perf(oidc): optimize the introspection endpoint (#6909)

* get key by id and cache them * userinfo from events for v2 tokens * improve keyset caching * concurrent token and client checks * client and project in single query * logging and otel * drop owner_removed column on apps and authN tables * userinfo and project roles in go routines * get oidc user info from projections and add actions * add avatar URL * some cleanup * pull oidc work branch * remove storage from server * add config flag for experimental introspection * legacy introspection flag * drop owner_removed column on user projections * drop owner_removed column on useer_metadata * query userinfo unit test * query introspection client test * add user_grants to the userinfo query * handle PAT scopes * bring triggers back * test instance keys query * add userinfo unit tests * unit test keys * go mod tidy * solve some bugs * fix missing preferred login name * do not run triggers in go routines, they seem to deadlock * initialize the trigger handlers late with a sync.OnceValue * Revert "do not run triggers in go routines, they seem to deadlock" This reverts commit 2a03da2127. * add missing translations * chore: update go version for linting * pin oidc version * parse a global time location for query test * fix linter complains * upgrade go lint * fix more linting issues --------- Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com>
2025-08-11 21:37:32 +00:00 · 2023-11-21 14:11:38 +02:00
parent ad3563d58b
commit ba9b807854
103 changed files with 3528 additions and 808 deletions
--- a/internal/actions/object/metadata.go
+++ b/internal/actions/object/metadata.go
@@ -34,6 +34,27 @@ func UserMetadataListFromQuery(c *actions.FieldConfig, metadata *query.UserMetad
 	return c.Runtime.ToValue(result)
 }

+func UserMetadataListFromSlice(c *actions.FieldConfig, metadata []query.UserMetadata) goja.Value {
+	result := &userMetadataList{
+		// Count was the only field ever queried from the DB in the old implementation,
+		// so Sequence and LastRun are omitted.
+		Count:    uint64(len(metadata)),
+		Metadata: make([]*userMetadata, len(metadata)),
+	}
+	for i, md := range metadata {
+		result.Metadata[i] = &userMetadata{
+			CreationDate:  md.CreationDate,
+			ChangeDate:    md.ChangeDate,
+			ResourceOwner: md.ResourceOwner,
+			Sequence:      md.Sequence,
+			Key:           md.Key,
+			Value:         metadataByteArrayToValue(md.Value, c.Runtime),
+		}
+	}
+
+	return c.Runtime.ToValue(result)
+}
+
 func metadataByteArrayToValue(val []byte, runtime *goja.Runtime) goja.Value {
 	var value interface{}
 	if !json.Valid(val) {
--- a/internal/actions/object/user_grant.go
+++ b/internal/actions/object/user_grant.go
@@ -90,6 +90,36 @@ func UserGrantsFromQuery(c *actions.FieldConfig, userGrants *query.UserGrants) g
 	return c.Runtime.ToValue(grantList)
 }

+func UserGrantsFromSlice(c *actions.FieldConfig, userGrants []query.UserGrant) goja.Value {
+	if userGrants == nil {
+		return c.Runtime.ToValue(nil)
+	}
+	grantList := &userGrantList{
+		Count:  uint64(len(userGrants)),
+		Grants: make([]*userGrant, len(userGrants)),
+	}
+
+	for i, grant := range userGrants {
+		grantList.Grants[i] = &userGrant{
+			Id:                         grant.ID,
+			ProjectGrantId:             grant.GrantID,
+			State:                      grant.State,
+			CreationDate:               grant.CreationDate,
+			ChangeDate:                 grant.ChangeDate,
+			Sequence:                   grant.Sequence,
+			UserId:                     grant.UserID,
+			Roles:                      grant.Roles,
+			UserResourceOwner:          grant.UserResourceOwner,
+			UserGrantResourceOwner:     grant.ResourceOwner,
+			UserGrantResourceOwnerName: grant.OrgName,
+			ProjectId:                  grant.ProjectID,
+			ProjectName:                grant.ProjectName,
+		}
+	}
+
+	return c.Runtime.ToValue(grantList)
+}
+
 func UserGrantsToDomain(userID string, actionUserGrants []UserGrant) []*domain.UserGrant {
 	if actionUserGrants == nil {
 		return nil