steps to Reproduce

  1. Switch token used during execution

Expected Behavior

The cache should differ between token.

Current Behavior

Cache does not respect token at all.

Library / Runtime Information

Irrelevant

@MazeXP MazeXP added the bug Something isn't working label Nov 26, 2022
@Nihlus
Copy link
Member

Nihlus commented Dec 2, 2022

Do we want separate caches for separate tokens? Ideally, the data should be the same regardless of the apparent user. Is there some specific case where it differs that you've encountered?

@MazeXP
Copy link
Contributor Author

MazeXP commented Dec 2, 2022

A basic example when the cache will return wrong information for a different token is simply every URL that includes /@me/ in the URL. (https://github.com/Remora/Remora.Discord/blob/main/Backend/Remora.Discord.API.Abstractions/API/Rest/IDiscordRestUserAPI.cs#L53)
In addition it could be possible that one User Token (OAuth2 Bearer) might not have the same read permissions as another one and the cache could provide a bit to much information for that token.

@Nihlus
Copy link
Member

Nihlus commented Dec 2, 2022

Ah, I see. I'll look into integrating the token into the cache keys in some kind of hashed format so we don't leak it to external services.

@Nihlus Nihlus linked a pull request Mar 19, 2023 that will close this issue
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants