- the token for the third party app is now cached

- Moreover, a counter for each token is cached. Any third party app is only allowed to upload 30 files.
ComPlat · Jul 13, 2023 · 39d2824 · 39d2824
1 parent ede8e53
commit 39d2824
Show file tree

Hide file tree

Showing 3 changed files with 55 additions and 2 deletions.
diff --git a/app/api/chemotion/third_party_app_api.rb b/app/api/chemotion/third_party_app_api.rb
@@ -3,6 +3,8 @@
 module Chemotion
   # Publish-Subscription MessageAPI
   class ThirdPartyAppAPI < Grape::API
+    cache_options = { store: Rails.cache }
+
     helpers do
       def decode_token(token)
         payload = JWT.decode(token, Rails.application.secrets.secret_key_base) unless token.nil?
@@ -27,11 +29,21 @@ def download_third_party_app(token)
         @user = User.find_by(id: payload[1])
         header['Content-Disposition'] = "attachment; filename=#{@attachment.filename}"
         env['api.format'] = :binary
-        @attachment.read_file
+        cache_key = "token/#{payload[0]}/#{payload[1]}"
+        token_cached = Rails.cache.read(cache_key)
+        token_cached.counter = token_cached.counter + 1
+        Rails.cache.write(cache_key, token_cached)
+        @attachment.read_file if token_cached.counter <= 2
       end
 
       def upload_third_party_app(token, file_name, file, file_type)
         payload = decode_token(token)
+        cache_key = "token/#{payload[0]}/#{payload[1]}"
+        token_cached = Rails.cache.read(cache_key)
+        token_cached.counter = token_cached.counter + 1
+        Rails.cache.write(cache_key, token_cached)
+        return unless token_cached.counter <= 30
+
         attachment = Attachment.find_by(id: payload[0])
         new_attachment = Attachment.new(attachable: attachment.attachable,
                                         created_by: attachment.created_by,
@@ -42,6 +54,18 @@ def upload_third_party_app(token, file_name, file, file_type)
         end
         { message: 'File uploaded successfully' }
       end
+
+      def encode_token(payload)
+        cache_key = cache_key_for_encoded_token(payload)
+        Rails.cache.fetch(cache_key, expires_in: 48.hours) do
+          token = JsonWebToken.encode(payload, 48.hours.from_now)
+          CachedTokenThirdPartyApp.new(token, 0)
+        end
+      end
+
+      def cache_key_for_encoded_token(payload)
+        "encoded_token/#{payload[:attID]}/#{payload[:userID]}"
+      end
     end
 
     namespace :public_third_party_app do
@@ -166,8 +190,11 @@ def upload_third_party_app(token, file_name, file, file_type)
         requires :userID, type: String, desc: 'User ID'
       end
       get 'Token' do
+        cache_key = "token/#{params[:attID]}/#{params[:userID]}"
         payload = { attID: params[:attID], userID: params[:userID] }
-        JsonWebToken.encode(payload, 48.hours.from_now)
+        cached_token = encode_token(payload)
+        Rails.cache.write(cache_key, cached_token, expires_in: 48.hours)
+        cached_token.token
       end
     end
 

diff --git a/app/models/cached_token_third_party_app.rb b/app/models/cached_token_third_party_app.rb
@@ -0,0 +1,8 @@
+class CachedTokenThirdPartyApp
+  attr_accessor :token, :counter
+
+  def initialize(token, counter)
+    @token = token
+    @counter = counter
+  end
+end
diff --git a/spec/api/chemotion/third_party_app_api_spec.rb b/spec/api/chemotion/third_party_app_api_spec.rb
@@ -257,6 +257,15 @@
 
     it 'download a file' do
       payload = { attID: params_token[:attID], userID: params_token[:userID]}
+      cache_key = "token/#{params_token[:attID]}/#{params_token[:userID]}"
+      cached_token = Rails.cache.read(cache_key)
+      if cached_token.nil?
+        payload = { attID: params_token[:attID], userID: params_token[:userID] }
+        secret = Rails.application.secrets.secret_key_base
+        token = JWT.encode(payload, secret, 'HS256')
+        token_class = CachedTokenThirdPartyApp.new(token, 0)
+        Rails.cache.write(cache_key, token_class, expires_in: 48.hours)
+      end
       secret = Rails.application.secrets.secret_key_base
       token = JWT.encode payload, secret, 'HS256'
       params = {token: token}
@@ -289,6 +298,15 @@
 
     it 'upload a file' do
       payload = { attID: params_token[:attID], userID: params_token[:userID]}
+      cache_key = "token/#{params_token[:attID]}/#{params_token[:userID]}"
+      cached_token = Rails.cache.read(cache_key)
+      if cached_token.nil?
+        payload = { attID: params_token[:attID], userID: params_token[:userID] }
+        secret = Rails.application.secrets.secret_key_base
+        token = JWT.encode(payload, secret, 'HS256')
+        token_class = CachedTokenThirdPartyApp.new(token, 0)
+        Rails.cache.write(cache_key, token_class, expires_in: 48.hours)
+      end
       secret = Rails.application.secrets.secret_key_base
       token = JWT.encode payload, secret, 'HS256'
       file_path = 'spec/fixtures/upload.csv'