tracing: use instrumented bcrypt hasher if tracing has been enabled

Signed-off-by: Amir Aslaminejad <[email protected]>
m7715 · Sep 26, 2018 · acea751 · acea751
1 parent 566dd45
commit acea751
Show file tree

Hide file tree

Showing 3 changed files with 21 additions and 7 deletions.
diff --git a/cmd/server/handler.go b/cmd/server/handler.go
@@ -127,15 +127,16 @@ func setup(c *config.Config, cmd *cobra.Command, args []string, name string) (ha
 	w := herodot.NewJSONWriter(logger)
 	w.ErrorEnhancer = nil
 
-	handler = NewHandler(c, w)
-	handler.RegisterRoutes(frontend, backend)
-	c.ForceHTTP, _ = cmd.Flags().GetBool("dangerous-force-http")
 	if tracer, err := c.GetTracer(); err != nil {
 		c.GetLogger().Fatalf("Failed to initialize tracer: %s", err)
 	} else if tracer.IsLoaded() {
 		middlewares = append(middlewares, tracer)
 	}
 
+	handler = NewHandler(c, w)
+	handler.RegisterRoutes(frontend, backend)
+	c.ForceHTTP, _ = cmd.Flags().GetBool("dangerous-force-http")
+
 	if !c.ForceHTTP {
 		if c.Issuer == "" {
 			logger.Fatalln("IssuerURL must be explicitly specified unless --dangerous-force-http is passed. To find out more, use `hydra help serve`.")

diff --git a/cmd/server/handler_oauth2_factory.go b/cmd/server/handler_oauth2_factory.go
@@ -40,6 +40,7 @@ import (
 	"github.com/ory/hydra/jwk"
 	"github.com/ory/hydra/oauth2"
 	"github.com/ory/hydra/pkg"
+	"github.com/ory/hydra/tracing"
 	"github.com/pborman/uuid"
 	"github.com/spf13/viper"
 )
@@ -50,6 +51,7 @@ func injectFositeStore(c *config.Config, clients client.Manager) {
 }
 
 func newOAuth2Provider(c *config.Config) fosite.OAuth2Provider {
+	var hasher fosite.Hasher
 	var ctx = c.Context()
 	var store = ctx.FositeStore
 	expectDependency(c.GetLogger(), ctx.FositeStore)
@@ -113,6 +115,10 @@ func newOAuth2Provider(c *config.Config) fosite.OAuth2Provider {
 		c.GetLogger().Fatalf(`Environment variable OAUTH2_ACCESS_TOKEN_STRATEGY is set to "%s" but only "opaque" and "jwt" are valid values.`, c.OAuth2AccessTokenStrategy)
 	}
 
+	if tracer, err := c.GetTracer(); err == nil && tracer.IsLoaded() {
+		hasher = &tracing.TracedBCrypt{fc.HashCost}
+	}
+
 	return compose.Compose(
 		fc,
 		store,
@@ -121,7 +127,7 @@ func newOAuth2Provider(c *config.Config) fosite.OAuth2Provider {
 			OpenIDConnectTokenStrategy: oidcStrategy,
 			JWTStrategy:                jwtStrategy,
 		},
-		nil,
+		hasher,
 		compose.OAuth2AuthorizeExplicitFactory,
 		compose.OAuth2AuthorizeImplicitFactory,
 		compose.OAuth2ClientCredentialsGrantFactory,

diff --git a/config/config.go b/config/config.go
@@ -291,6 +291,7 @@ func (c *Config) Context() *Context {
 	if c.context != nil {
 		return c.context
 	}
+	var hasher fosite.Hasher
 
 	if c.DatabaseURL == "" {
 		c.GetLogger().Fatalf(`DATABASE_URL is not set, use "export DATABASE_URL=memory" for an in memory storage or the documented database adapters.`)
@@ -322,11 +323,17 @@ func (c *Config) Context() *Context {
 		c.GetLogger().Fatalf(`Unknown DSN scheme "%s" in DATABASE_URL "%s", schemes %v supported`, scheme, c.DatabaseURL, supportedSchemes())
 	}
 
+	hasher = &fosite.BCrypt{
+		WorkFactor: c.BCryptWorkFactor,
+	}
+
+	if tracer, err := c.GetTracer(); err == nil && tracer.IsLoaded() {
+		hasher = &tracing.TracedBCrypt{c.BCryptWorkFactor}
+	}
+
 	c.context = &Context{
 		Connection: connection,
-		Hasher: &fosite.BCrypt{
-			WorkFactor: c.BCryptWorkFactor,
-		},
+		Hasher:     hasher,
 		FositeStrategy: &foauth2.HMACSHAStrategy{
 			Enigma: &hmac.HMACStrategy{
 				GlobalSecret: c.GetSystemSecret(),