Add 30s cache to SSO exchange_refresh_token (#6866)

Co-authored-by: Timshel <timshel@users.noreply.github.com>
2026-03-10 04:03:13 +08:00 · 2026-03-09 17:10:06 +00:00
parent df25d316d6
commit ecdb18fcde
3 changed files with 37 additions and 138 deletions
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -815,12 +815,6 @@ version = "3.19.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "5dd9dc738b7a8311c7ade152424974d8115f2cdad61e8dab8dac9f2362298510"

-[[package]]
-name = "bytecount"
-version = "0.6.9"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "175812e0be2bccb6abe50bb8d566126198344f707e304f45c648fd8f2cc0365e"
-
 [[package]]
 name = "bytemuck"
 version = "1.25.0"
@@ -885,37 +879,6 @@ version = "0.1.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "ade8366b8bd5ba243f0a58f036cc0ca8a2f069cff1a2351ef1cac6b083e16fc0"

-[[package]]
-name = "camino"
-version = "1.2.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e629a66d692cb9ff1a1c664e41771b3dcaf961985a9774c0eb0bd1b51cf60a48"
-dependencies = [
- "serde_core",
-]
-
-[[package]]
-name = "cargo-platform"
-version = "0.1.9"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e35af189006b9c0f00a064685c727031e3ed2d8020f7ba284d78cc2671bd36ea"
-dependencies = [
- "serde",
-]
-
-[[package]]
-name = "cargo_metadata"
-version = "0.14.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4acbb09d9ee8e23699b9634375c72795d095bf268439da88562cf9b501f181fa"
-dependencies = [
- "camino",
- "cargo-platform",
- "semver",
- "serde",
- "serde_json",
-]
-
 [[package]]
 name = "cbc"
 version = "0.1.2"
@@ -1331,19 +1294,6 @@ dependencies = [
 "syn",
 ]

-[[package]]
-name = "dashmap"
-version = "5.5.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "978747c1d849a7d2ee5e8adc0159961c48fb7e5db2f06af6723b80123bb53856"
-dependencies = [
- "cfg-if",
- "hashbrown 0.14.5",
- "lock_api",
- "once_cell",
- "parking_lot_core",
-]
-
 [[package]]
 name = "dashmap"
 version = "6.1.0"
@@ -1762,15 +1712,6 @@ dependencies = [
 "windows-sys 0.61.2",
 ]

-[[package]]
-name = "error-chain"
-version = "0.12.4"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2d2f06b9cac1506ece98fe3231e3cc9c4410ec3d5b1f24ae1c8946f0742cdefc"
-dependencies = [
- "version_check",
-]
-
 [[package]]
 name = "event-listener"
 version = "2.5.3"
@@ -2101,7 +2042,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "9efcab3c1958580ff1f25a2a41be1668f7603d849bb63af523b208a3cc1223b8"
 dependencies = [
 "cfg-if",
- "dashmap 6.1.0",
+ "dashmap",
 "futures-sink",
 "futures-timer",
 "futures-util",
@@ -3063,21 +3004,6 @@ version = "0.3.17"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "6877bb514081ee2a7ff5ef9de3281f14a4dd4bceac4c09388074a6b5df8a139a"

-[[package]]
-name = "mini-moka"
-version = "0.10.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c325dfab65f261f386debee8b0969da215b3fa0037e74c8a1234db7ba986d803"
-dependencies = [
- "crossbeam-channel",
- "crossbeam-utils",
- "dashmap 5.5.3",
- "skeptic",
- "smallvec",
- "tagptr",
- "triomphe",
-]
-
 [[package]]
 name = "minimal-lexical"
 version = "0.2.1"
@@ -3111,10 +3037,13 @@ version = "0.12.13"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "b4ac832c50ced444ef6be0767a008b02c106a909ba79d1d830501e94b96f6b7e"
 dependencies = [
+ "async-lock",
 "crossbeam-channel",
 "crossbeam-epoch",
 "crossbeam-utils",
 "equivalent",
+ "event-listener 5.4.1",
+ "futures-util",
 "parking_lot",
 "portable-atomic",
 "smallvec",
@@ -3921,17 +3850,6 @@ dependencies = [
 "psl-types",
 ]

-[[package]]
-name = "pulldown-cmark"
-version = "0.9.6"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "57206b407293d2bcd3af849ce869d52068623f19e1b5ff8e8778e3309439682b"
-dependencies = [
- "bitflags",
- "memchr",
- "unicase",
-]
-
 [[package]]
 name = "quanta"
 version = "0.12.6"
@@ -4769,10 +4687,6 @@ name = "semver"
 version = "1.0.27"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "d767eb0aabc880b29956c35734170f26ed551a859dbd361d140cdbeca61ab1e2"
-dependencies = [
- "serde",
- "serde_core",
-]

 [[package]]
 name = "serde"
@@ -5009,21 +4923,6 @@ version = "1.0.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "b2aa850e253778c88a04c3d7323b043aeda9d3e30d5971937c1855769763678e"

-[[package]]
-name = "skeptic"
-version = "0.13.7"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "16d23b015676c90a0f01c197bfdc786c20342c73a0afdda9025adb0bc42940a8"
-dependencies = [
- "bytecount",
- "cargo_metadata",
- "error-chain",
- "glob",
- "pulldown-cmark",
- "tempfile",
- "walkdir",
-]
-
 [[package]]
 name = "slab"
 version = "0.4.12"
@@ -5644,12 +5543,6 @@ dependencies = [
 "tracing-log",
 ]

-[[package]]
-name = "triomphe"
-version = "0.1.15"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "dd69c5aa8f924c7519d6372789a74eac5b94fb0f8fcf0d4a97eb0bfc3e785f39"
-
 [[package]]
 name = "try-lock"
 version = "0.2.5"
@@ -5706,12 +5599,6 @@ dependencies = [
 "version_check",
 ]

-[[package]]
-name = "unicase"
-version = "2.9.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "dbc4bc3a9f746d862c45cb89d705aa10f187bb96c76001afab07a0d35ce60142"
-
 [[package]]
 name = "unicode-ident"
 version = "1.0.24"
@@ -5807,7 +5694,7 @@ dependencies = [
 "chrono-tz",
 "cookie",
 "cookie_store",
- "dashmap 6.1.0",
+ "dashmap",
 "data-encoding",
 "data-url",
 "derive_more",
@@ -5831,7 +5718,7 @@ dependencies = [
 "log",
 "macros",
 "mimalloc",
- "mini-moka",
+ "moka",
 "num-derive",
 "num-traits",
 "opendal",
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -173,7 +173,7 @@ governor = "0.10.4"

 # OIDC for SSO
 openidconnect = { version = "4.0.1", features = ["reqwest", "rustls-tls"] }
-mini-moka = "0.10.3"
+moka = { version = "0.12.13", features = ["future"] }

 # Check client versions for specific features.
 semver = "1.0.27"
--- a/src/sso_client.rs
+++ b/src/sso_client.rs
@@ -1,6 +1,5 @@
 use std::{borrow::Cow, sync::LazyLock, time::Duration};

-use mini_moka::sync::Cache;
 use openidconnect::{core::*, reqwest, *};
 use regex::Regex;
 use url::Url;
@@ -13,9 +12,14 @@ use crate::{
 };

 static CLIENT_CACHE_KEY: LazyLock<String> = LazyLock::new(|| "sso-client".to_string());
-static CLIENT_CACHE: LazyLock<Cache<String, Client>> = LazyLock::new(|| {
-    Cache::builder().max_capacity(1).time_to_live(Duration::from_secs(CONFIG.sso_client_cache_expiration())).build()
+static CLIENT_CACHE: LazyLock<moka::sync::Cache<String, Client>> = LazyLock::new(|| {
+    moka::sync::Cache::builder()
+        .max_capacity(1)
+        .time_to_live(Duration::from_secs(CONFIG.sso_client_cache_expiration()))
+        .build()
 });
+static REFRESH_CACHE: LazyLock<moka::future::Cache<String, Result<RefreshTokenResponse, String>>> =
+    LazyLock::new(|| moka::future::Cache::builder().max_capacity(1000).time_to_live(Duration::from_secs(30)).build());

 /// OpenID Connect Core client.
 pub type CustomClient = openidconnect::Client<
@@ -38,6 +42,8 @@ pub type CustomClient = openidconnect::Client<
    EndpointSet,
 >;

+pub type RefreshTokenResponse = (Option<String>, String, Option<Duration>);
+
 #[derive(Clone)]
 pub struct Client {
    pub http_client: reqwest::Client,
@@ -231,23 +237,29 @@ impl Client {
        verifier
    }

-    pub async fn exchange_refresh_token(
-        refresh_token: String,
-    ) -> ApiResult<(Option<String>, String, Option<Duration>)> {
+    pub async fn exchange_refresh_token(refresh_token: String) -> ApiResult<RefreshTokenResponse> {
+        let client = Client::cached().await?;
+
+        REFRESH_CACHE
+            .get_with(refresh_token.clone(), async move { client._exchange_refresh_token(refresh_token).await })
+            .await
+            .map_err(Into::into)
+    }
+
+    async fn _exchange_refresh_token(&self, refresh_token: String) -> Result<RefreshTokenResponse, String> {
        let rt = RefreshToken::new(refresh_token);

-        let client = Client::cached().await?;
-        let token_response =
-            match client.core_client.exchange_refresh_token(&rt).request_async(&client.http_client).await {
-                Err(err) => err!(format!("Request to exchange_refresh_token endpoint failed: {:?}", err)),
-                Ok(token_response) => token_response,
-            };
-
-        Ok((
-            token_response.refresh_token().map(|token| token.secret().clone()),
-            token_response.access_token().secret().clone(),
-            token_response.expires_in(),
-        ))
+        match self.core_client.exchange_refresh_token(&rt).request_async(&self.http_client).await {
+            Err(err) => {
+                error!("Request to exchange_refresh_token endpoint failed: {err}");
+                Err(format!("Request to exchange_refresh_token endpoint failed: {err}"))
+            }
+            Ok(token_response) => Ok((
+                token_response.refresh_token().map(|token| token.secret().clone()),
+                token_response.access_token().secret().clone(),
+                token_response.expires_in(),
+            )),
+        }
    }
 }