core: only cache Applications API when no filtering is done

This commit is contained in:
Jens Langhammer 2021-01-28 23:16:51 +01:00
parent 5ef4354723
commit 188ef0f58f

View file

@ -11,6 +11,7 @@ from rest_framework.response import Response
from rest_framework.serializers import ModelSerializer from rest_framework.serializers import ModelSerializer
from rest_framework.viewsets import ModelViewSet from rest_framework.viewsets import ModelViewSet
from rest_framework_guardian.filters import ObjectPermissionsFilter from rest_framework_guardian.filters import ObjectPermissionsFilter
from structlog.stdlib import get_logger
from authentik.admin.api.metrics import get_events_per_1h from authentik.admin.api.metrics import get_events_per_1h
from authentik.core.api.providers import ProviderSerializer from authentik.core.api.providers import ProviderSerializer
@ -18,6 +19,8 @@ from authentik.core.models import Application
from authentik.events.models import EventAction from authentik.events.models import EventAction
from authentik.policies.engine import PolicyEngine from authentik.policies.engine import PolicyEngine
LOGGER = get_logger()
def user_app_cache_key(user_pk: str) -> str: def user_app_cache_key(user_pk: str) -> str:
"""Cache key where application list for user is saved""" """Cache key where application list for user is saved"""
@ -74,23 +77,35 @@ class ApplicationViewSet(ModelViewSet):
queryset = backend().filter_queryset(self.request, queryset, self) queryset = backend().filter_queryset(self.request, queryset, self)
return queryset return queryset
def _get_allowed_applications(self, queryset: QuerySet) -> list[Application]:
applications = []
for application in queryset:
engine = PolicyEngine(application, self.request.user, self.request)
engine.build()
if engine.passing:
applications.append(application)
return applications
def list(self, request: Request) -> Response: def list(self, request: Request) -> Response:
"""Custom list method that checks Policy based access instead of guardian""" """Custom list method that checks Policy based access instead of guardian"""
queryset = self._filter_queryset_for_list(self.get_queryset()) queryset = self._filter_queryset_for_list(self.get_queryset())
self.paginate_queryset(queryset) self.paginate_queryset(queryset)
allowed_applications = cache.get(user_app_cache_key(self.request.user.pk))
if not allowed_applications: should_cache = "search" not in request.GET
allowed_applications = []
for application in queryset: allowed_applications = []
engine = PolicyEngine(application, self.request.user, self.request) if not should_cache:
engine.build() allowed_applications = self._get_allowed_applications(queryset)
if engine.passing: if should_cache:
allowed_applications.append(application) LOGGER.debug("Caching allowed application list")
cache.set( allowed_applications = cache.get(user_app_cache_key(self.request.user.pk))
user_app_cache_key(self.request.user.pk), if not allowed_applications:
allowed_applications, allowed_applications = self._get_allowed_applications(queryset)
timeout=86400, cache.set(
) user_app_cache_key(self.request.user.pk),
allowed_applications,
timeout=86400,
)
serializer = self.get_serializer(allowed_applications, many=True) serializer = self.get_serializer(allowed_applications, many=True)
return self.get_paginated_response(serializer.data) return self.get_paginated_response(serializer.data)