increase performance of JQ filtering by caching JQ filtering results

bump to 2.4.14.3rc5 Signed-off-by: Hans Zandbelt <[email protected]>
OpenIDC · Aug 12, 2023 · 9a3b6d9 · 9a3b6d9
1 parent 3fe626e
commit 9a3b6d9
Show file tree

Hide file tree

Showing 6 changed files with 29 additions and 2 deletions.
diff --git a/ChangeLog b/ChangeLog
@@ -1,3 +1,7 @@
+08/13/2023
+- increase performance of JQ filtering by caching JQ filtering results
+- bump to 2.4.14.3rc5
+
 07/25/2023
 - support "authenticate_on_error" 2nd parameter value in OIDCRefreshAccessTokenBeforeExpiry 
   to reauthenticate the user when refreshing the access token fails

diff --git a/configure.ac b/configure.ac
@@ -1,4 +1,4 @@
-AC_INIT([mod_auth_openidc],[2.4.14.3rc4],[[email protected]])
+AC_INIT([mod_auth_openidc],[2.4.14.3rc5],[[email protected]])
 
 AC_SUBST(NAMEVER, AC_PACKAGE_TARNAME()-AC_PACKAGE_VERSION())
 

diff --git a/src/cache/cache.h b/src/cache/cache.h
@@ -100,6 +100,7 @@ apr_byte_t oidc_cache_set(request_rec *r, const char *section, const char *key,
 #define OIDC_CACHE_SECTION_REQUEST_URI       "r"
 #define OIDC_CACHE_SECTION_SID               "d"
 #define OIDC_CACHE_SECTION_USERINFO_SJWT     "u"
+#define OIDC_CACHE_SECTION_JQ_FILTER         "q"
 
 // TODO: now every section occupies the same space; we may want to differentiate
 //       according to section-based size, at least for the shm backend
@@ -114,6 +115,7 @@ apr_byte_t oidc_cache_set(request_rec *r, const char *section, const char *key,
 #define oidc_cache_get_request_uri(r, key, value) oidc_cache_get(r, OIDC_CACHE_SECTION_REQUEST_URI, key, value)
 #define oidc_cache_get_sid(r, key, value) oidc_cache_get(r, OIDC_CACHE_SECTION_SID, key, value)
 #define oidc_cache_get_signed_jwt(r, key, value) oidc_cache_get(r, OIDC_CACHE_SECTION_USERINFO_SJWT, key, value)
+#define oidc_cache_get_jq_filter(r, key, value) oidc_cache_get(r, OIDC_CACHE_SECTION_JQ_FILTER, key, value)
 
 #define oidc_cache_set_session(r, key, value, expiry) oidc_cache_set(r, OIDC_CACHE_SECTION_SESSION, key, value, expiry)
 #define oidc_cache_set_nonce(r, key, value, expiry) oidc_cache_set(r, OIDC_CACHE_SECTION_NONCE, key, value, expiry)
@@ -125,6 +127,7 @@ apr_byte_t oidc_cache_set(request_rec *r, const char *section, const char *key,
 #define oidc_cache_set_request_uri(r, key, value, expiry) oidc_cache_set(r, OIDC_CACHE_SECTION_REQUEST_URI, key, value, expiry)
 #define oidc_cache_set_sid(r, key, value, expiry) oidc_cache_set(r, OIDC_CACHE_SECTION_SID, key, value, expiry)
 #define oidc_cache_set_signed_jwt(r, key, value, expiry) oidc_cache_set(r, OIDC_CACHE_SECTION_USERINFO_SJWT, key, value, expiry)
+#define oidc_cache_set_jq_filter(r, key, value, expiry) oidc_cache_set(r, OIDC_CACHE_SECTION_JQ_FILTER, key, value, expiry)
 
 extern oidc_cache_t oidc_cache_file;
 extern oidc_cache_t oidc_cache_shm;

diff --git a/src/mod_auth_openidc.c b/src/mod_auth_openidc.c
@@ -1416,7 +1416,7 @@ static apr_byte_t oidc_refresh_access_token_before_expiry(request_rec *r,
 #define OIDC_USERINFO_SIGNED_JWT_EXPIRE_DEFAULT 0
 #define OIDC_USERINFO_SIGNED_JWT_CACHE_TTL_ENVVAR "OIDC_USERINFO_SIGNED_JWT_CACHE_TTL"
 
-static int oidc_userinfo_signed_jwt_cache_ttl(request_rec *r) {
+int oidc_userinfo_signed_jwt_cache_ttl(request_rec *r) {
 	const char *s_ttl = apr_table_get(r->subprocess_env,
 			OIDC_USERINFO_SIGNED_JWT_CACHE_TTL_ENVVAR);
 	return (s_ttl ?

diff --git a/src/mod_auth_openidc.h b/src/mod_auth_openidc.h
@@ -815,6 +815,7 @@ int oidc_cfg_delete_oldest_state_cookies(oidc_cfg *cfg);
 oidc_provider_t* oidc_cfg_provider_create(apr_pool_t *pool);
 oidc_provider_t* oidc_cfg_provider_copy(apr_pool_t *pool, const oidc_provider_t *src);
 void oidc_config_check_x_forwarded(request_rec *r, const apr_byte_t x_forwarded_headers);
+int oidc_userinfo_signed_jwt_cache_ttl(request_rec *r);
 
 // oidc_util.c
 int oidc_strnenvcmp(const char *a, const char *b, int len);

diff --git a/src/util.c b/src/util.c
@@ -3145,6 +3145,9 @@ const char* oidc_util_jq_filter(request_rec *r, const char *input,
 #ifdef USE_LIBJQ
 	jq_state *jq = NULL;
 	struct jv_parser *parser = NULL;
+	int ttl = 0;
+	char *key = NULL;
+	char *value = NULL;
 
 	if (filter == NULL) {
 		oidc_debug(r, "filter is NULL, abort");
@@ -3159,6 +3162,17 @@ const char* oidc_util_jq_filter(request_rec *r, const char *input,
 	oidc_debug(r, "processing input: %s", input);
 	oidc_debug(r, "processing filter: %s", filter);
 
+	ttl = oidc_userinfo_signed_jwt_cache_ttl(r);
+	key = apr_pstrcat(r->pool, input, ":", filter, NULL);
+	if (ttl != 0) {
+		oidc_cache_get_jq_filter(r, key, &value);
+		if (value != NULL) {
+			oidc_debug(r, "return cached result: %s", value);
+			result = value;
+			goto end;
+		}
+	}
+
 	jq = jq_init();
 	if (jq == NULL) {
 		oidc_error(r, "jq_init returned NULL");
@@ -3180,6 +3194,11 @@ const char* oidc_util_jq_filter(request_rec *r, const char *input,
 
 	result = oidc_util_jq_exec(r, jq, parser);
 
+	if ((result != NULL) && (ttl != 0)) {
+		oidc_debug(r, "caching result: %s", result);
+		oidc_cache_set_jq_filter(r, key, result, apr_time_now() + apr_time_from_sec(ttl));
+	}
+
 end:
 
 	if (parser)