Fix basic auth caching (#2239)

Basic auth cache was initialized for every API on every API reload. go-cache by itself consume quite lot of resources, when started in such amounts. Fix #2238
TykTechnologies · Apr 27, 2019 · 08dfc0a · 08dfc0a
1 parent ef56da7
commit 08dfc0a
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 8 deletions.
diff --git a/api_loader.go b/api_loader.go
@@ -10,12 +10,10 @@ import (
 	"sort"
 	"strconv"
 	"strings"
-	"time"
 
 	"github.com/Sirupsen/logrus"
 	"github.com/gorilla/mux"
 	"github.com/justinas/alice"
-	cache "github.com/pmylund/go-cache"
 
 	"github.com/TykTechnologies/tyk/apidef"
 	"github.com/TykTechnologies/tyk/config"
@@ -353,7 +351,7 @@ func processSpec(spec *APISpec, apisByListen map[string]int,
 			logger.Info("Checking security policy: OAuth")
 		}
 
-		if mwAppendEnabled(&authArray, &BasicAuthKeyIsValid{baseMid, cache.New(60*time.Second, 60*time.Minute), nil, nil}) {
+		if mwAppendEnabled(&authArray, &BasicAuthKeyIsValid{baseMid, nil, nil}) {
 			logger.Info("Checking security policy: Basic")
 		}
 

diff --git a/multiauth_test.go b/multiauth_test.go
@@ -12,7 +12,6 @@ import (
 
 	"github.com/justinas/alice"
 	"github.com/lonelycode/go-uuid/uuid"
-	cache "github.com/pmylund/go-cache"
 
 	"github.com/TykTechnologies/tyk/user"
 )
@@ -78,7 +77,7 @@ func getMultiAuthStandardAndBasicAuthChain(spec *APISpec) http.Handler {
 	chain := alice.New(mwList(
 		&IPWhiteListMiddleware{baseMid},
 		&IPBlackListMiddleware{BaseMiddleware: baseMid},
-		&BasicAuthKeyIsValid{baseMid, cache.New(60*time.Second, 60*time.Minute), nil, nil},
+		&BasicAuthKeyIsValid{baseMid, nil, nil},
 		&AuthKey{baseMid},
 		&VersionCheck{BaseMiddleware: baseMid},
 		&KeyExpired{baseMid},

diff --git a/mw_basic_auth.go b/mw_basic_auth.go
@@ -23,10 +23,11 @@ import (
 
 const defaultBasicAuthTTL = time.Duration(60) * time.Second
 
+var basicAuthCache = cache.New(60*time.Second, 60*time.Minute)
+
 // BasicAuthKeyIsValid uses a username instead of
 type BasicAuthKeyIsValid struct {
 	BaseMiddleware
-	cache *cache.Cache
 
 	bodyUserRegexp     *regexp.Regexp
 	bodyPasswordRegexp *regexp.Regexp
@@ -224,7 +225,7 @@ func (k *BasicAuthKeyIsValid) doBcryptWithCache(cacheDuration time.Duration, has
 
 	hasher := murmur3.New64()
 	hasher.Write(password)
-	k.cache.Set(string(hashedPassword), string(hasher.Sum(nil)), cacheDuration)
+	basicAuthCache.Set(string(hashedPassword), string(hasher.Sum(nil)), cacheDuration)
 
 	return nil
 }
@@ -245,7 +246,7 @@ func (k *BasicAuthKeyIsValid) compareHashAndPassword(hash string, password strin
 		cacheTTL = time.Duration(k.Spec.BasicAuth.CacheTTL) * time.Second
 	}
 
-	cachedPass, inCache := k.cache.Get(hash)
+	cachedPass, inCache := basicAuthCache.Get(hash)
 	if !inCache {
 
 		logEntry.Debug("cache enabled: miss: bcrypt")