propro-utils 1.7.53 → 1.7.55

package/middlewares/access_token.js

@@ -1,5 +1,6 @@
 require('dotenv').config();
 const axios = require('axios');
+const crypto = require('crypto');
 const { getOrSetCache } = require('../utils/redis');
 const { checkIfUserExists } = require('./account_info');
 const ServiceManager = require('../utils/serviceManager');
@@ -34,6 +35,41 @@ const ServiceManager = require('../utils/serviceManager');
  *   res.json({ message: 'You have access to protected data' });
  * });
  */
+const USER_CACHE_TTL_SECONDS = 60;
+const IN_PROCESS_AUTH_CACHE_TTL_MS = 5000;
+const MAX_IN_PROCESS_CACHE_ENTRIES = 1000;
+const AUTH_SERVICE_TIMEOUT_MS = 10000;
+const validationMemoryCache = new Map();
+const userMemoryCache = new Map();
+
+const hashValue = value => crypto.createHash('sha256').update(value).digest('hex');
+const permissionsCachePart = permissions => [...permissions].sort().join(',');
+
+const getFromMemoryCache = (cache, key) => {
+  const entry = cache.get(key);
+  if (!entry) return null;
+  if (entry.expiresAt <= Date.now()) {
+    cache.delete(key);
+    return null;
+  }
+  return entry.value;
+};
+
+const setInMemoryCache = (cache, key, value) => {
+  if (cache.size >= MAX_IN_PROCESS_CACHE_ENTRIES) {
+    cache.clear();
+  }
+  cache.set(key, {
+    value,
+    expiresAt: Date.now() + IN_PROCESS_AUTH_CACHE_TTL_MS,
+  });
+};
+
+const clearMemoryCaches = () => {
+  validationMemoryCache.clear();
+  userMemoryCache.clear();
+};
+
 const authValidation = (requiredPermissions = []) => {
   return async (req, res, next) => {
     try {
@@ -51,18 +87,25 @@ const authValidation = (requiredPermissions = []) => {
           {
             accessToken: accessToken,
             requiredPermissions: requiredPermissions,
-          }
+          },
+          { timeout: AUTH_SERVICE_TIMEOUT_MS }
         );
         return response.data;
       };
       const redisClient = await ServiceManager.getService('RedisClient');
-      const cacheKey = `account:permissions:${accessToken}`;
-      const { accountId, validPermissions } = await getOrSetCache(
-        redisClient,
-        cacheKey,
-        fetchPermission,
-        1800
-      );
+      const tokenHash = hashValue(accessToken);
+      const requiredPermissionsKey = permissionsCachePart(requiredPermissions);
+      const validationCacheKey = `account:permissions:${tokenHash}:${requiredPermissionsKey}`;
+      const validationResult =
+        getFromMemoryCache(validationMemoryCache, validationCacheKey) ||
+        await getOrSetCache(
+          redisClient,
+          validationCacheKey,
+          fetchPermission,
+          1800
+        );
+      setInMemoryCache(validationMemoryCache, validationCacheKey, validationResult);
+      const { accountId, validPermissions } = validationResult;
       
       if (!validPermissions) {
         return res.status(403).json({ error: 'Invalid permissions' });
@@ -72,8 +115,18 @@ const authValidation = (requiredPermissions = []) => {
       
       let user = null;
       try {
-        user = await checkIfUserExists(accountId);
-        if (!user) throw new Error('User not found');
+        const userCacheKey = `account:user:${accountId}`;
+        user = getFromMemoryCache(userMemoryCache, userCacheKey);
+        if (!user) {
+          user = await getOrSetCache(
+            redisClient,
+            userCacheKey,
+            () => checkIfUserExists(accountId),
+            USER_CACHE_TTL_SECONDS
+          );
+          setInMemoryCache(userMemoryCache, userCacheKey, user);
+        }
+        if (!user?.id) throw new Error('User not found');
       } catch (error) {
         return res.status(403).json({error: error?.message || 'User not found'});
       }
@@ -82,11 +135,21 @@ const authValidation = (requiredPermissions = []) => {
       next();
     } catch (error) {
       if (error.response && error.response.status) {
-        next(new Error(error.response.data.message));
+        return next(new Error(error.response.data.message));
+      }
+      if (error.code === 'ECONNABORTED') {
+        console.error(`[auth] Auth service timed out after ${AUTH_SERVICE_TIMEOUT_MS}ms: ${process.env.AUTH_URL}`);
+        return next(new Error('Auth service timeout'));
+      }
+      if (error.code) {
+        console.error(`[auth] Auth service unreachable (${error.code}): ${process.env.AUTH_URL}`, error.message);
+        return next(new Error('Auth service unreachable'));
       }
-      next(new Error('Error validating token'));
+      console.error('[auth] Unexpected error during token validation:', error);
+      return next(new Error('Error validating token'));
     }
   };
 };
 
 module.exports = authValidation;
+module.exports.clearMemoryCaches = clearMemoryCaches;

package/middlewares/access_token.test.js

@@ -1,84 +1,124 @@
+jest.mock('axios');
+jest.mock('../utils/redis', () => ({
+  getOrSetCache: jest.fn(),
+}));
+jest.mock('../utils/serviceManager', () => ({
+  getService: jest.fn(),
+}));
+jest.mock('./account_info', () => ({
+  checkIfUserExists: jest.fn(),
+}));
+
 const authValidation = require('./access_token');
 const axios = require('axios');
-const { createMockExpressContext } = require('../utils/testUtils');
+const { getOrSetCache } = require('../utils/redis');
+const ServiceManager = require('../utils/serviceManager');
+const { checkIfUserExists } = require('./account_info');
 
-jest.mock('axios');
+const createReq = () => ({
+  cookies: {},
+  headers: {},
+});
+
+const createRes = () => ({
+  status: jest.fn().mockReturnThis(),
+  json: jest.fn(),
+});
 
 describe('authValidation middleware', () => {
-  let req, res, next;
+  let req;
+  let res;
+  let next;
+  let redisClient;
 
   beforeEach(() => {
-    req = createMockExpressContext('/api/test');
-    res = {
-      status: jest.fn().mockReturnThis(),
-      json: jest.fn(),
-    };
+    authValidation.clearMemoryCaches();
+    req = createReq();
+    res = createRes();
     next = jest.fn();
+    redisClient = { get: jest.fn(), setEx: jest.fn() };
+    ServiceManager.getService.mockReturnValue(redisClient);
+    getOrSetCache.mockReset();
+    checkIfUserExists.mockReset();
+    axios.post.mockReset();
   });
 
-  afterEach(() => {
-    jest.clearAllMocks();
-  });
-
-  it('should return 403 if access token is missing', async () => {
-    //   const middleware = authValidation({}, {});
+  it('returns 403 if access token is missing', async () => {
+    const middleware = authValidation(['user']);
 
-    //   await middleware(req, res, next);
+    await middleware(req, res, next);
 
-    //   expect(res.status).toHaveBeenCalledWith(403);
-    //   expect(res.json).toHaveBeenCalledWith({
-    //     error: 'Access token is required',
-    //   });
-    //   expect(next).not.toHaveBeenCalled();
-    expect(1).toBe(1);
+    expect(res.status).toHaveBeenCalledWith(403);
+    expect(res.json).toHaveBeenCalledWith({ error: 'Access token is required' });
+    expect(ServiceManager.getService).not.toHaveBeenCalled();
+    expect(getOrSetCache).not.toHaveBeenCalled();
+    expect(next).not.toHaveBeenCalled();
   });
 
-  //   it('should return 403 if permissions are invalid', async () => {
-  //     req.cookies['x-access-token'] = 'testAccessToken';
-  //     axios.post.mockRejectedValue({
-  //       response: { status: 403, data: { message: 'Invalid permissions' } },
-  //     });
-
-  //     const middleware = authValidation({}, {}, ['permission1', 'permission2']);
-
-  //     await middleware(req, res, next);
-
-  //     expect(res.status).toHaveBeenCalledWith(403);
-  //     expect(res.json).toHaveBeenCalledWith({ error: 'Invalid permissions' });
-  //     expect(next).not.toHaveBeenCalled();
-  //   });
-
-  //   it('should set req.account and req.user if token is valid and user exists', async () => {
-  //     req.cookies['x-access-token'] = 'testAccessToken';
-  //     axios.post.mockResolvedValue({ data: { accountId: 'testAccountId' } });
-
-  //     const userSchemaMock = {
-  //       checkIfUserExists: jest.fn().mockResolvedValue({ id: 'testUserId' }),
-  //     };
-  //     const middleware = authValidation({}, userSchemaMock, [
-  //       'permission1',
-  //       'permission2',
-  //     ]);
-
-  //     await middleware(req, res, next);
-
-  //     expect(req.account).toBe('testAccountId');
-  //     expect(req.user).toBe('testUserId');
-  //     expect(res.status).not.toHaveBeenCalled();
-  //     expect(res.json).not.toHaveBeenCalled();
-  //     expect(next).toHaveBeenCalled();
-  //   });
+  it('uses cached token permissions and cached user context on cache hits', async () => {
+    req.headers.authorization = 'Bearer token-1';
+    getOrSetCache
+      .mockResolvedValueOnce({ accountId: 'account-1', validPermissions: true })
+      .mockResolvedValueOnce({ id: 'user-1' });
+
+    const middleware = authValidation(['user']);
+    await middleware(req, res, next);
+
+    expect(ServiceManager.getService).toHaveBeenCalledWith('RedisClient');
+    expect(getOrSetCache).toHaveBeenNthCalledWith(
+      1,
+      redisClient,
+      'account:permissions:3f08aace122ee2368432c1ca23a049bc640bafbf00fdf33a52429f38ba12dbf9:user',
+      expect.any(Function),
+      1800
+    );
+    expect(getOrSetCache).toHaveBeenNthCalledWith(
+      2,
+      redisClient,
+      'account:user:account-1',
+      expect.any(Function),
+      60
+    );
+    expect(axios.post).not.toHaveBeenCalled();
+    expect(checkIfUserExists).not.toHaveBeenCalled();
+    expect(req.account).toBe('account-1');
+    expect(req.user).toBe('user-1');
+    expect(next).toHaveBeenCalledWith();
+  });
 
-  //   it('should call next with error if token validation fails', async () => {
-  //     req.cookies['x-access-token'] = 'testAccessToken';
-  //     axios.post.mockRejectedValue(new Error('Token validation error'));
+  it('populates the user cache by calling checkIfUserExists on user cache miss', async () => {
+    req.cookies['x-access-token'] = 'cookie-token';
+    checkIfUserExists.mockResolvedValue({ id: 'created-user' });
+    getOrSetCache.mockImplementation(async (_client, key, service) => {
+      if (key === 'account:permissions:5f8f34c90be6a68dc1dd28ce60d8716554635c21c29c84b5f4a78ab75d38ab4b:user') {
+        return { accountId: 'account-2', validPermissions: true };
+      }
+      if (key === 'account:user:account-2') {
+        return service();
+      }
+      throw new Error(`unexpected cache key ${key}`);
+    });
+
+    const middleware = authValidation(['user']);
+    await middleware(req, res, next);
+
+    expect(checkIfUserExists).toHaveBeenCalledWith('account-2');
+    expect(req.account).toBe('account-2');
+    expect(req.user).toBe('created-user');
+    expect(next).toHaveBeenCalledWith();
+  });
 
-  //     const middleware = authValidation({}, {});
+  it('rejects when the cached or loaded user is invalid', async () => {
+    req.headers.authorization = 'Bearer token-2';
+    getOrSetCache
+      .mockResolvedValueOnce({ accountId: 'account-3', validPermissions: true })
+      .mockResolvedValueOnce(null);
 
-  //     await middleware(req, res, next);
+    const middleware = authValidation(['user']);
+    await middleware(req, res, next);
 
-  //     expect(next).toHaveBeenCalledWith(new Error('Error validating token'));
-  //     expect(res.status).not.toHaveBeenCalled();
-  //     expect(res.json).not.toHaveBeenCalled();
-  //   });
+    expect(res.status).toHaveBeenCalledWith(403);
+    expect(res.json).toHaveBeenCalledWith({ error: 'User not found' });
+    expect(next).not.toHaveBeenCalled();
+  });
 });

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "propro-utils",
-  "version": "1.7.53",
+  "version": "1.7.55",
   "description": "Auth middleware for propro-auth",
   "main": "src/index.js",
   "private": false,