diff options
| author | zeripath <art27@cantab.net> | 2021-08-17 19:30:42 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-08-17 14:30:42 -0400 |
| commit | e0853d4a21bd1c718f23a3cac6148f5063e4e810 (patch) | |
| tree | 62fed8fe5f9356ee82dc7ad1ea2429b84da0540d /modules | |
| parent | 274aeb3a9e13da47a925eabe0e43ed0b1424d02a (diff) | |
| download | gitea-e0853d4a21bd1c718f23a3cac6148f5063e4e810.tar.gz gitea-e0853d4a21bd1c718f23a3cac6148f5063e4e810.zip | |
Add API Token Cache (#16547)
One of the issues holding back performance of the API is the problem of hashing.
Whilst banning BASIC authentication with passwords will help, the API Token scheme
still requires a PBKDF2 hash - which means that heavy API use (using Tokens) can
still cause enormous numbers of hash computations.
A slight solution to this whilst we consider moving to using JWT based tokens and/or
a session orientated solution is to simply cache the successful tokens. This has some
security issues but this should be balanced by the security issues of load from
hashing.
Related #14668
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Diffstat (limited to 'modules')
| -rw-r--r-- | modules/setting/setting.go | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/modules/setting/setting.go b/modules/setting/setting.go index 593677344f..d584ed3d4d 100644 --- a/modules/setting/setting.go +++ b/modules/setting/setting.go @@ -189,6 +189,7 @@ var ( PasswordComplexity []string PasswordHashAlgo string PasswordCheckPwn bool + SuccessfulTokensCacheSize int // UI settings UI = struct { @@ -840,6 +841,7 @@ func NewContext() { PasswordHashAlgo = sec.Key("PASSWORD_HASH_ALGO").MustString("pbkdf2") CSRFCookieHTTPOnly = sec.Key("CSRF_COOKIE_HTTP_ONLY").MustBool(true) PasswordCheckPwn = sec.Key("PASSWORD_CHECK_PWN").MustBool(false) + SuccessfulTokensCacheSize = sec.Key("SUCCESSFUL_TOKENS_CACHE_SIZE").MustInt(20) InternalToken = loadInternalToken(sec) |