From e0853d4a21bd1c718f23a3cac6148f5063e4e810 Mon Sep 17 00:00:00 2001 From: zeripath Date: Tue, 17 Aug 2021 19:30:42 +0100 Subject: Add API Token Cache (#16547) One of the issues holding back performance of the API is the problem of hashing. Whilst banning BASIC authentication with passwords will help, the API Token scheme still requires a PBKDF2 hash - which means that heavy API use (using Tokens) can still cause enormous numbers of hash computations. A slight solution to this whilst we consider moving to using JWT based tokens and/or a session orientated solution is to simply cache the successful tokens. This has some security issues but this should be balanced by the security issues of load from hashing. Related #14668 Signed-off-by: Andrew Thornton Co-authored-by: Lunny Xiao --- modules/setting/setting.go | 2 ++ 1 file changed, 2 insertions(+) (limited to 'modules') diff --git a/modules/setting/setting.go b/modules/setting/setting.go index 593677344f..d584ed3d4d 100644 --- a/modules/setting/setting.go +++ b/modules/setting/setting.go @@ -189,6 +189,7 @@ var ( PasswordComplexity []string PasswordHashAlgo string PasswordCheckPwn bool + SuccessfulTokensCacheSize int // UI settings UI = struct { @@ -840,6 +841,7 @@ func NewContext() { PasswordHashAlgo = sec.Key("PASSWORD_HASH_ALGO").MustString("pbkdf2") CSRFCookieHTTPOnly = sec.Key("CSRF_COOKIE_HTTP_ONLY").MustBool(true) PasswordCheckPwn = sec.Key("PASSWORD_CHECK_PWN").MustBool(false) + SuccessfulTokensCacheSize = sec.Key("SUCCESSFUL_TOKENS_CACHE_SIZE").MustInt(20) InternalToken = loadInternalToken(sec) -- cgit v1.2.3