SessionToken cache for invalid sessions tokens #4926
Conversation
There was a problem hiding this comment.
Thanks for the Pr.
Can you address the different questions as well as revert the changes in the tests?
We like to avoid breaking changes and all the changes in the tests are kinda scary.
Also, I’m not sure those changes about the cache won’t have any bad effect, as the new code interprets an undefined value as an invalid session, which may not be always true.
spec/SessionTokenCache.spec.js
Outdated
| done(); | ||
| }); | ||
| }); | ||
| fit('can get inexisting userId', function(done) { |
There was a problem hiding this comment.
Oops, this blocks the tests from executing
| @@ -2,14 +2,16 @@ import Parse from 'parse/node'; | |||
| import LRU from 'lru-cache'; | |||
| import logger from '../logger'; | |||
|
|
|||
| function userForSessionToken(sessionToken){ | |||
| function userIdForSessionToken(sessionToken) { | |||
| var q = new Parse.Query("_Session"); | |||
There was a problem hiding this comment.
Do we really need to change this method?
| logger.verbose('Fetch userId %s of sessionToken %s from Cache', userId, sessionToken); | ||
| return Parse.Promise.as(userId); | ||
|
|
||
| if (this.cache.has(sessionToken)) { |
There was a problem hiding this comment.
This logic may be problematic, if we need to invalidate a session we should mark it INVALID_SESSION_TOKEN.
Also I’m not sure that the solution is the right one as every time a session will be missing, we’ll interpret as invalid. I’d rather add a Boolean onlyFromCache = false of we don’t want to poke the server.
Codecov Report
@@ Coverage Diff @@
## master #4926 +/- ##
===========================================
- Coverage 92.96% 19.58% -73.38%
===========================================
Files 119 119
Lines 8837 8840 +3
===========================================
- Hits 8215 1731 -6484
- Misses 622 7109 +6487
Continue to review full report at Codecov.
|
There was a problem hiding this comment.
Thanks for the changes. Can we focus on:
- fix the issues with the session token invalidation
- pull out what you added for the roles cache as it is it’s onw PR (which has been started on Live query CLP #4387)
| @@ -22,6 +22,7 @@ | |||
| "no-multiple-empty-lines": 1, | |||
| "prefer-const": "error", | |||
| "space-infix-ops": "error", | |||
| "no-useless-escape": "off" | |||
| "no-useless-escape": "off", | |||
| "no-console":"off" | |||
| @@ -1065,9 +1080,9 @@ describe('ParseLiveQueryServer', function() { | |||
| //Return a role with the name "liveQueryRead" as that is what was set on the ACL | |||
| const liveQueryRole = new Parse.Role(); | |||
| liveQueryRole.set('name', 'liveQueryRead'); | |||
| return [ | |||
| return Parse.Promise.as([ | |||
There was a problem hiding this comment.
Parse.Promise is removed now, please use Promose
| @@ -2,49 +2,75 @@ const SessionTokenCache = require('../lib/LiveQuery/SessionTokenCache').SessionT | |||
|
|
|||
| describe('SessionTokenCache', function() { | |||
|
|
|||
| beforeEach(function(done) { | |||
| const Parse = require('parse/node'); | |||
| describe('Valid session', function() { | |||
There was a problem hiding this comment.
As mentioned before, can we please not change all tests this way? But add new tests as we go?
| user.id = userId; | ||
| const rolesQuery = new Parse.Query(Parse.Role); | ||
| rolesQuery.equalTo("users", user); | ||
| return rolesQuery.find({useMasterKey:true}); |
There was a problem hiding this comment.
This is invalid, as roles can be referenced in roles etc...
There was a problem hiding this comment.
Also, the roles cache should /could be shared with the existing parse-server one
|
@flavionegrao I've just opened #4940 which refactors heavily Auth.js. With the refactor, you should be able to:
|
|
Sorry didn’t answer the changes you requested me on my last PR.
I will review it asap including those last changes you mentioned.
By the way have a look what happened with my Parse Servers after I have enabled Roles caching at the live query servers:
<img width="720" alt="pastedgraphic-1" src="https://user-images.githubusercontent.com/1597236/43861498-69ac9682-9b2d-11e8-8128-fd74f43528d0.png">
Cheers.
… Em 8 de ago de 2018, à(s) 17:00, Florent Vilmart ***@***.***> escreveu:
@flavionegrao <https://github.com/flavionegrao> I've just opened #4940 <#4940> which refactors heavily Auth.js. With the refactor, you should be able to:
Authenticate a session token and get the user
Get all the roles for a particular user
Reuse a shared cache used by the server or a new in memory one.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub <#4926 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/ABhfNMhr9U5kVcPwbMFoZho5WmAOgxLLks5uO0NmgaJpZM4VuKJG>.
|
|
As I mentioned, I refactored the Auth.js module in order to help you achieve your goal. We can rip out the SessionTokenCache and use the Auth.js features with a custom cache controller or a shared one from Parse Server. |
|
Roger that.
… Em 8 de ago de 2018, à(s) 17:08, Florent Vilmart ***@***.***> escreveu:
As I mentioned, I refactored the Auth.js module in order to help you achieve your goal. We can rip out the SessionTokenCache and use the Auth.js features with a custom cache controller or a shared one from Parse Server.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub <#4926 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/ABhfNIdaCsSKjXiZcZkVY-TOY7FXgNYzks5uO0UwgaJpZM4VuKJG>.
|
|
So just to sum up quickly:
What do you think? |
|
@flavionegrao I went ahead and rebased the CLP for live query features with all the requirements that you may need: Can you check it out an let me know if there's anything else we can do to improve it? |
|
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
When a subscription in the live query server has a sessionToken attached and an updated from the parse servers comes in triggered by a afterSave or afterDelete the live query server has to match the permissions against the User related to the subscription/sessionToken.
When the sessionToken for some reason gets invalidated, the subscription in the live query remains quering the backend every time.
This pull request created a entry in the SessionTokenCache as undefined for this situation then avoiding redundant queries.