Add metadata caching capability to avoid unnecesary API calls

metadata_cache.go

@@ -0,0 +1,54 @@
+package traefikoidc
+
+import (
+	"fmt"
+	"net/http"
+	"sync"
+	"time"
+)
+
+// MetadataCache provides thread-safe caching for OIDC provider metadata
+type MetadataCache struct {
+	metadata  *ProviderMetadata
+	expiresAt time.Time
+	mutex     sync.RWMutex
+}
+
+// NewMetadataCache creates a new metadata cache instance
+func NewMetadataCache() *MetadataCache {
+	return &MetadataCache{}
+}
+
+// GetMetadata retrieves the metadata from cache or fetches it if expired
+func (c *MetadataCache) GetMetadata(providerURL string, httpClient *http.Client, logger *Logger) (*ProviderMetadata, error) {
+	c.mutex.RLock()
+	if c.metadata != nil && time.Now().Before(c.expiresAt) {
+		defer c.mutex.RUnlock()
+		return c.metadata, nil
+	}
+	c.mutex.RUnlock()
+
+	c.mutex.Lock()
+	defer c.mutex.Unlock()
+
+	// Double-check after acquiring write lock
+	if c.metadata != nil && time.Now().Before(c.expiresAt) {
+		return c.metadata, nil
+	}
+
+	metadata, err := discoverProviderMetadata(providerURL, httpClient, logger)
+	if err != nil {
+		if c.metadata != nil {
+			// On error, extend current cache by 5 minutes to prevent thundering herd
+			c.expiresAt = time.Now().Add(5 * time.Minute)
+			logger.Errorf("Failed to refresh metadata, using cached version for 5 more minutes: %v", err)
+			return c.metadata, nil
+		}
+		return nil, fmt.Errorf("failed to fetch provider metadata: %w", err)
+	}
+
+	c.metadata = metadata
+	c.expiresAt = time.Now().Add(1 * time.Hour)
+
+	return metadata, nil
+}