projects / plack-middleware-auth-complex.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 388ed28)
Add authentication cache
authorMarius Gavrilescu <marius@ieval.ro>
Sun, 1 Mar 2015 11:13:53 +0000 (13:13 +0200)
committerMarius Gavrilescu <marius@ieval.ro>
Sun, 1 Mar 2015 11:13:53 +0000 (13:13 +0200)
Makefile.PL patch | blob | blame | history
lib/Plack/Middleware/Auth/Complex.pm patch | blob | blame | history
t/Plack-Middleware-Auth-Complex.t patch | blob | blame | history

diff --git a/Makefile.PL b/Makefile.PL
index 3d96b1adaf78f35e942c9fe27a74cd0f198c5e97..21ef80a7fd3049791ca56a2aa853a5e94ec32b2e 100644 (file)
--- a/Makefile.PL
+++ b/Makefile.PL
@@ -21,7 +21,8 @@ WriteMakefile(
                   DBI                               0
                   Email::Simple                     0
                   Email::Sender::Simple             0
-                  Plack::Request                    0/,
+                  Plack::Request                    0
+                  Tie::Hash::Expire                 0/,
        },
        META_MERGE         => {
                dynamic_config => 0,
diff --git a/lib/Plack/Middleware/Auth/Complex.pm b/lib/Plack/Middleware/Auth/Complex.pm
index 920810c2ffb392407b6d1975b12575c99310ecba..55fc5ee1861579b4af2e2a6de06fc8ee5f50be2c 100644 (file)
--- a/lib/Plack/Middleware/Auth/Complex.pm
+++ b/lib/Plack/Middleware/Auth/Complex.pm
@@ -13,11 +13,12 @@ use Authen::Passphrase;
 use Authen::Passphrase::BlowfishCrypt;
 use Bytes::Random::Secure qw/random_bytes/;
 use DBI;
-use Digest::SHA qw/hmac_sha1_base64/;
+use Digest::SHA qw/hmac_sha1_base64 sha256/;
 use Email::Simple;
 use Email::Sender::Simple qw/sendmail/;
 use MIME::Base64 qw/decode_base64/;
 use Plack::Request;
+use Tie::Hash::Expire;
 
 sub default_opts {(
        dbi_connect       => ['dbi:Pg:', '', ''],
@@ -26,6 +27,8 @@ sub default_opts {(
        insert_user       => 'INSERT INTO users (id, passphrase, email) VALUES (?,?,?)',
        mail_subject      => 'Password reset token',
        realm             => 'restricted area',
+       cache_fail        => 0,
+       cache_max_age     => 5 * 60,
        token_max_age     => 60 * 60 * 24,
        username_regex    => qr/^\w{2,20}$/a,
        register_url      => '/action/register',
@@ -60,9 +63,17 @@ sub get_user {
 
 sub check_passphrase {
        my ($self, $username, $passphrase) = @_;
+       unless ($self->{cache}) {
+               tie my %cache, 'Tie::Hash::Expire', {expire_seconds => $self->{cache_max_age}};
+               $self->{cache} = \%cache;
+       }
+       my $cachekey = sha256 "$username:$passphrase";
+       return $self->{cache}{$cachekey} if exists $self->{cache}{$cachekey};
        my $user = $self->get_user($username);
        return 0 unless $user;
-       Authen::Passphrase->from_rfc2307($user->{passphrase})->match($passphrase)
+       my $ret = Authen::Passphrase->from_rfc2307($user->{passphrase})->match($passphrase);
+       $self->{cache}{$cachekey} = $ret if $ret || $self->{cache_fail};
+       $ret
 }
 
 sub hash_passphrase {
@@ -348,6 +359,17 @@ C<'Password reset token'>.
 
 Authentication realm. Defaults to C<'restricted area'>.
 
+=item cache_fail
+
+If true, all authentication results are cached. If false, only
+successful logins are cached. Defaults to false.
+
+=item cache_max_age
+
+Authentication cache timeout, in seconds. Authentication results are
+cached for this number of seconds to avoid expensive hashing. Defaults
+to 5 minutes.
+
 =item token_max_age
 
 Password reset token validity, in seconds. Defaults to 24 hours.
diff --git a/t/Plack-Middleware-Auth-Complex.t b/t/Plack-Middleware-Auth-Complex.t
index 956ee67321c4c90d00bf8ba3ffec08413b178cfa..5b42232c64cc5c224d85f93d92fb6e6e2192d5c2 100644 (file)
--- a/t/Plack-Middleware-Auth-Complex.t
+++ b/t/Plack-Middleware-Auth-Complex.t
@@ -30,8 +30,13 @@ sub is_http {
 
 my $create_table = 'CREATE TABLE users (id TEXT PRIMARY KEY, passphrase TEXT, email TEXT)';
 my $ac = Plack::Middleware::Auth::Complex->new({
-       dbi_connect     => ['dbi:SQLite:dbname=:memory:'],
-       post_connect_cb => sub { shift->{dbh}->do($create_table) },
+       dbi_connect       => ['dbi:SQLite:dbname=:memory:'],
+       post_connect_cb   => sub { shift->{dbh}->do($create_table) },
+       register_url      => '/register',
+       passwd_url        => '/passwd',
+       request_reset_url => '/request-reset',
+       reset_url         => '/reset',
+       cache_max_age     => 0,
 });
 
 my $app = $ac->wrap(\&app);
Feature-rich authentication system
This page took 0.013316 seconds and 4 git commands to generate.