comparison mod_http_oauth2/mod_http_oauth2.lua @ 5751:d563a6b0dfb7

mod_http_oauth2: Comment on authorization code storage
author Kim Alvefur <zash@zash.se>
date Fri, 01 Dec 2023 21:35:25 +0100
parents 426c42c11f89
children c27eaa7117d6
comparison
equal deleted inserted replaced
5750:c89077b4f46e 5751:d563a6b0dfb7
213 213
214 local function code_expired(code) --> boolean, true: has expired, false: still valid 214 local function code_expired(code) --> boolean, true: has expired, false: still valid
215 return code_expires_in(code) < 0; 215 return code_expires_in(code) < 0;
216 end 216 end
217 217
218 -- LRU cache for short-term storage of authorization codes and device codes
218 local codes = cache.new(10000, function (_, code) 219 local codes = cache.new(10000, function (_, code)
220 -- If the cache is full and the oldest item hasn't expired yet then we
221 -- might be under some kind of DoS attack, so might as well reject further
222 -- entries for a bit.
219 return code_expired(code) 223 return code_expired(code)
220 end); 224 end);
221 225
222 -- Clear out unredeemed codes so they don't linger in memory. 226 -- Clear out unredeemed codes so they don't linger in memory.
223 module:daily("Clear expired authorization codes", function() 227 module:daily("Clear expired authorization codes", function()
228 -- The tail should be the least recently touched item, and most likely to
229 -- have expired already, so check and remove that one until encountering
230 -- one that has not expired.
224 local k, code = codes:tail(); 231 local k, code = codes:tail();
225 while code and code_expired(code) do 232 while code and code_expired(code) do
226 codes:set(k, nil); 233 codes:set(k, nil);
227 k, code = codes:tail(); 234 k, code = codes:tail();
228 end 235 end