-
-
Notifications
You must be signed in to change notification settings - Fork 658
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
chore: remove logs for secret and change invalid token query logic (#…
…6907) ## About the changes What's going on is the following: 1. When a token is not found in the token's cache we try to find it in the db 2. To prevent a denial of service attack using invalid tokens, we cache the invalid tokens so we don't hit the db. 3. The issue is that we stored this token in the cache regardless we found it or not. And if the token was valid the first time we'd add a timestamp to avoid querying this token again the next time. 4. The next iteration the token should be in the cache: https://github.com/Unleash/unleash/blob/54383a6578c221bdacdd1b9f14a108a1eb256e7c/src/lib/services/api-token-service.ts#L162 but for some reason it is not and therefore we have to make a query. But this is where the query prevention mechanism kicks in because it finds the token in the cache and kicks us out. This PR fixes this by only storing in the cache for misses if not found: https://github.com/Unleash/unleash/blob/54383a6578c221bdacdd1b9f14a108a1eb256e7c/src/lib/services/api-token-service.ts#L164-L165 The token was added to the cache because we were not checking if it had expired. Now we added a check and we also have a log for expired tokens. Some improvement opportunities: - I don't think we display that a token has expired in the UI which probably led to this issue - When a token expired we don't display a specific error message or error response saying that which is not very helpful for users
- Loading branch information
1 parent
18d317f
commit 3e4ed38
Showing
3 changed files
with
48 additions
and
31 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters