password hashing blocks other requests

[zwhitchcox]

I'm implementing your design on my server, and I've noticed that password hashing blocks all requests, even get requests just to load the website.

Obviously, in a production setting, you wouldn't want the whole website to be stalled whenever someone is signing up/logging in, so, I was wondering if you had any suggestions regarding this?

Is there a simple way to support concurrent requests even while the password is hashing? Or would you simply recommend having multiple server instances for each request?

Saw that you upgraded to 0.2.3, btw, thanks for that!

[zwhitchcox]

I was able to fix this with this code:

            let password = form.password.clone();
            let hash = tokio::task::block_in_place(move || {
                bcrypt::hash(&password, bcrypt::DEFAULT_COST)
                .map_err(|e| format!("Hash failed: {}", e)).expect("couldn't hash password")
            });
            Ok((form, hash))

and editing Cargo.toml with

tokio = { version = "0.2", features = ["macros", "blocking", "rt-threaded"] }

will make PR if desired

S/O to @asonix for the help

[kaj]

Yes, that should use either block_in_place or spawn_blocking. I'm not sure which way is better. Do you have sound reasoning to prefer one over the other?

A PR would be welcome.

[zwhitchcox]

I do not, but I've been using block_in_place, and that has been working...I haven't tried spawn_blocking