Set populates the cache with the given TTL. Callers MUST pass a TTL no longer than the token's remaining lifetime — otherwise an entry could outlive the PAT's expires_at and let an expired token pass auth on cache hit. Use TTLForExpiry to compute it from a token's expires_at. Errors are logged and
(ctx context.Context, hash, userID string, ttl time.Duration)
| 64 | // Errors are logged and swallowed — a cache write failure is not a |
| 65 | // request failure. |
| 66 | func (c *PATCache) Set(ctx context.Context, hash, userID string, ttl time.Duration) { |
| 67 | if c == nil || ttl <= 0 { |
| 68 | return |
| 69 | } |
| 70 | if err := c.rdb.Set(ctx, patCacheKey(hash), userID, ttl).Err(); err != nil { |
| 71 | slog.Warn("pat_cache: set failed", "error", err) |
| 72 | } |
| 73 | } |
| 74 | |
| 75 | // TTLForExpiry returns the cache TTL for a token given its expires_at. |
| 76 | // - Zero expiresAt (token never expires) → full AuthCacheTTL. |