forgejo-federation/modules
zeripath e0853d4a21
Add API Token Cache (#16547)
One of the issues holding back performance of the API is the problem of hashing.
Whilst banning BASIC authentication with passwords will help, the API Token scheme
still requires a PBKDF2 hash - which means that heavy API use (using Tokens) can
still cause enormous numbers of hash computations.

A slight solution to this whilst we consider moving to using JWT based tokens and/or
a session orientated solution is to simply cache the successful tokens. This has some
security issues but this should be balanced by the security issues of load from
hashing.

Related #14668

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2021-08-17 14:30:42 -04:00
..
analyze Speed up enry.IsVendor (#15213) 2021-04-01 19:41:09 +02:00
auth Refactor: Move login out of models (#16199) 2021-07-24 11:16:34 +01:00
avatar Add Image Diff for SVG files (#14867) 2021-06-05 15:32:19 +03:00
base Fixed assert statements. (#16089) 2021-06-07 07:27:09 +02:00
cache Add an abstract json layout to make it's easier to change json library (#16528) 2021-07-24 18:03:58 +02:00
charset Refactor renders (#15175) 2021-04-19 18:25:08 -04:00
context [API] generalize list header (#16551) 2021-08-12 14:43:08 +02:00
convert Add agit flow support in gitea (#14295) 2021-07-28 17:42:56 +08:00
cron Refactor: Move login out of models (#16199) 2021-07-24 11:16:34 +01:00
csv Fixes #16557 - duplicate csv import (#16631) 2021-08-05 17:56:11 +01:00
doctor Restore creation of git-daemon-export-ok files (#16508) 2021-07-22 12:53:54 +01:00
emoji Run processors on whole of text (#16155) 2021-06-17 11:35:05 +01:00
eventsource Add an abstract json layout to make it's easier to change json library (#16528) 2021-07-24 18:03:58 +02:00
generate switch to maintained lib (#16532) 2021-07-24 13:00:41 +02:00
git [API] generalize list header (#16551) 2021-08-12 14:43:08 +02:00
gitgraph Fix bug on commit graph (#15517) 2021-04-17 10:27:25 +01:00
graceful Support HTTP/2 in Let's Encrypt (#16371) 2021-07-13 18:17:46 +01:00
hcaptcha hCaptcha Support (#12594) 2020-10-02 23:37:53 -04:00
highlight Ensure empty lines are copiable and final new line too (#16678) 2021-08-14 01:16:56 +02:00
httpcache Add ETag header (#15370) 2021-04-12 10:49:26 -04:00
httplib Add an abstract json layout to make it's easier to change json library (#16528) 2021-07-24 18:03:58 +02:00
indexer Add an abstract json layout to make it's easier to change json library (#16528) 2021-07-24 18:03:58 +02:00
json Add an abstract json layout to make it's easier to change json library (#16528) 2021-07-24 18:03:58 +02:00
lfs Add an abstract json layout to make it's easier to change json library (#16528) 2021-07-24 18:03:58 +02:00
log Add an abstract json layout to make it's easier to change json library (#16528) 2021-07-24 18:03:58 +02:00
markup Fix NPE in fuzzer (#16680) 2021-08-13 00:22:05 +02:00
matchlist Add Allow-/Block-List for Migrate & Mirrors (#13610) 2020-11-28 19:37:58 -05:00
metrics Separate open and closed issue in metrics (#16637) 2021-08-07 12:43:50 +03:00
migrations Update issue_index to finish migration (#16685) 2021-08-13 21:06:18 +08:00
nosql Fix setting redis db path (#15698) 2021-05-03 13:24:24 -04:00
notification Add an abstract json layout to make it's easier to change json library (#16528) 2021-07-24 18:03:58 +02:00
options Add StatDir and replace com.StatDir (#14099) 2020-12-22 07:40:57 +08:00
password Fixed assert statements. (#16089) 2021-06-07 07:27:09 +02:00
pprof Add golangci (#6418) 2019-06-12 15:41:28 -04:00
private Fix spelling of HookProcReceiveResult (#16690) 2021-08-14 13:17:10 +02:00
process Code Formats, Nits & Unused Func/Var deletions (#15286) 2021-04-09 09:40:34 +02:00
public Improve assets handler middleware (#15961) 2021-05-30 18:25:11 +08:00
queue Add an abstract json layout to make it's easier to change json library (#16528) 2021-07-24 18:03:58 +02:00
recaptcha Add an abstract json layout to make it's easier to change json library (#16528) 2021-07-24 18:03:58 +02:00
references Fix various documentation, user-facing, and source comment typos (#16367) 2021-07-08 13:38:13 +02:00
repofiles Fix various documentation, user-facing, and source comment typos (#16367) 2021-07-08 13:38:13 +02:00
repository Replace list.List with slices (#16311) 2021-08-09 14:08:51 -04:00
secret Fix various documentation, user-facing, and source comment typos (#16367) 2021-07-08 13:38:13 +02:00
session Add an abstract json layout to make it's easier to change json library (#16528) 2021-07-24 18:03:58 +02:00
setting Add API Token Cache (#16547) 2021-08-17 14:30:42 -04:00
ssh Second attempt at preventing zombies (#16326) 2021-07-14 10:43:13 -04:00
storage Add an abstract json layout to make it's easier to change json library (#16528) 2021-07-24 18:03:58 +02:00
structs Add an api endpoint to fetch git notes (#15373) (#16649) 2021-08-11 03:01:40 +02:00
svg Fix filepath basename on Windows for SVG bindata (#12241) 2020-07-13 21:16:40 +01:00
sync Fix missing unlock in uniquequeue (#9790) 2020-01-15 23:58:33 +02:00
task Add an abstract json layout to make it's easier to change json library (#16528) 2021-07-24 18:03:58 +02:00
templates Replace list.List with slices (#16311) 2021-08-09 14:08:51 -04:00
test Move middlewares to web/middleware (#14480) 2021-01-30 10:55:53 +02:00
timeutil Fix display since time round (#14226) 2021-01-28 13:29:22 +01:00
translation Use index of the supported tags to choose user lang (#15452) 2021-04-14 19:52:01 +01:00
typesniffer Fix various documentation, user-facing, and source comment typos (#16367) 2021-07-08 13:38:13 +02:00
upload Update golangci-lint to version 1.31.0 (#13102) 2020-10-11 21:27:20 +01:00
uri Dump github/gitlab/gitea repository data to a local directory and restore to gitea (#12244) 2020-12-27 11:34:19 +08:00
user Add gitea-vet (#10948) 2020-04-05 07:20:50 +01:00
util Handle too long PR titles correctly (#16517) 2021-07-25 03:59:27 +01:00
validation Fix various documentation, user-facing, and source comment typos (#16367) 2021-07-08 13:38:13 +02:00
web Restore CORS on git smart http protocol (#16496) 2021-07-21 11:32:35 +08:00