3 files changed, 16 insertions, 35 deletions

diff --git a/internal/server/institute.go b/internal/server/institute.go
index 348e895..0a7ef3a 100644
--- a/internal/server/institute.go
+++ b/internal/server/institute.go
@@ -17,15 +17,12 @@ import (
 // `disco` are the discovery servers
 // `id` is the identifier for the server, the base url
 // `ot` specifies specifies the start time OAuth was already triggered
-func (s *Servers) AddInstitute(ctx context.Context, discom *discovery.Manager, id string, ot *int64) error {
+func (s *Servers) AddInstitute(ctx context.Context, disco *discovery.Discovery, id string, ot *int64) error {
 	// This is basically done to double check if the server is part of the institute access section of disco
-	disco, release := discom.Discovery(false)
 	dsrv, err := disco.ServerByURL(id, "institute_access")
 	if err != nil {
-		release()
 		return err
 	}
-	release()
 
 	sd := api.ServerData{
 		ID:         dsrv.BaseURL,
@@ -70,15 +67,12 @@ func (s *Servers) AddInstitute(ctx context.Context, discom *discovery.Manager, i
 // `disco` are the discovery servers
 // `tok` are the tokens such that we do not have to trigger auth
 // `disableAuth` is true when auth should never be triggered
-func (s *Servers) GetInstitute(ctx context.Context, id string, discom *discovery.Manager, tok *eduoauth.Token, disableAuth bool) (*Server, error) {
-	disco, release := discom.Discovery(false)
+func (s *Servers) GetInstitute(ctx context.Context, id string, disco *discovery.Discovery, tok *eduoauth.Token, disableAuth bool) (*Server, error) {
 	// This is basically done to double check if the server is part of the institute access section of disco
 	dsrv, err := disco.ServerByURL(id, "institute_access")
 	if err != nil {
-		release()
 		return nil, err
 	}
-	release()
 
 	// Get the server from the config
 	_, err = s.config.GetServer(dsrv.BaseURL, server.TypeInstituteAccess)
diff --git a/internal/server/secureinternet.go b/internal/server/secureinternet.go
index 69b1e97..18a5e78 100644
--- a/internal/server/secureinternet.go
+++ b/internal/server/secureinternet.go
@@ -45,17 +45,14 @@ func ReplaceWAYF(template string, authURL string, orgID string) string {
 // `disco` are the discovery servers
 // `orgID` is the organiztaion ID
 // `ot` specifies specifies the start time OAuth was already triggered
-func (s *Servers) AddSecure(ctx context.Context, discom *discovery.Manager, orgID string, ot *int64) error {
+func (s *Servers) AddSecure(ctx context.Context, disco *discovery.Discovery, orgID string, ot *int64) error {
 	if s.config.HasSecureInternet() {
 		return errors.New("a secure internet server already exists")
 	}
-	disco, release := discom.Discovery(false)
 	dorg, dsrv, err := disco.SecureHomeArgs(orgID)
 	if err != nil {
-		release()
 		return err
 	}
-	release()
 
 	sd := api.ServerData{
 		ID:         dorg.OrgID,
@@ -63,13 +60,11 @@ func (s *Servers) AddSecure(ctx context.Context, discom *discovery.Manager, orgI
 		BaseWK:     dsrv.BaseURL,
 		BaseAuthWK: dsrv.BaseURL,
 		ProcessAuth: func(ctx context.Context, url string) (string, error) {
-			newd, release := discom.Discovery(true)
-			defer release()
 			// the only thing we can do is log warn
 			// this is already done in the functions
-			newd.Servers(ctx, false)       //nolint:errcheck
-			newd.Organizations(ctx, false) //nolint:errcheck
-			updorg, updsrv, err := newd.SecureHomeArgs(orgID)
+			disco.Servers(ctx, false)       //nolint:errcheck
+			disco.Organizations(ctx, false) //nolint:errcheck
+			updorg, updsrv, err := disco.SecureHomeArgs(orgID)
 			if err != nil {
 				return "", err
 			}
@@ -115,25 +110,21 @@ func (s *Servers) AddSecure(ctx context.Context, discom *discovery.Manager, orgI
 // `disco` are the discovery servers
 // `tok` are the tokens such that the server can be found without triggering auth
 // `disableAuth` is set to true when authorization should not be triggered
-func (s *Servers) GetSecure(ctx context.Context, orgID string, discom *discovery.Manager, tok *eduoauth.Token, disableAuth bool) (*Server, error) {
+func (s *Servers) GetSecure(ctx context.Context, orgID string, disco *discovery.Discovery, tok *eduoauth.Token, disableAuth bool) (*Server, error) {
 	srv, err := s.config.GetServer(orgID, server.TypeSecureInternet)
 	if err != nil {
 		return nil, err
 	}
 
-	disco, release := discom.Discovery(false)
 	dorg, dhome, err := disco.SecureHomeArgs(orgID)
 	if err != nil {
-		release()
 		return nil, err
 	}
 
 	dloc, err := disco.ServerByCountryCode(srv.CountryCode)
 	if err != nil {
-		release()
 		return nil, err
 	}
-	release()
 
 	sd := api.ServerData{
 		ID:         dorg.OrgID,
@@ -141,15 +132,13 @@ func (s *Servers) GetSecure(ctx context.Context, orgID string, discom *discovery
 		BaseWK:     dloc.BaseURL,
 		BaseAuthWK: dhome.BaseURL,
 		ProcessAuth: func(ctx context.Context, url string) (string, error) {
-			newd, release := discom.Discovery(true)
-			defer release()
 			// the only thing we can do is log warn
 			// this is already done in the functions
-			newd.MarkServersExpired()
-			newd.Servers(ctx, false) //nolint:errcheck
-			newd.MarkOrganizationsExpired()
-			newd.Organizations(ctx, false) //nolint:errcheck
-			updorg, updsrv, err := newd.SecureHomeArgs(orgID)
+			disco.MarkServersExpired()
+			disco.Servers(ctx, false) //nolint:errcheck
+			disco.MarkOrganizationsExpired()
+			disco.Organizations(ctx, false) //nolint:errcheck
+			updorg, updsrv, err := disco.SecureHomeArgs(orgID)
 			if err != nil {
 				return "", err
 			}
diff --git a/internal/server/servers.go b/internal/server/servers.go
index d1aed97..60b9277 100644
--- a/internal/server/servers.go
+++ b/internal/server/servers.go
@@ -54,12 +54,12 @@ type CurrentServer struct {
 }
 
 // ServerWithCallbacks gets the current server as a server struct and triggers callbacks as needed
-func (cs *CurrentServer) ServerWithCallbacks(ctx context.Context, discom *discovery.Manager, tokens *eduoauth.Token, disableAuth bool) (*Server, error) {
+func (cs *CurrentServer) ServerWithCallbacks(ctx context.Context, disco *discovery.Discovery, tokens *eduoauth.Token, disableAuth bool) (*Server, error) {
 	switch cs.Key.T {
 	case srvtypes.TypeInstituteAccess:
-		return cs.srvs.GetInstitute(ctx, cs.Key.ID, discom, tokens, disableAuth)
+		return cs.srvs.GetInstitute(ctx, cs.Key.ID, disco, tokens, disableAuth)
 	case srvtypes.TypeSecureInternet:
-		return cs.srvs.GetSecure(ctx, cs.Key.ID, discom, tokens, disableAuth)
+		return cs.srvs.GetSecure(ctx, cs.Key.ID, disco, tokens, disableAuth)
 	case srvtypes.TypeCustom:
 		return cs.srvs.GetCustom(ctx, cs.Key.ID, tokens, disableAuth)
 	default:
@@ -89,9 +89,7 @@ func (s *Servers) CurrentServer() (*CurrentServer, error) {
 }
 
 // PublicCurrent gets the current server into a type that we can return to the client
-func (s *Servers) PublicCurrent(discom *discovery.Manager) (*srvtypes.Current, error) {
-	disco, release := discom.Discovery(false)
-	defer release()
+func (s *Servers) PublicCurrent(disco *discovery.Discovery) (*srvtypes.Current, error) {
 	return s.config.PublicCurrent(disco)
 }