forgejo/modules/setting
zeripath e0853d4a21
Add API Token Cache (#16547)
One of the issues holding back performance of the API is the problem of hashing.
Whilst banning BASIC authentication with passwords will help, the API Token scheme
still requires a PBKDF2 hash - which means that heavy API use (using Tokens) can
still cause enormous numbers of hash computations.

A slight solution to this whilst we consider moving to using JWT based tokens and/or
a session orientated solution is to simply cache the successful tokens. This has some
security issues but this should be balanced by the security issues of load from
hashing.

Related #14668

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2021-08-17 14:30:42 -04:00
..
attachment.go Provide self-registering storage system (#12978) 2020-10-12 23:58:34 -04:00
cache.go Add LRU mem cache implementation (#16226) 2021-07-10 23:54:15 +02:00
cors.go Allow setting X-FRAME-OPTIONS (#16643) 2021-08-06 16:47:10 -04:00
cron.go Allow extended config on cron settings (#12939) 2020-09-25 09:58:09 +01:00
cron_test.go Allow extended config on cron settings (#12939) 2020-09-25 09:58:09 +01:00
database.go When reinitialising DBConfig reset the database use flags (#13796) 2020-12-02 19:39:48 -05:00
database_sqlite.go
database_test.go
git.go Update Go-Git to take advantage of LargeObjectThreshold (#16316) 2021-06-30 22:58:45 +02:00
indexer.go Fix various documentation, user-facing, and source comment typos (#16367) 2021-07-08 13:38:13 +02:00
indexer_test.go
lfs.go Let package git depend on setting but not opposite (#15241) 2021-06-26 13:28:55 +02:00
log.go Add an abstract json layout to make it's easier to change json library (#16528) 2021-07-24 18:03:58 +02:00
mailer.go
markup.go Make Mermaid.js limit configurable (#16519) 2021-07-24 00:21:51 -04:00
migrations.go Add Allow-/Block-List for Migrate & Mirrors (#13610) 2020-11-28 19:37:58 -05:00
mime_type_map.go Add mimetype mapping settings (#15133) 2021-05-10 16:38:08 -04:00
oauth2_client.go OAuth2 login: Set account link to "login" as default behavior (#15768) 2021-05-07 16:15:16 +02:00
picture.go add /assets as root dir of public files (#15219) 2021-04-28 12:35:06 +00:00
project.go
queue.go Clean-up the settings hierarchy for issue_indexer queue (#16001) 2021-06-16 18:19:20 -04:00
repository.go Rework repository archive (#14723) 2021-06-23 17:12:38 -04:00
service.go add configuration option to restrict users by default (#16256) 2021-07-15 15:19:48 -04:00
session.go Add an abstract json layout to make it's easier to change json library (#16528) 2021-07-24 18:03:58 +02:00
setting.go Add API Token Cache (#16547) 2021-08-17 14:30:42 -04:00
setting_test.go Add an abstract json layout to make it's easier to change json library (#16528) 2021-07-24 18:03:58 +02:00
storage.go Rework repository archive (#14723) 2021-06-23 17:12:38 -04:00
storage_test.go more test case for STORAGE_TYPE overrides (and fixes) (#14096) 2020-12-22 01:03:18 +02:00
task.go Avoid setitng the CONN_STR in queues unless it is meant to be set (#13025) 2020-10-04 18:12:26 +01:00
webhook.go Add support for corporate WeChat webhooks (#15910) 2021-07-23 12:41:27 +08:00