internal/cache/cache.go

@@ -3,5 +3,4 @@ package cache
 type Cache[K comparable, V any] interface {
 	Get(key K) (V, bool)
 	Set(key K, value V)
-	Clear()
 }

internal/cache/memory/cache.go

@@ -25,10 +25,6 @@ func (c *Cache[K, V]) Set(key K, value V) {
 	c.store.Store(key, value)
 }
 
-func (c *Cache[K, V]) Clear() {
-	c.store.Clear()
-}
-
 func NewCache[K comparable, V any]() *Cache[K, V] {
 	return &Cache[K, V]{
 		store: new(sync.Map),

internal/cache/ttl/cache.go

@@ -28,11 +28,6 @@ func (c *Cache[K, V]) Set(key K, value V) {
 	c.values.Set(key, value)
 }
 
-func (c *Cache[K, V]) Clear() {
-	c.timestamps.Clear()
-	c.values.Clear()
-}
-
 func NewCache[K comparable, V any](values cache.Cache[K, V], timestamps cache.Cache[K, time.Time], ttl time.Duration) *Cache[K, V] {
 	return &Cache[K, V]{
 		values:     values,

internal/command/server/admin/run.go

@@ -12,6 +12,10 @@ import (
 	"gitlab.com/wpetit/goweb/logger"
 )
 
+const (
+	flagPrintDefaultToken = "print-default-token"
+)
+
 func RunCommand() *cli.Command {
 	flags := common.Flags()
 
@@ -28,8 +32,6 @@ func RunCommand() *cli.Command {
 			logger.SetFormat(logger.Format(conf.Logger.Format))
 			logger.SetLevel(logger.Level(conf.Logger.Level))
 
-			logger.Debug(ctx.Context, "using config", logger.F("config", conf))
-
 			projectVersion := ctx.String("projectVersion")
 
 			if conf.Proxy.Sentry.DSN != "" {

internal/command/server/proxy/run.go

@@ -29,8 +29,6 @@ func RunCommand() *cli.Command {
 			logger.SetFormat(logger.Format(conf.Logger.Format))
 			logger.SetLevel(logger.Level(conf.Logger.Level))
 
-			logger.Debug(ctx.Context, "using config", logger.F("config", conf))
-
 			projectVersion := ctx.String("projectVersion")
 
 			if conf.Proxy.Sentry.DSN != "" {
@@ -51,7 +49,7 @@ func RunCommand() *cli.Command {
 				proxy.WithServerConfig(conf.Proxy),
 				proxy.WithRedisConfig(conf.Redis),
 				proxy.WithDirectorLayers(layers...),
-				proxy.WithDirectorCacheTTL(time.Duration(*conf.Proxy.Cache.TTL)),
+				proxy.WithDirectorCacheTTL(time.Duration(conf.Proxy.Cache.TTL)),
 			)
 
 			addrs, srvErrs := srv.Start(ctx.Context)

internal/config/environment.go

@@ -19,7 +19,7 @@ func (is *InterpolatedString) UnmarshalYAML(value *yaml.Node) error {
 		return errors.WithStack(err)
 	}
 
-	str, err := envsubst.Eval(str, getEnv)
+	str, err := envsubst.EvalEnv(str)
 	if err != nil {
 		return errors.WithStack(err)
 	}
@@ -38,7 +38,7 @@ func (ii *InterpolatedInt) UnmarshalYAML(value *yaml.Node) error {
 		return errors.Wrapf(err, "could not decode value '%v' (line '%d') into string", value.Value, value.Line)
 	}
 
-	str, err := envsubst.Eval(str, getEnv)
+	str, err := envsubst.EvalEnv(str)
 	if err != nil {
 		return errors.WithStack(err)
 	}
@@ -62,7 +62,7 @@ func (ifl *InterpolatedFloat) UnmarshalYAML(value *yaml.Node) error {
 		return errors.Wrapf(err, "could not decode value '%v' (line '%d') into string", value.Value, value.Line)
 	}
 
-	str, err := envsubst.Eval(str, getEnv)
+	str, err := envsubst.EvalEnv(str)
 	if err != nil {
 		return errors.WithStack(err)
 	}
@@ -86,7 +86,7 @@ func (ib *InterpolatedBool) UnmarshalYAML(value *yaml.Node) error {
 		return errors.Wrapf(err, "could not decode value '%v' (line '%d') into string", value.Value, value.Line)
 	}
 
-	str, err := envsubst.Eval(str, getEnv)
+	str, err := envsubst.EvalEnv(str)
 	if err != nil {
 		return errors.WithStack(err)
 	}
@@ -101,10 +101,9 @@ func (ib *InterpolatedBool) UnmarshalYAML(value *yaml.Node) error {
 	return nil
 }
 
-var getEnv = os.Getenv
-
 type InterpolatedMap struct {
-	Data map[string]any
+	Data   map[string]any
+	getEnv func(string) string
 }
 
 func (im *InterpolatedMap) UnmarshalYAML(value *yaml.Node) error {
@@ -114,6 +113,10 @@ func (im *InterpolatedMap) UnmarshalYAML(value *yaml.Node) error {
 		return errors.Wrapf(err, "could not decode value '%v' (line '%d') into map", value.Value, value.Line)
 	}
 
+	if im.getEnv == nil {
+		im.getEnv = os.Getenv
+	}
+
 	interpolated, err := im.interpolateRecursive(data)
 	if err != nil {
 		return errors.WithStack(err)
@@ -137,7 +140,7 @@ func (im InterpolatedMap) interpolateRecursive(data any) (any, error) {
 		}
 
 	case string:
-		value, err := envsubst.Eval(typ, getEnv)
+		value, err := envsubst.Eval(typ, im.getEnv)
 		if err != nil {
 			return nil, errors.WithStack(err)
 		}
@@ -168,7 +171,7 @@ func (iss *InterpolatedStringSlice) UnmarshalYAML(value *yaml.Node) error {
 	}
 
 	for index, value := range data {
-		value, err := envsubst.Eval(value, getEnv)
+		value, err := envsubst.EvalEnv(value)
 		if err != nil {
 			return errors.WithStack(err)
 		}
@@ -190,7 +193,7 @@ func (id *InterpolatedDuration) UnmarshalYAML(value *yaml.Node) error {
 		return errors.Wrapf(err, "could not decode value '%v' (line '%d') into string", value.Value, value.Line)
 	}
 
-	str, err := envsubst.Eval(str, getEnv)
+	str, err := envsubst.EvalEnv(str)
 	if err != nil {
 		return errors.WithStack(err)
 	}

internal/config/environment_test.go

@@ -4,7 +4,6 @@ import (
 	"fmt"
 	"os"
 	"testing"
-	"time"
 
 	"github.com/pkg/errors"
 	"gopkg.in/yaml.v3"
@@ -66,7 +65,7 @@ func TestInterpolatedMap(t *testing.T) {
 			var interpolatedMap InterpolatedMap
 
 			if tc.Env != nil {
-				getEnv = func(key string) string {
+				interpolatedMap.getEnv = func(key string) string {
 					return tc.Env[key]
 				}
 			}
@@ -81,54 +80,3 @@ func TestInterpolatedMap(t *testing.T) {
 		})
 	}
 }
-
-func TestInterpolatedDuration(t *testing.T) {
-	type testCase struct {
-		Path   string
-		Env    map[string]string
-		Assert func(t *testing.T, parsed *InterpolatedDuration)
-	}
-
-	testCases := []testCase{
-		{
-			Path: "testdata/environment/interpolated-duration.yml",
-			Env: map[string]string{
-				"MY_DURATION": "30s",
-			},
-			Assert: func(t *testing.T, parsed *InterpolatedDuration) {
-				if e, g := 30*time.Second, parsed; e != time.Duration(*g) {
-					t.Errorf("parsed: expected '%v', got '%v'", e, g)
-				}
-			},
-		},
-	}
-
-	for idx, tc := range testCases {
-		t.Run(fmt.Sprintf("Case #%d", idx), func(t *testing.T) {
-			data, err := os.ReadFile(tc.Path)
-			if err != nil {
-				t.Fatalf("%+v", errors.WithStack(err))
-			}
-
-			if tc.Env != nil {
-				getEnv = func(key string) string {
-					return tc.Env[key]
-				}
-			}
-
-			config := struct {
-				Duration *InterpolatedDuration `yaml:"duration"`
-			}{
-				Duration: NewInterpolatedDuration(-1),
-			}
-
-			if err := yaml.Unmarshal(data, &config); err != nil {
-				t.Fatalf("%+v", errors.WithStack(err))
-			}
-
-			if tc.Assert != nil {
-				tc.Assert(t, config.Duration)
-			}
-		})
-	}
-}

internal/config/proxy_server.go

@@ -113,12 +113,12 @@ func NewDefaultDialConfig() DialConfig {
 }
 
 type CacheConfig struct {
-	TTL *InterpolatedDuration `yaml:"ttl"`
+	TTL InterpolatedDuration `yaml:"ttl"`
 }
 
 func NewDefaultCacheConfig() CacheConfig {
 	return CacheConfig{
-		TTL: NewInterpolatedDuration(time.Second * 30),
+		TTL: *NewInterpolatedDuration(time.Second * 30),
 	}
 }
 

internal/config/testdata/environment/interpolated-duration.yml

@@ -1 +0,0 @@
-duration: ${MY_DURATION}

internal/proxy/director/context.go

@@ -6,7 +6,6 @@ import (
 	"net/url"
 
 	"forge.cadoles.com/cadoles/bouncer/internal/store"
-	"github.com/getsentry/sentry-go"
 	"github.com/pkg/errors"
 	"gitlab.com/wpetit/goweb/logger"
 )
@@ -18,7 +17,6 @@ const (
 	contextKeyLayers      contextKey = "layers"
 	contextKeyOriginalURL contextKey = "originalURL"
 	contextKeyHandleError contextKey = "handleError"
-	contextKeySentryScope contextKey = "sentryScope"
 )
 
 var (
@@ -84,16 +82,3 @@ func HandleError(ctx context.Context, w http.ResponseWriter, r *http.Request, st
 
 	fn(w, r, status, err)
 }
-
-func withSentryScope(ctx context.Context, scope *sentry.Scope) context.Context {
-	return context.WithValue(ctx, contextKeySentryScope, scope)
-}
-
-func SentryScope(ctx context.Context) (*sentry.Scope, error) {
-	scope, err := ctxValue[*sentry.Scope](ctx, contextKeySentryScope)
-	if err != nil {
-		return nil, errors.WithStack(err)
-	}
-
-	return scope, nil
-}

internal/proxy/director/director.go

@@ -7,9 +7,8 @@ import (
 
 	"forge.cadoles.com/Cadoles/go-proxy"
 	"forge.cadoles.com/Cadoles/go-proxy/wildcard"
+	"forge.cadoles.com/cadoles/bouncer/internal/cache"
 	"forge.cadoles.com/cadoles/bouncer/internal/store"
-	"forge.cadoles.com/cadoles/bouncer/internal/syncx"
-	"github.com/getsentry/sentry-go"
 	"github.com/pkg/errors"
 	"github.com/prometheus/client_golang/prometheus"
 	"gitlab.com/wpetit/goweb/logger"
@@ -20,18 +19,16 @@ type Director struct {
 	layerRepository store.LayerRepository
 	layerRegistry   *LayerRegistry
 
-	cachedProxies *syncx.CachedResource[string, []*store.Proxy]
-	cachedLayers  *syncx.CachedResource[string, []*store.Layer]
+	proxyCache cache.Cache[string, []*store.Proxy]
+	layerCache cache.Cache[string, []*store.Layer]
 
 	handleError HandleErrorFunc
 }
 
-const proxiesCacheKey = "proxies"
-
 func (d *Director) rewriteRequest(r *http.Request) (*http.Request, error) {
 	ctx := r.Context()
 
-	proxies, _, err := d.cachedProxies.Get(ctx, proxiesCacheKey)
+	proxies, err := d.getProxies(ctx)
 	if err != nil {
 		return r, errors.WithStack(err)
 	}
@@ -56,7 +53,7 @@ func (d *Director) rewriteRequest(r *http.Request) (*http.Request, error) {
 
 			metricProxyRequestsTotal.With(prometheus.Labels{metricLabelProxy: string(p.Name)}).Add(1)
 
-			proxyLayers, _, err := d.cachedLayers.Get(proxyCtx, string(p.Name))
+			proxyLayers, err := d.getLayers(proxyCtx, p.Name)
 			if err != nil {
 				return r, errors.WithStack(err)
 			}
@@ -79,14 +76,6 @@ func (d *Director) rewriteRequest(r *http.Request) (*http.Request, error) {
 			proxyCtx = withLayers(proxyCtx, layers)
 			r = r.WithContext(proxyCtx)
 
-			if sentryScope, _ := SentryScope(ctx); sentryScope != nil {
-				sentryScope.SetTags(map[string]string{
-					"bouncer.proxy.name":        string(p.Name),
-					"bouncer.proxy.target.url":  r.URL.String(),
-					"bouncer.proxy.target.host": r.URL.Host,
-				})
-			}
-
 			return r, nil
 		}
 	}
@@ -97,8 +86,13 @@ func (d *Director) rewriteRequest(r *http.Request) (*http.Request, error) {
 	return r, nil
 }
 
-func (d *Director) getProxies(ctx context.Context, key string) ([]*store.Proxy, error) {
-	logger.Debug(ctx, "querying fresh proxies")
+const proxiesCacheKey = "proxies"
+
+func (d *Director) getProxies(ctx context.Context) ([]*store.Proxy, error) {
+	proxies, exists := d.proxyCache.Get(proxiesCacheKey)
+	if exists {
+		return proxies, nil
+	}
 
 	headers, err := d.proxyRepository.QueryProxy(ctx, store.WithProxyQueryEnabled(true))
 	if err != nil {
@@ -107,7 +101,7 @@ func (d *Director) getProxies(ctx context.Context, key string) ([]*store.Proxy,
 
 	sort.Sort(store.ByProxyWeight(headers))
 
-	proxies := make([]*store.Proxy, 0, len(headers))
+	proxies = make([]*store.Proxy, 0, len(headers))
 
 	for _, h := range headers {
 		if !h.Enabled {
@@ -122,13 +116,18 @@ func (d *Director) getProxies(ctx context.Context, key string) ([]*store.Proxy,
 		proxies = append(proxies, proxy)
 	}
 
+	d.proxyCache.Set(proxiesCacheKey, proxies)
+
 	return proxies, nil
 }
 
-func (d *Director) getLayers(ctx context.Context, rawProxyName string) ([]*store.Layer, error) {
-	proxyName := store.ProxyName(rawProxyName)
+func (d *Director) getLayers(ctx context.Context, proxyName store.ProxyName) ([]*store.Layer, error) {
+	cacheKey := "layers-" + string(proxyName)
 
-	logger.Debug(ctx, "querying fresh layers")
+	layers, exists := d.layerCache.Get(cacheKey)
+	if exists {
+		return layers, nil
+	}
 
 	headers, err := d.layerRepository.QueryLayers(ctx, proxyName, store.WithLayerQueryEnabled(true))
 	if err != nil {
@@ -137,7 +136,7 @@ func (d *Director) getLayers(ctx context.Context, rawProxyName string) ([]*store
 
 	sort.Sort(store.ByLayerWeight(headers))
 
-	layers := make([]*store.Layer, 0, len(headers))
+	layers = make([]*store.Layer, 0, len(headers))
 
 	for _, h := range headers {
 		if !h.Enabled {
@@ -152,6 +151,8 @@ func (d *Director) getLayers(ctx context.Context, rawProxyName string) ([]*store
 		layers = append(layers, layer)
 	}
 
+	d.layerCache.Set(cacheKey, layers)
+
 	return layers, nil
 }
 
@@ -215,43 +216,40 @@ func (d *Director) ResponseTransformer() proxy.ResponseTransformer {
 func (d *Director) Middleware() proxy.Middleware {
 	return func(next http.Handler) http.Handler {
 		fn := func(w http.ResponseWriter, r *http.Request) {
-			sentry.ConfigureScope(func(scope *sentry.Scope) {
-				ctx := withHandleError(r.Context(), d.handleError)
-				ctx = withSentryScope(ctx, scope)
-				r = r.WithContext(ctx)
+			ctx := withHandleError(r.Context(), d.handleError)
+			r = r.WithContext(ctx)
 
-				r, err := d.rewriteRequest(r)
-				if err != nil {
-					HandleError(ctx, w, r, http.StatusInternalServerError, errors.Wrap(err, "could not rewrite request"))
+			r, err := d.rewriteRequest(r)
+			if err != nil {
+				HandleError(ctx, w, r, http.StatusInternalServerError, errors.Wrap(err, "could not rewrite request"))
+				return
+			}
+
+			ctx = r.Context()
+
+			layers, err := ctxLayers(ctx)
+			if err != nil {
+				if errors.Is(err, errContextKeyNotFound) {
 					return
 				}
 
-				ctx = r.Context()
+				HandleError(ctx, w, r, http.StatusInternalServerError, errors.Wrap(err, "could not retrieve proxy and layers from context"))
+				return
+			}
 
-				layers, err := ctxLayers(ctx)
-				if err != nil {
-					if errors.Is(err, errContextKeyNotFound) {
-						return
-					}
-
-					HandleError(ctx, w, r, http.StatusInternalServerError, errors.Wrap(err, "could not retrieve proxy and layers from context"))
-					return
+			httpMiddlewares := make([]proxy.Middleware, 0)
+			for _, layer := range layers {
+				middleware, ok := d.layerRegistry.GetMiddleware(layer.Type)
+				if !ok {
+					continue
 				}
 
-				httpMiddlewares := make([]proxy.Middleware, 0)
-				for _, layer := range layers {
-					middleware, ok := d.layerRegistry.GetMiddleware(layer.Type)
-					if !ok {
-						continue
-					}
+				httpMiddlewares = append(httpMiddlewares, middleware.Middleware(layer))
+			}
 
-					httpMiddlewares = append(httpMiddlewares, middleware.Middleware(layer))
-				}
+			handler := createMiddlewareChain(next, httpMiddlewares)
 
-				handler := createMiddlewareChain(next, httpMiddlewares)
-
-				handler.ServeHTTP(w, r)
-			})
+			handler.ServeHTTP(w, r)
 		}
 
 		return http.HandlerFunc(fn)
@@ -263,15 +261,12 @@ func New(proxyRepository store.ProxyRepository, layerRepository store.LayerRepos
 
 	registry := NewLayerRegistry(opts.Layers...)
 
-	director := &Director{
+	return &Director{
 		proxyRepository: proxyRepository,
 		layerRepository: layerRepository,
 		layerRegistry:   registry,
+		proxyCache:      opts.ProxyCache,
+		layerCache:      opts.LayerCache,
 		handleError:     opts.HandleError,
 	}
-
-	director.cachedProxies = syncx.NewCachedResource(opts.ProxyCache, director.getProxies)
-	director.cachedLayers = syncx.NewCachedResource(opts.LayerCache, director.getLayers)
-
-	return director
 }

internal/proxy/director/layer/authn/oidc/authenticator.go

@@ -13,12 +13,10 @@ import (
 	"time"
 
 	"forge.cadoles.com/Cadoles/go-proxy/wildcard"
-	"forge.cadoles.com/cadoles/bouncer/internal/cache/memory"
-	"forge.cadoles.com/cadoles/bouncer/internal/cache/ttl"
+	"forge.cadoles.com/cadoles/bouncer/internal/cache"
 	"forge.cadoles.com/cadoles/bouncer/internal/proxy/director"
 	"forge.cadoles.com/cadoles/bouncer/internal/proxy/director/layer/authn"
 	"forge.cadoles.com/cadoles/bouncer/internal/store"
-	"forge.cadoles.com/cadoles/bouncer/internal/syncx"
 	"github.com/coreos/go-oidc/v3/oidc"
 	"github.com/gorilla/sessions"
 	"github.com/pkg/errors"
@@ -27,10 +25,10 @@ import (
 )
 
 type Authenticator struct {
-	store              sessions.Store
-	httpTransport      *http.Transport
-	httpClientTimeout  time.Duration
-	cachedOIDCProvider *syncx.CachedResource[string, *oidc.Provider]
+	store             sessions.Store
+	httpTransport     *http.Transport
+	httpClientTimeout time.Duration
+	oidcProviderCache cache.Cache[string, *oidc.Provider]
 }
 
 func (a *Authenticator) PreAuthentication(w http.ResponseWriter, r *http.Request, layer *store.Layer) error {
@@ -56,7 +54,7 @@ func (a *Authenticator) PreAuthentication(w http.ResponseWriter, r *http.Request
 		return errors.WithStack(err)
 	}
 
-	client, err := a.getClient(ctx, options, loginCallbackURL.String())
+	client, err := a.getClient(options, loginCallbackURL.String())
 	if err != nil {
 		return errors.WithStack(err)
 	}
@@ -162,7 +160,7 @@ func (a *Authenticator) Authenticate(w http.ResponseWriter, r *http.Request, lay
 		return nil, errors.WithStack(err)
 	}
 
-	client, err := a.getClient(ctx, options, loginCallbackURL.String())
+	client, err := a.getClient(options, loginCallbackURL.String())
 	if err != nil {
 		return nil, errors.WithStack(err)
 	}
@@ -364,7 +362,9 @@ func (a *Authenticator) templatize(rawTemplate string, proxyName store.ProxyName
 	return raw.String(), nil
 }
 
-func (a *Authenticator) getClient(ctx context.Context, options *LayerOptions, redirectURL string) (*Client, error) {
+func (a *Authenticator) getClient(options *LayerOptions, redirectURL string) (*Client, error) {
+	ctx := context.Background()
+
 	transport := a.httpTransport.Clone()
 
 	if options.OIDC.TLSInsecureSkipVerify {
@@ -375,24 +375,28 @@ func (a *Authenticator) getClient(ctx context.Context, options *LayerOptions, re
 		transport.TLSClientConfig.InsecureSkipVerify = true
 	}
 
-	if options.OIDC.SkipIssuerVerification {
-		ctx = oidc.InsecureIssuerURLContext(ctx, options.OIDC.IssuerURL)
-	}
-
 	httpClient := &http.Client{
 		Timeout:   a.httpClientTimeout,
 		Transport: transport,
 	}
 
-	ctx = oidc.ClientContext(ctx, httpClient)
+	provider, exists := a.oidcProviderCache.Get(options.OIDC.IssuerURL)
+	if !exists {
+		var err error
+		ctx = oidc.ClientContext(ctx, httpClient)
 
-	if options.OIDC.SkipIssuerVerification {
-		ctx = oidc.InsecureIssuerURLContext(ctx, options.OIDC.IssuerURL)
-	}
+		if options.OIDC.SkipIssuerVerification {
+			ctx = oidc.InsecureIssuerURLContext(ctx, options.OIDC.IssuerURL)
+		}
 
-	provider, _, err := a.cachedOIDCProvider.Get(ctx, options.OIDC.IssuerURL)
-	if err != nil {
-		return nil, errors.Wrap(err, "could not retrieve oidc provider")
+		logger.Debug(ctx, "refreshing oidc provider", logger.F("issuerURL", options.OIDC.IssuerURL))
+
+		provider, err = oidc.NewProvider(ctx, options.OIDC.IssuerURL)
+		if err != nil {
+			return nil, errors.Wrap(err, "could not create oidc provider")
+		}
+
+		a.oidcProviderCache.Set(options.OIDC.IssuerURL, provider)
 	}
 
 	client := NewClient(
@@ -407,17 +411,6 @@ func (a *Authenticator) getClient(ctx context.Context, options *LayerOptions, re
 	return client, nil
 }
 
-func (a *Authenticator) getOIDCProvider(ctx context.Context, issuerURL string) (*oidc.Provider, error) {
-	logger.Debug(ctx, "refreshing oidc provider", logger.F("issuerURL", issuerURL))
-
-	provider, err := oidc.NewProvider(ctx, issuerURL)
-	if err != nil {
-		return nil, errors.Wrap(err, "could not create oidc provider")
-	}
-
-	return provider, nil
-}
-
 const defaultCookieNamePrefix = "_bouncer_authn_oidc"
 
 func (a *Authenticator) getCookieName(cookieName string, proxyName store.ProxyName, layerName store.LayerName) string {
@@ -428,25 +421,6 @@ func (a *Authenticator) getCookieName(cookieName string, proxyName store.ProxyNa
 	return strings.ToLower(fmt.Sprintf("%s_%s_%s", defaultCookieNamePrefix, proxyName, layerName))
 }
 
-func NewAuthenticator(httpTransport *http.Transport, clientTimeout time.Duration, store sessions.Store, oidcProviderCacheTimeout time.Duration) *Authenticator {
-	authenticator := &Authenticator{
-		httpTransport:     httpTransport,
-		httpClientTimeout: clientTimeout,
-		store:             store,
-	}
-
-	authenticator.cachedOIDCProvider = syncx.NewCachedResource(
-		ttl.NewCache(
-			memory.NewCache[string, *oidc.Provider](),
-			memory.NewCache[string, time.Time](),
-			oidcProviderCacheTimeout,
-		),
-		authenticator.getOIDCProvider,
-	)
-
-	return authenticator
-}
-
 var (
 	_ authn.PreAuthentication = &Authenticator{}
 	_ authn.Authenticator     = &Authenticator{}

internal/proxy/director/layer/authn/oidc/layer.go

@@ -1,8 +1,13 @@
 package oidc
 
 import (
+	"time"
+
+	"forge.cadoles.com/cadoles/bouncer/internal/cache/memory"
+	"forge.cadoles.com/cadoles/bouncer/internal/cache/ttl"
 	"forge.cadoles.com/cadoles/bouncer/internal/proxy/director/layer/authn"
 	"forge.cadoles.com/cadoles/bouncer/internal/store"
+	"github.com/coreos/go-oidc/v3/oidc"
 	"github.com/gorilla/sessions"
 )
 
@@ -10,11 +15,14 @@ const LayerType store.LayerType = "authn-oidc"
 
 func NewLayer(store sessions.Store, funcs ...OptionFunc) *authn.Layer {
 	opts := NewOptions(funcs...)
-	authenticator := NewAuthenticator(
-		opts.HTTPTransport,
-		opts.HTTPClientTimeout,
-		store,
-		opts.OIDCProviderCacheTimeout,
-	)
-	return authn.NewLayer(LayerType, authenticator, opts.AuthnOptions...)
+	return authn.NewLayer(LayerType, &Authenticator{
+		httpTransport:     opts.HTTPTransport,
+		httpClientTimeout: opts.HTTPClientTimeout,
+		store:             store,
+		oidcProviderCache: ttl.NewCache(
+			memory.NewCache[string, *oidc.Provider](),
+			memory.NewCache[string, time.Time](),
+			opts.OIDCProviderCacheTimeout,
+		),
+	}, opts.AuthnOptions...)
 }

internal/proxy/server.go

@@ -13,11 +13,8 @@ import (
 	"net/http/httputil"
 	"net/http/pprof"
 	"net/url"
-	"os"
-	"os/signal"
 	"path/filepath"
 	"strconv"
-	"syscall"
 	"time"
 
 	"forge.cadoles.com/Cadoles/go-proxy"
@@ -97,15 +94,24 @@ func (s *Server) run(parentCtx context.Context, addrs chan net.Addr, errs chan e
 
 	logger.Info(ctx, "http server listening")
 
-	layerCache, proxyCache, cancel := s.createDirectorCaches(ctx)
-	defer cancel()
-
 	director := director.New(
 		s.proxyRepository,
 		s.layerRepository,
 		director.WithLayers(s.directorLayers...),
-		director.WithLayerCache(layerCache),
-		director.WithProxyCache(proxyCache),
+		director.WithLayerCache(
+			ttl.NewCache(
+				memory.NewCache[string, []*store.Layer](),
+				memory.NewCache[string, time.Time](),
+				s.directorCacheTTL,
+			),
+		),
+		director.WithProxyCache(
+			ttl.NewCache(
+				memory.NewCache[string, []*store.Proxy](),
+				memory.NewCache[string, time.Time](),
+				s.directorCacheTTL,
+			),
+		),
 		director.WithHandleErrorFunc(s.handleError),
 	)
 
@@ -199,44 +205,6 @@ func (s *Server) run(parentCtx context.Context, addrs chan net.Addr, errs chan e
 	logger.Info(ctx, "http server exiting")
 }
 
-func (s *Server) createDirectorCaches(ctx context.Context) (*ttl.Cache[string, []*store.Layer], *ttl.Cache[string, []*store.Proxy], func()) {
-	layerCache := ttl.NewCache(
-		memory.NewCache[string, []*store.Layer](),
-		memory.NewCache[string, time.Time](),
-		s.directorCacheTTL,
-	)
-
-	proxyCache := ttl.NewCache(
-		memory.NewCache[string, []*store.Proxy](),
-		memory.NewCache[string, time.Time](),
-		s.directorCacheTTL,
-	)
-
-	sig := make(chan os.Signal, 1)
-
-	signal.Notify(sig, syscall.SIGUSR2)
-
-	go func() {
-		for {
-			_, ok := <-sig
-			if !ok {
-				return
-			}
-
-			logger.Info(ctx, "received sigusr2 signal, clearing proxies and layers cache")
-
-			layerCache.Clear()
-			proxyCache.Clear()
-		}
-	}()
-
-	cancel := func() {
-		close(sig)
-	}
-
-	return layerCache, proxyCache, cancel
-}
-
 func (s *Server) createReverseProxy(ctx context.Context, target *url.URL) *httputil.ReverseProxy {
 	reverseProxy := httputil.NewSingleHostReverseProxy(target)
 
@@ -265,7 +233,9 @@ func (s *Server) handleDefault(w http.ResponseWriter, r *http.Request) {
 func (s *Server) handleError(w http.ResponseWriter, r *http.Request, status int, err error) {
 	err = errors.WithStack(err)
 
-	if !errors.Is(err, context.Canceled) {
+	if errors.Is(err, context.Canceled) {
+		logger.Warn(r.Context(), err.Error(), logger.E(err))
+	} else {
 		logger.Error(r.Context(), err.Error(), logger.CapturedE(err))
 	}
 

internal/syncx/cached_resource.go

@@ -1,63 +0,0 @@
-package syncx
-
-import (
-	"context"
-	"sync"
-
-	"forge.cadoles.com/cadoles/bouncer/internal/cache"
-	"github.com/pkg/errors"
-)
-
-type RefreshFunc[K comparable, V any] func(ctx context.Context, key K) (V, error)
-
-type CachedResource[K comparable, V any] struct {
-	cache   cache.Cache[K, V]
-	lock    sync.RWMutex
-	refresh RefreshFunc[K, V]
-}
-
-func (r *CachedResource[K, V]) Clear() {
-	r.cache.Clear()
-}
-
-func (r *CachedResource[K, V]) Get(ctx context.Context, key K) (V, bool, error) {
-	value, exists := r.cache.Get(key)
-	if exists {
-		return value, false, nil
-	}
-
-	locked := r.lock.TryLock()
-	if !locked {
-		r.lock.RLock()
-
-		value, exists := r.cache.Get(key)
-		if exists {
-			r.lock.RUnlock()
-			return value, false, nil
-		}
-
-		r.lock.RUnlock()
-	}
-
-	if !locked {
-		r.lock.Lock()
-	}
-
-	defer r.lock.Unlock()
-
-	value, err := r.refresh(ctx, key)
-	if err != nil {
-		return *new(V), false, errors.WithStack(err)
-	}
-
-	r.cache.Set(key, value)
-
-	return value, true, nil
-}
-
-func NewCachedResource[K comparable, V any](cache cache.Cache[K, V], refresh RefreshFunc[K, V]) *CachedResource[K, V] {
-	return &CachedResource[K, V]{
-		cache:   cache,
-		refresh: refresh,
-	}
-}

internal/syncx/cached_resource_test.go

@@ -1,66 +0,0 @@
-package syncx
-
-import (
-	"context"
-	"math"
-	"sync"
-	"testing"
-	"time"
-
-	"forge.cadoles.com/cadoles/bouncer/internal/cache/memory"
-	"forge.cadoles.com/cadoles/bouncer/internal/cache/ttl"
-	"github.com/pkg/errors"
-)
-
-func TestCachedResource(t *testing.T) {
-	refreshCalls := 0
-	cacheTTL := 1*time.Second + 500*time.Millisecond
-	duration := 2 * time.Second
-
-	expectedCalls := math.Ceil(float64(duration) / float64(cacheTTL))
-
-	resource := NewCachedResource(
-		ttl.NewCache(
-			memory.NewCache[string, string](),
-			memory.NewCache[string, time.Time](),
-			cacheTTL,
-		),
-		func(ctx context.Context, key string) (string, error) {
-			refreshCalls++
-			return "bar", nil
-		},
-	)
-
-	concurrents := 50
-	key := "foo"
-
-	var wg sync.WaitGroup
-
-	wg.Add(concurrents)
-
-	for i := range concurrents {
-		go func(i int) {
-			done := time.After(duration)
-
-			defer wg.Done()
-			for {
-				select {
-				case <-done:
-					return
-				default:
-					value, fresh, err := resource.Get(context.Background(), key)
-					if err != nil {
-						t.Errorf("%+v", errors.WithStack(err))
-					}
-					t.Logf("resource retrieved for goroutine #%d: (%s, %s, %v)", i, key, value, fresh)
-				}
-			}
-		}(i)
-	}
-
-	wg.Wait()
-
-	if e, g := int(expectedCalls), refreshCalls; e != g {
-		t.Errorf("refreshCalls: expected '%d', got '%d'", e, g)
-	}
-}

misc/packaging/common/config.yml

@@ -131,12 +131,6 @@ proxy:
     # Les proxys/layers sont mis en cache local pour une durée de 30s
     # par défaut. Si les modifications sont rares, vous pouvez augmenter
     # cette valeur pour réduire la "pression" sur le serveur Redis.
-    # Il est possible de forcer la réinitialisation du cache en envoyant
-    # le signal SIGUSR2 au processus Bouncer.
-    #
-    # Exemple
-    #
-    # kill -s USR2 $(pgrep bouncer)
     ttl: 30s
 
   # Configuration du transport HTTP(S)