8 "git.curoverse.com/arvados.git/sdk/go/arvados"
12 maxPermCacheAge = time.Hour
13 minPermCacheAge = 5 * time.Minute
16 type permChecker interface {
17 SetToken(token string)
18 Check(uuid string) (bool, error)
21 func NewPermChecker(ac arvados.Client) permChecker {
23 return &cachingPermChecker{
25 cache: make(map[string]cacheEnt),
30 type cacheEnt struct {
35 type cachingPermChecker struct {
37 cache map[string]cacheEnt
41 func (pc *cachingPermChecker) SetToken(token string) {
42 pc.Client.AuthToken = token
45 func (pc *cachingPermChecker) Check(uuid string) (bool, error) {
48 if perm, ok := pc.cache[uuid]; ok && now.Sub(perm.Time) < maxPermCacheAge {
49 debugLogf("perm (cached): %+q %+q ...%v", pc.Client.AuthToken, uuid, perm.allowed)
50 return perm.allowed, nil
52 var buf map[string]interface{}
53 path, err := pc.PathForUUID("get", uuid)
57 err = pc.RequestAndDecode(&buf, "GET", path, nil, url.Values{
58 "select": {`["uuid"]`},
64 } else if txErr, ok := err.(arvados.TransactionError); ok && txErr.StatusCode == http.StatusNotFound {
67 errorLogf("perm err: %+q %+q: %T %s", pc.Client.AuthToken, uuid, err, err)
70 debugLogf("perm: %+q %+q ...%v", pc.Client.AuthToken, uuid, allowed)
71 pc.cache[uuid] = cacheEnt{Time: now, allowed: allowed}
75 func (pc *cachingPermChecker) tidy() {
76 if len(pc.cache) <= pc.maxCurrent*2 {
79 tooOld := time.Now().Add(-minPermCacheAge)
80 for uuid, t := range pc.cache {
82 delete(pc.cache, uuid)
85 pc.maxCurrent = len(pc.cache)