diff --git a/src/api/index.ts b/src/api/index.ts index 5cd222b..c4769b3 100644 --- a/src/api/index.ts +++ b/src/api/index.ts @@ -232,16 +232,22 @@ async function init(prettyPrint: boolean = false) { app.runEnvironment = process.env.RunEnvironment as RunEnvironment; app.environmentConfig = environmentConfig[app.runEnvironment as RunEnvironment]; - app.nodeCache = new NodeCache({ checkperiod: 30 }); + app.nodeCache = new NodeCache({ checkperiod: 15 }); app.dynamoClient = dynamoClient; app.secretsManagerClient = secretsManagerClient; app.redisClient = redisClient; - app.secretConfig = secret; - app.refreshSecretConfig = async () => { - app.secretConfig = (await getSecretValue( - app.secretsManagerClient, - genericConfig.ConfigSecretName, - )) as SecretConfig; + app.getCachedSecret = async (secretName: string) => { + const cacheKey = `_SECRET:${secretName}`; + const cachedValue = app.nodeCache.get(cacheKey); + if (!cachedValue) { + const realValue = (await getSecretValue( + app.secretsManagerClient, + secretName, + )) as SecretConfig; + app.nodeCache.set(cacheKey, JSON.stringify(realValue), 90); + return realValue as SecretConfig; + } + return cachedValue as SecretConfig; }; app.addHook("onRequest", (req, _, done) => { req.startTime = now(); diff --git a/src/api/plugins/auth.ts b/src/api/plugins/auth.ts index c343a65..3af5ef4 100644 --- a/src/api/plugins/auth.ts +++ b/src/api/plugins/auth.ts @@ -13,7 +13,7 @@ import { UnauthenticatedError, UnauthorizedError, } from "../../common/errors/index.js"; -import { SecretConfig } from "../../common/config.js"; +import { genericConfig, SecretConfig } from "../../common/config.js"; import { AUTH_DECISION_CACHE_SECONDS, getGroupRoles, @@ -193,10 +193,11 @@ const authPlugin: FastifyPluginAsync = async (fastify, _options) => { message: "Custom JWTs cannot be used in Prod environment.", }); } + const config = await fastify.getCachedSecret( + genericConfig.ConfigSecretName, + ); signingKey = - process.env.JwtSigningKey || - (fastify.secretConfig.jwt_key as string) || - ""; + process.env.JwtSigningKey || (config.jwt_key as string) || ""; if (signingKey === "") { throw new UnauthenticatedError({ message: "Invalid token.", diff --git a/src/api/routes/events.ts b/src/api/routes/events.ts index 2480fce..d4bb00a 100644 --- a/src/api/routes/events.ts +++ b/src/api/routes/events.ts @@ -358,7 +358,7 @@ const eventsPlugin: FastifyPluginAsyncZodOpenApi = async ( try { if (request.body.featured && !request.body.repeats) { await updateDiscord( - fastify.secretConfig, + await fastify.getCachedSecret(genericConfig.ConfigSecretName), entry, request.username, false, @@ -496,7 +496,7 @@ const eventsPlugin: FastifyPluginAsyncZodOpenApi = async ( }), ); await updateDiscord( - fastify.secretConfig, + await fastify.getCachedSecret(genericConfig.ConfigSecretName), { id } as IUpdateDiscord, request.username, true, diff --git a/src/api/routes/stripe.ts b/src/api/routes/stripe.ts index b156505..53e3a23 100644 --- a/src/api/routes/stripe.ts +++ b/src/api/routes/stripe.ts @@ -106,7 +106,9 @@ const stripeRoutes: FastifyPluginAsync = async (fastify, _options) => { if (!request.username) { throw new UnauthenticatedError({ message: "No username found" }); } - const secretApiConfig = fastify.secretConfig; + const secretApiConfig = await fastify.getCachedSecret( + genericConfig.ConfigSecretName, + ); const payload: StripeLinkCreateParams = { ...request.body, createdBy: request.username, diff --git a/src/api/types.d.ts b/src/api/types.d.ts index 96028b4..b226b24 100644 --- a/src/api/types.d.ts +++ b/src/api/types.d.ts @@ -36,8 +36,7 @@ declare module "fastify" { redisClient: Redis; secretsManagerClient: SecretsManagerClient; cloudfrontKvClient: CloudFrontKeyValueStoreClient; - secretConfig: SecretConfig; - refreshSecretConfig: CallableFunction; + getCachedSecret: (secretName: string) => Promise; } interface FastifyRequest { startTime: number;