I'm implementing an API using CakePHP3 with a MySQL database.
Everything works fine. The endpoints are a secured with a Basic Authentication.
Now I have noticed that the performance is dreadful. I started some speed tests with loader.io and noticed that the response times are around 400ms.
I don't know why, but at one point i deactivated the AuthComponent of CakePHP and suddenly I only had a response time of 120ms.
So I started digging around. I then implemented my own BasicAuthentication by just reading the header and comparing the user & password with my users table in the database. I still have ~120ms response time. Is the CakePHP3 AuthComponent just bloated up? I also noticed while having the AuthComponent activated that my php-fpm uses a large amount of CPU. Without The AuthComponent it's practicly nothing.
I implemented the BasicAuth exactly as described in the CakePHP Documentation. I just don't know what is going on. I would prefer to use the actual CakePHP methods than implementing my own check. Has anybody else ever had this issue? I just don't understand what is going on.
at last we found out what was causing the long response times. It wasn't the AuthComponent but more the DefaultPasswordHasher.
I wrote a new PasswordHasher (for testing purposes returning the password unhashed) and the speed went up by factor 3.