feat: auth cache

auth/Cargo.toml

@@ -9,28 +9,30 @@ anyhow = { workspace = true }
 async-trait = { workspace = true }
 axum = { workspace = true, features = ["headers"] }
 axum-sessions = "0.4.1"
+chrono = { workspace = true, features = ["serde"] }
 clap = { workspace = true }
 http = { workspace = true }
-jsonwebtoken = { workspace = true}
+hyper = { workspace = true }
+jsonwebtoken = { workspace = true }
 opentelemetry = { workspace = true }
 opentelemetry-datadog = { workspace = true }
 rand = { workspace = true }
 ring = { workspace = true }
-serde = { workspace = true, features = [ "derive" ] }
-sqlx = { version = "0.6.2", features = [ "sqlite", "json", "runtime-tokio-native-tls", "migrate" ] }
+serde = { workspace = true, features = ["derive"] }
+serde_json = { workspace = true }
+sqlx = { version = "0.6.2", features = ["sqlite", "json", "runtime-tokio-native-tls", "migrate"] }
 strum = { workspace = true }
 thiserror = { workspace = true }
-tokio = { version = "1.22.0", features = [ "full" ] }
+tokio = { version = "1.22.0", features = ["full"] }
+tower = { workspace = true, features = ["util"] }
 tracing = { workspace = true }
 tracing-opentelemetry = { workspace = true }
 tracing-subscriber = { workspace = true, features = ["env-filter"] }
+ttl_cache = "0.5.1"
 
 [dependencies.shuttle-common]
 workspace = true
 features = ["backend", "models"]
 
 [dev-dependencies]
 axum-extra = { version = "0.5.0", features = ["cookie"] }
-hyper = { workspace = true }
-serde_json = { workspace = true }
-tower = { workspace = true, features = ["util"] }

auth/prepare.sh

@@ -0,0 +1,8 @@
+#!/usr/bin/env sh
+
+###############################################################################
+# This file is used by our common Containerfile incase the container for this #
+# service might need some extra preparation steps for its final image         #
+###############################################################################
+
+# Nothing to prepare in container image here

auth/src/api/builder.rs

@@ -18,6 +18,7 @@ use tracing::field;
 use crate::{
     secrets::{EdDsaManager, KeyManager},
     user::{UserManagement, UserManager},
+    COOKIE_EXPIRATION,
 };
 
 use super::handlers::{
@@ -102,7 +103,7 @@ impl ApiBuilder {
         self.session_layer = Some(
             SessionLayer::new(store, &secret)
                 .with_cookie_name("shuttle.sid")
-                .with_session_ttl(Some(std::time::Duration::from_secs(60 * 60 * 24))) // One day
+                .with_session_ttl(Some(COOKIE_EXPIRATION))
                 .with_secure(true),
         );
 
@@ -116,10 +117,12 @@ impl ApiBuilder {
         let user_manager = UserManager { pool };
         let key_manager = EdDsaManager::new();
 
-        self.router.layer(session_layer).with_state(RouterState {
+        let state = RouterState {
             user_manager: Arc::new(Box::new(user_manager)),
             key_manager: Arc::new(Box::new(key_manager)),
-        })
+        };
+
+        self.router.layer(session_layer).with_state(state)
     }
 }
 

auth/src/api/handlers.rs

@@ -51,7 +51,7 @@ pub(crate) async fn login(
         .expect("to set account name");
     session
         .insert("account_tier", user.account_tier)
-        .expect("to set account name");
+        .expect("to set account tier");
 
     Ok(Json(user.into()))
 }
@@ -74,9 +74,9 @@ pub(crate) async fn convert_cookie(
 
     let claim = Claim::new(account_name, account_tier.into());
 
-    let response = shuttle_common::backends::auth::ConvertResponse {
-        token: claim.into_token(key_manager.private_key())?,
-    };
+    let token = claim.into_token(key_manager.private_key())?;
+
+    let response = shuttle_common::backends::auth::ConvertResponse { token };
 
     Ok(Json(response))
 }
@@ -92,15 +92,15 @@ pub(crate) async fn convert_key(
     let User {
         name, account_tier, ..
     } = user_manager
-        .get_user_by_key(key)
+        .get_user_by_key(key.clone())
         .await
         .map_err(|_| StatusCode::UNAUTHORIZED)?;
 
     let claim = Claim::new(name.to_string(), account_tier.into());
 
-    let response = shuttle_common::backends::auth::ConvertResponse {
-        token: claim.into_token(key_manager.private_key())?,
-    };
+    let token = claim.into_token(key_manager.private_key())?;
+
+    let response = shuttle_common::backends::auth::ConvertResponse { token };
 
     Ok(Json(response))
 }

auth/src/lib.rs

@@ -4,7 +4,7 @@ mod error;
 mod secrets;
 mod user;
 
-use std::{io, str::FromStr};
+use std::{io, str::FromStr, time::Duration};
 
 use args::StartArgs;
 use sqlx::{
@@ -22,6 +22,8 @@ use crate::{
 pub use api::ApiBuilder;
 pub use args::{Args, Commands, InitArgs};
 
+pub const COOKIE_EXPIRATION: Duration = Duration::from_secs(60 * 60 * 24); // One day
+
 pub static MIGRATIONS: Migrator = sqlx::migrate!("./migrations");
 
 pub async fn start(pool: SqlitePool, args: StartArgs) -> io::Result<()> {

common/src/backends/auth.rs

@@ -152,7 +152,7 @@ pub struct ConvertResponse {
 #[derive(Clone, Debug, Deserialize, Serialize, Eq, PartialEq)]
 pub struct Claim {
     /// Expiration time (as UTC timestamp).
-    exp: usize,
+    pub exp: usize,
     /// Issued at (as UTC timestamp).
     iat: usize,
     /// Issuer.