adds cache tests

pcrespov · pcrespov · commit 9bb907629ce2 · 2025-10-07T18:33:18.000+02:00
diff --git a/services/api-server/src/simcore_service_api_server/repository/api_keys.py b/services/api-server/src/simcore_service_api_server/repository/api_keys.py
@@ -2,6 +2,7 @@
 from typing import NamedTuple
 
 import sqlalchemy as sa
+from aiocache import cached
 from models_library.products import ProductName
 from pydantic.types import PositiveInt
 from simcore_postgres_database.models.api_keys import api_keys as auth_api_keys_table
@@ -21,13 +22,24 @@ class UserAndProductTuple(NamedTuple):
 class ApiKeysRepository(BaseRepository):
     """Auth access"""
 
+    @cached(
+        ttl=120,
+        key_builder=lambda *_args, **kwargs: f"api_auth:{kwargs['api_key']}",
+        namespace=__name__,
+        noself=True,
+    )
     async def get_user(
         self,
         connection: AsyncConnection | None = None,
         *,
         api_key: str,
-        api_secret: str
+        api_secret: str,
     ) -> UserAndProductTuple | None:
+        """Validates API key and secret, returning user info if valid otherwise None.
+
+        WARNING: Cached for 120s TTL - secret validation occurs every 2 minutes.
+        NOTE: to disable caching set AIOCACHE_DISABLE=1
+        """
 
         stmt = sa.select(
             auth_api_keys_table.c.user_id,
diff --git a/services/api-server/src/simcore_service_api_server/repository/users.py b/services/api-server/src/simcore_service_api_server/repository/users.py
@@ -1,4 +1,5 @@
 import sqlalchemy as sa
+from aiocache import Cache, cached  # type: ignore[import-untyped]
 from common_library.users_enums import UserStatus
 from models_library.emails import LowerCaseEmailStr
 from models_library.users import UserID
@@ -11,12 +12,30 @@
 
 
 class UsersRepository(BaseRepository):
+    @cached(
+        ttl=120,
+        key_builder=lambda *_args, **kwargs: f"user_email:{kwargs['user_id']}",
+        cache=Cache.MEMORY,
+        namespace=__name__,
+        noself=True,
+    )
     async def get_active_user_email(
         self,
         connection: AsyncConnection | None = None,
         *,
         user_id: UserID,
     ) -> LowerCaseEmailStr | None:
+        """Retrieves the email address of an active user.
+
+        Arguments:
+            user_id -- The ID of the user whose email is to be retrieved.
+
+        Returns:
+            The email address of the user if found, otherwise None.
+
+        WARNING: Cached for 120s TTL - email changes will not be seen for 2 minutes.
+        NOTE: to disable caching set AIOCACHE_DISABLE=1
+        """
         async with pass_or_acquire_connection(self.db_engine, connection) as conn:
             email = await conn.scalar(
                 sa.select(users.c.email).where(
diff --git a/services/api-server/tests/unit/_with_db/test_repository_api_keys.py b/services/api-server/tests/unit/_with_db/test_repository_api_keys.py
@@ -3,14 +3,17 @@
 # pylint: disable=unused-variable
 # pylint: disable=too-many-arguments
 
+import time
 from collections.abc import AsyncGenerator, AsyncIterator, Callable
 
 import pytest
+from aiocache import Cache
 from asgi_lifespan import LifespanManager
 from fastapi import FastAPI
 from fastapi.security import HTTPBasicCredentials
 from models_library.api_schemas_api_server.api_keys import ApiKeyInDB
 from pydantic import PositiveInt
+from pytest_mock import MockerFixture
 from simcore_service_api_server.api.dependencies.authentication import (
     get_current_identity,
 )
@@ -54,61 +57,156 @@ def users_repo(
     return UsersRepository(db_engine=async_engine)
 
 
-async def test_get_user_with_valid_credentials(
+@pytest.fixture
+async def api_key_in_db(
     create_fake_api_keys: Callable[[PositiveInt], AsyncGenerator[ApiKeyInDB, None]],
+) -> ApiKeyInDB:
+    """Creates a single API key in DB for testing purposes"""
+    return await anext(create_fake_api_keys(1))
+
+
+async def test_get_user_with_valid_credentials(
+    api_key_in_db: ApiKeyInDB,
     api_key_repo: ApiKeysRepository,
 ):
+    # Act
+    result = await api_key_repo.get_user(
+        api_key=api_key_in_db.api_key, api_secret=api_key_in_db.api_secret
+    )
 
-    # Generate a fake API key
-    async for api_key_in_db in create_fake_api_keys(1):
-        # Act
-        result = await api_key_repo.get_user(
-            api_key=api_key_in_db.api_key, api_secret=api_key_in_db.api_secret
-        )
-
-        # Assert
-        assert result is not None
-        assert result.user_id == api_key_in_db.user_id
-        assert result.product_name == api_key_in_db.product_name
-        break
+    # Assert
+    assert result is not None
+    assert result.user_id == api_key_in_db.user_id
+    assert result.product_name == api_key_in_db.product_name
 
 
 async def test_get_user_with_invalid_credentials(
+    api_key_in_db: ApiKeyInDB,
     api_key_repo: ApiKeysRepository,
-    create_fake_api_keys: Callable[[PositiveInt], AsyncGenerator[ApiKeyInDB, None]],
 ):
 
     # Generate a fake API key
-    async for api_key_in_db in create_fake_api_keys(1):
-        # Act - use wrong secret
-        result = await api_key_repo.get_user(
-            api_key=api_key_in_db.api_key, api_secret="wrong_secret"
-        )
 
-        # Assert
-        assert result is None
-        break
+    # Act - use wrong secret
+    result = await api_key_repo.get_user(
+        api_key=api_key_in_db.api_key, api_secret="wrong_secret"
+    )
+
+    # Assert
+    assert result is None
 
 
 async def test_rest_dependency_authentication(
+    api_key_in_db: ApiKeyInDB,
     api_key_repo: ApiKeysRepository,
     users_repo: UsersRepository,
-    create_fake_api_keys: Callable[[PositiveInt], AsyncGenerator[ApiKeyInDB, None]],
 ):
 
     # Generate a fake API key
-    async for api_key_in_db in create_fake_api_keys(1):
-        # Act
-        result = await get_current_identity(
-            apikeys_repo=api_key_repo,
-            users_repo=users_repo,
-            credentials=HTTPBasicCredentials(
-                username=api_key_in_db.api_key, password=api_key_in_db.api_secret
-            ),
-        )
-
-        # Assert
-        assert result is not None
-        assert result.user_id == api_key_in_db.user_id
-        assert result.product_name == api_key_in_db.product_name
-        break
+    # Act
+    result = await get_current_identity(
+        apikeys_repo=api_key_repo,
+        users_repo=users_repo,
+        credentials=HTTPBasicCredentials(
+            username=api_key_in_db.api_key, password=api_key_in_db.api_secret
+        ),
+    )
+
+    # Assert
+    assert result is not None
+    assert result.user_id == api_key_in_db.user_id
+    assert result.product_name == api_key_in_db.product_name
+
+
+async def test_cache_effectiveness_in_rest_authentication_dependencies(
+    api_key_in_db: ApiKeyInDB,
+    api_key_repo: ApiKeysRepository,
+    users_repo: UsersRepository,
+    monkeypatch: pytest.MonkeyPatch,
+    mocker: MockerFixture,
+):
+    """Test that caching reduces database calls and improves performance."""
+
+    # Generate a fake API key
+    credentials = HTTPBasicCredentials(
+        username=api_key_in_db.api_key, password=api_key_in_db.api_secret
+    )
+
+    # Test with cache enabled (default)
+    monkeypatch.delenv("AIOCACHE_DISABLE", raising=False)
+    await Cache().clear()  # Clear any existing cache
+
+    # Spy on the connection's execute method by patching AsyncConnection.execute
+    from sqlalchemy.ext.asyncio import AsyncConnection  # noqa: PLC0415
+
+    execute_spy = mocker.spy(AsyncConnection, "execute")
+
+    # First call - should hit database
+    start_time = time.time()
+    result1 = await get_current_identity(
+        apikeys_repo=api_key_repo,
+        users_repo=users_repo,
+        credentials=credentials,
+    )
+    first_call_time = time.time() - start_time
+
+    # Second call - should use cache
+    start_time = time.time()
+    result2 = await get_current_identity(
+        apikeys_repo=api_key_repo,
+        users_repo=users_repo,
+        credentials=credentials,
+    )
+    second_call_time = time.time() - start_time
+
+    cached_db_calls = execute_spy.call_count
+    execute_spy.reset_mock()
+
+    # Test with cache disabled
+    monkeypatch.setenv("AIOCACHE_DISABLE", "1")
+
+    # First call without cache
+    start_time = time.time()
+    result3 = await get_current_identity(
+        apikeys_repo=api_key_repo,
+        users_repo=users_repo,
+        credentials=credentials,
+    )
+    no_cache_first_time = time.time() - start_time
+
+    # Second call without cache
+    start_time = time.time()
+    result4 = await get_current_identity(
+        apikeys_repo=api_key_repo,
+        users_repo=users_repo,
+        credentials=credentials,
+    )
+    no_cache_second_time = time.time() - start_time
+
+    no_cache_db_calls = execute_spy.call_count
+
+    # ASSERTIONS
+    # All results should be identical
+    assert result1.user_id == result2.user_id == result3.user_id == result4.user_id
+    assert (
+        result1.product_name
+        == result2.product_name
+        == result3.product_name
+        == result4.product_name
+    )
+    assert result1.email == result2.email == result3.email == result4.email
+
+    # With cache: second call should be significantly faster
+    assert (
+        second_call_time < first_call_time * 0.5
+    ), "Cache should make subsequent calls faster"
+
+    # Without cache: both calls should take similar time
+    time_ratio = abs(no_cache_second_time - no_cache_first_time) / max(
+        no_cache_first_time, no_cache_second_time
+    )
+    assert time_ratio < 0.5, "Without cache, call times should be similar"
+
+    # With cache: fewer total database calls (due to caching)
+    # Without cache: more database calls (no caching)
+    assert no_cache_db_calls > cached_db_calls, "Cache should reduce database calls"
