Add permanent cache option and cleanup thread for multi workspace authorization

Author: seratch

bolt/src/main/java/com/slack/api/bolt/AppConfig.java

@@ -70,8 +70,17 @@ public boolean isDistributedApp() {
     private boolean oAuthCallbackEnabled = false;
 
 
+    /**
+     * Returns true if auth.test call result cache in SingleTeamAuthorization or MultiTeamsAuthorization middleware
+     * is enabled. The default is false.
+     */
     @Builder.Default
     private boolean authTestCacheEnabled = false;
+
+    /**
+     * Returns the millisecond value to keep cached auth.test response in cache.
+     * Negative value indicates the cache is permanent. The default is 3000 milliseconds.
+     */
     @Builder.Default
     private long authTestCacheExpirationMillis = 3000L;
 

bolt/src/main/java/com/slack/api/bolt/middleware/builtin/MultiTeamsAuthorization.java

@@ -15,14 +15,19 @@
 import com.slack.api.methods.SlackApiException;
 import com.slack.api.methods.response.auth.AuthTestResponse;
 import com.slack.api.model.block.LayoutBlock;
+import com.slack.api.util.thread.ExecutorServiceFactory;
 import lombok.AllArgsConstructor;
 import lombok.Data;
 import lombok.extern.slf4j.Slf4j;
 
 import java.io.IOException;
 import java.util.List;
+import java.util.Map;
+import java.util.Optional;
 import java.util.concurrent.ConcurrentHashMap;
 import java.util.concurrent.ConcurrentMap;
+import java.util.concurrent.ScheduledExecutorService;
+import java.util.concurrent.TimeUnit;
 
 import static com.slack.api.bolt.middleware.MiddlewareOps.isNoAuthRequiredRequest;
 import static com.slack.api.bolt.response.ResponseTypes.ephemeral;
@@ -45,6 +50,7 @@ static class CachedAuthTestResponse {
 
     // token -> auth.test response
     private final ConcurrentMap<String, CachedAuthTestResponse> tokenToAuthTestCache = new ConcurrentHashMap<>();
+    private final Optional<ScheduledExecutorService> tokenToAuthTestCacheCleaner;
 
     private boolean alwaysRequestUserTokenNeeded;
 
@@ -60,6 +66,40 @@ public MultiTeamsAuthorization(AppConfig config, InstallationService installatio
         this.config = config;
         this.installationService = installationService;
         setAlwaysRequestUserTokenNeeded(config.isAlwaysRequestUserTokenNeeded());
+        if (config.isAuthTestCacheEnabled()) {
+            boolean permanentCacheEnabled = config.getAuthTestCacheExpirationMillis() < 0;
+            if (permanentCacheEnabled) {
+                this.tokenToAuthTestCacheCleaner = Optional.empty();
+            } else {
+                this.tokenToAuthTestCacheCleaner = Optional.of(buildTokenToAuthTestCacheCleaner(() -> {
+                    long expirationMillis = System.currentTimeMillis() - config.getAuthTestCacheExpirationMillis();
+                    for (Map.Entry<String, CachedAuthTestResponse> each : tokenToAuthTestCache.entrySet()) {
+                        if (each.getValue() == null || each.getValue().getCachedMillis() < expirationMillis) {
+                            tokenToAuthTestCache.remove(each.getKey());
+                        }
+                    }
+                }));
+            }
+        } else {
+            this.tokenToAuthTestCacheCleaner = Optional.empty();
+        }
+    }
+
+    private ScheduledExecutorService buildTokenToAuthTestCacheCleaner(Runnable task) {
+        String threadGroupName = MultiTeamsAuthorization.class.getSimpleName();
+        ScheduledExecutorService tokenToAuthTestCacheCleaner =
+                ExecutorServiceFactory.createDaemonThreadScheduledExecutor(threadGroupName);
+        tokenToAuthTestCacheCleaner.scheduleAtFixedRate(task, 120_000, 30_000, TimeUnit.MILLISECONDS);
+        log.debug("The tokenToAuthTestCacheCleaner (daemon thread) started");
+        return tokenToAuthTestCacheCleaner;
+    }
+
+    @Override
+    protected void finalize() throws Throwable {
+        if (this.tokenToAuthTestCacheCleaner.isPresent()) {
+            this.tokenToAuthTestCacheCleaner.get().shutdown();
+        }
+        super.finalize();
     }
 
     @Override
@@ -150,6 +190,10 @@ protected AuthTestResponse callAuthTest(String token, AppConfig config, MethodsC
         if (config.isAuthTestCacheEnabled()) {
             CachedAuthTestResponse cachedResponse = tokenToAuthTestCache.get(token);
             if (cachedResponse != null) {
+                boolean permanentCacheEnabled = config.getAuthTestCacheExpirationMillis() < 0;
+                if (permanentCacheEnabled) {
+                    return cachedResponse.getResponse();
+                }
                 long millisToExpire = cachedResponse.getCachedMillis() + config.getAuthTestCacheExpirationMillis();
                 if (millisToExpire > System.currentTimeMillis()) {
                     return cachedResponse.getResponse();

bolt/src/main/java/com/slack/api/bolt/middleware/builtin/SingleTeamAuthorization.java

@@ -84,9 +84,16 @@ public Response apply(Request req, Response resp, MiddlewareChain chain) throws
 
     protected AuthTestResponse callAuthTest(AppConfig config, MethodsClient client) throws IOException, SlackApiException {
         if (config.isAuthTestCacheEnabled()) {
-            long millisToExpire = lastCachedMillis.get() + config.getAuthTestCacheExpirationMillis();
-            if (cachedAuthTestResponse.isPresent() && millisToExpire > System.currentTimeMillis()) {
-                return cachedAuthTestResponse.get();
+            if (cachedAuthTestResponse.isPresent()) {
+                boolean permanentCacheEnabled = config.getAuthTestCacheExpirationMillis() < 0;
+                if (permanentCacheEnabled) {
+                    return cachedAuthTestResponse.get();
+                }
+                long millisToExpire = lastCachedMillis.get() + config.getAuthTestCacheExpirationMillis();
+                long currentMillis = System.currentTimeMillis();
+                if (millisToExpire > currentMillis) {
+                    return cachedAuthTestResponse.get();
+                }
             }
             AuthTestResponse response = client.authTest(r -> r.token(config.getSingleTeamBotToken()));
             cachedAuthTestResponse = Optional.of(response); // response here is not null for sure

bolt/src/test/java/test_locally/app/MultiTeamsAuthTestCacheTest.java

@@ -71,7 +71,7 @@ public static void tearDown() throws Exception {
 
     @Test
     public void cacheEnabled() throws Exception {
-        App app = buildApp(true);
+        App app = buildApp(true, null);
         app.globalShortcut("test-global-shortcut", (req, ctx) -> ctx.ack());
 
         String requestBody = "payload=" + URLEncoder.encode(realPayload, "UTF-8");
@@ -103,9 +103,43 @@ public void cacheEnabled() throws Exception {
         assertEquals(503L, response.getStatusCode().longValue());
     }
 
+    @Test
+    public void permanentCacheEnabled() throws Exception {
+        App app = buildApp(true, -1L);
+        app.globalShortcut("test-global-shortcut", (req, ctx) -> ctx.ack());
+
+        String requestBody = "payload=" + URLEncoder.encode(realPayload, "UTF-8");
+
+        Map<String, List<String>> rawHeaders = new HashMap<>();
+        String timestamp = String.valueOf(System.currentTimeMillis() / 1000);
+        setRequestHeaders(requestBody, rawHeaders, timestamp);
+
+        GlobalShortcutRequest req = new GlobalShortcutRequest(requestBody, realPayload, new RequestHeaders(rawHeaders));
+        assertEquals("seratch", req.getPayload().getUser().getUsername()); // a bit different from message_actions payload
+
+        Response response = app.run(req);
+        assertEquals(200L, response.getStatusCode().longValue());
+
+        response = app.run(req);
+        assertEquals(200L, response.getStatusCode().longValue());
+
+        Thread.sleep(300L);
+        response = app.run(req);
+        assertEquals(200L, response.getStatusCode().longValue());
+
+        Thread.sleep(300L);
+        response = app.run(req);
+        assertEquals(200L, response.getStatusCode().longValue());
+
+        Thread.sleep(3000L);
+
+        response = app.run(req);
+        assertEquals(200L, response.getStatusCode().longValue());
+    }
+
     @Test
     public void cacheDisabled() throws Exception {
-        App app = buildApp(false);
+        App app = buildApp(false, null);
         app.globalShortcut("test-global-shortcut", (req, ctx) -> ctx.ack());
 
         String requestBody = "payload=" + URLEncoder.encode(realPayload, "UTF-8");
@@ -124,14 +158,18 @@ public void cacheDisabled() throws Exception {
         assertEquals(503L, response.getStatusCode().longValue());
     }
 
-    App buildApp(boolean authTestCacheEnabled) {
-        App app = new App(AppConfig.builder()
+    App buildApp(boolean authTestCacheEnabled, Long ttlMillis) {
+        AppConfig config = AppConfig.builder()
                 .authTestCacheEnabled(authTestCacheEnabled)
                 .signingSecret(secret)
                 .clientId("test")
                 .clientSecret("test-test")
                 .slack(slack)
-                .build());
+                .build();
+        if (ttlMillis != null) {
+            config.setAuthTestCacheExpirationMillis(ttlMillis);
+        }
+        App app = new App(config);
         app.service(new InstallationService() {
             @Override
             public boolean isHistoricalDataEnabled() {
@@ -161,7 +199,7 @@ public Bot findBot(String enterpriseId, String teamId) {
                 bot.setBotAccessToken("B111");
                 bot.setBotUserId("U111");
                 bot.setInstalledAt(System.currentTimeMillis());
-                bot.setBotAccessToken("xoxb-1234567890-123456789012-12345678901234567890" + authTestCacheEnabled);
+                bot.setBotAccessToken("xoxb-1234567890-123456789012-12345678901234567890" + authTestCacheEnabled + ttlMillis);
                 return bot;
             }
 

bolt/src/test/java/test_locally/app/SingleTeamAuthTestCacheTest.java

@@ -100,6 +100,45 @@ public void cacheEnabled() throws Exception {
         }
     }
 
+    @Test
+    public void permanentCacheEnabled() throws Exception {
+        App app = new App(AppConfig.builder()
+                .authTestCacheEnabled(true)
+                .authTestCacheExpirationMillis(-1L)
+                .signingSecret(secret)
+                .singleTeamBotToken("xoxb-1234567890-123456789012-12345678901234567890-permanent")
+                .slack(slack)
+                .build());
+        app.globalShortcut("test-global-shortcut", (req, ctx) -> ctx.ack());
+
+        String requestBody = "payload=" + URLEncoder.encode(realPayload, "UTF-8");
+
+        Map<String, List<String>> rawHeaders = new HashMap<>();
+        String timestamp = String.valueOf(System.currentTimeMillis() / 1000);
+        setRequestHeaders(requestBody, rawHeaders, timestamp);
+
+        GlobalShortcutRequest req = new GlobalShortcutRequest(requestBody, realPayload, new RequestHeaders(rawHeaders));
+        assertEquals("seratch", req.getPayload().getUser().getUsername()); // a bit different from message_actions payload
+
+        Response response = app.run(req);
+        assertEquals(200L, response.getStatusCode().longValue());
+
+        response = app.run(req);
+        assertEquals(200L, response.getStatusCode().longValue());
+
+        Thread.sleep(300L);
+        response = app.run(req);
+        assertEquals(200L, response.getStatusCode().longValue());
+
+        Thread.sleep(300L);
+        response = app.run(req);
+        assertEquals(200L, response.getStatusCode().longValue());
+
+        Thread.sleep(3000L);
+        response = app.run(req);
+        assertEquals(200L, response.getStatusCode().longValue());
+    }
+
     @Test
     public void cacheDisabled() throws Exception {
         App app = buildApp(false);