fix: include user key in search cache to isolate results per user

Previously the cache key only included cluster+query+limit, so two
users with different RBAC permissions could receive each other's cached
search results. Adding user.Key() scopes the cache per user.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

Author: anupam42

pkg/handlers/search_handler.go

@@ -15,6 +15,7 @@ import (
 	"github.com/zxh326/kite/pkg/common"
 	"github.com/zxh326/kite/pkg/handlers/resources"
 	"github.com/zxh326/kite/pkg/middleware"
+	"github.com/zxh326/kite/pkg/model"
 	"github.com/zxh326/kite/pkg/utils"
 	"golang.org/x/sync/errgroup"
 	"k8s.io/klog/v2"
@@ -52,8 +53,8 @@ func NewSearchHandler() *SearchHandler {
 	}
 }
 
-func (h *SearchHandler) createCacheKey(clusterName, query string, limit int) string {
-	return fmt.Sprintf("search:%s:%d:%s", clusterName, limit, normalizeSearchQuery(query))
+func (h *SearchHandler) createCacheKey(clusterName, userKey, query string, limit int) string {
+	return fmt.Sprintf("search:%s:%s:%d:%s", clusterName, userKey, limit, normalizeSearchQuery(query))
 }
 
 func (h *SearchHandler) Search(c *gin.Context, query string, limit int) ([]common.SearchResult, error) {
@@ -119,7 +120,8 @@ func (h *SearchHandler) Search(c *gin.Context, query string, limit int) ([]commo
 	// Only cache results when no failure (panic or error) occurred — avoids
 	// caching incomplete results that would be served as valid 200 OK for the TTL.
 	if !hadFailure.Load() {
-		h.cache.Add(h.createCacheKey(getSearchClusterName(c), query, limit), allResults)
+		user := c.MustGet("user").(model.User)
+		h.cache.Add(h.createCacheKey(getSearchClusterName(c), user.Key(), query, limit), allResults)
 	}
 	return allResults, nil
 }
@@ -140,7 +142,8 @@ func (h *SearchHandler) GlobalSearch(c *gin.Context) {
 	}
 	limit = normalizeSearchLimit(limit)
 
-	cacheKey := h.createCacheKey(getSearchClusterName(c), query, limit)
+	user := c.MustGet("user").(model.User)
+	cacheKey := h.createCacheKey(getSearchClusterName(c), user.Key(), query, limit)
 
 	if cachedResults, found := h.cache.Get(cacheKey); found {
 		response := SearchResponse{

pkg/handlers/search_handler_test.go

@@ -13,6 +13,7 @@ import (
 	"github.com/zxh326/kite/pkg/common"
 	"github.com/zxh326/kite/pkg/handlers/resources"
 	"github.com/zxh326/kite/pkg/middleware"
+	"github.com/zxh326/kite/pkg/model"
 )
 
 func TestNormalizeSearchQuery(t *testing.T) {
@@ -115,6 +116,7 @@ func TestGlobalSearchNegativeLimitDoesNotPanic(t *testing.T) {
 	rec := httptest.NewRecorder()
 	ctx, _ := gin.CreateTestContext(rec)
 	ctx.Request = httptest.NewRequest(http.MethodGet, "/search?q=po&limit=-1", nil)
+	ctx.Set("user", model.AnonymousUser)
 
 	handler := NewSearchHandler()
 
@@ -188,6 +190,7 @@ func newSearchContext(t *testing.T, clusterName string) *gin.Context {
 	if clusterName != "" {
 		ctx.Set(middleware.ClusterNameKey, clusterName)
 	}
+	ctx.Set("user", model.AnonymousUser)
 	return ctx
 }
 
@@ -212,6 +215,7 @@ func performGlobalSearch(t *testing.T, handler *SearchHandler, clusterName, targ
 	if clusterName != "" {
 		ctx.Set(middleware.ClusterNameKey, clusterName)
 	}
+	ctx.Set("user", model.AnonymousUser)
 
 	handler.GlobalSearch(ctx)