From 4c76ddae755402fa819aa8cd719a2b201abee02b Mon Sep 17 00:00:00 2001 From: John Cai Date: Tue, 26 May 2020 18:48:41 -0700 Subject: [PATCH] Expire connections after 30 seconds --- auth/token.go | 4 ++-- internal/service/repository/replicate.go | 21 +++++++++++---------- internal/service/repository/server.go | 5 ++--- 3 files changed, 15 insertions(+), 15 deletions(-) diff --git a/auth/token.go b/auth/token.go index dee53227c04..d802a58e12d 100644 --- a/auth/token.go +++ b/auth/token.go @@ -17,7 +17,7 @@ import ( ) const ( - timestampThreshold = 30 * time.Second + TimestampThreshold = 30 * time.Second ) var ( @@ -58,7 +58,7 @@ func CheckToken(ctx context.Context, secret string, targetTime time.Time) error } if authInfo.Version == "v2" { - if v2HmacInfoValid(authInfo.Message, authInfo.SignedMessage, []byte(secret), targetTime, timestampThreshold) { + if v2HmacInfoValid(authInfo.Message, authInfo.SignedMessage, []byte(secret), targetTime, TimestampThreshold) { return nil } } diff --git a/internal/service/repository/replicate.go b/internal/service/repository/replicate.go index 3952bd2427e..24d1c060bec 100644 --- a/internal/service/repository/replicate.go +++ b/internal/service/repository/replicate.go @@ -8,6 +8,7 @@ import ( "os" "os/exec" "path/filepath" + "time" "github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus" gitalyauth "gitlab.com/gitlab-org/gitaly/auth" @@ -261,8 +262,8 @@ func (s *server) getOrCreateConnection(address, token string) (*grpc.ClientConn, cc, ok := s.connsByAddress[address] s.connsMtx.RUnlock() - if ok { - return cc, nil + if ok && time.Since(cc.issuedAt) < gitalyauth.TimestampThreshold { + return cc.conn, nil } s.connsMtx.Lock() @@ -274,17 +275,17 @@ func (s *server) getOrCreateConnection(address, token string) (*grpc.ClientConn, connOpts = append(connOpts, grpc.WithPerRPCCredentials(gitalyauth.RPCCredentialsV2(token))) } - cc, ok = s.connsByAddress[address] - if ok { - return cc, nil - } - - cc, err := client.Dial(address, connOpts) + clientConn, err := client.Dial(address, connOpts) if err != nil { return nil, fmt.Errorf("could not dial source: %v", err) } - s.connsByAddress[address] = cc + s.connsByAddress[address] = &cachedConn{conn: clientConn, issuedAt: time.Now()} + + return clientConn, nil +} - return cc, nil +type cachedConn struct { + conn *grpc.ClientConn + issuedAt time.Time } diff --git a/internal/service/repository/server.go b/internal/service/repository/server.go index 563b9c2a1c0..f86b20906fc 100644 --- a/internal/service/repository/server.go +++ b/internal/service/repository/server.go @@ -7,20 +7,19 @@ import ( "gitlab.com/gitlab-org/gitaly/internal/helper" "gitlab.com/gitlab-org/gitaly/internal/rubyserver" "gitlab.com/gitlab-org/gitaly/proto/go/gitalypb" - "google.golang.org/grpc" ) type server struct { ruby *rubyserver.Server gitalypb.UnimplementedRepositoryServiceServer - connsByAddress map[string]*grpc.ClientConn + connsByAddress map[string]*cachedConn connsMtx sync.RWMutex internalGitalySocket string } // NewServer creates a new instance of a gRPC repo server func NewServer(rs *rubyserver.Server, internalGitalySocket string) gitalypb.RepositoryServiceServer { - return &server{ruby: rs, connsByAddress: make(map[string]*grpc.ClientConn), internalGitalySocket: internalGitalySocket} + return &server{ruby: rs, connsByAddress: make(map[string]*cachedConn), internalGitalySocket: internalGitalySocket} } func (*server) FetchHTTPRemote(context.Context, *gitalypb.FetchHTTPRemoteRequest) (*gitalypb.FetchHTTPRemoteResponse, error) { -- GitLab