[#84] Reuse tokio runtime for device auth'd SDK calls

CHANGELOG.md

@@ -1,5 +1,9 @@
 # Changelog
 
+## 0.14.1 (unreleased)
+- [[#91]](https://github.com/IronCoreLabs/ironoxide/pull/91)
+  - Adds simple sharing of tokio runtime across device authenticated SDK calls
+
 ## 0.14.0
 
 - [[#81](https://github.com/IronCoreLabs/ironoxide/pull/81)][[#80](https://github.com/IronCoreLabs/ironoxide/pull/80)][[#77](https://github.com/IronCoreLabs/ironoxide/pull/77)]

Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "ironoxide"
-version = "0.14.0"
+version = "0.14.1"
 authors = ["IronCore Labs <[email protected]>"]
 readme = "README.md"
 license = "AGPL-3.0-only"

src/document/mod.rs

@@ -13,7 +13,6 @@ use crate::{
     Result,
 };
 use itertools::{Either, EitherOrBoth, Itertools};
-use tokio::runtime::current_thread::Runtime;
 
 /// Advanced document operations
 pub mod advanced;
@@ -198,13 +197,13 @@ pub trait DocumentOps {
 
 impl DocumentOps for crate::IronOxide {
     fn document_list(&self) -> Result<DocumentListResult> {
-        let mut rt = Runtime::new().unwrap();
-        rt.block_on(document_api::document_list(self.device.auth()))
+        self.runtime
+            .block_on(document_api::document_list(self.device.auth()))
     }
 
     fn document_get_metadata(&self, id: &DocumentId) -> Result<DocumentMetadataResult> {
-        let mut rt = Runtime::new().unwrap();
-        rt.block_on(document_api::document_get_metadata(self.device.auth(), id))
+        self.runtime
+            .block_on(document_api::document_get_metadata(self.device.auth(), id))
     }
 
     fn document_get_id_from_bytes(&self, encrypted_document: &[u8]) -> Result<DocumentId> {
@@ -216,7 +215,6 @@ impl DocumentOps for crate::IronOxide {
         document_data: &[u8],
         encrypt_opts: &DocumentEncryptOpts,
     ) -> Result<DocumentEncryptResult> {
-        let mut rt = Runtime::new().unwrap();
         let encrypt_opts = encrypt_opts.clone();
 
         let (explicit_users, explicit_groups, grant_to_author, policy_grants) =
@@ -237,7 +235,7 @@ impl DocumentOps for crate::IronOxide {
                 }
             };
 
-        rt.block_on(document_api::encrypt_document(
+        self.runtime.block_on(document_api::encrypt_document(
             self.device.auth(),
             &self.recrypt,
             &self.user_master_pub_key,
@@ -257,9 +255,7 @@ impl DocumentOps for crate::IronOxide {
         id: &DocumentId,
         new_document_data: &[u8],
     ) -> Result<DocumentEncryptResult> {
-        let mut rt = Runtime::new().unwrap();
-
-        rt.block_on(document_api::document_update_bytes(
+        self.runtime.block_on(document_api::document_update_bytes(
             self.device.auth(),
             &self.recrypt,
             self.device.device_private_key(),
@@ -270,9 +266,7 @@ impl DocumentOps for crate::IronOxide {
     }
 
     fn document_decrypt(&self, encrypted_document: &[u8]) -> Result<DocumentDecryptResult> {
-        let mut rt = Runtime::new().unwrap();
-
-        rt.block_on(document_api::decrypt_document(
+        self.runtime.block_on(document_api::decrypt_document(
             self.device.auth(),
             &self.recrypt,
             self.device.device_private_key(),
@@ -285,9 +279,7 @@ impl DocumentOps for crate::IronOxide {
         id: &DocumentId,
         name: Option<&DocumentName>,
     ) -> Result<DocumentMetadataResult> {
-        let mut rt = Runtime::new().unwrap();
-
-        rt.block_on(document_api::update_document_name(
+        self.runtime.block_on(document_api::update_document_name(
             self.device.auth(),
             id,
             name,
@@ -299,11 +291,9 @@ impl DocumentOps for crate::IronOxide {
         id: &DocumentId,
         grant_list: &Vec<UserOrGroup>,
     ) -> Result<DocumentAccessResult> {
-        let mut rt = Runtime::new().unwrap();
-
         let (users, groups) = partition_user_or_group(grant_list);
 
-        rt.block_on(document_api::document_grant_access(
+        self.runtime.block_on(document_api::document_grant_access(
             self.device.auth(),
             &self.recrypt,
             id,
@@ -319,9 +309,7 @@ impl DocumentOps for crate::IronOxide {
         id: &DocumentId,
         revoke_list: &Vec<UserOrGroup>,
     ) -> Result<DocumentAccessResult> {
-        let mut rt = Runtime::new().unwrap();
-
-        rt.block_on(document_api::document_revoke_access(
+        self.runtime.block_on(document_api::document_revoke_access(
             self.device.auth(),
             id,
             revoke_list,

src/group.rs

@@ -6,7 +6,6 @@ use crate::{
     internal::{group_api, group_api::GroupCreateOptsStd, user_api::UserId, IronOxideErr},
     Result,
 };
-use tokio::runtime::current_thread::Runtime;
 use vec1::Vec1;
 
 #[derive(Clone)]
@@ -240,12 +239,11 @@ pub trait GroupOps {
 
 impl GroupOps for crate::IronOxide {
     fn group_list(&self) -> Result<GroupListResult> {
-        let mut rt = Runtime::new().unwrap();
-        rt.block_on(group_api::list(self.device.auth(), None))
+        self.runtime
+            .block_on(group_api::list(self.device.auth(), None))
     }
 
     fn group_create(&self, opts: &GroupCreateOpts) -> Result<GroupCreateResult> {
-        let mut rt = Runtime::new().unwrap();
         let standard_opts = opts.clone().standardize(self.device.auth().account_id())?;
         let all_users = &standard_opts.all_users();
         let GroupCreateOptsStd {
@@ -257,7 +255,7 @@ impl GroupOps for crate::IronOxide {
             needs_rotation,
         } = standard_opts;
 
-        rt.block_on(group_api::group_create(
+        self.runtime.block_on(group_api::group_create(
             &self.recrypt,
             self.device.auth(),
             id,
@@ -271,27 +269,26 @@ impl GroupOps for crate::IronOxide {
     }
 
     fn group_get_metadata(&self, id: &GroupId) -> Result<GroupGetResult> {
-        let mut rt = Runtime::new().unwrap();
-        rt.block_on(group_api::get_metadata(self.device.auth(), id))
+        self.runtime
+            .block_on(group_api::get_metadata(self.device.auth(), id))
     }
 
     fn group_delete(&self, id: &GroupId) -> Result<GroupId> {
-        let mut rt = Runtime::new().unwrap();
-        rt.block_on(group_api::group_delete(self.device.auth(), id))
+        self.runtime
+            .block_on(group_api::group_delete(self.device.auth(), id))
     }
 
     fn group_update_name(&self, id: &GroupId, name: Option<&GroupName>) -> Result<GroupMetaResult> {
-        let mut rt = Runtime::new().unwrap();
-        rt.block_on(group_api::update_group_name(self.device.auth(), id, name))
+        self.runtime
+            .block_on(group_api::update_group_name(self.device.auth(), id, name))
     }
 
     fn group_add_members(
         &self,
         id: &GroupId,
         grant_list: &[UserId],
     ) -> Result<GroupAccessEditResult> {
-        let mut rt = Runtime::new().unwrap();
-        rt.block_on(group_api::group_add_members(
+        self.runtime.block_on(group_api::group_add_members(
             &self.recrypt,
             self.device.auth(),
             self.device.device_private_key(),
@@ -305,8 +302,7 @@ impl GroupOps for crate::IronOxide {
         id: &GroupId,
         revoke_list: &[UserId],
     ) -> Result<GroupAccessEditResult> {
-        let mut rt = Runtime::new().unwrap();
-        rt.block_on(group_api::group_remove_entity(
+        self.runtime.block_on(group_api::group_remove_entity(
             self.device.auth(),
             id,
             &revoke_list.to_vec(),
@@ -315,8 +311,7 @@ impl GroupOps for crate::IronOxide {
     }
 
     fn group_add_admins(&self, id: &GroupId, users: &[UserId]) -> Result<GroupAccessEditResult> {
-        let mut rt = Runtime::new().unwrap();
-        rt.block_on(group_api::group_add_admins(
+        self.runtime.block_on(group_api::group_add_admins(
             &self.recrypt,
             self.device.auth(),
             self.device.device_private_key(),
@@ -330,8 +325,7 @@ impl GroupOps for crate::IronOxide {
         id: &GroupId,
         revoke_list: &[UserId],
     ) -> Result<GroupAccessEditResult> {
-        let mut rt = Runtime::new().unwrap();
-        rt.block_on(group_api::group_remove_entity(
+        self.runtime.block_on(group_api::group_remove_entity(
             self.device.auth(),
             id,
             &revoke_list.to_vec(),

src/lib.rs

@@ -101,6 +101,7 @@ pub struct IronOxide {
     pub(crate) user_master_pub_key: PublicKey,
     pub(crate) device: DeviceContext,
     pub(crate) rng: Mutex<ReseedingRng<ChaChaCore, EntropyRng>>,
+    pub(crate) runtime: tokio::runtime::Runtime,
 }
 
 /// Result of calling `initialize_check_rotation`
@@ -193,6 +194,13 @@ impl IronOxide {
 
     /// Create an IronOxide instance. Depends on the system having enough entropy to seed a RNG.
     fn create(curr_user: &UserResult, device_context: &DeviceContext) -> IronOxide {
+        // create a tokio runtime with the default number of core threads (num of cores on a machine)
+        // and an elevated number of blocking_threads as we expect heavy concurrency to be network-bound
+        let runtime = tokio::runtime::Builder::new()
+            .blocking_threads(250) // most all SDK methods will block on the network
+            .keep_alive(None)
+            .build()
+            .expect("tokio runtime failed to initialize");
         IronOxide {
             recrypt: Recrypt::new(),
             device: device_context.clone(),
@@ -202,6 +210,7 @@ impl IronOxide {
                 BYTES_BEFORE_RESEEDING,
                 EntropyRng::new(),
             )),
+            runtime,
         }
     }
 }

src/user.rs

@@ -183,8 +183,8 @@ impl UserOps for IronOxide {
     }
 
     fn user_delete_device(&self, device_id: Option<&DeviceId>) -> Result<DeviceId> {
-        let mut rt = Runtime::new().unwrap();
-        rt.block_on(user_api::device_delete(self.device.auth(), device_id))
+        self.runtime
+            .block_on(user_api::device_delete(self.device.auth(), device_id))
     }
 
     fn user_verify(jwt: &str) -> Result<Option<UserResult>> {
@@ -193,13 +193,12 @@ impl UserOps for IronOxide {
     }
 
     fn user_get_public_key(&self, users: &[UserId]) -> Result<HashMap<UserId, PublicKey>> {
-        let mut rt = Runtime::new().unwrap();
-        rt.block_on(user_api::user_key_list(self.device.auth(), &users.to_vec()))
+        self.runtime
+            .block_on(user_api::user_key_list(self.device.auth(), &users.to_vec()))
     }
 
     fn user_rotate_private_key(&self, password: &str) -> Result<UserUpdatePrivateKeyResult> {
-        let mut rt = Runtime::new().unwrap();
-        rt.block_on(user_api::user_rotate_private_key(
+        self.runtime.block_on(user_api::user_rotate_private_key(
             &self.recrypt,
             password.try_into()?,
             self.device().auth(),