Cacher returns an Authorizer that can use a cache to short circuit duplicate calls to the Authorizer. This is useful when multiple calls are made to the Authorizer for the same subject, action, and object. This is a GLOBAL cache shared between all requests. If no cache is found on the context, the A
(authz Authorizer)
| 771 | // |
| 772 | // Cacher is safe for multiple actors. |
| 773 | func Cacher(authz Authorizer) Authorizer { |
| 774 | return &authCache{ |
| 775 | authz: authz, |
| 776 | // In practice, this cache should never come close to filling since the |
| 777 | // authorization calls are kept for a minute at most. |
| 778 | cache: tlru.New[[32]byte](tlru.ConstantCost[error], 64*1024), |
| 779 | } |
| 780 | } |
| 781 | |
| 782 | func (c *authCache) Authorize(ctx context.Context, subject Subject, action policy.Action, object Object) error { |
| 783 | authorizeCacheKey := hashAuthorizeCall(subject, action, object) |