Rendering: Store render key in remote cache (#22031)

By storing render key in remote cache it will enable
image renderer to use public facing url or load
balancer url to render images and thereby remove
the requirement of image renderer having to use the
url of the originating Grafana instance when running
HA setup (multiple Grafana instances).

Fixes #17704
Ref grafana/grafana-image-renderer#91

pkg/middleware/render_auth.go

@@ -1,59 +1,32 @@
 package middleware
 
 import (
-	"sync"
 	"time"
 
+	"github.com/grafana/grafana/pkg/services/rendering"
+
 	m "github.com/grafana/grafana/pkg/models"
-	"github.com/grafana/grafana/pkg/util"
 )
 
-var renderKeysLock sync.Mutex
-var renderKeys map[string]*m.SignedInUser = make(map[string]*m.SignedInUser)
-
-func initContextWithRenderAuth(ctx *m.ReqContext) bool {
+func initContextWithRenderAuth(ctx *m.ReqContext, renderService rendering.Service) bool {
 	key := ctx.GetCookie("renderKey")
 	if key == "" {
 		return false
 	}
 
-	renderKeysLock.Lock()
-	defer renderKeysLock.Unlock()
-
-	renderUser, exists := renderKeys[key]
+	renderUser, exists := renderService.GetRenderUser(key)
 	if !exists {
 		ctx.JsonApiErr(401, "Invalid Render Key", nil)
 		return true
 	}
 
 	ctx.IsSignedIn = true
-	ctx.SignedInUser = renderUser
+	ctx.SignedInUser = &m.SignedInUser{
+		OrgId:   renderUser.OrgID,
+		UserId:  renderUser.UserID,
+		OrgRole: m.RoleType(renderUser.OrgRole),
+	}
 	ctx.IsRenderCall = true
 	ctx.LastSeenAt = time.Now()
 	return true
 }
-
-func AddRenderAuthKey(orgId int64, userId int64, orgRole m.RoleType) (string, error) {
-	renderKeysLock.Lock()
-	defer renderKeysLock.Unlock()
-
-	key, err := util.GetRandomString(32)
-	if err != nil {
-		return "", err
-	}
-
-	renderKeys[key] = &m.SignedInUser{
-		OrgId:   orgId,
-		OrgRole: orgRole,
-		UserId:  userId,
-	}
-
-	return key, nil
-}
-
-func RemoveRenderAuthKey(key string) {
-	renderKeysLock.Lock()
-	defer renderKeysLock.Unlock()
-
-	delete(renderKeys, key)
-}