Skip to content

Commit

Permalink
chore: add a bunch of logs to validate api token validation behavior (#…
Browse files Browse the repository at this point in the history
…6905)

This change is meant to test something in sandbox. It will be reverted
after the investigation.
  • Loading branch information
gastonfournier authored Apr 23, 2024
1 parent d59f1ad commit dec107a
Show file tree
Hide file tree
Showing 2 changed files with 24 additions and 0 deletions.
3 changes: 3 additions & 0 deletions src/lib/middleware/api-token-middleware.ts
Original file line number Diff line number Diff line change
Expand Up @@ -78,6 +78,9 @@ const apiAccessMiddleware = (
// If we're here, we know that api token middleware was enabled, otherwise we'd returned a no-op middleware
// We explicitly only protect client and proxy apis, since admin apis are protected by our permission checker
// Reject with 401
logger.warn(
`Client api request without valid token (${apiToken}), rejecting`,
);
res.status(401).send({
message: NO_TOKEN_WHERE_TOKEN_WAS_REQUIRED,
});
Expand Down
21 changes: 21 additions & 0 deletions src/lib/services/api-token-service.ts
Original file line number Diff line number Diff line change
Expand Up @@ -108,6 +108,9 @@ export class ApiTokenService {
async fetchActiveTokens(): Promise<void> {
try {
this.activeTokens = await this.store.getAllActive();
this.logger.info(
`Fetched active tokens from store, size: ${this.activeTokens.length}`,
);
} catch (e) {
this.logger.warn('Failed to fetch active tokens', e);
}
Expand All @@ -122,6 +125,9 @@ export class ApiTokenService {
return undefined;
}

this.logger.info(
`Checking for token in cache of size: ${this.activeTokens.length}`,
);
let token = this.activeTokens.find(
(activeToken) =>
Boolean(activeToken.secret) &&
Expand All @@ -139,13 +145,27 @@ export class ApiTokenService {
}

const nextAllowedQuery = this.queryAfter.get(secret) ?? 0;
this.logger.info(
`Token found in cache: ${Boolean(
token,
)}, next allowed query: ${nextAllowedQuery}`,
);
if (!token && isPast(nextAllowedQuery)) {
this.logger.info(
`Token not found in cache, querying database for token with secret: ${secret}`,
);
if (this.queryAfter.size > 1000) {
// establish a max limit for queryAfter size to prevent memory leak
this.logger.info(
'queryAfter size exceeded 1000, clearing cache',
);
this.queryAfter.clear();
}
// prevent querying the same invalid secret multiple times. Expire after 5 minutes
this.queryAfter.set(secret, addMinutes(new Date(), 5));
this.logger.info(
`Added ${secret} to queryAfter: ${this.queryAfter.get(secret)}`,
);

const stopCacheTimer = this.timer('getTokenWithCache.query');
token = await this.store.get(secret);
Expand Down Expand Up @@ -193,6 +213,7 @@ export class ApiTokenService {
secret: string,
): Promise<IApiUser | undefined> {
const token = await this.getTokenWithCache(secret);
this.logger.info(`getUserForToken ${secret} found: ${token}`);
if (token) {
this.lastSeenSecrets.add(token.secret);
const apiUser: IApiUser = new ApiUser({
Expand Down

0 comments on commit dec107a

Please sign in to comment.