mirror of
https://codeberg.org/forgejo/forgejo.git
synced 2024-11-24 08:57:03 -05:00
0d8478cff8
- In Go 1.21 the crypto/sha256 [got a massive improvement](https://go.dev/doc/go1.21#crypto/sha256) by utilizing the SHA instructions for AMD64 CPUs, which sha256-simd already was doing. The performance is now on par and I think it's preferable to use the standard library rather than a package when possible. ``` cpu: AMD Ryzen 5 3600X 6-Core Processor │ simd.txt │ go.txt │ │ sec/op │ sec/op vs base │ Hash/8Bytes-12 63.25n ± 1% 73.38n ± 1% +16.02% (p=0.002 n=6) Hash/64Bytes-12 98.73n ± 1% 105.30n ± 1% +6.65% (p=0.002 n=6) Hash/1K-12 567.2n ± 1% 572.8n ± 1% +0.99% (p=0.002 n=6) Hash/8K-12 4.062µ ± 1% 4.062µ ± 1% ~ (p=0.396 n=6) Hash/1M-12 512.1µ ± 0% 510.6µ ± 1% ~ (p=0.485 n=6) Hash/5M-12 2.556m ± 1% 2.564m ± 0% ~ (p=0.093 n=6) Hash/10M-12 5.112m ± 0% 5.127m ± 0% ~ (p=0.093 n=6) geomean 13.82µ 14.27µ +3.28% │ simd.txt │ go.txt │ │ B/s │ B/s vs base │ Hash/8Bytes-12 120.6Mi ± 1% 104.0Mi ± 1% -13.81% (p=0.002 n=6) Hash/64Bytes-12 618.2Mi ± 1% 579.8Mi ± 1% -6.22% (p=0.002 n=6) Hash/1K-12 1.682Gi ± 1% 1.665Gi ± 1% -0.98% (p=0.002 n=6) Hash/8K-12 1.878Gi ± 1% 1.878Gi ± 1% ~ (p=0.310 n=6) Hash/1M-12 1.907Gi ± 0% 1.913Gi ± 1% ~ (p=0.485 n=6) Hash/5M-12 1.911Gi ± 1% 1.904Gi ± 0% ~ (p=0.093 n=6) Hash/10M-12 1.910Gi ± 0% 1.905Gi ± 0% ~ (p=0.093 n=6) geomean 1.066Gi 1.032Gi -3.18% ``` (cherry picked from commitabd94ff5b5
) (cherry picked from commit15e81637ab
) Conflicts: go.mod https://codeberg.org/forgejo/forgejo/pulls/1581 (cherry picked from commit 5caea2d75aeac78fb306f58a3cf7809d5b70c7f2) (cherry picked from commit08da542cce
) (cherry picked from commitd71a8cc9fb
) (cherry picked from commit63c9fc2bee
) (cherry picked from commite1db85d48a
) (cherry picked from commit5e86a5d2d1
)
86 lines
2.5 KiB
Go
86 lines
2.5 KiB
Go
// Copyright 2023 The Gitea Authors. All rights reserved.
|
|
// SPDX-License-Identifier: MIT
|
|
|
|
package context
|
|
|
|
import (
|
|
"crypto/sha256"
|
|
"encoding/hex"
|
|
"net/http"
|
|
"strings"
|
|
|
|
"code.gitea.io/gitea/modules/setting"
|
|
"code.gitea.io/gitea/modules/util"
|
|
"code.gitea.io/gitea/modules/web/middleware"
|
|
|
|
"golang.org/x/crypto/pbkdf2"
|
|
)
|
|
|
|
const CookieNameFlash = "gitea_flash"
|
|
|
|
func removeSessionCookieHeader(w http.ResponseWriter) {
|
|
cookies := w.Header()["Set-Cookie"]
|
|
w.Header().Del("Set-Cookie")
|
|
for _, cookie := range cookies {
|
|
if strings.HasPrefix(cookie, setting.SessionConfig.CookieName+"=") {
|
|
continue
|
|
}
|
|
w.Header().Add("Set-Cookie", cookie)
|
|
}
|
|
}
|
|
|
|
// SetSiteCookie convenience function to set most cookies consistently
|
|
// CSRF and a few others are the exception here
|
|
func (ctx *Context) SetSiteCookie(name, value string, maxAge int) {
|
|
middleware.SetSiteCookie(ctx.Resp, name, value, maxAge)
|
|
}
|
|
|
|
// DeleteSiteCookie convenience function to delete most cookies consistently
|
|
// CSRF and a few others are the exception here
|
|
func (ctx *Context) DeleteSiteCookie(name string) {
|
|
middleware.SetSiteCookie(ctx.Resp, name, "", -1)
|
|
}
|
|
|
|
// GetSiteCookie returns given cookie value from request header.
|
|
func (ctx *Context) GetSiteCookie(name string) string {
|
|
return middleware.GetSiteCookie(ctx.Req, name)
|
|
}
|
|
|
|
// GetSuperSecureCookie returns given cookie value from request header with secret string.
|
|
func (ctx *Context) GetSuperSecureCookie(secret, name string) (string, bool) {
|
|
val := ctx.GetSiteCookie(name)
|
|
return ctx.CookieDecrypt(secret, val)
|
|
}
|
|
|
|
// CookieDecrypt returns given value from with secret string.
|
|
func (ctx *Context) CookieDecrypt(secret, val string) (string, bool) {
|
|
if val == "" {
|
|
return "", false
|
|
}
|
|
|
|
text, err := hex.DecodeString(val)
|
|
if err != nil {
|
|
return "", false
|
|
}
|
|
|
|
key := pbkdf2.Key([]byte(secret), []byte(secret), 1000, 16, sha256.New)
|
|
text, err = util.AESGCMDecrypt(key, text)
|
|
return string(text), err == nil
|
|
}
|
|
|
|
// SetSuperSecureCookie sets given cookie value to response header with secret string.
|
|
func (ctx *Context) SetSuperSecureCookie(secret, name, value string, maxAge int) {
|
|
text := ctx.CookieEncrypt(secret, value)
|
|
ctx.SetSiteCookie(name, text, maxAge)
|
|
}
|
|
|
|
// CookieEncrypt encrypts a given value using the provided secret
|
|
func (ctx *Context) CookieEncrypt(secret, value string) string {
|
|
key := pbkdf2.Key([]byte(secret), []byte(secret), 1000, 16, sha256.New)
|
|
text, err := util.AESGCMEncrypt(key, []byte(value))
|
|
if err != nil {
|
|
panic("error encrypting cookie: " + err.Error())
|
|
}
|
|
|
|
return hex.EncodeToString(text)
|
|
}
|