-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathkeys.go
113 lines (89 loc) · 2.5 KB
/
keys.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
package async_nonce
import (
"context"
"time"
"github.com/code-payments/code-server/pkg/database/query"
"github.com/code-payments/code-server/pkg/metrics"
"github.com/code-payments/code-server/pkg/retry"
"github.com/code-payments/code-server/pkg/code/data/vault"
"github.com/newrelic/go-agent/v3/newrelic"
)
func (p *service) generateKey(ctx context.Context) (*vault.Record, error) {
// todo: audit whether we should be creating keys on the same server.
// Perhaps this should be done outside this box.
// Grind for a vanity key (slow)
key, err := vault.GrindKey(p.prefix)
if err != nil {
return nil, err
}
key.State = vault.StateAvailable
err = p.data.SaveKey(ctx, key)
if err != nil {
return nil, err
}
return key, nil
}
func (p *service) generateKeys(ctx context.Context) error {
err := retry.Loop(
func() (err error) {
// Give the server some time to breath.
time.Sleep(time.Second * 15)
nr := ctx.Value(metrics.NewRelicContextKey).(*newrelic.Application)
m := nr.StartTransaction("async__nonce_service__vault_keys")
defer func() {
m.End()
*m = newrelic.Transaction{}
}()
res, err := p.data.GetKeyCountByState(ctx, vault.StateAvailable)
if err != nil {
return err
}
reserveSize := (uint64(p.size) * 2)
// If we have sufficient keys, don't generate any more.
if res >= reserveSize {
return nil
}
missing := reserveSize - res
// Clamp the maximum number of keys to create in one run.
if missing > 5 {
missing = 5
}
p.log.Warnf("Not enough reserve keys available, generating %d more.", missing)
// We don't have enough in the reserve, so we need to generate some.
for i := 0; i < int(missing); i++ {
key, err := p.generateKey(ctx)
if err != nil {
p.log.Error(err)
continue
}
p.log.Warnf("key: %s", key.PublicKey)
}
return nil
},
retry.NonRetriableErrors(context.Canceled, ErrInvalidNonceLimitExceeded),
)
return err
}
func (p *service) reserveExistingKey(ctx context.Context) (*vault.Record, error) {
// todo: add distributed locking here.
keys, err := p.data.GetAllKeysByState(ctx, vault.StateAvailable,
query.WithLimit(1),
)
if err != nil {
return nil, err
}
res := keys[0]
res.State = vault.StateReserved
err = p.data.SaveKey(ctx, res)
if err != nil {
return nil, err
}
return res, nil
}
func (p *service) getVaultKey(ctx context.Context) (*vault.Record, error) {
key, err := p.reserveExistingKey(ctx)
if err == nil {
return key, nil
}
return nil, ErrNoAvailableKeys
}