Implement caching for JWKSet

edb/server/http.py

@@ -180,6 +180,7 @@ async def request(
         headers: HeaderType = None,
         data: bytes | str | dict[str, str] | None = None,
         json: Any | None = None,
+        cache: bool = False,
     ) -> tuple[int, bytearray, dict[str, str]]:
         self._ensure_task()
         path = self._process_path(path)
@@ -191,7 +192,9 @@ async def request(
         self._requests[id] = asyncio.Future()
         start_time = time.monotonic()
         try:
-            self._ensure_client()._request(id, path, method, data, headers_list)
+            self._ensure_client()._request(
+                id, path, method, data, headers_list, cache
+            )
             resp = await self._requests[id]
             if self._stat_callback:
                 status_code, body, headers = resp
@@ -217,9 +220,15 @@ async def request(
         finally:
             del self._requests[id]
 
-    async def get(self, path: str, *, headers: HeaderType = None) -> Response:
+    async def get(
+        self,
+        path: str,
+        *,
+        headers: HeaderType = None,
+        cache: bool = False,
+    ) -> Response:
         result = await self.request(
-            method="GET", path=path, data=None, headers=headers
+            method="GET", path=path, data=None, headers=headers, cache=cache
         )
         return Response.from_tuple(result)
 
@@ -387,12 +396,24 @@ def _process_path(self, path):
         return path
 
     async def request(
-        self, *, method, path, headers=None, data=None, json=None
+        self,
+        *,
+        method,
+        path,
+        headers=None,
+        data=None,
+        json=None,
+        cache=False,
     ):
         path = self._process_path(path)
         headers = self._process_headers(headers)
         return await self.http_client.request(
-            method=method, path=path, headers=headers, data=data, json=json
+            method=method,
+            path=path,
+            headers=headers,
+            data=data,
+            json=json,
+            cache=cache,
         )
 
     async def stream_sse(

edb/server/protocol/auth_ext/base.py

@@ -151,7 +151,7 @@ async def fetch_user_info(
         async with self.http_factory(
             base_url=f"{jwks_uri.scheme}://{jwks_uri.netloc}"
         ) as client:
-            r = await client.get(jwks_uri.path)
+            r = await client.get(jwks_uri.path, cache=True)
 
         # Load the token as a JWT object and verify it directly
         try:
@@ -178,6 +178,9 @@ async def fetch_user_info(
 
     async def _get_oidc_config(self) -> data.OpenIDConfig:
         client = self.http_factory(base_url=self.issuer_url)
-        response = await client.get('/.well-known/openid-configuration')
+        response = await client.get(
+            '/.well-known/openid-configuration',
+            cache=True
+        )
         config = response.json()
         return data.OpenIDConfig(**config)

edb/server/tenant.py

@@ -300,7 +300,7 @@ def get_http_client(self, *, originator: str) -> HttpClient:
                 user_agent=f"EdgeDB {buildmeta.get_version_string(short=True)}",
                 stat_callback=lambda stat: logger.debug(
                     f"HTTP stat: {originator} {stat}"
-                ),
+                )
             )
         return self._http_client
 

pyproject.toml

@@ -18,7 +18,6 @@ dependencies = [
     'psutil~=5.8',
     'setproctitle~=1.2',
 
-    'hishel==0.0.24',
     'webauthn~=2.0.0',
     'argon2-cffi~=23.1.0',
     'aiosmtplib~=3.0',

rust/http/Cargo.toml

@@ -19,6 +19,10 @@ tracing.workspace = true
 
 scopeguard = "1"
 eventsource-stream = "0.2.3"
+http-cache-semantics = { version = "2", features = [] }
+http = "1"
+http-body-util = "0.1.2"
+lru = "0.13"
 
 # We want to use rustls to avoid setenv issues w/ OpenSSL and the system certs. As long
 # as we don't call `openssl_probe::*init*env*()` functions (functions that call setenv