X draft auth cache

blob.go

@@ -31,30 +31,50 @@ func blobPreAuthorizeHandler(handleFunc serviceHandleFunc) serviceHandleFunc {
 	}
 }
 
+type authInfo struct {
+	authResponse	authorizationResponse
+	timestamp	int64	// in seconds
+}
+
+// project -> authInfo
+// FIXME it have to be not only project (privateToken etc...)
+var authCache = make(map[string]authInfo)
 
 // verify that download access is authorized by auth backend
-func verifyDownloadAccess(w http.ResponseWriter, r *gitRequest, project string) (downloadOk bool) {
-	downloadOk = false
+func verifyDownloadAccess(w http.ResponseWriter, r *gitRequest, project string) bool {
+	// XXX do we need mutex to lock authCache ?
+	auth, ok := authCache[project]
+	if ok {
+		log.Printf("downloadOk cached %v ago: %v",
+				time.Since(time.Unix(auth.timestamp, 0)),
+				auth.authResponse)
+		r.authorizationResponse = auth.authResponse
+		return (auth.authResponse.RepoPath != "")	// XXX ok?
+	}
 
 	// request to verify whether download is possible via asking as git fetch would do
 	// XXX privateToken not propagated, etc ...
 	reqDownloadAccess, err := http.NewRequest("GET", project + ".git/info/refs?service=git-upload-pack", nil)
 	if err != nil {
 		fail500(w, "GET git-upload-pack", err)
-		return
+		return false	// XXX not cache as it is just we cannot create request
 	}
 
 	// swap original request to 'verify-download' one
 	//requestBlob := r.Request
 	r.Request = reqDownloadAccess
 
+	downloadOk := false
 	preAuthorizeHandler(
 		func(w http.ResponseWriter, r *gitRequest) {
 			// if we ever get to this point - auth handler approved
 			// access and thus it is ok to download
 			downloadOk = true
 		}, "") (w, r)
-	return
+
+	// XXX do we need to lock authCache ?
+	authCache[project] = authInfo{r.authorizationResponse, time.Now().Unix()}
+	return downloadOk
 }