Automatically clear caches on save (#369)

sethvargo · web-flow · commit 866deed4b77d · 2020-08-25T11:37:00.000-07:00
diff --git a/cmd/adminapi/main.go b/cmd/adminapi/main.go
@@ -80,16 +80,6 @@ func realMain(ctx context.Context) error {
 	defer oe.Close()
 	logger.Infow("observability exporter", "config", oeConfig)
 
-	// Setup database
-	db, err := config.Database.Load(ctx)
-	if err != nil {
-		return fmt.Errorf("failed to load database config: %w", err)
-	}
-	if err := db.Open(ctx); err != nil {
-		return fmt.Errorf("failed to connect to database: %w", err)
-	}
-	defer db.Close()
-
 	// Setup cacher
 	// TODO(sethvargo): switch to HMAC
 	cacher, err := cache.CacherFor(ctx, &config.Cache, cache.MultiKeyFunc(
@@ -99,6 +89,16 @@ func realMain(ctx context.Context) error {
 	}
 	defer cacher.Close()
 
+	// Setup database
+	db, err := config.Database.Load(ctx)
+	if err != nil {
+		return fmt.Errorf("failed to load database config: %w", err)
+	}
+	if err := db.OpenWithCacher(ctx, cacher); err != nil {
+		return fmt.Errorf("failed to connect to database: %w", err)
+	}
+	defer db.Close()
+
 	// Create the router
 	r := mux.NewRouter()
 
@@ -123,7 +123,7 @@ func realMain(ctx context.Context) error {
 		return fmt.Errorf("failed to create renderer: %w", err)
 	}
 
-	r.Handle("/health", controller.HandleHealthz(ctx, h, &config.Database)).Methods("GET")
+	r.Handle("/health", controller.HandleHealthz(ctx, &config.Database, h)).Methods("GET")
 
 	// Setup API auth
 	requireAPIKey := middleware.RequireAPIKey(ctx, cacher, db, h, []database.APIUserType{
diff --git a/cmd/apiserver/main.go b/cmd/apiserver/main.go
@@ -83,16 +83,6 @@ func realMain(ctx context.Context) error {
 	defer oe.Close()
 	logger.Infow("observability exporter", "config", oeConfig)
 
-	// Setup database
-	db, err := config.Database.Load(ctx)
-	if err != nil {
-		return fmt.Errorf("failed to load database config: %w", err)
-	}
-	if err := db.Open(ctx); err != nil {
-		return fmt.Errorf("failed to connect to database: %w", err)
-	}
-	defer db.Close()
-
 	// Setup cacher
 	// TODO(sethvargo): switch to HMAC
 	cacher, err := cache.CacherFor(ctx, &config.Cache, cache.MultiKeyFunc(
@@ -102,6 +92,16 @@ func realMain(ctx context.Context) error {
 	}
 	defer cacher.Close()
 
+	// Setup database
+	db, err := config.Database.Load(ctx)
+	if err != nil {
+		return fmt.Errorf("failed to load database config: %w", err)
+	}
+	if err := db.OpenWithCacher(ctx, cacher); err != nil {
+		return fmt.Errorf("failed to connect to database: %w", err)
+	}
+	defer db.Close()
+
 	// Setup signer
 	signer, err := keys.KeyManagerFor(ctx, &config.Database.Keys)
 	if err != nil {
@@ -132,7 +132,7 @@ func realMain(ctx context.Context) error {
 		return fmt.Errorf("failed to create renderer: %w", err)
 	}
 
-	r.Handle("/health", controller.HandleHealthz(ctx, h, &config.Database)).Methods("GET")
+	r.Handle("/health", controller.HandleHealthz(ctx, &config.Database, h)).Methods("GET")
 
 	// Setup API auth
 	requireAPIKey := middleware.RequireAPIKey(ctx, cacher, db, h, []database.APIUserType{
diff --git a/cmd/server/main.go b/cmd/server/main.go
@@ -109,7 +109,7 @@ func realMain(ctx context.Context) error {
 	if err != nil {
 		return fmt.Errorf("failed to load database config: %w", err)
 	}
-	if err := db.Open(ctx); err != nil {
+	if err := db.OpenWithCacher(ctx, cacher); err != nil {
 		return fmt.Errorf("failed to connect to database: %w", err)
 	}
 	defer db.Close()
@@ -181,7 +181,7 @@ func realMain(ctx context.Context) error {
 
 		{
 			sub := r.PathPrefix("").Subrouter()
-			sub.Handle("/health", controller.HandleHealthz(ctx, h, &config.Database)).Methods("GET")
+			sub.Handle("/health", controller.HandleHealthz(ctx, &config.Database, h)).Methods("GET")
 		}
 
 		{
@@ -289,7 +289,7 @@ func realMain(ctx context.Context) error {
 		realmSub.Use(requireAdmin)
 		realmSub.Use(rateLimit)
 
-		realmadminController := realmadmin.New(ctx, cacher, config, db, h)
+		realmadminController := realmadmin.New(ctx, config, db, h)
 		realmSub.Handle("/settings", realmadminController.HandleIndex()).Methods("GET")
 		realmSub.Handle("/settings/save", realmadminController.HandleSave()).Methods("POST")
 
diff --git a/pkg/controller/apikey/update.go b/pkg/controller/apikey/update.go
@@ -16,7 +16,6 @@ package apikey
 
 import (
 	"context"
-	"fmt"
 	"net/http"
 
 	"github.com/google/exposure-notifications-verification-server/pkg/controller"
@@ -27,8 +26,6 @@ import (
 
 // HandleUpdate handles an update.
 func (c *Controller) HandleUpdate() http.Handler {
-	logger := c.logger.Named("HandleUpdate")
-
 	type FormData struct {
 		Name string `form:"name"`
 	}
@@ -91,11 +88,6 @@ func (c *Controller) HandleUpdate() http.Handler {
 			return
 		}
 
-		// Clear the app from the cache
-		if err := c.cacher.Delete(ctx, fmt.Sprintf("authorized_apps:by_id:%d", authApp.ID)); err != nil {
-			logger.Errorw("failed to delete authorized app from cache", "error", err)
-		}
-
 		flash.Alert("Successfully updated API key!")
 		http.Redirect(w, r, "/apikeys", http.StatusSeeOther)
 	})
diff --git a/pkg/controller/healthz.go b/pkg/controller/healthz.go
@@ -17,7 +17,7 @@ var (
 	rl = rate.NewLimiter(rate.Every(time.Minute), 1)
 )
 
-func HandleHealthz(hctx context.Context, h *render.Renderer, cfg *database.Config) http.Handler {
+func HandleHealthz(hctx context.Context, cfg *database.Config, h *render.Renderer) http.Handler {
 	logger := logging.FromContext(hctx).Named("healthz")
 
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
diff --git a/pkg/controller/middleware/apikey.go b/pkg/controller/middleware/apikey.go
@@ -47,7 +47,7 @@ func RequireAPIKey(ctx context.Context, cacher cache.Cacher, db *database.Databa
 		allowedTypesMap[t] = struct{}{}
 	}
 
-	cacheTTL := 30 * time.Second
+	cacheTTL := 5 * time.Minute
 
 	return func(next http.Handler) http.Handler {
 		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
diff --git a/pkg/controller/middleware/auth.go b/pkg/controller/middleware/auth.go
@@ -38,7 +38,7 @@ import (
 func RequireAuth(ctx context.Context, cacher cache.Cacher, fbClient *auth.Client, db *database.Database, h *render.Renderer, ttl time.Duration) mux.MiddlewareFunc {
 	logger := logging.FromContext(ctx).Named("middleware.RequireAuth")
 
-	cacheTTL := 30 * time.Second
+	cacheTTL := 5 * time.Minute
 
 	return func(next http.Handler) http.Handler {
 		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
diff --git a/pkg/controller/middleware/realm.go b/pkg/controller/middleware/realm.go
@@ -36,7 +36,7 @@ import (
 func RequireRealm(ctx context.Context, cacher cache.Cacher, db *database.Database, h *render.Renderer) mux.MiddlewareFunc {
 	logger := logging.FromContext(ctx).Named("middleware.RequireRealm")
 
-	cacheTTL := 30 * time.Second
+	cacheTTL := 5 * time.Minute
 
 	return func(next http.Handler) http.Handler {
 		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
diff --git a/pkg/controller/realmadmin/realmadmin.go b/pkg/controller/realmadmin/realmadmin.go
@@ -18,7 +18,6 @@ package realmadmin
 import (
 	"context"
 
-	"github.com/google/exposure-notifications-verification-server/pkg/cache"
 	"github.com/google/exposure-notifications-verification-server/pkg/config"
 	"github.com/google/exposure-notifications-verification-server/pkg/database"
 	"github.com/google/exposure-notifications-verification-server/pkg/render"
@@ -29,18 +28,16 @@ import (
 )
 
 type Controller struct {
-	cacher cache.Cacher
 	config *config.ServerConfig
 	db     *database.Database
 	h      *render.Renderer
 	logger *zap.SugaredLogger
 }
 
-func New(ctx context.Context, cacher cache.Cacher, config *config.ServerConfig, db *database.Database, h *render.Renderer) *Controller {
+func New(ctx context.Context, config *config.ServerConfig, db *database.Database, h *render.Renderer) *Controller {
 	logger := logging.FromContext(ctx)
 
 	return &Controller{
-		cacher: cacher,
 		config: config,
 		db:     db,
 		h:      h,
diff --git a/pkg/controller/realmadmin/save.go b/pkg/controller/realmadmin/save.go
@@ -16,7 +16,6 @@ package realmadmin
 
 import (
 	"context"
-	"fmt"
 	"net/http"
 	"time"
 
@@ -42,8 +41,6 @@ func init() {
 }
 
 func (c *Controller) HandleSave() http.Handler {
-	logger := c.logger.Named("HandleSave")
-
 	type FormData struct {
 		Name             string            `form:"name"`
 		RegionCode       string            `form:"regionCode"`
@@ -106,12 +103,6 @@ func (c *Controller) HandleSave() http.Handler {
 			return
 		}
 
-		// Purge the cache so new values appear for this realm
-		if err := c.cacher.Delete(ctx, fmt.Sprintf("realms:by_id:%d", realm.ID)); err != nil {
-			// Don't return an error here, just continue along
-			logger.Errorw("failed to clear cache", "error", err)
-		}
-
 		// Process SMS settings
 		smsConfig, err := realm.SMSConfig(c.db)
 		if err != nil && !database.IsNotFound(err) {
diff --git a/pkg/controller/user/update.go b/pkg/controller/user/update.go
@@ -16,7 +16,6 @@ package user
 
 import (
 	"context"
-	"fmt"
 	"net/http"
 
 	"github.com/google/exposure-notifications-verification-server/pkg/controller"
@@ -26,8 +25,6 @@ import (
 )
 
 func (c *Controller) HandleUpdate() http.Handler {
-	logger := c.logger.Named("HandeUpdate")
-
 	type FormData struct {
 		Email string `form:"email"`
 		Name  string `form:"name"`
@@ -101,14 +98,6 @@ func (c *Controller) HandleUpdate() http.Handler {
 			return
 		}
 
-		// Clear the user from the cache
-		if err := c.cacher.Delete(ctx, fmt.Sprintf("users:by_id:%d", user.ID)); err != nil {
-			logger.Errorw("failed to delete user from cache", "error", err)
-		}
-		if err := c.cacher.Delete(ctx, fmt.Sprintf("users:by_email:%s", user.Email)); err != nil {
-			logger.Errorw("failed to delete user from cache", "error", err)
-		}
-
 		flash.Alert("Successfully updated user '%v'", form.Name)
 		http.Redirect(w, r, "/users", http.StatusSeeOther)
 	})
diff --git a/pkg/database/database.go b/pkg/database/database.go
@@ -25,6 +25,7 @@ import (
 	"github.com/google/exposure-notifications-server/pkg/keys"
 	"github.com/google/exposure-notifications-server/pkg/logging"
 	"github.com/google/exposure-notifications-server/pkg/secrets"
+	"github.com/google/exposure-notifications-verification-server/pkg/cache"
 	"github.com/jinzhu/gorm"
 	"go.uber.org/zap"
 
@@ -116,6 +117,12 @@ func (c *Config) Load(ctx context.Context) (*Database, error) {
 
 // Open creates a database connection. This should only be called once.
 func (db *Database) Open(ctx context.Context) error {
+	return db.OpenWithCacher(ctx, nil)
+}
+
+// OpenWithCacher creates a database connection with the cacher. This should
+// only be called once.
+func (db *Database) OpenWithCacher(ctx context.Context, cacher cache.Cacher) error {
 	c := db.config
 
 	rawDB, err := gorm.Open("postgres", c.ConnectionString())
@@ -131,18 +138,40 @@ func (db *Database) Open(ctx context.Context) error {
 	// Enable auto-preloading.
 	rawDB = rawDB.Set("gorm:auto_preload", true)
 
+	callbacks := rawDB.Callback()
+
 	// SMS configs
-	rawDB.Callback().Create().Before("gorm:create").Register("sms_configs:encrypt", callbackKMSEncrypt(ctx, db.keyManager, c.EncryptionKey, "sms_configs", "TwilioAuthToken"))
-	rawDB.Callback().Create().After("gorm:create").Register("sms_configs:decrypt", callbackKMSDecrypt(ctx, db.keyManager, c.EncryptionKey, "sms_configs", "TwilioAuthToken"))
+	callbacks.Create().Before("gorm:create").Register("sms_configs:encrypt", callbackKMSEncrypt(ctx, db.keyManager, c.EncryptionKey, "sms_configs", "TwilioAuthToken"))
+	callbacks.Create().After("gorm:create").Register("sms_configs:decrypt", callbackKMSDecrypt(ctx, db.keyManager, c.EncryptionKey, "sms_configs", "TwilioAuthToken"))
 
-	rawDB.Callback().Update().Before("gorm:update").Register("sms_configs:encrypt", callbackKMSEncrypt(ctx, db.keyManager, c.EncryptionKey, "sms_configs", "TwilioAuthToken"))
-	rawDB.Callback().Update().After("gorm:update").Register("sms_configs:decrypt", callbackKMSDecrypt(ctx, db.keyManager, c.EncryptionKey, "sms_configs", "TwilioAuthToken"))
+	callbacks.Update().Before("gorm:update").Register("sms_configs:encrypt", callbackKMSEncrypt(ctx, db.keyManager, c.EncryptionKey, "sms_configs", "TwilioAuthToken"))
+	callbacks.Update().After("gorm:update").Register("sms_configs:decrypt", callbackKMSDecrypt(ctx, db.keyManager, c.EncryptionKey, "sms_configs", "TwilioAuthToken"))
 
-	rawDB.Callback().Query().After("gorm:after_query").Register("sms_configs:decrypt", callbackKMSDecrypt(ctx, db.keyManager, c.EncryptionKey, "sms_configs", "TwilioAuthToken"))
+	callbacks.Query().After("gorm:after_query").Register("sms_configs:decrypt", callbackKMSDecrypt(ctx, db.keyManager, c.EncryptionKey, "sms_configs", "TwilioAuthToken"))
 
 	// Verification codes
-	rawDB.Callback().Create().Before("gorm:create").Register("verification_codes:hmac_code", callbackHMAC(ctx, db.hmacVerificationCode, "verification_codes", "code"))
-	rawDB.Callback().Create().Before("gorm:create").Register("verification_codes:hmac_long_code", callbackHMAC(ctx, db.hmacVerificationCode, "verification_codes", "long_code"))
+	callbacks.Create().Before("gorm:create").Register("verification_codes:hmac_code", callbackHMAC(ctx, db.hmacVerificationCode, "verification_codes", "code"))
+	callbacks.Create().Before("gorm:create").Register("verification_codes:hmac_long_code", callbackHMAC(ctx, db.hmacVerificationCode, "verification_codes", "long_code"))
+
+	// Cache clearing
+	if cacher != nil {
+		// Apps
+		callbacks.Update().After("gorm:update").Register("purge_cache:authorized_apps:by_id", callbackPurgeCache(ctx, cacher, "authorized_apps:by_id:%d", "authorized_apps", "id"))
+		callbacks.Delete().After("gorm:delete").Register("purge_cache:authorized_apps:by_id", callbackPurgeCache(ctx, cacher, "authorized_apps:by_id:%d", "authorized_apps", "id"))
+
+		// Realms
+		callbacks.Update().After("gorm:update").Register("purge_cache:realms:by_id", callbackPurgeCache(ctx, cacher, "realms:by_id:%d", "realms", "id"))
+		callbacks.Delete().After("gorm:delete").Register("purge_cache:realms:by_id", callbackPurgeCache(ctx, cacher, "realms:by_id:%d", "realms", "id"))
+
+		// Users
+		callbacks.Update().After("gorm:update").Register("purge_cache:users:by_id", callbackPurgeCache(ctx, cacher, "users:by_id:%d", "users", "id"))
+		callbacks.Delete().After("gorm:delete").Register("purge_cache:users:by_id", callbackPurgeCache(ctx, cacher, "users:by_id:%d", "users", "id"))
+
+		// Users (by email)
+		callbacks.Update().After("gorm:update").Register("purge_cache:users:by_email", callbackPurgeCache(ctx, cacher, "users:by_email:%s", "users", "email"))
+		callbacks.Delete().After("gorm:delete").Register("purge_cache:users:by_email", callbackPurgeCache(ctx, cacher, "users:by_email:%s", "users", "email"))
+
+	}
 
 	db.db = rawDB
 	return nil
@@ -163,6 +192,43 @@ func IsNotFound(err error) bool {
 	return errors.Is(err, gorm.ErrRecordNotFound) || gorm.IsRecordNotFoundError(err)
 }
 
+// callbackPurgeCache purges the cache key for the given record.
+func callbackPurgeCache(ctx context.Context, cacher cache.Cacher, keyFormat, table, column string) func(scope *gorm.Scope) {
+	return func(scope *gorm.Scope) {
+		if scope.TableName() != table {
+			return
+		}
+
+		if scope.HasError() {
+			return
+		}
+
+		field, ok := scope.FieldByName(column)
+		if !ok {
+			_ = scope.Err(fmt.Errorf("table %q has no column %q", table, column))
+			return
+		}
+
+		if !field.Field.CanInterface() {
+			_ = scope.Err(fmt.Errorf("%q.%q cannot interface", table, column))
+			return
+		}
+
+		val := field.Field.Interface()
+		if val == nil {
+			return
+		}
+
+		key := fmt.Sprintf(keyFormat, val)
+		if err := cacher.Delete(ctx, key); err != nil {
+			scope.Log(fmt.Sprintf("failed to delete cache key: %v", err))
+			return
+		}
+
+		scope.Log(fmt.Sprintf("cleared cache for %v", key))
+	}
+}
+
 // callbackKMSDecrypt decrypts the given column in the table using the key
 // manager and key id.
 func callbackKMSDecrypt(ctx context.Context, keyManager keys.KeyManager, keyID, table, column string) func(scope *gorm.Scope) {
@@ -174,7 +240,6 @@ func callbackKMSDecrypt(ctx context.Context, keyManager keys.KeyManager, keyID,
 
 		// Do nothing if there are errors
 		if scope.HasError() {
-			scope.Log("skipping decryption, model has errors")
 			return
 		}
 
@@ -247,7 +312,6 @@ func callbackKMSEncrypt(ctx context.Context, keyManager keys.KeyManager, keyID,
 
 		// Do nothing if there are errors
 		if scope.HasError() {
-			scope.Log("skipping encryption, model has errors")
 			return
 		}
 

Original file line number	Diff line number	Diff line change
`@@ -109,7 +109,7 @@ func realMain(ctx context.Context) error {`
`109`	`109`	`if err != nil {`
`110`	`110`	`return fmt.Errorf("failed to load database config: %w", err)`
`111`	`111`	`}`
`112`		`- if err := db.Open(ctx); err != nil {`
	`112`	`+ if err := db.OpenWithCacher(ctx, cacher); err != nil {`
`113`	`113`	`return fmt.Errorf("failed to connect to database: %w", err)`
`114`	`114`	`}`
`115`	`115`	`defer db.Close()`
`@@ -181,7 +181,7 @@ func realMain(ctx context.Context) error {`
`181`	`181`
`182`	`182`	`{`
`183`	`183`	`sub := r.PathPrefix("").Subrouter()`
`184`		`- sub.Handle("/health", controller.HandleHealthz(ctx, h, &config.Database)).Methods("GET")`
	`184`	`+ sub.Handle("/health", controller.HandleHealthz(ctx, &config.Database, h)).Methods("GET")`
`185`	`185`	`}`
`186`	`186`
`187`	`187`	`{`
`@@ -289,7 +289,7 @@ func realMain(ctx context.Context) error {`
`289`	`289`	`realmSub.Use(requireAdmin)`
`290`	`290`	`realmSub.Use(rateLimit)`
`291`	`291`
`292`		`- realmadminController := realmadmin.New(ctx, cacher, config, db, h)`
	`292`	`+ realmadminController := realmadmin.New(ctx, config, db, h)`
`293`	`293`	`realmSub.Handle("/settings", realmadminController.HandleIndex()).Methods("GET")`
`294`	`294`	`realmSub.Handle("/settings/save", realmadminController.HandleSave()).Methods("POST")`
`295`	`295`
Original file line number	Diff line number	Diff line change
`@@ -17,7 +17,7 @@ var (`
`17`	`17`	`rl = rate.NewLimiter(rate.Every(time.Minute), 1)`
`18`	`18`	`)`
`19`	`19`
`20`		`-func HandleHealthz(hctx context.Context, h render.Renderer, cfg database.Config) http.Handler {`
	`20`	`+func HandleHealthz(hctx context.Context, cfg database.Config, h render.Renderer) http.Handler {`
`21`	`21`	`logger := logging.FromContext(hctx).Named("healthz")`
`22`	`22`
`23`	`23`	`return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {`
Original file line number	Diff line number	Diff line change
`@@ -47,7 +47,7 @@ func RequireAPIKey(ctx context.Context, cacher cache.Cacher, db *database.Databa`
`47`	`47`	`allowedTypesMap[t] = struct{}{}`
`48`	`48`	`}`
`49`	`49`
`50`		`- cacheTTL := 30 * time.Second`
	`50`	`+ cacheTTL := 5 * time.Minute`
`51`	`51`
`52`	`52`	`return func(next http.Handler) http.Handler {`
`53`	`53`	`return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {`