From 3265b17fbd4ee3fb94ae6f49c08db8151087d665 Mon Sep 17 00:00:00 2001
From: Emmanuel Raviart <emmanuel@raviart.com>
Date: Wed, 11 Aug 2021 23:57:33 +0200
Subject: [PATCH] Use XXHash instead of SHA-256 for simulation tokens.

---
 package-lock.json                           | 19 ++++++++++++++++++-
 package.json                                |  3 ++-
 src/routes/simulations/[simulation].json.ts |  9 +--------
 src/routes/simulations/index.json.ts        | 14 ++++----------
 4 files changed, 25 insertions(+), 20 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 1de8d15c8..0a56cf0d1 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -48,7 +48,8 @@
         "tailwindcss": "^2.0.3",
         "tslib": "^2.0.0",
         "typescript": "^4.0.0",
-        "uuid": "^8.3.2"
+        "uuid": "^8.3.2",
+        "xxhash-addon": "^1.4.0"
       }
     },
     "node_modules/@auditors/core": {
@@ -6923,6 +6924,16 @@
         "node": ">=0.4"
       }
     },
+    "node_modules/xxhash-addon": {
+      "version": "1.4.0",
+      "resolved": "https://registry.npmjs.org/xxhash-addon/-/xxhash-addon-1.4.0.tgz",
+      "integrity": "sha512-n3Ml0Vgvy7jMYJBlQIoFLjYxXNZQ5CbzW8E2Ynq2QCUpWMqCouooW7j02+7Oud5FijBuSrjQNuN/fCiz1SHN+w==",
+      "dev": true,
+      "hasInstallScript": true,
+      "engines": {
+        "node": ">=8.6.0 <9.0.0 || >=10.0.0"
+      }
+    },
     "node_modules/yallist": {
       "version": "4.0.0",
       "resolved": "https://registry.npmjs.org/yallist/-/yallist-4.0.0.tgz",
@@ -11936,6 +11947,12 @@
       "integrity": "sha512-LKYU1iAXJXUgAXn9URjiu+MWhyUXHsvfp7mcuYm9dSUKK0/CjtrUwFAxD82/mCWbtLsGjFIad0wIsod4zrTAEQ==",
       "dev": true
     },
+    "xxhash-addon": {
+      "version": "1.4.0",
+      "resolved": "https://registry.npmjs.org/xxhash-addon/-/xxhash-addon-1.4.0.tgz",
+      "integrity": "sha512-n3Ml0Vgvy7jMYJBlQIoFLjYxXNZQ5CbzW8E2Ynq2QCUpWMqCouooW7j02+7Oud5FijBuSrjQNuN/fCiz1SHN+w==",
+      "dev": true
+    },
     "yallist": {
       "version": "4.0.0",
       "resolved": "https://registry.npmjs.org/yallist/-/yallist-4.0.0.tgz",
diff --git a/package.json b/package.json
index bdf3a071f..a83b823bd 100644
--- a/package.json
+++ b/package.json
@@ -52,7 +52,8 @@
     "tailwindcss": "^2.0.3",
     "tslib": "^2.0.0",
     "typescript": "^4.0.0",
-    "uuid": "^8.3.2"
+    "uuid": "^8.3.2",
+    "xxhash-addon": "^1.4.0"
   },
   "type": "module"
 }
diff --git a/src/routes/simulations/[simulation].json.ts b/src/routes/simulations/[simulation].json.ts
index 702fb5fb6..d9f5f7686 100644
--- a/src/routes/simulations/[simulation].json.ts
+++ b/src/routes/simulations/[simulation].json.ts
@@ -7,17 +7,10 @@ import {
 } from "@auditors/core"
 import type { JsonValue } from "@openfisca/ast"
 import type { RequestHandler } from "@sveltejs/kit"
-import { createHash } from "crypto"
 import fs from "fs-extra"
 import path from "path"
-import sanitizeFilename from "sanitize-filename"
 
-import { walkDecompositionsCoreName } from "$lib/decompositions"
-import type { Reform } from "$lib/reforms"
 import config from "$lib/server/config"
-import { decompositionCoreByName, waterfalls } from "$lib/server/decompositions"
-import { iterVariableInputVariables } from "$lib/server/variables"
-import type { Situation } from "$lib/situations"
 
 const { simulationsDir } = config
 
@@ -41,7 +34,7 @@ function auditParams(audit: Audit, dataUnknown: unknown): [unknown, unknown] {
     remainingKeys,
     auditTrimString,
     auditTest(
-      (value) => /^[0-9a-f]{64}$/.test(value),
+      (value) => /^[0-9a-f]{16}$/.test(value),
       "Invalid simulation token",
     ),
     auditRequire,
diff --git a/src/routes/simulations/index.json.ts b/src/routes/simulations/index.json.ts
index 854f28f65..73b69d24e 100644
--- a/src/routes/simulations/index.json.ts
+++ b/src/routes/simulations/index.json.ts
@@ -2,17 +2,11 @@ import type { Audit } from "@auditors/core"
 import { auditCleanArray, auditRequire, cleanAudit } from "@auditors/core"
 import type { JsonValue } from "@openfisca/ast"
 import type { RequestHandler } from "@sveltejs/kit"
-import { createHash } from "crypto"
 import fs from "fs-extra"
 import path from "path"
-import sanitizeFilename from "sanitize-filename"
+import { XXHash3 } from "xxhash-addon"
 
-import { walkDecompositionsCoreName } from "$lib/decompositions"
-import type { Reform } from "$lib/reforms"
 import config from "$lib/server/config"
-import { decompositionCoreByName, waterfalls } from "$lib/server/decompositions"
-import { iterVariableInputVariables } from "$lib/server/variables"
-import type { Situation } from "$lib/situations"
 
 const { simulationsDir } = config
 
@@ -78,9 +72,9 @@ export const post: RequestHandler = async ({
     }
   }
   const bodyJson = JSON.stringify(body, null, 2)
-  const hash = createHash("sha256")
-  hash.update(bodyJson)
-  const digest = hash.digest("hex")
+  const hasher = new XXHash3()
+  hasher.update(Buffer.from(bodyJson))
+  const digest = hasher.digest().toString("hex")
 
   const simulationDir = path.join(simulationsDir, digest.substring(0, 2))
   const simulationFilePath = path.join(simulationDir, `${digest}.json`)
-- 
GitLab