From acf0b72baf3e9a3289d4080e6bafa9ead1fa14c9 Mon Sep 17 00:00:00 2001 From: Andrew Clark Date: Wed, 20 Sep 2023 17:55:47 -0400 Subject: [PATCH] Use MurmurHash3 when native hashing function is not available Adds a pure JS implementation of a string hashing function. We do not use it for security or obfuscation purposes, only to create compact hashes. So we prioritize speed over collision avoidance. For example, we use this to hash the component key path used by useFormState for MPA-style submissions. See #27397 for details. In environments where built-in hashing functions are available, we prefer those instead. Like Node's crypto module, or Bun.hash. Unfortunately this does not include the web standard crypto API because those methods are all async. For our purposes, we need it to be sync because the cost of context switching is too high to be worth it. The most popular hashing algorithm that meets these requirements in the JS ecosystem is MurmurHash3, and almost all implementations I could find used some version of the implementation by Gary Court. So that's the one I've used. In the future we should try to migrate these to native calls whenever possible. It's especially unfortunate that the Edge build doesn't use a native implementation, because that's the one used by newer frameworks like Next.js. --- .../ReactDOMLegacyServerStreamConfig.js | 4 +- .../src/ReactServerStreamConfigFB.js | 4 +- .../src/ReactServerStreamConfigBrowser.js | 4 +- .../src/ReactServerStreamConfigEdge.js | 4 +- packages/react-server/src/createFastHashJS.js | 122 ++++++++++++++++++ 5 files changed, 126 insertions(+), 12 deletions(-) create mode 100644 packages/react-server/src/createFastHashJS.js diff --git a/packages/react-dom-bindings/src/server/ReactDOMLegacyServerStreamConfig.js b/packages/react-dom-bindings/src/server/ReactDOMLegacyServerStreamConfig.js index a568a4587fa..0791791a148 100644 --- a/packages/react-dom-bindings/src/server/ReactDOMLegacyServerStreamConfig.js +++ b/packages/react-dom-bindings/src/server/ReactDOMLegacyServerStreamConfig.js @@ -77,6 +77,4 @@ export function closeWithError(destination: Destination, error: mixed): void { destination.destroy(error); } -export function createFastHash(input: string): string | number { - return input; -} +export {createFastHashJS as createFastHash} from 'react-server/src/createFastHashJS'; diff --git a/packages/react-server-dom-fb/src/ReactServerStreamConfigFB.js b/packages/react-server-dom-fb/src/ReactServerStreamConfigFB.js index 0196b7ce1cd..a06b2a73d76 100644 --- a/packages/react-server-dom-fb/src/ReactServerStreamConfigFB.js +++ b/packages/react-server-dom-fb/src/ReactServerStreamConfigFB.js @@ -84,6 +84,4 @@ export function closeWithError(destination: Destination, error: mixed): void { destination.error = error; } -export function createFastHash(input: string): string | number { - return input; -} +export {createFastHashJS as createFastHash} from 'react-server/src/createFastHashJS'; diff --git a/packages/react-server/src/ReactServerStreamConfigBrowser.js b/packages/react-server/src/ReactServerStreamConfigBrowser.js index ab1a0720e6c..da1a56f8133 100644 --- a/packages/react-server/src/ReactServerStreamConfigBrowser.js +++ b/packages/react-server/src/ReactServerStreamConfigBrowser.js @@ -183,6 +183,4 @@ export function closeWithError(destination: Destination, error: mixed): void { } } -export function createFastHash(input: string): string | number { - return input; -} +export {createFastHashJS as createFastHash} from 'react-server/src/createFastHashJS'; diff --git a/packages/react-server/src/ReactServerStreamConfigEdge.js b/packages/react-server/src/ReactServerStreamConfigEdge.js index a6a11d25756..1bc9d7655a0 100644 --- a/packages/react-server/src/ReactServerStreamConfigEdge.js +++ b/packages/react-server/src/ReactServerStreamConfigEdge.js @@ -183,6 +183,4 @@ export function closeWithError(destination: Destination, error: mixed): void { } } -export function createFastHash(input: string): string | number { - return input; -} +export {createFastHashJS as createFastHash} from 'react-server/src/createFastHashJS'; diff --git a/packages/react-server/src/createFastHashJS.js b/packages/react-server/src/createFastHashJS.js new file mode 100644 index 00000000000..a72c75a88ff --- /dev/null +++ b/packages/react-server/src/createFastHashJS.js @@ -0,0 +1,122 @@ +/** + * Copyright (c) Meta Platforms, Inc. and affiliates. + * + * This source code is licensed under the MIT license found in the + * LICENSE file in the root directory of this source tree. + * + * @flow + */ + +// A pure JS implementation of a string hashing function. We do not use it for +// security or obfuscation purposes, only to create compact hashes. So we +// prioritize speed over collision avoidance. For example, we use this to hash +// the component key path used by useFormState for MPA-style submissions. +// +// In environments where built-in hashing functions are available, we prefer +// those instead. Like Node's crypto module, or Bun.hash. Unfortunately this +// does not include the web standard crypto API because those methods are all +// async. For our purposes, we need it to be sync because the cost of context +// switching is too high to be worth it. +// +// The most popular hashing algorithm that meets these requirements in the JS +// ecosystem is MurmurHash3, and almost all implementations I could find used +// some version of the implementation by Gary Court inlined below. + +export function createFastHashJS(key: string): number { + return murmurhash3_32_gc(key, 0); +} + +/* eslint-disable prefer-const, no-fallthrough */ + +/** + * @license + * + * JS Implementation of MurmurHash3 (r136) (as of May 20, 2011) + * + * Copyright (c) 2011 Gary Court + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + */ + +function murmurhash3_32_gc(key: string, seed: number): number { + let remainder, bytes, h1, h1b, c1, c2, k1, i; + + remainder = key.length & 3; // key.length % 4 + bytes = key.length - remainder; + h1 = seed; + c1 = 0xcc9e2d51; + c2 = 0x1b873593; + i = 0; + + while (i < bytes) { + k1 = + (key.charCodeAt(i) & 0xff) | + ((key.charCodeAt(++i) & 0xff) << 8) | + ((key.charCodeAt(++i) & 0xff) << 16) | + ((key.charCodeAt(++i) & 0xff) << 24); + ++i; + + k1 = + ((k1 & 0xffff) * c1 + ((((k1 >>> 16) * c1) & 0xffff) << 16)) & 0xffffffff; + k1 = (k1 << 15) | (k1 >>> 17); + k1 = + ((k1 & 0xffff) * c2 + ((((k1 >>> 16) * c2) & 0xffff) << 16)) & 0xffffffff; + + h1 ^= k1; + h1 = (h1 << 13) | (h1 >>> 19); + h1b = + ((h1 & 0xffff) * 5 + ((((h1 >>> 16) * 5) & 0xffff) << 16)) & 0xffffffff; + h1 = (h1b & 0xffff) + 0x6b64 + ((((h1b >>> 16) + 0xe654) & 0xffff) << 16); + } + + k1 = 0; + + switch (remainder) { + case 3: + k1 ^= (key.charCodeAt(i + 2) & 0xff) << 16; + case 2: + k1 ^= (key.charCodeAt(i + 1) & 0xff) << 8; + case 1: + k1 ^= key.charCodeAt(i) & 0xff; + + k1 = + ((k1 & 0xffff) * c1 + ((((k1 >>> 16) * c1) & 0xffff) << 16)) & + 0xffffffff; + k1 = (k1 << 15) | (k1 >>> 17); + k1 = + ((k1 & 0xffff) * c2 + ((((k1 >>> 16) * c2) & 0xffff) << 16)) & + 0xffffffff; + h1 ^= k1; + } + + h1 ^= key.length; + + h1 ^= h1 >>> 16; + h1 = + ((h1 & 0xffff) * 0x85ebca6b + + ((((h1 >>> 16) * 0x85ebca6b) & 0xffff) << 16)) & + 0xffffffff; + h1 ^= h1 >>> 13; + h1 = + ((h1 & 0xffff) * 0xc2b2ae35 + + ((((h1 >>> 16) * 0xc2b2ae35) & 0xffff) << 16)) & + 0xffffffff; + h1 ^= h1 >>> 16; + + return h1 >>> 0; +}