-
Notifications
You must be signed in to change notification settings - Fork 233
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add file-cache option for AWS Lambda #141
Conversation
Feedback on this PR is welcome. |
would be a great improvement - waiting for the merge 👍 |
Looking forward to seeing this merged. |
Looking forward for this feature. 🚀 |
Bumps [lodash](https://github.com/lodash/lodash) from 4.17.15 to 4.17.19. - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](lodash/lodash@4.17.15...4.17.19) Signed-off-by: dependabot[bot] <[email protected]>
…h-4.17.19 Bump lodash from 4.17.15 to 4.17.19
Update Buffer initialization to non-deprecated method
* Fixes vulnerability in express-jwt * Update tests using expressJwt
* Add async functions * add tests * extract custom promisify function * Add method docs * Update README * Fix linter issues Co-authored-by: David Patrick <[email protected]>
Use axios url parameter instead of baseURL
Release v1.9.0
These methods were added by auth0#161, but the PR did not include an update to the matching Typescript type definitions. Without this update, these new methods are unusable in Typescript projects.
Add missing async methods to Typescript type definitions
Signed off by: fossabot <[email protected]>
Add license scan report and status
* style: no extra semi * feat: no-extra-semi rule Co-authored-by: David Patrick <[email protected]>
Co-authored-by: Luciano Balmaceda <[email protected]>
@vanhumbeecka thanks for the terrific contribution. Are you able to update this PR with the changes from #149 introduced by @oscarwest ? Or should we favor that PR? Thanks 🙏 |
Hi @davidpatrick, I'll update the PR based on feedback in this thread. |
Default proxy option on Axios does not work. Using http-proxy-agent to handle proxied requests
adds the ability to use cache and rateLimit on the getSigningKeyAsync method
Co-authored-by: David Patrick <[email protected]>
@davidpatrick Ok, so I changed this PR by changing the Not sure why the codecov project is failing though... |
Brilliant thanks @vanhumbeecka 🙇 I will take a look |
@vanhumbeecka thanks for having the patience on this PR. I recently had some more bandwidth to dive a little deeper into this library and discuss with the team some of the requests/issues surrounding this library. It seems the crux of the issue is that in-memory caching doesn't work for environments with multiple nodes/servers. We appreciate raising this issue, and the accompanying PR, however the proposed PR has a couple of issues:
A more flexible approach we think would be to allow the user to replace the memoizer(in-memory) cache with their own cache implementation. Similair to our sister library and its dummy-cache. An example of what a custom cache might look like: // This would belong to the client/consumer of this library
class CustomCache = {
get(kid, getSigningKey) {
const key = this.has(kid);
if (key) { return Promise.resolve(key); ****}
return new Promise((resolve, reject) => {
getSigningKey(kid, (err, key) => {
if (err) { return reject(err); }
this.set(kid, key);
return resolve(key);
}
);
});
},
has(kid) {
// if cache invalid (expired?) -- this.get
// if cache valid -- retrieveFromCacheStore(kid)
},
set(kid, key) {
// saveInCacheStore(kid, key)
}
};
const customCache = new CustomCache();
const client = jwksClient({ cache: true, customCache }) Then inside of the cache wrapper we could implement it like so: // ./src/wrappers/cache.js
export default function(client, { customCache, cacheMaxEntries = 5, cacheMaxAge = ms('10m') } = options) {
const logger = debug('jwks');
const getSigningKey = client.getSigningKey;
if (customCache) {
return customCache.get(kid, getSigningKey)
.then(key => cb(null, key))
.catch(err => cb(err));
}
return memoizer({
//..//
}); Let me know what you think and if you can see any instances where this wouldn't work for you. I can take ownership of the implementation, or if this is something that you want to take on I can assist. |
Hi @davidpatrick, I can certainly agree with your assessment.
The current implementation is indeed specific to serverless environments. That also means that the
True, but again, I went for 'easy-of-use' in this implementation, meaning adding a single flag to 'true' worked without worrying about configuration. That being said, I guess most developers actually do want more flexibility and control, so I can't really argue with your statements in that regard. So feel free to take over from here if you want to 👍 . |
@vanhumbeecka perfect thanks for the quick response. I will be tackling this next week. Thanks again for raising the issue 🙇 |
By submitting a PR to this repository, you agree to the terms within the Auth0 Code of Conduct. Please see the contributing guidelines for how to create and submit a high-quality PR for this repo.
Description
The caching option where
cache = true
does not work on AWS Lambda environments, resulting in too many JWKS endpoint calls.This PR extends the options object of
passportJwtSecret
with an extra option calleduseTmpFileCache
(optional boolean, default =false
).When enabled, the caching layer will use local file-storage for caching under
/tmp
folder.This plays nicely with serverless like AWS Lambda (tested), but also GCP App Engine (not tested), which both uses the
/tmp
location for local file storage which is shared between multiple instances of the same service.Tests have been added to the
tests
folder.Testing
See the
tests
folder.mock-fs
has been used for mocking the file-system.Checklist
master