Remora.Discord icon indicating copy to clipboard operation
Remora.Discord copied to clipboard

Published 20 hours ago verified publisher icon Remora

[Bug]: Different tokens share the cache

Open MazeXP opened this issue 3 years ago • 3 comments

Description

When using Remora.Discord with different Bearer tokens then the cache will be shared among all tokens.

Steps to Reproduce

  1. Switch token used during execution

Expected Behavior

The cache should differ between token.

Current Behavior

Cache does not respect token at all.

Library / Runtime Information

Irrelevant

MazeXP avatar Nov 26 '22 20:11 MazeXP

Do we want separate caches for separate tokens? Ideally, the data should be the same regardless of the apparent user. Is there some specific case where it differs that you've encountered?

Nihlus avatar Dec 02 '22 13:12 Nihlus

A basic example when the cache will return wrong information for a different token is simply every URL that includes /@me/ in the URL. (https://github.com/Remora/Remora.Discord/blob/main/Backend/Remora.Discord.API.Abstractions/API/Rest/IDiscordRestUserAPI.cs#L53) In addition it could be possible that one User Token (OAuth2 Bearer) might not have the same read permissions as another one and the cache could provide a bit to much information for that token.

MazeXP avatar Dec 02 '22 14:12 MazeXP

Ah, I see. I'll look into integrating the token into the cache keys in some kind of hashed format so we don't leak it to external services.

Nihlus avatar Dec 02 '22 14:12 Nihlus