use a single client per service

Author: devksingh4

src/api/functions/cache.ts

@@ -6,11 +6,8 @@ import {
 import { genericConfig } from "../../common/config.js";
 import { marshall, unmarshall } from "@aws-sdk/util-dynamodb";
 
-const dynamoClient = new DynamoDBClient({
-  region: genericConfig.AwsRegion,
-});
-
 export async function getItemFromCache(
+  dynamoClient: DynamoDBClient,
   key: string,
 ): Promise<null | Record<string, string | number>> {
   const currentTime = Math.floor(Date.now() / 1000);
@@ -37,6 +34,7 @@ export async function getItemFromCache(
 }
 
 export async function insertItemIntoCache(
+  dynamoClient: DynamoDBClient,
   key: string,
   value: Record<string, string | number>,
   expireAt: Date,

src/api/functions/discord.ts

@@ -15,6 +15,7 @@ import { FastifyBaseLogger } from "fastify";
 import { DiscordEventError } from "../../common/errors/index.js";
 import { getSecretValue } from "../plugins/auth.js";
 import { genericConfig } from "../../common/config.js";
+import { SecretsManagerClient } from "@aws-sdk/client-secrets-manager";
 
 // https://stackoverflow.com/a/3809435/5684541
 // https://calendar-buff.acmuiuc.pages.dev/calendar?id=dd7af73a-3df6-4e12-b228-0d2dac34fda7&date=2024-08-30
@@ -24,12 +25,13 @@ export type IUpdateDiscord = EventPostRequest & { id: string };
 
 const urlRegex = /https:\/\/[a-z0-9\.-]+\/calendar\?id=([a-f0-9-]+)/;
 export const updateDiscord = async (
+  smClient: SecretsManagerClient,
   event: IUpdateDiscord,
   isDelete: boolean = false,
   logger: FastifyBaseLogger,
 ): Promise<null | GuildScheduledEventCreateOptions> => {
   const secretApiConfig =
-    (await getSecretValue(genericConfig.ConfigSecretName)) || {};
+    (await getSecretValue(smClient, genericConfig.ConfigSecretName)) || {};
   const client = new Client({ intents: [GatewayIntentBits.Guilds] });
   let payload: GuildScheduledEventCreateOptions | null = null;
 

src/api/functions/entraId.ts

@@ -18,18 +18,23 @@ import {
   EntraGroupActions,
   EntraInvitationResponse,
 } from "../../common/types/iam.js";
+import { FastifyInstance } from "fastify";
 
 function validateGroupId(groupId: string): boolean {
   const groupIdPattern = /^[a-zA-Z0-9-]+$/; // Adjust the pattern as needed
   return groupIdPattern.test(groupId);
 }
 
 export async function getEntraIdToken(
+  fastify: FastifyInstance,
   clientId: string,
   scopes: string[] = ["https://graph.microsoft.com/.default"],
 ) {
   const secretApiConfig =
-    (await getSecretValue(genericConfig.ConfigSecretName)) || {};
+    (await getSecretValue(
+      fastify.secretsManagerClient,
+      genericConfig.ConfigSecretName,
+    )) || {};
   if (
     !secretApiConfig.entra_id_private_key ||
     !secretApiConfig.entra_id_thumbprint
@@ -42,7 +47,10 @@ export async function getEntraIdToken(
     secretApiConfig.entra_id_private_key as string,
     "base64",
   ).toString("utf8");
-  const cachedToken = await getItemFromCache("entra_id_access_token");
+  const cachedToken = await getItemFromCache(
+    fastify.dynamoClient,
+    "entra_id_access_token",
+  );
   if (cachedToken) {
     return cachedToken["token"] as string;
   }
@@ -70,6 +78,7 @@ export async function getEntraIdToken(
     date.setTime(date.getTime() - 30000);
     if (result?.accessToken) {
       await insertItemIntoCache(
+        fastify.dynamoClient,
         "entra_id_access_token",
         { token: result?.accessToken },
         date,

src/api/index.ts

@@ -19,12 +19,22 @@ import iamRoutes from "./routes/iam.js";
 import ticketsPlugin from "./routes/tickets.js";
 import { STSClient, GetCallerIdentityCommand } from "@aws-sdk/client-sts";
 import NodeCache from "node-cache";
+import { DynamoDBClient } from "@aws-sdk/client-dynamodb";
+import { SecretsManagerClient } from "@aws-sdk/client-secrets-manager";
 
 dotenv.config();
 
 const now = () => Date.now();
 
 async function init() {
+  const dynamoClient = new DynamoDBClient({
+    region: genericConfig.AwsRegion,
+  });
+
+  const secretsManagerClient = new SecretsManagerClient({
+    region: genericConfig.AwsRegion,
+  });
+
   const app: FastifyInstance = fastify({
     logger: {
       level: process.env.LOG_LEVEL || "info",
@@ -70,6 +80,8 @@ async function init() {
   app.environmentConfig =
     environmentConfig[app.runEnvironment as RunEnvironment];
   app.nodeCache = new NodeCache({ checkperiod: 30 });
+  app.dynamoClient = dynamoClient;
+  app.secretsManagerClient = secretsManagerClient;
   app.addHook("onRequest", (req, _, done) => {
     req.startTime = now();
     const hostname = req.hostname;
@@ -108,7 +120,7 @@ async function init() {
   await app.register(cors, {
     origin: app.environmentConfig.ValidCorsOrigins,
   });
-
+  app.log.info("Initialized new Fastify instance...");
   return app;
 }
 

src/api/plugins/auth.ts

@@ -53,15 +53,9 @@ export type AadToken = {
   ver: string;
   roles?: string[];
 };
-const smClient = new SecretsManagerClient({
-  region: genericConfig.AwsRegion,
-});
-
-const dynamoClient = new DynamoDBClient({
-  region: genericConfig.AwsRegion,
-});
 
 export const getSecretValue = async (
+  smClient: SecretsManagerClient,
   secretId: string,
 ): Promise<Record<string, string | number | boolean> | null | SecretConfig> => {
   const data = await smClient.send(
@@ -118,7 +112,10 @@ const authPlugin: FastifyPluginAsync = async (fastify, _options) => {
           signingKey =
             process.env.JwtSigningKey ||
             ((
-              (await getSecretValue(genericConfig.ConfigSecretName)) || {
+              (await getSecretValue(
+                fastify.secretsManagerClient,
+                genericConfig.ConfigSecretName,
+              )) || {
                 jwt_key: "",
               }
             ).jwt_key as string) ||
@@ -168,7 +165,7 @@ const authPlugin: FastifyPluginAsync = async (fastify, _options) => {
         if (verifiedTokenData.groups) {
           const groupRoles = await Promise.allSettled(
             verifiedTokenData.groups.map((x) =>
-              getGroupRoles(dynamoClient, fastify, x),
+              getGroupRoles(fastify.dynamoClient, fastify, x),
             ),
           );
           for (const result of groupRoles) {
@@ -201,7 +198,7 @@ const authPlugin: FastifyPluginAsync = async (fastify, _options) => {
         if (request.username) {
           try {
             const userAuth = await getUserRoles(
-              dynamoClient,
+              fastify.dynamoClient,
               fastify,
               request.username,
             );

src/api/routes/events.ts

@@ -5,7 +5,6 @@ import { zodToJsonSchema } from "zod-to-json-schema";
 import { OrganizationList } from "../../common/orgs.js";
 import {
   DeleteItemCommand,
-  DynamoDBClient,
   GetItemCommand,
   PutItemCommand,
   QueryCommand,
@@ -27,6 +26,7 @@ import { IUpdateDiscord, updateDiscord } from "../functions/discord.js";
 // POST
 
 const repeatOptions = ["weekly", "biweekly"] as const;
+const EVENT_CACHE_SECONDS = 90;
 export type EventRepeatOptions = (typeof repeatOptions)[number];
 
 const baseSchema = z.object({
@@ -80,10 +80,6 @@ const getEventsSchema = z.array(getEventSchema);
 export type EventsGetResponse = z.infer<typeof getEventsSchema>;
 type EventsGetQueryParams = { upcomingOnly?: boolean };
 
-const dynamoClient = new DynamoDBClient({
-  region: genericConfig.AwsRegion,
-});
-
 const eventsPlugin: FastifyPluginAsync = async (fastify, _options) => {
   fastify.post<{ Body: EventPostRequest }>(
     "/:id?",
@@ -106,7 +102,7 @@ const eventsPlugin: FastifyPluginAsync = async (fastify, _options) => {
         ).id;
         const entryUUID = userProvidedId || randomUUID();
         if (userProvidedId) {
-          const response = await dynamoClient.send(
+          const response = await fastify.dynamoClient.send(
             new GetItemCommand({
               TableName: genericConfig.EventsDynamoTableName,
               Key: { id: { S: userProvidedId } },
@@ -128,7 +124,7 @@ const eventsPlugin: FastifyPluginAsync = async (fastify, _options) => {
             : new Date().toISOString(),
           updatedAt: new Date().toISOString(),
         };
-        await dynamoClient.send(
+        await fastify.dynamoClient.send(
           new PutItemCommand({
             TableName: genericConfig.EventsDynamoTableName,
             Item: marshall(entry),
@@ -140,18 +136,23 @@ const eventsPlugin: FastifyPluginAsync = async (fastify, _options) => {
         }
         try {
           if (request.body.featured && !request.body.repeats) {
-            await updateDiscord(entry, false, request.log);
+            await updateDiscord(
+              fastify.secretsManagerClient,
+              entry,
+              false,
+              request.log,
+            );
           }
         } catch (e: unknown) {
           // restore original DB status if Discord fails.
-          await dynamoClient.send(
+          await fastify.dynamoClient.send(
             new DeleteItemCommand({
               TableName: genericConfig.EventsDynamoTableName,
               Key: { id: { S: entryUUID } },
             }),
           );
           if (userProvidedId) {
-            await dynamoClient.send(
+            await fastify.dynamoClient.send(
               new PutItemCommand({
                 TableName: genericConfig.EventsDynamoTableName,
                 Item: originalEvent,
@@ -198,7 +199,7 @@ const eventsPlugin: FastifyPluginAsync = async (fastify, _options) => {
     async (request: FastifyRequest<EventGetRequest>, reply) => {
       const id = request.params.id;
       try {
-        const response = await dynamoClient.send(
+        const response = await fastify.dynamoClient.send(
           new QueryCommand({
             TableName: genericConfig.EventsDynamoTableName,
             KeyConditionExpression: "#id = :id",
@@ -241,13 +242,18 @@ const eventsPlugin: FastifyPluginAsync = async (fastify, _options) => {
     async (request: FastifyRequest<EventDeleteRequest>, reply) => {
       const id = request.params.id;
       try {
-        await dynamoClient.send(
+        await fastify.dynamoClient.send(
           new DeleteItemCommand({
             TableName: genericConfig.EventsDynamoTableName,
             Key: marshall({ id }),
           }),
         );
-        await updateDiscord({ id } as IUpdateDiscord, true, request.log);
+        await updateDiscord(
+          fastify.secretsManagerClient,
+          { id } as IUpdateDiscord,
+          true,
+          request.log,
+        );
         reply.send({
           id,
           resource: `/api/v1/events/${id}`,
@@ -285,8 +291,20 @@ const eventsPlugin: FastifyPluginAsync = async (fastify, _options) => {
     },
     async (request: FastifyRequest<EventsGetRequest>, reply) => {
       const upcomingOnly = request.query?.upcomingOnly || false;
+      const cachedResponse = fastify.nodeCache.get(
+        `events-upcoming_only=${upcomingOnly}`,
+      );
+      if (cachedResponse) {
+        reply
+          .header(
+            "cache-control",
+            "public, max-age=7200, stale-while-revalidate=900, stale-if-error=86400",
+          )
+          .header("acm-cache-status", "hit")
+          .send(cachedResponse);
+      }
       try {
-        const response = await dynamoClient.send(
+        const response = await fastify.dynamoClient.send(
           new ScanCommand({ TableName: genericConfig.EventsDynamoTableName }),
         );
         const items = response.Items?.map((item) => unmarshall(item));
@@ -322,11 +340,17 @@ const eventsPlugin: FastifyPluginAsync = async (fastify, _options) => {
             }
           });
         }
+        fastify.nodeCache.set(
+          `events-upcoming_only=${upcomingOnly}`,
+          parsedItems,
+          EVENT_CACHE_SECONDS,
+        );
         reply
           .header(
             "cache-control",
             "public, max-age=7200, stale-while-revalidate=900, stale-if-error=86400",
           )
+          .header("acm-cache-status", "miss")
           .send(parsedItems);
       } catch (e: unknown) {
         if (e instanceof Error) {

src/api/routes/iam.ts

@@ -39,10 +39,6 @@ import {
   getGroupRoles,
 } from "../functions/authorization.js";
 
-const dynamoClient = new DynamoDBClient({
-  region: genericConfig.AwsRegion,
-});
-
 const iamRoutes: FastifyPluginAsync = async (fastify, _options) => {
   fastify.get<{
     Body: undefined;
@@ -67,7 +63,11 @@ const iamRoutes: FastifyPluginAsync = async (fastify, _options) => {
     async (request, reply) => {
       try {
         const groupId = (request.params as Record<string, string>).groupId;
-        const roles = await getGroupRoles(dynamoClient, fastify, groupId);
+        const roles = await getGroupRoles(
+          fastify.dynamoClient,
+          fastify,
+          groupId,
+        );
         return reply.send(roles);
       } catch (e: unknown) {
         if (e instanceof BaseError) {
@@ -120,7 +120,7 @@ const iamRoutes: FastifyPluginAsync = async (fastify, _options) => {
             createdAt: timestamp,
           }),
         });
-        await dynamoClient.send(command);
+        await fastify.dynamoClient.send(command);
         fastify.nodeCache.set(
           `grouproles-${groupId}`,
           request.body.roles,
@@ -160,6 +160,7 @@ const iamRoutes: FastifyPluginAsync = async (fastify, _options) => {
     async (request, reply) => {
       const emails = request.body.emails;
       const entraIdToken = await getEntraIdToken(
+        fastify,
         fastify.environmentConfig.AadValidClientId,
       );
       if (!entraIdToken) {
@@ -246,6 +247,7 @@ const iamRoutes: FastifyPluginAsync = async (fastify, _options) => {
         });
       }
       const entraIdToken = await getEntraIdToken(
+        fastify,
         fastify.environmentConfig.AadValidClientId,
       );
       const addResults = await Promise.allSettled(
@@ -369,6 +371,7 @@ const iamRoutes: FastifyPluginAsync = async (fastify, _options) => {
         });
       }
       const entraIdToken = await getEntraIdToken(
+        fastify,
         fastify.environmentConfig.AadValidClientId,
       );
       const response = await listGroupMembers(entraIdToken, groupId);