Tetardtek/Sakuin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

security: AuthGuard cache max size — eviction FIFO 1000 entries

Browse Source
This commit is contained in:
Tetardtek
2026-04-05 07:49:56 +02:00
parent 7b7f2ac8e7
commit 2e9e438baa
1 changed files with 5 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
backend/src/auth/auth.guard.ts
View File

@@ -12,6 +12,7 @@ interface CacheEntry {
} }
const TOKEN_CACHE_TTL_MS = 5 * 60 * 1000; // 5 minutes const TOKEN_CACHE_TTL_MS = 5 * 60 * 1000; // 5 minutes
const MAX_CACHE_SIZE = 1000;
@Injectable() @Injectable()
export class AuthGuard implements CanActivate { export class AuthGuard implements CanActivate {
@@ -49,6 +50,10 @@ export class AuthGuard implements CanActivate {
const user = await this.introspect(token); const user = await this.introspect(token);
if (user) { if (user) {
if (this.cache.size >= MAX_CACHE_SIZE) {
const oldest = this.cache.keys().next().value;
if (oldest) this.cache.delete(oldest);
}
this.cache.set(token, { this.cache.set(token, {
user, user,
expiresAt: Date.now() + TOKEN_CACHE_TTL_MS, expiresAt: Date.now() + TOKEN_CACHE_TTL_MS,