fix: Cache encryptor

keboola · Nov 7, 2024 · 26ee0fd · 26ee0fd
1 parent 3e34422
commit 26ee0fd
Show file tree

Hide file tree

Showing 2 changed files with 27 additions and 15 deletions.
diff --git a/cloudencrypt/cache.go b/cloudencrypt/cache.go
@@ -2,7 +2,6 @@ package cloudencrypt
 
 import (
 	"context"
-	"encoding/base64"
 	"time"
 
 	"github.com/dgraph-io/ristretto/v2"
@@ -11,16 +10,11 @@ import (
 // CacheEncryptor wraps another Encryptor and adds a caching mechanism.
 type CacheEncryptor struct {
 	encryptor Encryptor
-	cache     *ristretto.Cache[string, []byte]
+	cache     *ristretto.Cache[[]byte, []byte]
 	ttl       time.Duration
 }
 
-func NewCacheEncryptor(ctx context.Context, encryptor Encryptor, ttl time.Duration, config *ristretto.Config[string, []byte]) (*CacheEncryptor, error) {
-	cache, err := ristretto.NewCache(config)
-	if err != nil {
-		return nil, err
-	}
-
+func NewCacheEncryptor(ctx context.Context, encryptor Encryptor, ttl time.Duration, cache *ristretto.Cache[[]byte, []byte]) (*CacheEncryptor, error) {
 	return &CacheEncryptor{
 		encryptor: encryptor,
 		cache:     cache,
@@ -29,20 +23,30 @@ func NewCacheEncryptor(ctx context.Context, encryptor Encryptor, ttl time.Durati
 }
 
 func (encryptor *CacheEncryptor) Encrypt(ctx context.Context, value []byte, metadata ...MetadataKV) ([]byte, error) {
+	key, err := encode(buildMetadataMap(metadata...))
+	if err != nil {
+		return nil, err
+	}
+
 	encryptedValue, err := encryptor.encryptor.Encrypt(ctx, value, metadata...)
 	if err != nil {
 		return nil, err
 	}
 
-	key := base64.StdEncoding.EncodeToString(encryptedValue)
+	key = append(key, encryptedValue...)
 
 	encryptor.cache.SetWithTTL(key, value, 1, encryptor.ttl)
 
 	return encryptedValue, nil
 }
 
 func (encryptor *CacheEncryptor) Decrypt(ctx context.Context, encryptedValue []byte, metadata ...MetadataKV) ([]byte, error) {
-	key := base64.StdEncoding.EncodeToString(encryptedValue)
+	key, err := encode(buildMetadataMap(metadata...))
+	if err != nil {
+		return nil, err
+	}
+
+	key = append(key, encryptedValue...)
 
 	cached, ok := encryptor.cache.Get(key)
 	if ok {

diff --git a/cloudencrypt/cache_test.go b/cloudencrypt/cache_test.go
@@ -29,15 +29,20 @@ func Test_CacheEncryptor(t *testing.T) {
 	logEncryptor, err := NewLogEncryptor(ctx, nativeEncryptor, logger)
 	assert.NoError(t, err)
 
+	config := &ristretto.Config[[]byte, []byte]{
+		NumCounters: 1e4,
+		MaxCost:     1 << 20,
+		BufferItems: 64,
+	}
+
+	cache, err := ristretto.NewCache(config)
+	assert.NoError(t, err)
+
 	encryptor, err := NewCacheEncryptor(
 		ctx,
 		logEncryptor,
 		time.Hour,
-		&ristretto.Config[string, []byte]{
-			NumCounters: 1e4,
-			MaxCost:     1 << 20,
-			BufferItems: 64,
-		},
+		cache,
 	)
 	assert.NoError(t, err)
 
@@ -49,6 +54,9 @@ func Test_CacheEncryptor(t *testing.T) {
 	encrypted, err := encryptor.Encrypt(ctx, []byte("Lorem ipsum"), meta)
 	assert.NoError(t, err)
 
+	// Wait for cached item to be available for get operations
+	cache.Wait()
+
 	_, err = encryptor.Decrypt(ctx, encrypted)
 	assert.ErrorContains(t, err, "cipher: message authentication failed")