Add token cache

Token cache prevents the need to get a new token for every registry interaction.
Since the tokens are short lived, the cache expires after only a minute.

Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)

registry/auth.go

@@ -10,6 +10,8 @@ import (
 	"os"
 	"path"
 	"strings"
+	"sync"
+	"time"
 
 	log "github.com/Sirupsen/logrus"
 	"github.com/docker/docker/utils"
@@ -43,6 +45,10 @@ type RequestAuthorization struct {
 	resource         string
 	scope            string
 	actions          []string
+
+	tokenLock       sync.Mutex
+	tokenCache      string
+	tokenExpiration time.Time
 }
 
 func NewRequestAuthorization(authConfig *AuthConfig, registryEndpoint *Endpoint, resource, scope string, actions []string) *RequestAuthorization {
@@ -56,7 +62,14 @@ func NewRequestAuthorization(authConfig *AuthConfig, registryEndpoint *Endpoint,
 }
 
 func (auth *RequestAuthorization) getToken() (string, error) {
-	// TODO check if already has token and before expiration
+	auth.tokenLock.Lock()
+	defer auth.tokenLock.Unlock()
+	now := time.Now()
+	if now.Before(auth.tokenExpiration) {
+		log.Debugf("Using cached token for %s", auth.authConfig.Username)
+		return auth.tokenCache, nil
+	}
+
 	client := &http.Client{
 		Transport: &http.Transport{
 			DisableKeepAlives: true,
@@ -80,14 +93,18 @@ func (auth *RequestAuthorization) getToken() (string, error) {
 			if err != nil {
 				return "", err
 			}
-			// TODO cache token and set expiration to one minute from now
+			auth.tokenCache = token
+			auth.tokenExpiration = now.Add(time.Minute)
 
 			return token, nil
 		default:
 			log.Infof("Unsupported auth scheme: %q", challenge.Scheme)
 		}
 	}
-	// TODO no expiration, do not reattempt to get a token
+
+	// Do not expire cache since there are no challenges which use a token
+	auth.tokenExpiration = time.Now().Add(time.Hour * 24)
+
 	return "", nil
 }