From de954250e5ceb35daa863ffd13f905286b459c20 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Mon, 21 Jun 2021 10:18:49 +0200 Subject: [PATCH] root: make general cache timeouts configurable closes #974 Signed-off-by: Jens Langhammer --- authentik/lib/default.yml | 4 ++++ authentik/policies/reputation/signals.py | 6 ++++-- authentik/root/settings.py | 3 ++- web/package-lock.json | 11 +++++++---- website/docs/installation/configuration.md | 4 ++++ 5 files changed, 21 insertions(+), 7 deletions(-) diff --git a/authentik/lib/default.yml b/authentik/lib/default.yml index 899fb311d..54fc3f989 100644 --- a/authentik/lib/default.yml +++ b/authentik/lib/default.yml @@ -16,6 +16,10 @@ redis: cache_db: 0 message_queue_db: 1 ws_db: 2 + cache_timeout: 300 + cache_timeout_flows: 300 + cache_timeout_policies: 300 + cache_timeout_reputation: 300 debug: false diff --git a/authentik/policies/reputation/signals.py b/authentik/policies/reputation/signals.py index d6eaf9fa0..361490c96 100644 --- a/authentik/policies/reputation/signals.py +++ b/authentik/policies/reputation/signals.py @@ -5,6 +5,7 @@ from django.dispatch import receiver from django.http import HttpRequest from structlog.stdlib import get_logger +from authentik.lib.config import CONFIG from authentik.lib.utils.http import get_client_ip from authentik.policies.reputation.models import ( CACHE_KEY_IP_PREFIX, @@ -13,6 +14,7 @@ from authentik.policies.reputation.models import ( from authentik.stages.identification.signals import identification_failed LOGGER = get_logger() +CACHE_TIMEOUT = int(CONFIG.y("redis.cache_timeout_reputation")) def update_score(request: HttpRequest, username: str, amount: int): @@ -20,10 +22,10 @@ def update_score(request: HttpRequest, username: str, amount: int): remote_ip = get_client_ip(request) # We only update the cache here, as its faster than writing to the DB - cache.get_or_set(CACHE_KEY_IP_PREFIX + remote_ip, 0) + cache.get_or_set(CACHE_KEY_IP_PREFIX + remote_ip, 0, CACHE_TIMEOUT) cache.incr(CACHE_KEY_IP_PREFIX + remote_ip, amount) - cache.get_or_set(CACHE_KEY_USER_PREFIX + username, 0) + cache.get_or_set(CACHE_KEY_USER_PREFIX + username, 0, CACHE_TIMEOUT) cache.incr(CACHE_KEY_USER_PREFIX + username, amount) LOGGER.debug("Updated score", amount=amount, for_user=username, for_ip=remote_ip) diff --git a/authentik/root/settings.py b/authentik/root/settings.py index 8e8ef4e63..f832299e8 100644 --- a/authentik/root/settings.py +++ b/authentik/root/settings.py @@ -194,6 +194,7 @@ CACHES = { f"redis://:{CONFIG.y('redis.password')}@{CONFIG.y('redis.host')}:6379" f"/{CONFIG.y('redis.cache_db')}" ), + "TIMEOUT": int(CONFIG.y("redis.cache_timeout", 300)), "OPTIONS": {"CLIENT_CLASS": "django_redis.client.DefaultClient"}, } } @@ -342,7 +343,7 @@ DBBACKUP_FILENAME_TEMPLATE = "authentik-backup-{datetime}.sql" DBBACKUP_CONNECTOR_MAPPING = { "django_prometheus.db.backends.postgresql": "dbbackup.db.postgresql.PgDumpConnector", } -DBBACKUP_TMP_DIR = gettempdir() if DEBUG else "/tmp" # nosec +DBBACKUP_TMP_DIR = gettempdir() if DEBUG else "/tmp" # nosec if CONFIG.y("postgresql.s3_backup"): DBBACKUP_STORAGE = "storages.backends.s3boto3.S3Boto3Storage" DBBACKUP_STORAGE_OPTIONS = { diff --git a/web/package-lock.json b/web/package-lock.json index 901be931d..1c5776f66 100644 --- a/web/package-lock.json +++ b/web/package-lock.json @@ -61,12 +61,13 @@ "typescript": "^4.3.4", "webcomponent-qr-code": "^1.0.5", "yaml": "^1.10.2" - } + }, + "devDependencies": {} }, "api": { "name": "authentik-api", - "version": "0.0.1", - "dependencies": { + "version": "1.0.0", + "devDependencies": { "typescript": "^3.6" } }, @@ -74,6 +75,7 @@ "version": "3.9.9", "resolved": "https://registry.npmjs.org/typescript/-/typescript-3.9.9.tgz", "integrity": "sha512-kdMjTiekY+z/ubJCATUPlRDl39vXYiMV9iyeMuEuXZh2we6zz80uovNN2WlAxmmdE/Z/YQe+EbOEXB5RHEED3w==", + "dev": true, "bin": { "tsc": "bin/tsc", "tsserver": "bin/tsserver" @@ -10172,7 +10174,8 @@ "typescript": { "version": "3.9.9", "resolved": "https://registry.npmjs.org/typescript/-/typescript-3.9.9.tgz", - "integrity": "sha512-kdMjTiekY+z/ubJCATUPlRDl39vXYiMV9iyeMuEuXZh2we6zz80uovNN2WlAxmmdE/Z/YQe+EbOEXB5RHEED3w==" + "integrity": "sha512-kdMjTiekY+z/ubJCATUPlRDl39vXYiMV9iyeMuEuXZh2we6zz80uovNN2WlAxmmdE/Z/YQe+EbOEXB5RHEED3w==", + "dev": true } } }, diff --git a/website/docs/installation/configuration.md b/website/docs/installation/configuration.md index cbf5e20b8..5668ce052 100644 --- a/website/docs/installation/configuration.md +++ b/website/docs/installation/configuration.md @@ -29,6 +29,10 @@ All of these variables can be set to values, but you can also use a URI-like for - `AUTHENTIK_REDIS__CACHE_DB`: Database for caching, defaults to 0 - `AUTHENTIK_REDIS__MESSAGE_QUEUE_DB`: Database for the message queue, defaults to 1 - `AUTHENTIK_REDIS__WS_DB`: Database for websocket connections, defaults to 2 +- `AUTHENTIK_REDIS__CACHE_TIMEOUT`: Timeout for cached data until it expires in seconds, defaults to 300 +- `AUTHENTIK_REDIS__CACHE_TIMEOUT_FLOWS`: Timeout for cached flow plans until they expire in seconds, defaults to 300 +- `AUTHENTIK_REDIS__CACHE_TIMEOUT_POLICIES`: Timeout for cached polices until they expire in seconds, defaults to 300 +- `AUTHENTIK_REDIS__CACHE_TIMEOUT_REPUTATION`: Timeout for cached reputation until they expire in seconds, defaults to 300 ## authentik Settings