From 1d54c1ad64994afc718ccfd0fababf56fb748fc9 Mon Sep 17 00:00:00 2001
From: maru <maru@myyahoo.com>
Date: Fri, 19 Apr 2024 13:27:55 -0400
Subject: [PATCH] Use channels to rate limit argon2

---
 api/account/common.go | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/api/account/common.go b/api/account/common.go
index 1dd98ad..70e21ba 100644
--- a/api/account/common.go
+++ b/api/account/common.go
@@ -2,7 +2,6 @@ package account
 
 import (
 	"regexp"
-	"sync"
 
 	"golang.org/x/crypto/argon2"
 )
@@ -18,18 +17,20 @@ const (
 	ArgonKeySize  = 32
 	ArgonSaltSize = 16
 
+	ArgonMaxInstances = 16
+
 	UUIDSize  = 16
 	TokenSize = 32
 )
 
 var (
 	isValidUsername = regexp.MustCompile(`^\w{1,16}$`).MatchString
-	argonMtx sync.Mutex
+	semaphore       = make(chan bool, ArgonMaxInstances)
 )
 
 func deriveArgon2IDKey(password, salt []byte) []byte {
-	argonMtx.Lock()
-	defer argonMtx.Unlock()
+	semaphore <- true
+	defer func() { <-semaphore }()
 
 	return argon2.IDKey(password, salt, ArgonTime, ArgonMemory, ArgonThreads, ArgonKeySize)
 }