From 677657e23c4c394de5897003be0f01d274eadf94 Mon Sep 17 00:00:00 2001
From: einhornimmond <info@einhornimmond.de>
Date: Fri, 20 Dec 2024 15:21:04 +0100
Subject: [PATCH] make using worker optional

---
 .github/workflows/test_e2e.yml           |  2 +-
 backend/.env.template                    |  1 +
 backend/src/config/index.ts              |  1 +
 backend/src/password/EncryptionWorker.ts | 10 +++--
 backend/src/password/EncryptorUtils.ts   | 47 +++++++++++++++++-------
 deployment/bare_metal/.env.dist          |  1 +
 6 files changed, 44 insertions(+), 18 deletions(-)

diff --git a/.github/workflows/test_e2e.yml b/.github/workflows/test_e2e.yml
index 120fd0db3..bdf979bf9 100644
--- a/.github/workflows/test_e2e.yml
+++ b/.github/workflows/test_e2e.yml
@@ -35,7 +35,7 @@ jobs:
           cd database
           yarn && yarn dev_reset
           cd ../backend
-          yarn && yarn build && yarn seed
+          yarn && yarn seed
 
       - name: Boot up test system | docker-compose mailserver
         run: docker compose -f docker-compose.yml -f docker-compose.test.yml up --detach --no-deps mailserver
diff --git a/backend/.env.template b/backend/.env.template
index 71fbcbf31..7d588ff49 100644
--- a/backend/.env.template
+++ b/backend/.env.template
@@ -40,6 +40,7 @@ COMMUNITY_SUPPORT_MAIL=$COMMUNITY_SUPPORT_MAIL
 # Login Server
 LOGIN_APP_SECRET=21ffbbc616fe
 LOGIN_SERVER_KEY=a51ef8ac7ef1abf162fb7a65261acd7a
+USE_CRYPTO_WORKER=$USE_CRYPTO_WORKER
 
 # EMail
 EMAIL=$EMAIL
diff --git a/backend/src/config/index.ts b/backend/src/config/index.ts
index d66f729db..38d3d8283 100644
--- a/backend/src/config/index.ts
+++ b/backend/src/config/index.ts
@@ -76,6 +76,7 @@ const community = {
 const loginServer = {
   LOGIN_APP_SECRET: process.env.LOGIN_APP_SECRET ?? '21ffbbc616fe',
   LOGIN_SERVER_KEY: process.env.LOGIN_SERVER_KEY ?? 'a51ef8ac7ef1abf162fb7a65261acd7a',
+  USE_CRYPTO_WORKER: process.env.USE_CRYPTO_WORKER ?? false,
 }
 
 const email = {
diff --git a/backend/src/password/EncryptionWorker.ts b/backend/src/password/EncryptionWorker.ts
index 00129dc69..506a42c1e 100644
--- a/backend/src/password/EncryptionWorker.ts
+++ b/backend/src/password/EncryptionWorker.ts
@@ -1,5 +1,7 @@
 import { worker } from 'workerpool'
 
+import { CONFIG } from '@/config'
+
 import {
   crypto_box_SEEDBYTES,
   crypto_hash_sha512_init,
@@ -45,6 +47,8 @@ export const SecretKeyCryptographyCreateKey = (
   return [new Uint8Array(encryptionKeyHash), new Uint8Array(encryptionKey)]
 }
 
-worker({
-  SecretKeyCryptographyCreateKey,
-})
+if (CONFIG.USE_CRYPTO_WORKER) {
+  worker({
+    SecretKeyCryptographyCreateKey,
+  })
+}
diff --git a/backend/src/password/EncryptorUtils.ts b/backend/src/password/EncryptorUtils.ts
index 7086547a2..1f8b706a2 100644
--- a/backend/src/password/EncryptorUtils.ts
+++ b/backend/src/password/EncryptorUtils.ts
@@ -6,7 +6,7 @@ import { cpus } from 'os'
 import path from 'path'
 
 import { User } from '@entity/User'
-import { pool } from 'workerpool'
+import { Pool, pool } from 'workerpool'
 
 import { PasswordEncryptionType } from '@enum/PasswordEncryptionType'
 
@@ -16,16 +16,22 @@ import { backendLogger as logger } from '@/server/logger'
 
 import { crypto_shorthash_KEYBYTES } from 'sodium-native'
 
+import { SecretKeyCryptographyCreateKey as SecretKeyCryptographyCreateKeySync } from './EncryptionWorker'
+
 const configLoginAppSecret = Buffer.from(CONFIG.LOGIN_APP_SECRET, 'hex')
 const configLoginServerKey = Buffer.from(CONFIG.LOGIN_SERVER_KEY, 'hex')
 
-// TODO: put maxQueueSize into config
-const encryptionWorkerPool = pool(
-  path.join(__dirname, '..', '..', 'build', 'src', 'password', '/EncryptionWorker.ts'),
-  {
-    maxQueueSize: 30 * cpus().length,
-  },
-)
+let encryptionWorkerPool: Pool | undefined
+
+if (CONFIG.USE_CRYPTO_WORKER) {
+  encryptionWorkerPool = pool(
+    path.join(__dirname, '..', '..', 'build', 'src', 'password', '/EncryptionWorker.js'),
+    {
+      // TODO: put maxQueueSize into config
+      maxQueueSize: 30 * cpus().length,
+    },
+  )
+}
 
 // We will reuse this for changePassword
 export const isValidPassword = (password: string): boolean => {
@@ -50,12 +56,25 @@ export const SecretKeyCryptographyCreateKey = async (
         crypto_shorthash_KEYBYTES,
       )
     }
-    return (await encryptionWorkerPool.exec('SecretKeyCryptographyCreateKey', [
-      salt,
-      password,
-      configLoginAppSecret,
-      configLoginServerKey,
-    ])) as Promise<Uint8Array[]>
+    let result: Promise<Uint8Array[]>
+    if (encryptionWorkerPool) {
+      result = (await encryptionWorkerPool.exec('SecretKeyCryptographyCreateKey', [
+        salt,
+        password,
+        configLoginAppSecret,
+        configLoginServerKey,
+      ])) as Promise<Uint8Array[]>
+    } else {
+      result = Promise.resolve(
+        SecretKeyCryptographyCreateKeySync(
+          salt,
+          password,
+          configLoginAppSecret,
+          configLoginServerKey,
+        ),
+      )
+    }
+    return result
   } catch (e) {
     // pool is throwing this error
     // throw new Error('Max queue size of ' + this.maxQueueSize + ' reached');
diff --git a/deployment/bare_metal/.env.dist b/deployment/bare_metal/.env.dist
index 3b7a19b6b..a07d92dde 100644
--- a/deployment/bare_metal/.env.dist
+++ b/deployment/bare_metal/.env.dist
@@ -41,6 +41,7 @@ DEPLOY_SEED_DATA=false
 # if true all email will be send to EMAIL_TEST_RECEIVER instead of email address of user
 EMAIL_TEST_MODUS=false
 EMAIL_TEST_RECEIVER=test_team@gradido.net
+USE_CRYPTO_WORKER=true
 
 # Logging
 LOG_LEVEL=INFO