You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@servicecomb.apache.org by ti...@apache.org on 2021/03/27 08:07:50 UTC
[servicecomb-service-center] branch master updated: increase token
signing performance (#920)
This is an automated email from the ASF dual-hosted git repository.
tianxiaoliang pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/servicecomb-service-center.git
The following commit(s) were added to refs/heads/master by this push:
new 98e6416 increase token signing performance (#920)
98e6416 is described below
commit 98e6416d8306d72b2dac6fef9cd31ff8423b47c8
Author: Shawn <xi...@gmail.com>
AuthorDate: Sat Mar 27 16:07:41 2021 +0800
increase token signing performance (#920)
---
docs/dev-guides.rst | 1 +
docs/dev-guides/profiling.md | 13 +++++++
pkg/privacy/password_test.go | 34 +++++++++++++++++
server/resource/v4/rbac_resource_test.go | 63 ++++++++++++++++++++++++++------
server/service/rbac/authr_plugin.go | 8 ----
server/service/rbac/rbac_test.go | 43 ++++++++++++++++++----
test/benchmark/login.json | 1 +
test/benchmark/login.sh | 1 +
8 files changed, 138 insertions(+), 26 deletions(-)
diff --git a/docs/dev-guides.rst b/docs/dev-guides.rst
index 4f751cd..5fe364c 100644
--- a/docs/dev-guides.rst
+++ b/docs/dev-guides.rst
@@ -11,3 +11,4 @@ Development guide
dev-guides/multidcs2.rst
dev-guides/helm.md
dev-guides/kubeclusters.rst
+ dev-guides/profiling.md
diff --git a/docs/dev-guides/profiling.md b/docs/dev-guides/profiling.md
new file mode 100644
index 0000000..7e82190
--- /dev/null
+++ b/docs/dev-guides/profiling.md
@@ -0,0 +1,13 @@
+# Profiling
+service center integrated pprof
+## Configuration
+```yaml
+server:
+ pprof:
+ mode: 1
+```
+
+## Run pprof
+```sh
+go tool pprof http://localhost:30100/debug/pprof/profile?seconds=30
+```
\ No newline at end of file
diff --git a/pkg/privacy/password_test.go b/pkg/privacy/password_test.go
index 056f15f..c4ad3dd 100644
--- a/pkg/privacy/password_test.go
+++ b/pkg/privacy/password_test.go
@@ -37,3 +37,37 @@ func TestHashPassword(t *testing.T) {
sameMac := privacy.SamePassword(mac, "test")
assert.True(t, sameMac)
}
+func BenchmarkBcrypt(b *testing.B) {
+ h, _ := privacy.HashPassword("test")
+ for i := 0; i < b.N; i++ {
+ same := privacy.SamePassword(h, "test")
+ if !same {
+ panic("")
+ }
+
+ }
+ b.ReportAllocs()
+}
+func BenchmarkScrypt(b *testing.B) {
+ h, _ := privacy.ScryptPassword("test")
+ for i := 0; i < b.N; i++ {
+ same := privacy.SamePassword(h, "test")
+ if !same {
+ panic("")
+ }
+
+ }
+ b.ReportAllocs()
+}
+func BenchmarkScryptP(b *testing.B) {
+ h, _ := privacy.ScryptPassword("test")
+ b.RunParallel(func(pb *testing.PB) {
+ for pb.Next() {
+ same := privacy.SamePassword(h, "test")
+ if !same {
+ panic("")
+ }
+ }
+ })
+ b.ReportAllocs()
+}
diff --git a/server/resource/v4/rbac_resource_test.go b/server/resource/v4/rbac_resource_test.go
index edf25fe..0668ac6 100644
--- a/server/resource/v4/rbac_resource_test.go
+++ b/server/resource/v4/rbac_resource_test.go
@@ -42,40 +42,50 @@ import (
"github.com/stretchr/testify/assert"
)
+var pwd = "Complicated_password1"
+
func init() {
beego.AppConfig.Set("rbac_enabled", "true")
beego.AppConfig.Set("rbac_rsa_public_key_file", "./rbac.pub")
beego.AppConfig.Set("rbac_rsa_private_key_file", "./private.key")
config.Init()
-}
-func TestAuthResource_Login(t *testing.T) {
+
err := archaius.Init(archaius.WithMemorySource(), archaius.WithENVSource())
- assert.NoError(t, err)
+ if err != nil {
+ panic(err)
+ }
pri, pub, err := secret.GenRSAKeyPair(4096)
- assert.NoError(t, err)
+ if err != nil {
+ panic(err)
+ }
b, err := secret.RSAPrivate2Bytes(pri)
- assert.NoError(t, err)
+ if err != nil {
+ panic(err)
+ }
ioutil.WriteFile("./private.key", b, 0600)
b, err = secret.RSAPublicKey2Bytes(pub)
err = ioutil.WriteFile("./rbac.pub", b, 0600)
- assert.NoError(t, err)
-
- archaius.Set(rbac.InitPassword, "Complicated_password1")
+ if err != nil {
+ panic(err)
+ }
+ archaius.Set(rbac.InitPassword, pwd)
ctx := context.TODO()
dao.DeleteAccount(ctx, "root")
- archaius.Init(archaius.WithMemorySource())
rbac.Init()
rest.RegisterServant(&v4.AuthResource{})
rest.RegisterServant(&v4.RoleResource{})
+}
+func TestAuthResource_Login(t *testing.T) {
+ ctx := context.TODO()
dao.DeleteAccount(ctx, "dev_account")
t.Run("invalid user login", func(t *testing.T) {
- b, _ := json.Marshal(&rbacmodel.Account{Name: "dev_account", Password: "Complicated_password1"})
+ b, _ := json.Marshal(&rbacmodel.Account{Name: "dev_account", Password: pwd})
r, _ := http.NewRequest(http.MethodPost, "/v4/token", bytes.NewBuffer(b))
w := httptest.NewRecorder()
@@ -86,7 +96,7 @@ func TestAuthResource_Login(t *testing.T) {
// root account token
var to = &rbacmodel.Token{}
t.Run("root login", func(t *testing.T) {
- b, _ := json.Marshal(&rbacmodel.Account{Name: "root", Password: "Complicated_password1", Roles: []string{"admin"}})
+ b, _ := json.Marshal(&rbacmodel.Account{Name: "root", Password: pwd, Roles: []string{"admin"}})
r, _ := http.NewRequest(http.MethodPost, "/v4/token", bytes.NewBuffer(b))
w := httptest.NewRecorder()
@@ -465,3 +475,34 @@ func TestAuthResource_Login2(t *testing.T) {
assert.Equal(t, http.StatusForbidden, w.Code)
})
}
+
+func BenchmarkAuthResource_LoginP(b *testing.B) {
+ body, _ := json.Marshal(&rbacmodel.Account{Name: "root", Password: pwd})
+ b.RunParallel(func(pb *testing.PB) {
+ for pb.Next() {
+ r, _ := http.NewRequest(http.MethodPost, "/v4/token", bytes.NewBuffer(body))
+ w := httptest.NewRecorder()
+ rest.GetRouter().ServeHTTP(w, r)
+ if w.Code != http.StatusOK {
+ panic(w.Code)
+ }
+ }
+ })
+ b.ReportAllocs()
+}
+
+//
+func BenchmarkAuthResource_Login(b *testing.B) {
+ body, _ := json.Marshal(&rbacmodel.Account{Name: "root", Password: pwd})
+ b.ResetTimer()
+ for i := 0; i < b.N; i++ {
+ r, _ := http.NewRequest(http.MethodPost, "/v4/token", bytes.NewBuffer(body))
+ w := httptest.NewRecorder()
+ rest.GetRouter().ServeHTTP(w, r)
+ if w.Code != http.StatusOK {
+ panic(w.Code)
+ }
+
+ }
+ b.ReportAllocs()
+}
diff --git a/server/service/rbac/authr_plugin.go b/server/service/rbac/authr_plugin.go
index a8fdbbe..8109094 100644
--- a/server/service/rbac/authr_plugin.go
+++ b/server/service/rbac/authr_plugin.go
@@ -46,14 +46,6 @@ func (a *EmbeddedAuthenticator) Login(ctx context.Context, user string, password
for _, o := range opts {
o(opt)
}
- exist, err := dao.AccountExist(ctx, user)
- if err != nil {
- log.Error("check account err", err)
- return "", err
- }
- if !exist {
- return "", ErrUnauthorized
- }
account, err := dao.GetAccount(ctx, user)
if err != nil {
log.Error("get account err", err)
diff --git a/server/service/rbac/rbac_test.go b/server/service/rbac/rbac_test.go
index e4d90e3..0dcb210 100644
--- a/server/service/rbac/rbac_test.go
+++ b/server/service/rbac/rbac_test.go
@@ -40,29 +40,37 @@ func init() {
beego.AppConfig.Set("rbac_rsa_public_key_file", "./rbac.pub")
beego.AppConfig.Set("rbac_rsa_private_key_file", "./private.key")
config.Init()
-}
-func TestInitRBAC(t *testing.T) {
err := archaius.Init(archaius.WithMemorySource(), archaius.WithENVSource())
- assert.NoError(t, err)
+ if err != nil {
+ panic(err)
+ }
pri, pub, err := secret.GenRSAKeyPair(4096)
- assert.NoError(t, err)
+ if err != nil {
+ panic(err)
+ }
b, err := secret.RSAPrivate2Bytes(pri)
- assert.NoError(t, err)
+ if err != nil {
+ panic(err)
+ }
ioutil.WriteFile("./private.key", b, 0600)
b, err = secret.RSAPublicKey2Bytes(pub)
err = ioutil.WriteFile("./rbac.pub", b, 0600)
- assert.NoError(t, err)
+ if err != nil {
+ panic(err)
+ }
archaius.Set(rbac.InitPassword, "Complicated_password1")
-
dao.DeleteAccount(context.Background(), "root")
dao.DeleteAccount(context.Background(), "a")
dao.DeleteAccount(context.Background(), "b")
rbac.Init()
+}
+
+func TestInitRBAC(t *testing.T) {
a, err := dao.GetAccount(context.Background(), "root")
assert.NoError(t, err)
assert.Equal(t, "root", a.Name)
@@ -181,3 +189,24 @@ func TestInitRBAC(t *testing.T) {
assert.Equal(t, true, r)
})
}
+func BenchmarkAuthResource_Login(b *testing.B) {
+ b.RunParallel(func(pb *testing.PB) {
+ for pb.Next() {
+ _, err := authr.Login(context.TODO(), "root", "Complicated_password1")
+ if err != nil {
+ panic(err)
+ }
+ }
+ })
+ b.ReportAllocs()
+}
+func BenchmarkAuthResource_Login2(b *testing.B) {
+ for i := 0; i < b.N; i++ {
+ _, err := authr.Login(context.TODO(), "root", "Complicated_password1")
+ if err != nil {
+ panic(err)
+ }
+
+ }
+ b.ReportAllocs()
+}
diff --git a/test/benchmark/login.json b/test/benchmark/login.json
new file mode 100644
index 0000000..37d39ab
--- /dev/null
+++ b/test/benchmark/login.json
@@ -0,0 +1 @@
+{"name":"root","password":"Complicated_password1"}
\ No newline at end of file
diff --git a/test/benchmark/login.sh b/test/benchmark/login.sh
new file mode 100644
index 0000000..76f81d5
--- /dev/null
+++ b/test/benchmark/login.sh
@@ -0,0 +1 @@
+ab -n 10000 -c 10 -p login.json "http://127.0.0.1:30100/v4/token"
\ No newline at end of file