Use koa-csrf in high performance way

If you're using koa-csrf in default middleware way, it will kill your app performance.

app.js like this:

var koa = require('koa');
var csrf = require('koa-csrf');
var session = require('koa-session');

var app = koa();
app.keys = ['session secret'];
app.use(session());
app.use(csrf());

app.use(function* () {
  this.body = 'hello csrf';
});

app.listen(1984);

Use wrk benchmark it:

$ wrk -t2 -c20 http://127.0.0.1:1984/
Running 10s test @ http://127.0.0.1:1984/
  2 threads and 20 connections
  Thread Stats   Avg      Stdev     Max   +/- Stdev
    Latency     4.29ms    1.14ms  11.42ms   92.11%
    Req/Sec     2.51k   505.52     3.55k    62.38%
  48021 requests in 10.00s, 7.79MB read
Requests/sec:   4802.27
Transfer/sec:    797.25KB

The high performance way

Separate csrf define(app) and csrf middleware. Dont define(ctx) on every request context.

app_high.js like this:

var koa = require('koa');
var csrf = require('koa-csrf');
var session = require('koa-session');

var app = koa();
app.keys = ['session secret'];
app.use(session());
csrf(app);
app.use(csrf.middleware);

app.use(function* () {
  this.body = 'hello csrf';
});

app.listen(1985);

Use wrk benchmark it:

$ wrk -t2 -c20 http://127.0.0.1:1985/
Running 10s test @ http://127.0.0.1:1985/
  2 threads and 20 connections
  Thread Stats   Avg      Stdev     Max   +/- Stdev
    Latency     3.67ms    2.19ms  15.65ms   93.55%
    Req/Sec     3.17k     0.87k    4.44k    75.50%
  59757 requests in 10.00s, 9.69MB read
Requests/sec:   5975.71
Transfer/sec:      0.97MB

Love

Hope this help for you.

Comments

Fork me on GitHub