mirror of
				https://codeberg.org/forgejo/forgejo.git
				synced 2025-10-26 12:01:08 +00:00 
			
		
		
		
	- In Go 1.21 the crypto/sha256 [got a massive improvement](https://go.dev/doc/go1.21#crypto/sha256) by utilizing the SHA instructions for AMD64 CPUs, which sha256-simd already was doing. The performance is now on par and I think it's preferable to use the standard library rather than a package when possible. ``` cpu: AMD Ryzen 5 3600X 6-Core Processor │ simd.txt │ go.txt │ │ sec/op │ sec/op vs base │ Hash/8Bytes-12 63.25n ± 1% 73.38n ± 1% +16.02% (p=0.002 n=6) Hash/64Bytes-12 98.73n ± 1% 105.30n ± 1% +6.65% (p=0.002 n=6) Hash/1K-12 567.2n ± 1% 572.8n ± 1% +0.99% (p=0.002 n=6) Hash/8K-12 4.062µ ± 1% 4.062µ ± 1% ~ (p=0.396 n=6) Hash/1M-12 512.1µ ± 0% 510.6µ ± 1% ~ (p=0.485 n=6) Hash/5M-12 2.556m ± 1% 2.564m ± 0% ~ (p=0.093 n=6) Hash/10M-12 5.112m ± 0% 5.127m ± 0% ~ (p=0.093 n=6) geomean 13.82µ 14.27µ +3.28% │ simd.txt │ go.txt │ │ B/s │ B/s vs base │ Hash/8Bytes-12 120.6Mi ± 1% 104.0Mi ± 1% -13.81% (p=0.002 n=6) Hash/64Bytes-12 618.2Mi ± 1% 579.8Mi ± 1% -6.22% (p=0.002 n=6) Hash/1K-12 1.682Gi ± 1% 1.665Gi ± 1% -0.98% (p=0.002 n=6) Hash/8K-12 1.878Gi ± 1% 1.878Gi ± 1% ~ (p=0.310 n=6) Hash/1M-12 1.907Gi ± 0% 1.913Gi ± 1% ~ (p=0.485 n=6) Hash/5M-12 1.911Gi ± 1% 1.904Gi ± 0% ~ (p=0.093 n=6) Hash/10M-12 1.910Gi ± 0% 1.905Gi ± 0% ~ (p=0.093 n=6) geomean 1.066Gi 1.032Gi -3.18% ``` (cherry picked from commitabd94ff5b5) (cherry picked from commit15e81637ab) Conflicts: go.mod https://codeberg.org/forgejo/forgejo/pulls/1581 (cherry picked from commit 5caea2d75aeac78fb306f58a3cf7809d5b70c7f2) (cherry picked from commit08da542cce)
		
			
				
	
	
		
			86 lines
		
	
	
	
		
			2.5 KiB
		
	
	
	
		
			Go
		
	
	
	
	
	
			
		
		
	
	
			86 lines
		
	
	
	
		
			2.5 KiB
		
	
	
	
		
			Go
		
	
	
	
	
	
| // Copyright 2023 The Gitea Authors. All rights reserved.
 | |
| // SPDX-License-Identifier: MIT
 | |
| 
 | |
| package context
 | |
| 
 | |
| import (
 | |
| 	"crypto/sha256"
 | |
| 	"encoding/hex"
 | |
| 	"net/http"
 | |
| 	"strings"
 | |
| 
 | |
| 	"code.gitea.io/gitea/modules/setting"
 | |
| 	"code.gitea.io/gitea/modules/util"
 | |
| 	"code.gitea.io/gitea/modules/web/middleware"
 | |
| 
 | |
| 	"golang.org/x/crypto/pbkdf2"
 | |
| )
 | |
| 
 | |
| const CookieNameFlash = "gitea_flash"
 | |
| 
 | |
| func removeSessionCookieHeader(w http.ResponseWriter) {
 | |
| 	cookies := w.Header()["Set-Cookie"]
 | |
| 	w.Header().Del("Set-Cookie")
 | |
| 	for _, cookie := range cookies {
 | |
| 		if strings.HasPrefix(cookie, setting.SessionConfig.CookieName+"=") {
 | |
| 			continue
 | |
| 		}
 | |
| 		w.Header().Add("Set-Cookie", cookie)
 | |
| 	}
 | |
| }
 | |
| 
 | |
| // SetSiteCookie convenience function to set most cookies consistently
 | |
| // CSRF and a few others are the exception here
 | |
| func (ctx *Context) SetSiteCookie(name, value string, maxAge int) {
 | |
| 	middleware.SetSiteCookie(ctx.Resp, name, value, maxAge)
 | |
| }
 | |
| 
 | |
| // DeleteSiteCookie convenience function to delete most cookies consistently
 | |
| // CSRF and a few others are the exception here
 | |
| func (ctx *Context) DeleteSiteCookie(name string) {
 | |
| 	middleware.SetSiteCookie(ctx.Resp, name, "", -1)
 | |
| }
 | |
| 
 | |
| // GetSiteCookie returns given cookie value from request header.
 | |
| func (ctx *Context) GetSiteCookie(name string) string {
 | |
| 	return middleware.GetSiteCookie(ctx.Req, name)
 | |
| }
 | |
| 
 | |
| // GetSuperSecureCookie returns given cookie value from request header with secret string.
 | |
| func (ctx *Context) GetSuperSecureCookie(secret, name string) (string, bool) {
 | |
| 	val := ctx.GetSiteCookie(name)
 | |
| 	return ctx.CookieDecrypt(secret, val)
 | |
| }
 | |
| 
 | |
| // CookieDecrypt returns given value from with secret string.
 | |
| func (ctx *Context) CookieDecrypt(secret, val string) (string, bool) {
 | |
| 	if val == "" {
 | |
| 		return "", false
 | |
| 	}
 | |
| 
 | |
| 	text, err := hex.DecodeString(val)
 | |
| 	if err != nil {
 | |
| 		return "", false
 | |
| 	}
 | |
| 
 | |
| 	key := pbkdf2.Key([]byte(secret), []byte(secret), 1000, 16, sha256.New)
 | |
| 	text, err = util.AESGCMDecrypt(key, text)
 | |
| 	return string(text), err == nil
 | |
| }
 | |
| 
 | |
| // SetSuperSecureCookie sets given cookie value to response header with secret string.
 | |
| func (ctx *Context) SetSuperSecureCookie(secret, name, value string, maxAge int) {
 | |
| 	text := ctx.CookieEncrypt(secret, value)
 | |
| 	ctx.SetSiteCookie(name, text, maxAge)
 | |
| }
 | |
| 
 | |
| // CookieEncrypt encrypts a given value using the provided secret
 | |
| func (ctx *Context) CookieEncrypt(secret, value string) string {
 | |
| 	key := pbkdf2.Key([]byte(secret), []byte(secret), 1000, 16, sha256.New)
 | |
| 	text, err := util.AESGCMEncrypt(key, []byte(value))
 | |
| 	if err != nil {
 | |
| 		panic("error encrypting cookie: " + err.Error())
 | |
| 	}
 | |
| 
 | |
| 	return hex.EncodeToString(text)
 | |
| }
 |