perf(token_is_current?): add simplistic cache to reduce overhad of re…

…dundant token checks during validation calls
lynndylanhurley · Jun 17, 2015 · 425594e · 425594e
1 parent 5e4e4c0
commit 425594e
Showing 1 changed file with 12 additions and 1 deletion.
diff --git a/app/models/devise_token_auth/concerns/user.rb b/app/models/devise_token_auth/concerns/user.rb
@@ -1,6 +1,17 @@
 module DeviseTokenAuth::Concerns::User
   extend ActiveSupport::Concern
 
+  def self.tokens_match?(token_hash, token)
+    @token_equality_cache ||= {}
+
+    key = "#{token_hash}/#{token}"
+    result = @token_equality_cache[key] ||= (BCrypt::Password.new(token_hash) == token)
+    if @token_equality_cache.size > 10000
+      @token_equality_cache = {}
+    end
+    result
+  end
+
   included do
     # Hack to check if devise is already enabled
     unless self.method_defined?(:devise_modules)
@@ -111,7 +122,7 @@ def token_is_current?(token, client_id)
       DateTime.strptime(expiry.to_s, '%s') > Time.now and
 
       # ensure that the token is valid
-      BCrypt::Password.new(token_hash) == token
+      DeviseTokenAuth::Concerns::User.tokens_match?(token_hash, token)
     )
   end