anubis-mirror

arian/anubis-mirror

Fork 0

mirror of https://github.com/TecharoHQ/anubis.git synced 2026-06-09 22:08:15 +00:00

Commit Graph

Author	SHA1	Message	Date
Julien Voisin	3dc962b301	perf(internal/gzip): pool gzip.Writer per middleware instance (#1654 ) gzip.NewWriterLevel allocates fresh deflate window and hash table buffers (~1.18 MiB) on every request. This commit pools them in a closure-local sync.Pool so each middleware instance reuses its writers. The level is validated once at setup (NewWriterLevel against io.Discard); pooled writers are reset to io.Discard on Put so the pool doesn't pin response writers between requests. Only call site is RenderIndex (lib/http.go), which serves the challenge page, so this directly cuts the per-challenge allocation footprint. I benchmarked the change using the following benchmark, put in the commit message instead of in a file since it's pretty much useless outside of this particular change. ``` package internal import ( "io" "net/http" "net/http/httptest" "testing" ) func BenchmarkGzipMiddleware(b testing.B) { payload := make([]byte, 4096) for i := range payload { payload[i] = byte(i) } inner := http.HandlerFunc(func(w http.ResponseWriter, r http.Request) { w.Write(payload) }) h := GzipMiddleware(1, inner) b.ReportAllocs() b.RunParallel(func(pb testing.PB) { req := httptest.NewRequest(http.MethodGet, "/", nil) req.Header.Set("Accept-Encoding", "gzip") for pb.Next() { rec := httptest.NewRecorder() h.ServeHTTP(rec, req) io.Copy(io.Discard, rec.Body) } }) } ``` The results are pretty nice: Benchmarks (Linux arm64, count=10, benchstat, vs origin/main): GzipMiddleware-8 sec/op 158.8µs ± 4% -> 5.2µs ± 3% -96.72% (p=0.000) GzipMiddleware-8 B/op 1180.6 KiB -> 1.9 KiB -99.84% (p=0.000) GzipMiddleware-8 allocs/op 32 -> 13 -59.38% (p=0.000) Signed-off-by: jvoisin <julien.voisin@dustri.org>	2026-05-30 00:52:37 -04:00
Xe Iaso	b640c567da	feat(lib): ensure that clients store cookies (#501 ) * feat(lib): ensure that clients store cookies If a client is misconfigured and does not store cookies, then they can get into a proof of work death spiral with Anubis. This fixes the problem by setting a test cookie whenever the user gets hit with a challenge page. If the test cookie is not there at challenge pass time, then they are blocked. Administrators will also get a log message explaining that the user intentionally broke cookie support and that this behavior is not an Anubis bug. Additionally, this ensures that clients being shown a challenge support gzip-compressed responses by showing the challenge page at gzip level 1. This level is intentionally chosen in order to minimize system impacts. The ClearCookie function is made more generic to account for cookie names as an argument. A correlating SetCookie function was also added to make it easier to set cookies. * chore(lib): clean up test code Signed-off-by: Xe Iaso <me@xeiaso.net> --------- Signed-off-by: Xe Iaso <me@xeiaso.net>	2025-05-16 13:03:40 -04:00

Author

SHA1

Message

Date

Julien Voisin

3dc962b301

perf(internal/gzip): pool *gzip.Writer per middleware instance (#1654 )

gzip.NewWriterLevel allocates fresh deflate window and hash table
buffers (~1.18 MiB) on every request. This commit pools them in a closure-local
sync.Pool so each middleware instance reuses its writers.

The level is validated once at setup (NewWriterLevel against
io.Discard); pooled writers are reset to io.Discard on Put so the
pool doesn't pin response writers between requests.

Only call site is RenderIndex (lib/http.go), which serves the
challenge page, so this directly cuts the per-challenge allocation
footprint.

I benchmarked the change using the following benchmark,
put in the commit message instead of in a file since it's pretty much useless
outside of this particular change.

```
package internal

import (
	"io"
	"net/http"
	"net/http/httptest"
	"testing"
)

func BenchmarkGzipMiddleware(b *testing.B) {
	payload := make([]byte, 4096)
	for i := range payload {
		payload[i] = byte(i)
	}

	inner := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		w.Write(payload)
	})
	h := GzipMiddleware(1, inner)

	b.ReportAllocs()
	b.RunParallel(func(pb *testing.PB) {
		req := httptest.NewRequest(http.MethodGet, "/", nil)
		req.Header.Set("Accept-Encoding", "gzip")
		for pb.Next() {
			rec := httptest.NewRecorder()
			h.ServeHTTP(rec, req)
			io.Copy(io.Discard, rec.Body)
		}
	})
}
```

The results are pretty nice:

Benchmarks (Linux arm64, count=10, benchstat, vs origin/main):

  GzipMiddleware-8  sec/op     158.8µs ± 4%  ->   5.2µs ± 3%  -96.72% (p=0.000)
  GzipMiddleware-8  B/op       1180.6 KiB    ->   1.9 KiB     -99.84% (p=0.000)
  GzipMiddleware-8  allocs/op  32            ->  13           -59.38% (p=0.000)

Signed-off-by: jvoisin <julien.voisin@dustri.org>

2026-05-30 00:52:37 -04:00

Xe Iaso

b640c567da

feat(lib): ensure that clients store cookies (#501 )

* feat(lib): ensure that clients store cookies

If a client is misconfigured and does not store cookies, then they can
get into a proof of work death spiral with Anubis. This fixes the
problem by setting a test cookie whenever the user gets hit with a
challenge page. If the test cookie is not there at challenge pass time,
then they are blocked. Administrators will also get a log message
explaining that the user intentionally broke cookie support and that this
behavior is not an Anubis bug.

Additionally, this ensures that clients being shown a challenge support
gzip-compressed responses by showing the challenge page at gzip level 1.
This level is intentionally chosen in order to minimize system impacts.

The ClearCookie function is made more generic to account for cookie
names as an argument. A correlating SetCookie function was also added to
make it easier to set cookies.

* chore(lib): clean up test code

Signed-off-by: Xe Iaso <me@xeiaso.net>

---------

Signed-off-by: Xe Iaso <me@xeiaso.net>

2025-05-16 13:03:40 -04:00

2 Commits