perf: cache auth request in memory (#7824)

* perf: cache auth request in memory

internal/auth_request/repository/cache/cache.go

@@ -8,6 +8,9 @@ import (
 	"fmt"
 	"time"
 
+	"github.com/hashicorp/golang-lru/v2"
+	"github.com/zitadel/logging"
+
 	"github.com/zitadel/zitadel/internal/api/authz"
 	"github.com/zitadel/zitadel/internal/database"
 	"github.com/zitadel/zitadel/internal/domain"
@@ -15,12 +18,21 @@ import (
 )
 
 type AuthRequestCache struct {
-	client *database.DB
+	client    *database.DB
+	idCache   *lru.Cache[string, *domain.AuthRequest]
+	codeCache *lru.Cache[string, *domain.AuthRequest]
 }
 
-func Start(dbClient *database.DB) *AuthRequestCache {
+func Start(dbClient *database.DB, amountOfCachedAuthRequests uint16) *AuthRequestCache {
+	idCache, err := lru.New[string, *domain.AuthRequest](int(amountOfCachedAuthRequests))
+	logging.OnError(err).Info("auth request cache disabled")
+	codeCache, err := lru.New[string, *domain.AuthRequest](int(amountOfCachedAuthRequests))
+	logging.OnError(err).Info("auth request cache disabled")
+
 	return &AuthRequestCache{
-		client: dbClient,
+		client:    dbClient,
+		idCache:   idCache,
+		codeCache: codeCache,
 	}
 }
 
@@ -29,22 +41,38 @@ func (c *AuthRequestCache) Health(ctx context.Context) error {
 }
 
 func (c *AuthRequestCache) GetAuthRequestByID(ctx context.Context, id string) (*domain.AuthRequest, error) {
-	return c.getAuthRequest("id", id, authz.GetInstance(ctx).InstanceID())
+	if authRequest, ok := c.getCachedByID(ctx, id); ok {
+		return authRequest, nil
+	}
+	request, err := c.getAuthRequest(ctx, "id", id, authz.GetInstance(ctx).InstanceID())
+	if err != nil {
+		return nil, err
+	}
+	c.CacheAuthRequest(ctx, request)
+	return request, nil
 }
 
 func (c *AuthRequestCache) GetAuthRequestByCode(ctx context.Context, code string) (*domain.AuthRequest, error) {
-	return c.getAuthRequest("code", code, authz.GetInstance(ctx).InstanceID())
+	if authRequest, ok := c.getCachedByCode(ctx, code); ok {
+		return authRequest, nil
+	}
+	request, err := c.getAuthRequest(ctx, "code", code, authz.GetInstance(ctx).InstanceID())
+	if err != nil {
+		return nil, err
+	}
+	c.CacheAuthRequest(ctx, request)
+	return request, nil
 }
 
-func (c *AuthRequestCache) SaveAuthRequest(_ context.Context, request *domain.AuthRequest) error {
-	return c.saveAuthRequest(request, "INSERT INTO auth.auth_requests (id, request, instance_id, creation_date, change_date, request_type) VALUES($1, $2, $3, $4, $4, $5)", request.CreationDate, request.Request.Type())
+func (c *AuthRequestCache) SaveAuthRequest(ctx context.Context, request *domain.AuthRequest) error {
+	return c.saveAuthRequest(ctx, request, "INSERT INTO auth.auth_requests (id, request, instance_id, creation_date, change_date, request_type) VALUES($1, $2, $3, $4, $4, $5)", request.CreationDate, request.Request.Type())
 }
 
-func (c *AuthRequestCache) UpdateAuthRequest(_ context.Context, request *domain.AuthRequest) error {
+func (c *AuthRequestCache) UpdateAuthRequest(ctx context.Context, request *domain.AuthRequest) error {
 	if request.ChangeDate.IsZero() {
 		request.ChangeDate = time.Now()
 	}
-	return c.saveAuthRequest(request, "UPDATE auth.auth_requests SET request = $2, instance_id = $3, change_date = $4, code = $5 WHERE id = $1", request.ChangeDate, request.Code)
+	return c.saveAuthRequest(ctx, request, "UPDATE auth.auth_requests SET request = $2, instance_id = $3, change_date = $4, code = $5 WHERE id = $1", request.ChangeDate, request.Code)
 }
 
 func (c *AuthRequestCache) DeleteAuthRequest(ctx context.Context, id string) error {
@@ -52,14 +80,16 @@ func (c *AuthRequestCache) DeleteAuthRequest(ctx context.Context, id string) err
 	if err != nil {
 		return zerrors.ThrowInternal(err, "CACHE-dsHw3", "unable to delete auth request")
 	}
+	c.deleteFromCache(ctx, id)
 	return nil
 }
 
-func (c *AuthRequestCache) getAuthRequest(key, value, instanceID string) (*domain.AuthRequest, error) {
+func (c *AuthRequestCache) getAuthRequest(ctx context.Context, key, value, instanceID string) (*domain.AuthRequest, error) {
 	var b []byte
 	var requestType domain.AuthRequestType
 	query := fmt.Sprintf("SELECT request, request_type FROM auth.auth_requests WHERE instance_id = $1 and %s = $2", key)
-	err := c.client.QueryRow(
+	err := c.client.QueryRowContext(
+		ctx,
 		func(row *sql.Row) error {
 			return row.Scan(&b, &requestType)
 		},
@@ -81,7 +111,7 @@ func (c *AuthRequestCache) getAuthRequest(key, value, instanceID string) (*domai
 	return request, nil
 }
 
-func (c *AuthRequestCache) saveAuthRequest(request *domain.AuthRequest, query string, date time.Time, param interface{}) error {
+func (c *AuthRequestCache) saveAuthRequest(ctx context.Context, request *domain.AuthRequest, query string, date time.Time, param interface{}) error {
 	b, err := json.Marshal(request)
 	if err != nil {
 		return zerrors.ThrowInternal(err, "CACHE-os0GH", "Errors.Internal")
@@ -90,5 +120,51 @@ func (c *AuthRequestCache) saveAuthRequest(request *domain.AuthRequest, query st
 	if err != nil {
 		return zerrors.ThrowInternal(err, "CACHE-su3GK", "Errors.Internal")
 	}
+	c.CacheAuthRequest(ctx, request)
 	return nil
 }
+
+func (c *AuthRequestCache) getCachedByID(ctx context.Context, id string) (*domain.AuthRequest, bool) {
+	if c.idCache == nil {
+		return nil, false
+	}
+	authRequest, ok := c.idCache.Get(cacheKey(ctx, id))
+	logging.WithFields("hit", ok, "type", "id").Info("get from auth request cache")
+	return authRequest, ok
+}
+
+func (c *AuthRequestCache) getCachedByCode(ctx context.Context, code string) (*domain.AuthRequest, bool) {
+	if c.codeCache == nil {
+		return nil, false
+	}
+	authRequest, ok := c.codeCache.Get(cacheKey(ctx, code))
+	logging.WithFields("hit", ok, "type", "code").Info("get from auth request cache")
+	return authRequest, ok
+}
+
+func (c *AuthRequestCache) CacheAuthRequest(ctx context.Context, request *domain.AuthRequest) {
+	if c.idCache == nil {
+		return
+	}
+	c.idCache.Add(cacheKey(ctx, request.ID), request)
+	if request.Code != "" {
+		c.codeCache.Add(cacheKey(ctx, request.Code), request)
+	}
+}
+
+func cacheKey(ctx context.Context, value string) string {
+	return fmt.Sprintf("%s-%s", authz.GetInstance(ctx).InstanceID(), value)
+}
+
+func (c *AuthRequestCache) deleteFromCache(ctx context.Context, id string) {
+	if c.idCache == nil {
+		return
+	}
+	idKey := cacheKey(ctx, id)
+	request, ok := c.idCache.Get(idKey)
+	if !ok {
+		return
+	}
+	c.idCache.Remove(idKey)
+	c.codeCache.Remove(cacheKey(ctx, request.Code))
+}

internal/auth_request/repository/mock/repository.mock.go

@@ -40,6 +40,18 @@ func (m *MockAuthRequestCache) EXPECT() *MockAuthRequestCacheMockRecorder {
 	return m.recorder
 }
 
+// CacheAuthRequest mocks base method.
+func (m *MockAuthRequestCache) CacheAuthRequest(arg0 context.Context, arg1 *domain.AuthRequest) {
+	m.ctrl.T.Helper()
+	m.ctrl.Call(m, "CacheAuthRequest", arg0, arg1)
+}
+
+// CacheAuthRequest indicates an expected call of CacheAuthRequest.
+func (mr *MockAuthRequestCacheMockRecorder) CacheAuthRequest(arg0, arg1 any) *gomock.Call {
+	mr.mock.ctrl.T.Helper()
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "CacheAuthRequest", reflect.TypeOf((*MockAuthRequestCache)(nil).CacheAuthRequest), arg0, arg1)
+}
+
 // DeleteAuthRequest mocks base method.
 func (m *MockAuthRequestCache) DeleteAuthRequest(arg0 context.Context, arg1 string) error {
 	m.ctrl.T.Helper()

internal/auth_request/repository/repository.go

@@ -12,6 +12,7 @@ type AuthRequestCache interface {
 	GetAuthRequestByID(ctx context.Context, id string) (*domain.AuthRequest, error)
 	GetAuthRequestByCode(ctx context.Context, code string) (*domain.AuthRequest, error)
 	SaveAuthRequest(ctx context.Context, request *domain.AuthRequest) error
+	CacheAuthRequest(ctx context.Context, request *domain.AuthRequest)
 	UpdateAuthRequest(ctx context.Context, request *domain.AuthRequest) error
 	DeleteAuthRequest(ctx context.Context, id string) error
 }