root: make general cache timeouts configurable

closes #974 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-21 10:18:49 +02:00
parent f268bd4c69
commit de954250e5
5 changed files with 21 additions and 7 deletions
--- a/authentik/lib/default.yml
+++ b/authentik/lib/default.yml
@ -16,6 +16,10 @@ redis:
  cache_db: 0
  message_queue_db: 1
  ws_db: 2
+  cache_timeout: 300
+  cache_timeout_flows: 300
+  cache_timeout_policies: 300
+  cache_timeout_reputation: 300

 debug: false

--- a/authentik/policies/reputation/signals.py
+++ b/authentik/policies/reputation/signals.py
@ -5,6 +5,7 @@ from django.dispatch import receiver
 from django.http import HttpRequest
 from structlog.stdlib import get_logger

+from authentik.lib.config import CONFIG
 from authentik.lib.utils.http import get_client_ip
 from authentik.policies.reputation.models import (
    CACHE_KEY_IP_PREFIX,
@ -13,6 +14,7 @@ from authentik.policies.reputation.models import (
 from authentik.stages.identification.signals import identification_failed

 LOGGER = get_logger()
+CACHE_TIMEOUT = int(CONFIG.y("redis.cache_timeout_reputation"))


 def update_score(request: HttpRequest, username: str, amount: int):
@ -20,10 +22,10 @@ def update_score(request: HttpRequest, username: str, amount: int):
    remote_ip = get_client_ip(request)

    # We only update the cache here, as its faster than writing to the DB
-    cache.get_or_set(CACHE_KEY_IP_PREFIX + remote_ip, 0)
+    cache.get_or_set(CACHE_KEY_IP_PREFIX + remote_ip, 0, CACHE_TIMEOUT)
    cache.incr(CACHE_KEY_IP_PREFIX + remote_ip, amount)

-    cache.get_or_set(CACHE_KEY_USER_PREFIX + username, 0)
+    cache.get_or_set(CACHE_KEY_USER_PREFIX + username, 0, CACHE_TIMEOUT)
    cache.incr(CACHE_KEY_USER_PREFIX + username, amount)

    LOGGER.debug("Updated score", amount=amount, for_user=username, for_ip=remote_ip)
--- a/authentik/root/settings.py
+++ b/authentik/root/settings.py
@ -194,6 +194,7 @@ CACHES = {
            f"redis://:{CONFIG.y('redis.password')}@{CONFIG.y('redis.host')}:6379"
            f"/{CONFIG.y('redis.cache_db')}"
        ),
+        "TIMEOUT": int(CONFIG.y("redis.cache_timeout", 300)),
        "OPTIONS": {"CLIENT_CLASS": "django_redis.client.DefaultClient"},
    }
 }
@ -342,7 +343,7 @@ DBBACKUP_FILENAME_TEMPLATE = "authentik-backup-{datetime}.sql"
 DBBACKUP_CONNECTOR_MAPPING = {
    "django_prometheus.db.backends.postgresql": "dbbackup.db.postgresql.PgDumpConnector",
 }
-DBBACKUP_TMP_DIR = gettempdir() if DEBUG else "/tmp" # nosec
+DBBACKUP_TMP_DIR = gettempdir() if DEBUG else "/tmp"  # nosec
 if CONFIG.y("postgresql.s3_backup"):
    DBBACKUP_STORAGE = "storages.backends.s3boto3.S3Boto3Storage"
    DBBACKUP_STORAGE_OPTIONS = {
--- a/web/package-lock.json
+++ b/web/package-lock.json
@ -61,12 +61,13 @@
                "typescript": "^4.3.4",
                "webcomponent-qr-code": "^1.0.5",
                "yaml": "^1.10.2"
-            }
+            },
+            "devDependencies": {}
        },
        "api": {
            "name": "authentik-api",
-            "version": "0.0.1",
-            "dependencies": {
+            "version": "1.0.0",
+            "devDependencies": {
                "typescript": "^3.6"
            }
        },
@ -74,6 +75,7 @@
            "version": "3.9.9",
            "resolved": "https://registry.npmjs.org/typescript/-/typescript-3.9.9.tgz",
            "integrity": "sha512-kdMjTiekY+z/ubJCATUPlRDl39vXYiMV9iyeMuEuXZh2we6zz80uovNN2WlAxmmdE/Z/YQe+EbOEXB5RHEED3w==",
+            "dev": true,
            "bin": {
                "tsc": "bin/tsc",
                "tsserver": "bin/tsserver"
@ -10172,7 +10174,8 @@
                "typescript": {
                    "version": "3.9.9",
                    "resolved": "https://registry.npmjs.org/typescript/-/typescript-3.9.9.tgz",
-                    "integrity": "sha512-kdMjTiekY+z/ubJCATUPlRDl39vXYiMV9iyeMuEuXZh2we6zz80uovNN2WlAxmmdE/Z/YQe+EbOEXB5RHEED3w=="
+                    "integrity": "sha512-kdMjTiekY+z/ubJCATUPlRDl39vXYiMV9iyeMuEuXZh2we6zz80uovNN2WlAxmmdE/Z/YQe+EbOEXB5RHEED3w==",
+                    "dev": true
                }
            }
        },
--- a/website/docs/installation/configuration.md
+++ b/website/docs/installation/configuration.md
@ -29,6 +29,10 @@ All of these variables can be set to values, but you can also use a URI-like for
 - `AUTHENTIK_REDIS__CACHE_DB`: Database for caching, defaults to 0
 - `AUTHENTIK_REDIS__MESSAGE_QUEUE_DB`: Database for the message queue, defaults to 1
 - `AUTHENTIK_REDIS__WS_DB`: Database for websocket connections, defaults to 2
+- `AUTHENTIK_REDIS__CACHE_TIMEOUT`: Timeout for cached data until it expires in seconds, defaults to 300
+- `AUTHENTIK_REDIS__CACHE_TIMEOUT_FLOWS`: Timeout for cached flow plans until they expire in seconds, defaults to 300
+- `AUTHENTIK_REDIS__CACHE_TIMEOUT_POLICIES`: Timeout for cached polices until they expire in seconds, defaults to 300
+- `AUTHENTIK_REDIS__CACHE_TIMEOUT_REPUTATION`: Timeout for cached reputation until they expire in seconds, defaults to 300

 ## authentik Settings