Fix caching for profile validators (#81)

* customize profile key name depending on the validator flavour

* customize profile key name for local cache also

* Fix local caching

* Rename method

* extract dictionary name into a constant

* wrap delete from redis and local cache in a separate method

Author: corinapurcarea

src/lua/api-gateway/validation/oauth2/userProfileValidator.lua

@@ -55,6 +55,9 @@ _M["redis_RW_upstream"] = redisConfigurationProvider["oauth"]["rw_upstream_name"
 _M["redis_pass_env"] = redisConfigurationProvider["oauth"]["env_password_variable"]
 _M.PROFILE_VALIDATION_LOCATION = "/validate-user"
 
+--- Nginx shared dictionary for storing user profiles
+_M.USER_PROFILE_DICTIONARY = "cachedUserProfiles"
+
 local RESPONSES = {
     P_MISSING_TOKEN   = { error_code = "403020", message = "Oauth token is missing"         },
     INVALID_PROFILE   = { error_code = "403023", message = "Profile is not valid"           },
@@ -70,7 +73,7 @@ local LOCAL_CACHE_TTL = 60
 -- Maximum time in milliseconds specifying how long to cache a valid token in Redis
 local REDIS_CACHE_TTL = 6 * 60 * 60
 
--- returns the key that should be used when looking up in the cache --
+--- returns the key that should be used when looking up in the cache --
 function _M:getCacheToken(token)
     local t = token;
     local oauth_host = ngx.var.oauth_host
@@ -81,6 +84,29 @@ function _M:getCacheToken(token)
     end
 end
 
+function _M:getCacheTokenLookupKey()
+    local oauth_token = ngx.var.authtoken
+    local oauth_token_hash = hasher.hash(oauth_token)
+    return self:getCacheToken(oauth_token_hash)
+end
+
+function _M:getRedisCacheLookupProfileKey()
+    if self.PROFILE_VALIDATOR_CODE ~= nil and self.PROFILE_VALIDATOR_CODE ~= "" then
+        return "user_json:" .. self.PROFILE_VALIDATOR_CODE;
+    else
+        return "user_json";
+    end
+end
+
+function _M:getLocalCacheLookupProfileKey()
+    local cacheLookupKey = self:getCacheTokenLookupKey()
+    if self.PROFILE_VALIDATOR_CODE ~= nil and self.PROFILE_VALIDATOR_CODE ~= "" then
+        return cacheLookupKey .. ":" .. self.PROFILE_VALIDATOR_CODE;
+    else
+        return cacheLookupKey;
+    end
+end
+
 --- Converts the expire_at into expire_in in seconds
 -- @param expire_at UTC expiration time in seconds
 --
@@ -112,27 +138,30 @@ function _M:getContextPropertiesObject(obj)
     return props
 end
 
-function _M:getProfileFromCache(cacheLookupKey)
-    local localCacheValue = self:getKeyFromLocalCache(cacheLookupKey, "cachedUserProfiles")
+function _M:getProfileFromCache(cacheTokenLookupKey)
+    local redisCacheLookupProfileKey = self:getRedisCacheLookupProfileKey()
+    local localCacheLookupProfileKey = self:getLocalCacheLookupProfileKey()
+
+    local localCacheValue = self:getKeyFromLocalCache(localCacheLookupProfileKey, self.USER_PROFILE_DICTIONARY)
     if ( localCacheValue ~= nil ) then
         -- ngx.log(ngx.INFO, "Found profile in local cache")
         return localCacheValue
     end
 
-    local redisCacheValue = self:getKeyFromRedis(cacheLookupKey, "user_json")
+    local redisCacheValue = self:getKeyFromRedis(cacheTokenLookupKey, redisCacheLookupProfileKey)
     if ( redisCacheValue ~= nil ) then
         ngx.log(ngx.DEBUG, "Found User Profile in Redis cache")
         local oauthTokenExpiration = ngx.ctx.oauth_token_expires_at
         local expiresIn = self:getExpiresIn(oauthTokenExpiration)
         local localExpiresIn = math.min( expiresIn, LOCAL_CACHE_TTL )
         ngx.log(ngx.DEBUG, "Storing cached User Profile in the local cache for " .. tostring(localExpiresIn) .. " s out of a total validity of " .. tostring(expiresIn) .. " s.")
-        self:setKeyInLocalCache(cacheLookupKey, redisCacheValue, localExpiresIn, "cachedUserProfiles")
+        self:setKeyInLocalCache(localCacheLookupProfileKey, redisCacheValue, localExpiresIn, self.USER_PROFILE_DICTIONARY)
         return redisCacheValue
     end
     return nil;
 end
 
-function _M:storeProfileInCache(cacheLookupKey, cachingObj)
+function _M:storeProfileInCache(cacheTokenLookupKey, cachingObj)
     local cachingObjString = cjson.encode(cachingObj)
 
     local oauthTokenExpiration = (ngx.ctx.oauth_token_expires_at or ((ngx.time() + LOCAL_CACHE_TTL) * 1000))
@@ -150,9 +179,25 @@ function _M:storeProfileInCache(cacheLookupKey, cachingObj)
     if ngx.var.max_oauth_redis_cache_ttl ~= nil and ngx.var.max_oauth_redis_cache_ttl ~= '' then
         default_ttl_expire = ngx.var.max_oauth_redis_cache_ttl
     end
-    self:setKeyInLocalCache(cacheLookupKey, cachingObjString, localExpiresIn , "cachedUserProfiles")
+
+    local redisCacheLookupProfileKey = self:getRedisCacheLookupProfileKey()
+    local localCacheLookupProfileKey = self:getLocalCacheLookupProfileKey()
+
+    self:setKeyInLocalCache(localCacheLookupProfileKey, cachingObjString, localExpiresIn , self.USER_PROFILE_DICTIONARY)
+
     -- cache the use profile for 5 minutes
-    self:setKeyInRedis(cacheLookupKey, "user_json", math.min(oauthTokenExpiration, (ngx.time() + default_ttl_expire) * 1000), cachingObjString)
+    self:setKeyInRedis(cacheTokenLookupKey, redisCacheLookupProfileKey, math.min(oauthTokenExpiration, (ngx.time() + default_ttl_expire) * 1000), cachingObjString)
+end
+
+---
+-- Deletes user profile from redis and local cache.
+--
+function _M:deleteProfileFromCache()
+    local localCacheLookupProfileKey = self:getLocalCacheLookupProfileKey()
+    self:deleteKeyInLocalCache(localCacheLookupProfileKey, self.USER_PROFILE_DICTIONARY)
+
+    local cacheTokenLookupKey = self:getCacheTokenLookupKey()
+    self:deleteKeyFromRedis(cacheTokenLookupKey)
 end
 
 --- Returns true if the profile is valid for the request context. If profile is not valid then it returns the failure
@@ -180,16 +225,10 @@ function _M:extractContextVars(profile)
     return cachingObj
 end
 
-function _M:getCacheLookupKey()
-    local oauth_token = ngx.var.authtoken
-    local oauth_token_hash = hasher.hash(oauth_token)
-    return self:getCacheToken(oauth_token_hash)
-end
-
 function _M:validateUserProfile()
     --1. try to get user's profile from the cache first ( local or redis cache )
-    local cacheLookupKey = self:getCacheLookupKey()
-    local cachedUserProfile = self:getProfileFromCache(cacheLookupKey)
+    local cacheTokenLookupKey = self:getCacheTokenLookupKey()
+    local cachedUserProfile = self:getProfileFromCache(cacheTokenLookupKey)
 
     if ( cachedUserProfile ~= nil ) then
         if (type(cachedUserProfile) == 'string') then
@@ -222,7 +261,7 @@ function _M:validateUserProfile()
 
             local isValid, failureErrorCode, failureMessage = self:isProfileValid(cachingObj)
             if isValid == true then
-                self:storeProfileInCache(cacheLookupKey, cachingObj)
+                self:storeProfileInCache(cacheTokenLookupKey, cachingObj)
                 return ngx.HTTP_OK
             elseif failureErrorCode ~= nil and failureMessage ~= nil then
                 return failureErrorCode, failureMessage