Remove redundant caches

This commit removes the two extra caches (oidc, requested time) and uses the new central registration cache instead. The requested time is unified into the main machine object and the oidc key is just added to the same cache, as a string with the state as a key instead of machine key.
2025-10-16 11:51:21 +00:00 · 2022-02-28 22:42:30 +00:00
parent e64bee778f
commit 5e92ddad43
6 changed files with 27 additions and 84 deletions
--- a/oidc.go
+++ b/oidc.go
@@ -10,20 +10,16 @@ import (
 	"html/template"
 	"net/http"
 	"strings"
-	"time"

 	"github.com/coreos/go-oidc/v3/oidc"
 	"github.com/gin-gonic/gin"
-	"github.com/patrickmn/go-cache"
 	"github.com/rs/zerolog/log"
 	"golang.org/x/oauth2"
 	"tailscale.com/types/key"
 )

 const (
-	oidcStateCacheExpiration      = time.Minute * 5
-	oidcStateCacheCleanupInterval = time.Minute * 10
-	randomByteSize                = 16
+	randomByteSize = 16
 )

 type IDTokenClaims struct {
@@ -60,14 +56,6 @@ func (h *Headscale) initOIDC() error {
 		}
 	}

-	// init the state cache if it hasn't been already
-	if h.oidcStateCache == nil {
-		h.oidcStateCache = cache.New(
-			oidcStateCacheExpiration,
-			oidcStateCacheCleanupInterval,
-		)
-	}
-
 	return nil
 }

@@ -100,7 +88,7 @@ func (h *Headscale) RegisterOIDC(ctx *gin.Context) {
 	stateStr := hex.EncodeToString(randomBlob)[:32]

 	// place the machine key into the state cache, so it can be retrieved later
-	h.oidcStateCache.Set(stateStr, machineKeyStr, oidcStateCacheExpiration)
+	h.registrationCache.Set(stateStr, machineKeyStr, registerCacheExpiration)

 	authURL := h.oauth2Config.AuthCodeURL(stateStr)
 	log.Debug().Msgf("Redirecting to %s for authentication", authURL)
@@ -196,7 +184,7 @@ func (h *Headscale) OIDCCallback(ctx *gin.Context) {
 	}

 	// retrieve machinekey from state cache
-	machineKeyIf, machineKeyFound := h.oidcStateCache.Get(state)
+	machineKeyIf, machineKeyFound := h.registrationCache.Get(state)

 	if !machineKeyFound {
 		log.Error().
@@ -228,14 +216,6 @@ func (h *Headscale) OIDCCallback(ctx *gin.Context) {
 		return
 	}

-	// TODO(kradalby): Currently, if it fails to find a requested expiry, non will be set
-	requestedTime := time.Time{}
-	if requestedTimeIf, found := h.requestedExpiryCache.Get(machineKey.String()); found {
-		if reqTime, ok := requestedTimeIf.(time.Time); ok {
-			requestedTime = reqTime
-		}
-	}
-
 	// retrieve machine information
 	machine, err := h.GetMachineByMachineKey(machineKey)
 	if err != nil {
@@ -254,7 +234,7 @@ func (h *Headscale) OIDCCallback(ctx *gin.Context) {
 			Str("machine", machine.Name).
 			Msg("machine already registered, reauthenticating")

-		h.RefreshMachine(machine, requestedTime)
+		h.RefreshMachine(machine, *machine.Expiry)

 		var content bytes.Buffer
 		if err := oidcCallbackTemplate.Execute(&content, oidcCallbackTemplateConfig{
@@ -329,7 +309,6 @@ func (h *Headscale) OIDCCallback(ctx *gin.Context) {
 		machineKeyStr,
 		namespace.Name,
 		RegisterMethodOIDC,
-		&requestedTime,
 	)
 	if err != nil {
 		log.Error().