You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@servicecomb.apache.org by ti...@apache.org on 2021/03/27 08:07:50 UTC

[servicecomb-service-center] branch master updated: increase token signing performance (#920)

This is an automated email from the ASF dual-hosted git repository.

tianxiaoliang pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/servicecomb-service-center.git


The following commit(s) were added to refs/heads/master by this push:
     new 98e6416  increase token signing performance (#920)
98e6416 is described below

commit 98e6416d8306d72b2dac6fef9cd31ff8423b47c8
Author: Shawn <xi...@gmail.com>
AuthorDate: Sat Mar 27 16:07:41 2021 +0800

    increase token signing performance (#920)
---
 docs/dev-guides.rst                      |  1 +
 docs/dev-guides/profiling.md             | 13 +++++++
 pkg/privacy/password_test.go             | 34 +++++++++++++++++
 server/resource/v4/rbac_resource_test.go | 63 ++++++++++++++++++++++++++------
 server/service/rbac/authr_plugin.go      |  8 ----
 server/service/rbac/rbac_test.go         | 43 ++++++++++++++++++----
 test/benchmark/login.json                |  1 +
 test/benchmark/login.sh                  |  1 +
 8 files changed, 138 insertions(+), 26 deletions(-)

diff --git a/docs/dev-guides.rst b/docs/dev-guides.rst
index 4f751cd..5fe364c 100644
--- a/docs/dev-guides.rst
+++ b/docs/dev-guides.rst
@@ -11,3 +11,4 @@ Development guide
    dev-guides/multidcs2.rst
    dev-guides/helm.md
    dev-guides/kubeclusters.rst
+   dev-guides/profiling.md
diff --git a/docs/dev-guides/profiling.md b/docs/dev-guides/profiling.md
new file mode 100644
index 0000000..7e82190
--- /dev/null
+++ b/docs/dev-guides/profiling.md
@@ -0,0 +1,13 @@
+# Profiling
+service center integrated pprof 
+## Configuration
+```yaml
+server:
+  pprof:
+    mode: 1
+```
+
+## Run pprof
+```sh
+go tool pprof http://localhost:30100/debug/pprof/profile?seconds=30
+```
\ No newline at end of file
diff --git a/pkg/privacy/password_test.go b/pkg/privacy/password_test.go
index 056f15f..c4ad3dd 100644
--- a/pkg/privacy/password_test.go
+++ b/pkg/privacy/password_test.go
@@ -37,3 +37,37 @@ func TestHashPassword(t *testing.T) {
 	sameMac := privacy.SamePassword(mac, "test")
 	assert.True(t, sameMac)
 }
+func BenchmarkBcrypt(b *testing.B) {
+	h, _ := privacy.HashPassword("test")
+	for i := 0; i < b.N; i++ {
+		same := privacy.SamePassword(h, "test")
+		if !same {
+			panic("")
+		}
+
+	}
+	b.ReportAllocs()
+}
+func BenchmarkScrypt(b *testing.B) {
+	h, _ := privacy.ScryptPassword("test")
+	for i := 0; i < b.N; i++ {
+		same := privacy.SamePassword(h, "test")
+		if !same {
+			panic("")
+		}
+
+	}
+	b.ReportAllocs()
+}
+func BenchmarkScryptP(b *testing.B) {
+	h, _ := privacy.ScryptPassword("test")
+	b.RunParallel(func(pb *testing.PB) {
+		for pb.Next() {
+			same := privacy.SamePassword(h, "test")
+			if !same {
+				panic("")
+			}
+		}
+	})
+	b.ReportAllocs()
+}
diff --git a/server/resource/v4/rbac_resource_test.go b/server/resource/v4/rbac_resource_test.go
index edf25fe..0668ac6 100644
--- a/server/resource/v4/rbac_resource_test.go
+++ b/server/resource/v4/rbac_resource_test.go
@@ -42,40 +42,50 @@ import (
 	"github.com/stretchr/testify/assert"
 )
 
+var pwd = "Complicated_password1"
+
 func init() {
 	beego.AppConfig.Set("rbac_enabled", "true")
 	beego.AppConfig.Set("rbac_rsa_public_key_file", "./rbac.pub")
 	beego.AppConfig.Set("rbac_rsa_private_key_file", "./private.key")
 	config.Init()
-}
-func TestAuthResource_Login(t *testing.T) {
+
 	err := archaius.Init(archaius.WithMemorySource(), archaius.WithENVSource())
-	assert.NoError(t, err)
+	if err != nil {
+		panic(err)
+	}
 
 	pri, pub, err := secret.GenRSAKeyPair(4096)
-	assert.NoError(t, err)
+	if err != nil {
+		panic(err)
+	}
 
 	b, err := secret.RSAPrivate2Bytes(pri)
-	assert.NoError(t, err)
+	if err != nil {
+		panic(err)
+	}
 	ioutil.WriteFile("./private.key", b, 0600)
 	b, err = secret.RSAPublicKey2Bytes(pub)
 	err = ioutil.WriteFile("./rbac.pub", b, 0600)
-	assert.NoError(t, err)
-
-	archaius.Set(rbac.InitPassword, "Complicated_password1")
+	if err != nil {
+		panic(err)
+	}
 
+	archaius.Set(rbac.InitPassword, pwd)
 	ctx := context.TODO()
 	dao.DeleteAccount(ctx, "root")
-	archaius.Init(archaius.WithMemorySource())
 
 	rbac.Init()
 	rest.RegisterServant(&v4.AuthResource{})
 	rest.RegisterServant(&v4.RoleResource{})
+}
+func TestAuthResource_Login(t *testing.T) {
+	ctx := context.TODO()
 
 	dao.DeleteAccount(ctx, "dev_account")
 
 	t.Run("invalid user login", func(t *testing.T) {
-		b, _ := json.Marshal(&rbacmodel.Account{Name: "dev_account", Password: "Complicated_password1"})
+		b, _ := json.Marshal(&rbacmodel.Account{Name: "dev_account", Password: pwd})
 
 		r, _ := http.NewRequest(http.MethodPost, "/v4/token", bytes.NewBuffer(b))
 		w := httptest.NewRecorder()
@@ -86,7 +96,7 @@ func TestAuthResource_Login(t *testing.T) {
 	// root account token
 	var to = &rbacmodel.Token{}
 	t.Run("root login", func(t *testing.T) {
-		b, _ := json.Marshal(&rbacmodel.Account{Name: "root", Password: "Complicated_password1", Roles: []string{"admin"}})
+		b, _ := json.Marshal(&rbacmodel.Account{Name: "root", Password: pwd, Roles: []string{"admin"}})
 
 		r, _ := http.NewRequest(http.MethodPost, "/v4/token", bytes.NewBuffer(b))
 		w := httptest.NewRecorder()
@@ -465,3 +475,34 @@ func TestAuthResource_Login2(t *testing.T) {
 		assert.Equal(t, http.StatusForbidden, w.Code)
 	})
 }
+
+func BenchmarkAuthResource_LoginP(b *testing.B) {
+	body, _ := json.Marshal(&rbacmodel.Account{Name: "root", Password: pwd})
+	b.RunParallel(func(pb *testing.PB) {
+		for pb.Next() {
+			r, _ := http.NewRequest(http.MethodPost, "/v4/token", bytes.NewBuffer(body))
+			w := httptest.NewRecorder()
+			rest.GetRouter().ServeHTTP(w, r)
+			if w.Code != http.StatusOK {
+				panic(w.Code)
+			}
+		}
+	})
+	b.ReportAllocs()
+}
+
+//
+func BenchmarkAuthResource_Login(b *testing.B) {
+	body, _ := json.Marshal(&rbacmodel.Account{Name: "root", Password: pwd})
+	b.ResetTimer()
+	for i := 0; i < b.N; i++ {
+		r, _ := http.NewRequest(http.MethodPost, "/v4/token", bytes.NewBuffer(body))
+		w := httptest.NewRecorder()
+		rest.GetRouter().ServeHTTP(w, r)
+		if w.Code != http.StatusOK {
+			panic(w.Code)
+		}
+
+	}
+	b.ReportAllocs()
+}
diff --git a/server/service/rbac/authr_plugin.go b/server/service/rbac/authr_plugin.go
index a8fdbbe..8109094 100644
--- a/server/service/rbac/authr_plugin.go
+++ b/server/service/rbac/authr_plugin.go
@@ -46,14 +46,6 @@ func (a *EmbeddedAuthenticator) Login(ctx context.Context, user string, password
 	for _, o := range opts {
 		o(opt)
 	}
-	exist, err := dao.AccountExist(ctx, user)
-	if err != nil {
-		log.Error("check account err", err)
-		return "", err
-	}
-	if !exist {
-		return "", ErrUnauthorized
-	}
 	account, err := dao.GetAccount(ctx, user)
 	if err != nil {
 		log.Error("get account err", err)
diff --git a/server/service/rbac/rbac_test.go b/server/service/rbac/rbac_test.go
index e4d90e3..0dcb210 100644
--- a/server/service/rbac/rbac_test.go
+++ b/server/service/rbac/rbac_test.go
@@ -40,29 +40,37 @@ func init() {
 	beego.AppConfig.Set("rbac_rsa_public_key_file", "./rbac.pub")
 	beego.AppConfig.Set("rbac_rsa_private_key_file", "./private.key")
 	config.Init()
-}
 
-func TestInitRBAC(t *testing.T) {
 	err := archaius.Init(archaius.WithMemorySource(), archaius.WithENVSource())
-	assert.NoError(t, err)
+	if err != nil {
+		panic(err)
+	}
 
 	pri, pub, err := secret.GenRSAKeyPair(4096)
-	assert.NoError(t, err)
+	if err != nil {
+		panic(err)
+	}
 
 	b, err := secret.RSAPrivate2Bytes(pri)
-	assert.NoError(t, err)
+	if err != nil {
+		panic(err)
+	}
 	ioutil.WriteFile("./private.key", b, 0600)
 	b, err = secret.RSAPublicKey2Bytes(pub)
 	err = ioutil.WriteFile("./rbac.pub", b, 0600)
-	assert.NoError(t, err)
+	if err != nil {
+		panic(err)
+	}
 
 	archaius.Set(rbac.InitPassword, "Complicated_password1")
-
 	dao.DeleteAccount(context.Background(), "root")
 	dao.DeleteAccount(context.Background(), "a")
 	dao.DeleteAccount(context.Background(), "b")
 
 	rbac.Init()
+}
+
+func TestInitRBAC(t *testing.T) {
 	a, err := dao.GetAccount(context.Background(), "root")
 	assert.NoError(t, err)
 	assert.Equal(t, "root", a.Name)
@@ -181,3 +189,24 @@ func TestInitRBAC(t *testing.T) {
 		assert.Equal(t, true, r)
 	})
 }
+func BenchmarkAuthResource_Login(b *testing.B) {
+	b.RunParallel(func(pb *testing.PB) {
+		for pb.Next() {
+			_, err := authr.Login(context.TODO(), "root", "Complicated_password1")
+			if err != nil {
+				panic(err)
+			}
+		}
+	})
+	b.ReportAllocs()
+}
+func BenchmarkAuthResource_Login2(b *testing.B) {
+	for i := 0; i < b.N; i++ {
+		_, err := authr.Login(context.TODO(), "root", "Complicated_password1")
+		if err != nil {
+			panic(err)
+		}
+
+	}
+	b.ReportAllocs()
+}
diff --git a/test/benchmark/login.json b/test/benchmark/login.json
new file mode 100644
index 0000000..37d39ab
--- /dev/null
+++ b/test/benchmark/login.json
@@ -0,0 +1 @@
+{"name":"root","password":"Complicated_password1"}
\ No newline at end of file
diff --git a/test/benchmark/login.sh b/test/benchmark/login.sh
new file mode 100644
index 0000000..76f81d5
--- /dev/null
+++ b/test/benchmark/login.sh
@@ -0,0 +1 @@
+ab -n 10000 -c 10 -p login.json "http://127.0.0.1:30100/v4/token"
\ No newline at end of file