Merge pull request #22 from cnbrown04/role-creation

cnbrown04 · web-flow · commit a9a40c0bb7b8 · 2025-06-30T14:08:13.000-05:00
fix: memory issues
diff --git a/src/abac/adapter.ts b/src/abac/adapter.ts
@@ -32,6 +32,7 @@ interface SqliteConfig {
 	type: "sqlite";
 	uri: string; // Path to the SQLite database file
 	filename?: string; // Optional, overrides uri for file path
+	readonly?: boolean; // Open database in read-only mode
 }
 interface AbacAdapterConfig {
 	db: MysqlConfig | PostgresConfig | SqliteConfig;
@@ -64,9 +65,13 @@ async function createDialect(
 				return new MysqlDialect({
 					pool: createPool({
 						uri: config.uri,
-						connectionLimit: config.connectionLimit ?? 10,
+						connectionLimit: config.connectionLimit ?? 5,
 						waitForConnections: config.waitForConnections ?? true,
 						queueLimit: config.queueLimit ?? 0,
+						acquireTimeout: 60000,
+						timeout: 60000,
+						idleTimeout: 300000,
+						maxIdle: 2,
 					}),
 				});
 			} catch (error) {
@@ -96,7 +101,7 @@ async function createDialect(
 				return new PostgresDialect({
 					pool: new Pool({
 						connectionString: config.uri,
-						max: config.connectionLimit ?? 10,
+						max: config.connectionLimit ?? 5,
 						ssl: config.ssl ?? false,
 					}),
 				});
@@ -135,7 +140,18 @@ async function createDialect(
 
 				// Use filename if provided, otherwise use uri
 				const dbPath = config.filename || config.uri;
-				const db = new Database(dbPath);
+				const db = new Database(dbPath, {
+					readonly: config.readonly ?? false,
+					fileMustExist: false,
+					timeout: 5000,
+				});
+
+				// Configure SQLite for better memory management
+				db.pragma("journal_mode = WAL");
+				db.pragma("synchronous = NORMAL");
+				db.pragma("cache_size = -8000"); // 8MB cache
+				db.pragma("temp_store = MEMORY");
+				db.pragma("mmap_size = 268435456"); // 256MB mmap
 
 				return new SqliteDialect({
 					database: db,
diff --git a/src/abac/funcs.ts b/src/abac/funcs.ts
@@ -54,6 +54,10 @@ export interface PolicyWithRules {
 	targets: any[];
 }
 
+// Attribute cache for reducing database queries
+const attributeCache = new Map<string, { attributes: Map<string, AttributeValue>; timestamp: number }>();
+const CACHE_TTL = 300000; // 5 minutes
+
 // Debug logging utility
 function debugLog(
 	config: AuthorizationConfig | undefined,
@@ -65,6 +69,16 @@ function debugLog(
 	}
 }
 
+// Cache cleanup to prevent memory growth
+function cleanupCache() {
+	const now = Date.now();
+	for (const [key, value] of attributeCache) {
+		if (now - value.timestamp > CACHE_TTL) {
+			attributeCache.delete(key);
+		}
+	}
+}
+
 // Operators for rule evaluation
 const OPERATORS = {
 	equals: (a: any, b: any) => a === b,
@@ -167,13 +181,27 @@ export async function canUserPerformAction(
 }
 
 /**
- * Gather all relevant attributes for the authorization request
+ * Gather all relevant attributes for the authorization request with caching
  */
 async function gatherAttributes(
 	db: Kysely<Database>,
 	request: AuthorizationRequest,
 	config?: AuthorizationConfig
 ): Promise<Map<string, AttributeValue>> {
+	// Clean up old cache entries periodically
+	if (Math.random() < 0.1) { // 10% chance to clean up on each call
+		cleanupCache();
+	}
+
+	// Create cache key based on request parameters
+	const cacheKey = `${request.subjectId}-${request.resourceId || 'no-resource'}-${request.actionName}`;
+	const cached = attributeCache.get(cacheKey);
+	
+	if (cached && (Date.now() - cached.timestamp) < CACHE_TTL) {
+		debugLog(config, "🎯 Using cached attributes for:", cacheKey);
+		return new Map(cached.attributes);
+	}
+
 	const attributeMap = new Map<string, AttributeValue>();
 
 	debugLog(
@@ -407,11 +435,17 @@ async function gatherAttributes(
 		}
 	}
 
+	// Cache the results
+	attributeCache.set(cacheKey, {
+		attributes: new Map(attributeMap),
+		timestamp: Date.now()
+	});
+
 	return attributeMap;
 }
 
 /**
- * Add dynamic environment attributes from context
+ * Add dynamic environment attributes from context - optimized for memory
  */
 function addDynamicEnvironmentAttributes(
 	attributeMap: Map<string, AttributeValue>,
@@ -420,21 +454,22 @@ function addDynamicEnvironmentAttributes(
 ) {
 	debugLog(config, "🔄 Adding dynamic environment attributes...");
 
+	// Reuse Date object to reduce allocation
+	const now = new Date();
+	const currentTimeString = now.toISOString();
+	
 	// Current time
 	attributeMap.set("environment.current_time", {
 		id: "env-current-time",
 		name: "current_time",
 		type: "string",
 		category: "environment",
-		value: new Date().toISOString(),
+		value: currentTimeString,
 	});
-	debugLog(
-		config,
-		`   ✓ environment.current_time = "${new Date().toISOString()}"`
-	);
+	debugLog(config, `   ✓ environment.current_time = "${currentTimeString}"`);
 
 	// Current day of week
-	const dayOfWeek = new Date().getDay().toString();
+	const dayOfWeek = now.getDay().toString();
 	attributeMap.set("environment.day_of_week", {
 		id: "env-day-of-week",
 		name: "day_of_week",
@@ -444,20 +479,26 @@ function addDynamicEnvironmentAttributes(
 	});
 	debugLog(config, `   ✓ environment.day_of_week = "${dayOfWeek}"`);
 
-	// Add context attributes
-	if (context) {
+	// Add context attributes - limit context size to prevent memory issues
+	if (context && Object.keys(context).length > 0) {
 		debugLog(config, "🎯 Adding context attributes...");
-		Object.entries(context).forEach(([key, value]) => {
+		const contextEntries = Object.entries(context).slice(0, 50); // Limit to 50 context attributes
+		
+		for (const [key, value] of contextEntries) {
 			const envKey = `environment.${key}`;
 			attributeMap.set(envKey, {
 				id: `ctx-${key}`,
 				name: key,
 				type: typeof value,
 				category: "environment",
-				value: String(value),
+				value: String(value).slice(0, 1000), // Limit value length to 1000 chars
 			});
 			debugLog(config, `   ✓ ${envKey} = "${value}"`);
-		});
+		}
+		
+		if (Object.keys(context).length > 50) {
+			console.warn(`Context has ${Object.keys(context).length} attributes, limiting to 50 for memory efficiency`);
+		}
 	}
 }
 
@@ -931,7 +972,7 @@ function makeFinalDecision(
 }
 
 /**
- * Log the access request for auditing
+ * Log the access request for auditing - optimized for memory usage
  */
 async function logAccessRequest(
 	db: Kysely<Database>,
@@ -965,6 +1006,20 @@ async function logAccessRequest(
 			return;
 		}
 
+		// Optimize JSON stringification to reduce memory usage
+		const appliedPoliciesString = evaluations.length > 0 
+			? JSON.stringify(evaluations.map(e => ({
+				policyId: e.policyId,
+				policyName: e.policyName,
+				effect: e.effect,
+				matches: e.matches,
+			})))
+			: "[]";
+
+		const contextString = request.context && Object.keys(request.context).length > 0
+			? JSON.stringify(request.context)
+			: "{}";
+
 		await db
 			.insertInto("access_request")
 			.values({
@@ -973,15 +1028,8 @@ async function logAccessRequest(
 				resource_id: resourceId,
 				action_id: action?.id || request.actionName,
 				decision: decision.decision,
-				applied_policies: JSON.stringify(
-					evaluations.map((e) => ({
-						policyId: e.policyId,
-						policyName: e.policyName,
-						effect: e.effect,
-						matches: e.matches,
-					}))
-				),
-				request_context: JSON.stringify(request.context || {}),
+				applied_policies: appliedPoliciesString,
+				request_context: contextString,
 				processing_time_ms: processingTime,
 				created_at: new Date(),
 			})
@@ -1060,7 +1108,7 @@ export async function canUserDelete(
 }
 
 /**
- * Batch authorization check for multiple resources
+ * Batch authorization check for multiple resources with concurrency limiting
  */
 export async function canUserPerformActionOnResources(
 	db: Kysely<Database>,
@@ -1071,27 +1119,51 @@ export async function canUserPerformActionOnResources(
 	config?: AuthorizationConfig
 ): Promise<Record<string, AuthorizationResult>> {
 	const results: Record<string, AuthorizationResult> = {};
+	const BATCH_SIZE = 10; // Limit concurrent operations to prevent memory spikes
+
+	// Process resources in batches to limit memory usage
+	for (let i = 0; i < resourceIds.length; i += BATCH_SIZE) {
+		const batch = resourceIds.slice(i, i + BATCH_SIZE);
+		
+		const promises = batch.map(async (resourceId) => {
+			try {
+				const result = await canUserPerformAction(
+					db,
+					{
+						subjectId: userId,
+						resourceId,
+						actionName,
+						context,
+					},
+					config
+				);
+				return { resourceId, result, success: true };
+			} catch (error) {
+				debugLog(config, `Error processing resource ${resourceId}:`, error);
+				return {
+					resourceId,
+					result: {
+						decision: "indeterminate" as const,
+						reason: `Error processing resource: ${error instanceof Error ? error.message : 'Unknown error'}`,
+						appliedPolicies: [],
+						processingTimeMs: 0,
+					},
+					success: false
+				};
+			}
+		});
 
-	// Process in parallel for better performance
-	const promises = resourceIds.map(async (resourceId) => {
-		const result = await canUserPerformAction(
-			db,
-			{
-				subjectId: userId,
-				resourceId,
-				actionName,
-				context,
-			},
-			config
-		);
-		return { resourceId, result };
-	});
+		const batchResults = await Promise.all(promises);
 
-	const resolvedResults = await Promise.all(promises);
+		batchResults.forEach(({ resourceId, result }) => {
+			results[resourceId] = result;
+		});
 
-	resolvedResults.forEach(({ resourceId, result }) => {
-		results[resourceId] = result;
-	});
+		// Add small delay between batches to prevent overwhelming the database
+		if (i + BATCH_SIZE < resourceIds.length) {
+			await new Promise(resolve => setTimeout(resolve, 10));
+		}
+	}
 
 	return results;
 }
diff --git a/src/abac/index.ts b/src/abac/index.ts
@@ -538,6 +538,7 @@ const abac = (db: Kysely<Database>, debugLogs: boolean) => {
 						return context.path.startsWith("/sign-up");
 					},
 					handler: async (ctx) => {
+						let dbConnection: any = null;
 						try {
 							const contextData = ctx as any;
 
@@ -565,6 +566,16 @@ const abac = (db: Kysely<Database>, debugLogs: boolean) => {
 								"Unexpected error in sign-up handler:",
 								unexpectedError
 							);
+							
+							// Ensure any database connections are properly cleaned up
+							if (dbConnection && typeof dbConnection.destroy === 'function') {
+								try {
+									await dbConnection.destroy();
+								} catch (cleanupError) {
+									console.error("Error cleaning up database connection:", cleanupError);
+								}
+							}
+							
 							return {
 								message: "Unexpected error occurred",
 								error: String(unexpectedError),
@@ -577,6 +588,7 @@ const abac = (db: Kysely<Database>, debugLogs: boolean) => {
 						return context.path.startsWith("/sign-in");
 					},
 					handler: async (ctx) => {
+						let dbConnection: any = null;
 						try {
 							const contextData = ctx as any;
 
@@ -601,6 +613,16 @@ const abac = (db: Kysely<Database>, debugLogs: boolean) => {
 								"Unexpected error in sign-in handler:",
 								unexpectedError
 							);
+							
+							// Ensure any database connections are properly cleaned up
+							if (dbConnection && typeof dbConnection.destroy === 'function') {
+								try {
+									await dbConnection.destroy();
+								} catch (cleanupError) {
+									console.error("Error cleaning up database connection:", cleanupError);
+								}
+							}
+							
 							return ctx; // Continue processing for sign-in
 						}
 					},
