let's add dd short-lived Redis cache for Clark auth verification to avoid HTTP round-trip on every request
CONTEXT
Every RequireAuth / OptionalAuth call hits Clark's /api/Auth/verify per request. This doubles the latency floor for every authenticated endpoint. We should cache the verification result with a short TTL.
here's our general approach:
- Hash the
Authorization header as the cache key (prefix: auth:cache:)
- On each middleware call, check Redis first
- Cache hit → use stored
{userID, role, accessLevel} directly
- Cache miss → call Clark, on success store result with 30s TTL
- Pass Redis store to middleware constructor (currently only takes
clientAPIURL)
- Skipped tokens (empty/invalid) should not be cached
things to look at:
pkg/middleware/auth.go: add Redis lookaside cachecmd/server/main.go: wire up Redis store to middleware- TTL: 30 seconds (configurable via env var)
let's add dd short-lived Redis cache for Clark auth verification to avoid HTTP round-trip on every request
CONTEXT
Every RequireAuth / OptionalAuth call hits Clark's
/api/Auth/verifyper request. This doubles the latency floor for every authenticated endpoint. We should cache the verification result with a short TTL.here's our general approach:
Authorizationheader as the cache key (prefix:auth:cache:){userID, role, accessLevel}directlyclientAPIURL)things to look at:
pkg/middleware/auth.go: add Redis lookaside cachecmd/server/main.go: wire up Redis store to middleware