Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

trait Authenticable should has access to AppContext #1030

Open
DenuxPlays opened this issue Nov 26, 2024 · 4 comments
Open

trait Authenticable should has access to AppContext #1030

DenuxPlays opened this issue Nov 26, 2024 · 4 comments
Labels
enhancement New feature or request

Comments

@DenuxPlays
Copy link
Contributor

DenuxPlays commented Nov 26, 2024

Feature Request

Is it possible to give the Authenticable trait access to the cache?
A mapping between an api_key and user or user_id should not result in a db query every time.

Describe the solution you'd like

With my setup I need to query the db every time with joins.
Not very efficient.

Describe alternatives you've considered

Create my own trait and use that instead.

@DenuxPlays DenuxPlays added the enhancement New feature or request label Nov 26, 2024
@jondot
Copy link
Contributor

jondot commented Nov 27, 2024

unless we model a concept of a "session" this might trade off security for performance.
the database is a source of truth, and as such for security, it needs to be consulted with for every operation as frequently as possible.
imagine someone expiring their API key, however the cache still holds it and dims it legitimate.

if you'd like to submit a PR implementing all these concepts with security in mind, I'll be happy to take a look.

@DenuxPlays
Copy link
Contributor Author

Okay understandable.

When I find time I can make create a pr for this.

I've already implemented such a system with automatic invaldiation etc. so I just need to adapt it to loco.

@DenuxPlays
Copy link
Contributor Author

Hey this would make more sense if we would have more cache implementations like redis.
This way we can keep multiple instances in sync and improve security.

Isn't a blocker for this issue just something I thought about.

@DenuxPlays
Copy link
Contributor Author

Better yet:
Wouldn't it make sense to give it access to the whole AppContext?

@DenuxPlays DenuxPlays changed the title trait Authenticable should has access to the cache trait Authenticable should has access to AppContext Jan 24, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

No branches or pull requests

2 participants