8000 micro optimizations (#10316) · arangodb/arangodb@669bd40 · GitHub
[go: up one dir, main page]
Skip to content

Commit 669bd40

Browse files
jsteemannjsteemann
authored
micro optimizations (#10316)
1 parent df02bcd commit 669bd40

File tree

2 files changed

+36
-35
lines changed

2 files changed

+36
-35
lines changed

arangod/Auth/TokenCache.cpp

Lines changed: 35 additions & 34 deletions
Original file line numberDiff line numberDiff line change
@@ -41,12 +41,18 @@
4141
#include <velocypack/Builder.h>
4242
#include <velocypack/Collection.h>
4343
#include <velocypack/Iterator.h>
44+
#include <velocypack/StringRef.h>
4445
#include <velocypack/velocypack-aliases.h>
4546

4647
using namespace arangodb;
4748
using namespace arangodb::basics;
4849
using namespace arangodb::velocypack;
4950
using namespace arangodb::rest;
51+
52+
namespace {
53+
velocypack::StringRef const hs256String("HS256");
54+
velocypack::StringRef const jwtString("JWT");
55+
}
5056

5157
auth::TokenCache::TokenCache(auth::UserManager* um, double timeout)
5258
: _userManager(um),
@@ -153,7 +159,7 @@ auth::TokenCache::Entry auth::TokenCache::checkAuthenticationBasic(std::string c
153159
expiry += TRI_microtime();
154160
}
155161

156-
auth::TokenCache::Entry entry(username, authorized, expiry);
162+
auth::TokenCache::Entry entry(std::move(username), authorized, expiry);
157163
{
158164
WRITE_LOCKER(guard, _basicLock);
159165
if (authorized) {
@@ -232,7 +238,7 @@ auth::TokenCache::Entry auth::TokenCache::checkAuthenticationJWT(std::string con
232238
}
233239

234240
std::shared_ptr<VPackBuilder> auth::TokenCache::parseJson(std::string const& str,
235-
std::string const& hint) {
241+
char const* hint) {
236242
std::shared_ptr<VPackBuilder> result;
237243
VPackParser parser;
238244
try {
@@ -255,7 +261,7 @@ std::shared_ptr<VPackBuilder> auth::TokenCache::parseJson(std::string const& str
255261
bool auth::TokenCache::validateJwtHeader(std::string const& header) {
256262
std::shared_ptr<VPackBuilder> headerBuilder =
257263
parseJson(StringUtils::decodeBase64U(header), "jwt header");
258-
if (headerBuilder.get() == nullptr) {
264+
if (headerBuilder == nullptr) {
259265
return false;
260266
}
261267

@@ -267,20 +273,15 @@ bool auth::TokenCache::validateJwtHeader(std::string const& header) {
267273
VPackSlice const algSlice = headerSlice.get("alg");
268274
VPackSlice const typSlice = headerSlice.get("typ");
269275

270-
if (!algSlice.isString()) {
271-
return false;
272-
}
273-
274-
if (!typSlice.isString()) {
276+
if (!algSlice.isString() || !typSlice.isString()) {
275277
return false;
276278
}
277279

278-
if (algSlice.copyString() != "HS256") {
280+
if (!algSlice.isEqualString(::hs256String)) {
279281
return false;
280282
}
281-
282-
std::string typ = typSlice.copyString();
283-
if (typ != "JWT") {
283+
284+
if (!typSlice.isEqualString(::jwtString)) {
284285
return false;
285286
}
286287

@@ -290,7 +291,7 @@ bool auth::TokenCache::validateJwtHeader(std::string const& header) {
290291
auth::TokenCache::Entry auth::TokenCache::validateJwtBody(std::string const& body) {
291292
std::shared_ptr<VPackBuilder> bodyBuilder =
292293
parseJson(StringUtils::decodeBase64U(body), "jwt body");
293-
if (bodyBuilder.get() == nullptr) {
294+
if (bodyBuilder == nullptr) {
294295
LOG_TOPIC("99524", TRACE, Logger::AUTHENTICATION) << "invalid JWT body";
295296
return auth::TokenCache::Entry::Unauthenticated();
296297
}
@@ -307,14 +308,14 @@ auth::TokenCache::Entry auth::TokenCache::validateJwtBody(std::string const& bod
307308
return auth::TokenCache::Entry::Unauthenticated();
308309
}
309310

310-
if (issSlice.copyString() != "arangodb") {
311+
if (!issSlice.isEqualString(velocypack::StringRef("arangodb"))) {
311312
LOG_TOPIC("2547e", TRACE, arangodb::Logger::AUTHENTICATION) << "invalid iss value";
312313
return auth::TokenCache::Entry::Unauthenticated();
313314
}
314315

315316
auth::TokenCache::Entry authResult("", false, 0);
316-
if (bodySlice.hasKey("preferred_username")) {
317-
VPackSlice const usernameSlice = bodySlice.get("preferred_username");
317+
VPackSlice const usernameSlice = bodySlice.get("preferred_username");
318+
if (!usernameSlice.isNone()) {
318319
if (!usernameSlice.isString() || usernameSlice.getStringLength() == 0) {
319320
return auth::TokenCache::Entry::Unauthenticated();
320321
}
@@ -330,8 +331,8 @@ auth::TokenCache::Entry auth::TokenCache::validateJwtBody(std::string const& bod
330331
return auth::TokenCache::Entry::Unauthenticated();
331332
}
332333

333-
if (bodySlice.hasKey("allowed_paths")) {
334-
VPackSlice const paths = bodySlice.get("allowed_paths");
334+
VPackSlice const paths = bodySlice.get("allowed_paths");
335+
if (!paths.isNone()) {
335336
if (!paths.isArray()) {
336337
LOG_TOPIC("89898", TRACE, arangodb::Logger::AUTHENTICATION)
337338
<< "allowed_paths must be an array";
@@ -353,8 +354,8 @@ auth::TokenCache::Entry auth::TokenCache::validateJwtBody(std::string const& bod
353354
}
354355

355356
// mop: optional exp (cluster currently uses non expiring jwts)
356-
if (bodySlice.hasKey("exp")) {
357-
VPackSlice const expSlice = bodySlice.get("exp");
357+
VPackSlice const expSlice = bodySlice.get("exp");
358+
if (!expSlice.isNone()) {
358359
if (!expSlice.isNumber()) {
359360
LOG_TOPIC("74735", TRACE, Logger::AUTHENTICATION) << "invalid exp value";
360361
return authResult; // unauthenticated
@@ -417,22 +418,22 @@ std::string auth::TokenCache::generateJwt(VPackSlice const& payload) const {
417418
bool hasIat = payload.hasKey("iat");
418419
if (hasIss && hasIat) {
419420
return generateRawJwt(payload);
420-
} else {
421-
VPackBuilder bodyBuilder;
422-
{
423-
VPackObjectBuilder p(&bodyBuilder);
424-
if (!hasIss) {
425-
bodyBuilder.add("iss", VPackValue("arangodb"));
426-
}
427-
if (!hasIat) {
428-
bodyBuilder.add("iat", VPackValue(TRI_microtime() / 1000));
429-
}
430-
for (auto const& obj : VPackObjectIterator(payload)) {
431-
bodyBuilder.add(obj.key.copyString(), obj.value);
432-
}
421+
}
422+
423+
VPackBuilder bodyBuilder;
424+
{
425+
VPackObjectBuilder p(&bodyBuilder);
426+
if (!hasIss) {
427+
bodyBuilder.add("iss", VPackValue("arangodb"));
428+
}
429+
if (!hasIat) {
430+
bodyBuilder.add("iat", VPackValue(TRI_microtime() / 1000));
431+
}
432+
for (auto const& obj : VPackObjectIterator(payload)) {
433+
bodyBuilder.add(obj.key.copyString(), obj.value);
433434
}
434-
return generateRawJwt(bodyBuilder.slice());
435435
}
436+
return generateRawJwt(bodyBuilder.slice());
436437
}
437438

438439
/// generate a JWT token for internal cluster communication

arangod/Auth/TokenCache.h

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -105,7 +105,7 @@ class TokenCache {
105105
TokenCache::Entry validateJwtBody(std::string const&);
106106
bool validateJwtHMAC256Signature(std::string const&, std::string const&);
107107

108-
std::shared_ptr<velocypack::Builder> parseJson(std::string const&, std::string const&);
108+
std::shared_ptr<velocypack::Builder> parseJson(std::string const& str, char const* hint);
109109

110110
/// generate new _jwtToken
111111
void generateJwtToken();

0 commit comments

Comments
 (0)
0