From e0853d4a21bd1c718f23a3cac6148f5063e4e810 Mon Sep 17 00:00:00 2001 From: zeripath Date: Tue, 17 Aug 2021 19:30:42 +0100 Subject: Add API Token Cache (#16547) One of the issues holding back performance of the API is the problem of hashing. Whilst banning BASIC authentication with passwords will help, the API Token scheme still requires a PBKDF2 hash - which means that heavy API use (using Tokens) can still cause enormous numbers of hash computations. A slight solution to this whilst we consider moving to using JWT based tokens and/or a session orientated solution is to simply cache the successful tokens. This has some security issues but this should be balanced by the security issues of load from hashing. Related #14668 Signed-off-by: Andrew Thornton Co-authored-by: Lunny Xiao --- models/models.go | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'models/models.go') diff --git a/models/models.go b/models/models.go index c843302296..4e1448241a 100755 --- a/models/models.go +++ b/models/models.go @@ -17,6 +17,7 @@ import ( // Needed for the MySQL driver _ "github.com/go-sql-driver/mysql" + lru "github.com/hashicorp/golang-lru" "xorm.io/xorm" "xorm.io/xorm/names" "xorm.io/xorm/schemas" @@ -234,6 +235,15 @@ func NewEngine(ctx context.Context, migrateFunc func(*xorm.Engine) error) (err e return fmt.Errorf("sync database struct error: %v", err) } + if setting.SuccessfulTokensCacheSize > 0 { + successfulAccessTokenCache, err = lru.New(setting.SuccessfulTokensCacheSize) + if err != nil { + return fmt.Errorf("unable to allocate AccessToken cache: %v", err) + } + } else { + successfulAccessTokenCache = nil + } + return nil } -- cgit v1.2.3