From 5f6cce0786a76a3eea92725883b4a7076dec1562 Mon Sep 17 00:00:00 2001 From: Amir Rajabi Date: Sat, 25 Apr 2026 17:45:59 +0330 Subject: [PATCH] remove captcha cache --- .../co/nilin/opex/auth/data/ActionCache.kt | 10 ----- .../kotlin/co/nilin/opex/auth/model/Token.kt | 2 +- .../co/nilin/opex/auth/model/UserRegister.kt | 4 +- .../nilin/opex/auth/service/CaptchaHandler.kt | 43 ------------------- .../auth/service/ForgetPasswordService.kt | 13 +++--- .../nilin/opex/auth/service/LoginService.kt | 15 +++---- .../opex/auth/service/RegisterService.kt | 16 +++---- 7 files changed, 22 insertions(+), 81 deletions(-) delete mode 100644 auth-gateway/auth-gateway-app/src/main/kotlin/co/nilin/opex/auth/data/ActionCache.kt delete mode 100644 auth-gateway/auth-gateway-app/src/main/kotlin/co/nilin/opex/auth/service/CaptchaHandler.kt diff --git a/auth-gateway/auth-gateway-app/src/main/kotlin/co/nilin/opex/auth/data/ActionCache.kt b/auth-gateway/auth-gateway-app/src/main/kotlin/co/nilin/opex/auth/data/ActionCache.kt deleted file mode 100644 index 8f47dee46..000000000 --- a/auth-gateway/auth-gateway-app/src/main/kotlin/co/nilin/opex/auth/data/ActionCache.kt +++ /dev/null @@ -1,10 +0,0 @@ -package co.nilin.opex.auth.data - -data class ActionCache( - val actionType: ActionType, - val remainingAttempts: Int, -) - -enum class ActionType { - REGISTER, FORGET, LOGIN -} \ No newline at end of file diff --git a/auth-gateway/auth-gateway-app/src/main/kotlin/co/nilin/opex/auth/model/Token.kt b/auth-gateway/auth-gateway-app/src/main/kotlin/co/nilin/opex/auth/model/Token.kt index fe619e620..a381652f2 100644 --- a/auth-gateway/auth-gateway-app/src/main/kotlin/co/nilin/opex/auth/model/Token.kt +++ b/auth-gateway/auth-gateway-app/src/main/kotlin/co/nilin/opex/auth/model/Token.kt @@ -10,7 +10,7 @@ data class PasswordFlowTokenRequest( val clientSecret: String?, val rememberMe: Boolean = true, val captchaType: CaptchaType? = CaptchaType.INTERNAL, - val captchaCode: String?, + val captchaCode: String, ):Device() data class ConfirmPasswordFlowTokenRequest( diff --git a/auth-gateway/auth-gateway-app/src/main/kotlin/co/nilin/opex/auth/model/UserRegister.kt b/auth-gateway/auth-gateway-app/src/main/kotlin/co/nilin/opex/auth/model/UserRegister.kt index b20ece000..88cdb430a 100644 --- a/auth-gateway/auth-gateway-app/src/main/kotlin/co/nilin/opex/auth/model/UserRegister.kt +++ b/auth-gateway/auth-gateway-app/src/main/kotlin/co/nilin/opex/auth/model/UserRegister.kt @@ -7,7 +7,7 @@ data class RegisterUserRequest( val firstName: String? = null, val lastName: String? = null, val captchaType: CaptchaType? = CaptchaType.INTERNAL, - val captchaCode: String?, + val captchaCode: String, ) data class VerifyOTPRequest( @@ -61,5 +61,5 @@ data class ConfirmForgetRequest( data class ForgotPasswordRequest( val username: String, val captchaType: CaptchaType? = CaptchaType.INTERNAL, - val captchaCode: String?, + val captchaCode: String, ) \ No newline at end of file diff --git a/auth-gateway/auth-gateway-app/src/main/kotlin/co/nilin/opex/auth/service/CaptchaHandler.kt b/auth-gateway/auth-gateway-app/src/main/kotlin/co/nilin/opex/auth/service/CaptchaHandler.kt deleted file mode 100644 index c43df7b93..000000000 --- a/auth-gateway/auth-gateway-app/src/main/kotlin/co/nilin/opex/auth/service/CaptchaHandler.kt +++ /dev/null @@ -1,43 +0,0 @@ -package co.nilin.opex.auth.service - -import co.nilin.opex.auth.data.ActionCache -import co.nilin.opex.auth.data.ActionType -import co.nilin.opex.auth.model.CaptchaType -import co.nilin.opex.auth.proxy.CaptchaProxy -import co.nilin.opex.common.OpexError -import co.nilin.opex.common.utils.CacheManager -import org.springframework.beans.factory.annotation.Qualifier -import org.springframework.stereotype.Service -import java.util.concurrent.TimeUnit - -@Service -class CaptchaHandler( - @Qualifier("appCacheManager") private val cacheManager: CacheManager, - private val captchaProxy: CaptchaProxy -) { - suspend fun validateCaptchaWithActionCache( - username: String, - captchaCode: String?, - captchaType: CaptchaType?, - action: ActionType, - maxAttempts: Int = 3, - expireTimeMinutes: Long = 10 - ) { - val cache = cacheManager.get(username) - - if (cache == null || cache.actionType != action || cache.remainingAttempts <= 0) { - captchaProxy.validateCaptcha( - captchaCode ?: throw OpexError.CaptchaRequired.exception(), - captchaType ?: CaptchaType.INTERNAL - ) - cacheManager.put(username, ActionCache(action, maxAttempts), expireTimeMinutes, TimeUnit.MINUTES) - return - } - cacheManager.put( - username, - cache.copy(remainingAttempts = cache.remainingAttempts - 1), - expireTimeMinutes, - TimeUnit.MINUTES - ) - } -} diff --git a/auth-gateway/auth-gateway-app/src/main/kotlin/co/nilin/opex/auth/service/ForgetPasswordService.kt b/auth-gateway/auth-gateway-app/src/main/kotlin/co/nilin/opex/auth/service/ForgetPasswordService.kt index 67a42bf0d..7856531b3 100644 --- a/auth-gateway/auth-gateway-app/src/main/kotlin/co/nilin/opex/auth/service/ForgetPasswordService.kt +++ b/auth-gateway/auth-gateway-app/src/main/kotlin/co/nilin/opex/auth/service/ForgetPasswordService.kt @@ -1,8 +1,8 @@ package co.nilin.opex.auth.service -import co.nilin.opex.auth.data.ActionType import co.nilin.opex.auth.kafka.AuthEventProducer import co.nilin.opex.auth.model.* +import co.nilin.opex.auth.proxy.CaptchaProxy import co.nilin.opex.auth.proxy.DeviceManagementProxy import co.nilin.opex.auth.proxy.KeycloakProxy import co.nilin.opex.auth.proxy.OTPProxy @@ -14,7 +14,7 @@ import org.springframework.stereotype.Service class ForgetPasswordService( private val otpProxy: OTPProxy, private val keycloakProxy: KeycloakProxy, - private val captchaHandler: CaptchaHandler, + private val captchaProxy: CaptchaProxy, private val authEventProducer: AuthEventProducer, private val deviceManagementProxy: DeviceManagementProxy, private val tempTokenService: TempTokenService @@ -23,13 +23,10 @@ class ForgetPasswordService( private val logger by LoggerDelegate() - suspend fun forgetPassword(request: ForgotPasswordRequest): TempOtpResponse { - captchaHandler.validateCaptchaWithActionCache( - username = request.username, - captchaCode = request.captchaCode, - captchaType = request.captchaType, - action = ActionType.FORGET + captchaProxy.validateCaptcha( + request.captchaCode, + request.captchaType ?: CaptchaType.INTERNAL ) val uName = Username.create(request.username) val otpReceiver = OTPReceiver(uName.value, uName.type.otpType) diff --git a/auth-gateway/auth-gateway-app/src/main/kotlin/co/nilin/opex/auth/service/LoginService.kt b/auth-gateway/auth-gateway-app/src/main/kotlin/co/nilin/opex/auth/service/LoginService.kt index 833be1b1a..c41750589 100644 --- a/auth-gateway/auth-gateway-app/src/main/kotlin/co/nilin/opex/auth/service/LoginService.kt +++ b/auth-gateway/auth-gateway-app/src/main/kotlin/co/nilin/opex/auth/service/LoginService.kt @@ -1,10 +1,10 @@ package co.nilin.opex.auth.service -import co.nilin.opex.auth.data.ActionType import co.nilin.opex.auth.data.Device import co.nilin.opex.auth.data.LoginEvent import co.nilin.opex.auth.kafka.AuthEventProducer import co.nilin.opex.auth.model.* +import co.nilin.opex.auth.proxy.CaptchaProxy import co.nilin.opex.auth.proxy.GoogleProxy import co.nilin.opex.auth.proxy.KeycloakProxy import co.nilin.opex.auth.proxy.OTPProxy @@ -20,7 +20,7 @@ class LoginService( private val otpProxy: OTPProxy, private val keycloakProxy: KeycloakProxy, private val googleProxy: GoogleProxy, - private val captchaHandler: CaptchaHandler, + private val captchaProxy: CaptchaProxy, private val authEventProducer: AuthEventProducer, @Value("\${app.pre-auth-client-secret}") private val preAuthClientSecretKey: String, @@ -30,14 +30,13 @@ class LoginService( private val PRE_AUTH_CLIENT_ID = "pre-auth-client" suspend fun requestGetToken(request: PasswordFlowTokenRequest): TokenResponse { - captchaHandler.validateCaptchaWithActionCache( - username = request.username, - captchaCode = request.captchaCode, - captchaType = request.captchaType, - action = ActionType.LOGIN + captchaProxy.validateCaptcha( + request.captchaCode, + request.captchaType ?: CaptchaType.INTERNAL ) val username = Username.create(request.username) - val user = keycloakProxy.findUserByUsername(username) ?: throw OpexError.UsernameOrPasswordIsIncorrect.exception() + val user = + keycloakProxy.findUserByUsername(username) ?: throw OpexError.UsernameOrPasswordIsIncorrect.exception() val otpTypes = (user.attributes?.get(Attributes.OTP)?.get(0) ?: OTPType.NONE.name).split(",") if (otpTypes.contains(OTPType.NONE.name)) { diff --git a/auth-gateway/auth-gateway-app/src/main/kotlin/co/nilin/opex/auth/service/RegisterService.kt b/auth-gateway/auth-gateway-app/src/main/kotlin/co/nilin/opex/auth/service/RegisterService.kt index 5ccd9afed..34479764b 100644 --- a/auth-gateway/auth-gateway-app/src/main/kotlin/co/nilin/opex/auth/service/RegisterService.kt +++ b/auth-gateway/auth-gateway-app/src/main/kotlin/co/nilin/opex/auth/service/RegisterService.kt @@ -1,12 +1,12 @@ package co.nilin.opex.auth.service -import co.nilin.opex.auth.data.ActionType import co.nilin.opex.auth.data.Device import co.nilin.opex.auth.data.LoginEvent import co.nilin.opex.auth.data.UserCreatedEvent import co.nilin.opex.auth.data.UserRole import co.nilin.opex.auth.kafka.AuthEventProducer import co.nilin.opex.auth.model.* +import co.nilin.opex.auth.proxy.CaptchaProxy import co.nilin.opex.auth.proxy.GoogleProxy import co.nilin.opex.auth.proxy.KeycloakProxy import co.nilin.opex.auth.proxy.OTPProxy @@ -18,19 +18,17 @@ import java.time.LocalDateTime class RegisterService( private val otpProxy: OTPProxy, private val keycloakProxy: KeycloakProxy, - private val captchaHandler: CaptchaHandler, + private val captchaProxy: CaptchaProxy, private val googleProxy: GoogleProxy, private val authProducer: AuthEventProducer, - private val tempTokenService: TempTokenService + private val tempTokenService: TempTokenService - ) { +) { //TODO IMPORTANT: remove in production suspend fun registerUser(request: RegisterUserRequest): TempOtpResponse { - captchaHandler.validateCaptchaWithActionCache( - username = request.username, - captchaCode = request.captchaCode, - captchaType = request.captchaType, - action = ActionType.REGISTER + captchaProxy.validateCaptcha( + request.captchaCode, + request.captchaType ?: CaptchaType.INTERNAL ) val username = Username.create(request.username) val userStatus = isUserDuplicate(username)