refactoring, throughput increase

Author: izadoesdev

apps/basket/src/hooks/auth.ts

@@ -26,7 +26,9 @@ const REGEX_DOMAIN_LABEL = /^[a-zA-Z0-9-]+$/;
  * @returns A promise that resolves to the owner's user ID or null if not found.
  */
 async function _resolveOwnerId(website: Website): Promise<string | null> {
+	console.time("_resolveOwnerId");
 	if (website.userId) {
+		console.timeEnd("_resolveOwnerId");
 		return website.userId;
 	}
 
@@ -43,6 +45,7 @@ async function _resolveOwnerId(website: Website): Promise<string | null> {
 			});
 
 			if (orgMember) {
+				console.timeEnd("_resolveOwnerId");
 				return orgMember.userId;
 			}
 
@@ -66,6 +69,7 @@ async function _resolveOwnerId(website: Website): Promise<string | null> {
 		{ websiteId: website.id },
 		"No owner could be determined for website"
 	);
+	console.timeEnd("_resolveOwnerId");
 	return null;
 }
 
@@ -324,50 +328,43 @@ export function isLocalhost(hostname: string): boolean {
 	); // IPv4 loopback
 }
 
-const getWebsiteByIdCached = cacheable(
-	async (id: string): Promise<Website | null> => {
+const getWebsiteByIdWithOwnerCached = cacheable(
+	async (id: string): Promise<WebsiteWithOwner | null> => {
 		try {
 			const website = await db.query.websites.findFirst({
 				where: eq(websites.id, id),
 			});
-			return website ?? null;
+
+			if (!website) {
+				return null;
+			}
+
+			const ownerId = await _resolveOwnerId(website);
+			return { ...website, ownerId };
 		} catch (error) {
 			logger.error({ error, websiteId: id }, "Failed to get website by ID from cache");
 			return null;
 		}
 	},
 	{
-		expireInSec: 300, // 5 minutes
-		prefix: "website_by_id",
-		staleWhileRevalidate: true,
-		staleTime: 60, // 1 minute
-	}
-);
-
-const getOwnerIdCached = cacheable(
-	async (website: Website): Promise<string | null> =>
-		await _resolveOwnerId(website),
-	{
-		expireInSec: 300,
-		prefix: "website_owner_id",
+		expireInSec: 600, // 10 minutes - longer cache for better performance
+		prefix: "website_with_owner_v2",
 		staleWhileRevalidate: true,
-		staleTime: 60,
+		staleTime: 120, // 2 minutes stale time
 	}
 );
 
 export async function getWebsiteByIdV2(
 	id: string
 ): Promise<WebsiteWithOwner | null> {
+	console.time("getWebsiteByIdV2");
 	try {
-		const website = await getWebsiteByIdCached(id);
-		if (!website) {
-			return null;
-		}
-
-		const ownerId = await getOwnerIdCached(website);
-		return { ...website, ownerId };
+		const result = await getWebsiteByIdWithOwnerCached(id);
+		console.timeEnd("getWebsiteByIdV2");
+		return result;
 	} catch (error) {
 		logger.error({ error, websiteId: id }, "Failed to get website by ID V2");
+		console.timeEnd("getWebsiteByIdV2");
 		return null;
 	}
 }

apps/basket/src/index.ts

@@ -45,10 +45,6 @@ const app = new Elysia()
 		);
 	})
 	.onBeforeHandle(({ request, set }) => {
-		// const { isBot } = await checkBotId();
-		// if (isBot) {
-		//   return new Response(null, { status: 403 });
-		// }
 		const origin = request.headers.get("origin");
 		if (origin) {
 			set.headers ??= {};

apps/basket/src/lib/event-service.ts

@@ -36,14 +36,19 @@ export async function insertError(
 		eventId = randomUUID();
 	}
 
-	if (await checkDuplicate(eventId, "error")) {
+	const [isDuplicate, geoData] = await Promise.all([
+		checkDuplicate(eventId, "error"),
+		getGeo(ip),
+	]);
+
+	if (isDuplicate) {
 		return;
 	}
 
 	const payload = errorData.payload;
 	const now = Date.now();
 
-	const { anonymizedIP, country, region } = await getGeo(ip);
+	const { anonymizedIP, country, region } = geoData;
 	const { browserName, browserVersion, osName, osVersion, deviceType } =
 		parseUserAgent(userAgent);
 
@@ -276,6 +281,7 @@ export async function insertTrackEvent(
 	userAgent: string,
 	ip: string
 ): Promise<void> {
+	console.time("insertTrackEvent");
 	let eventId = sanitizeString(
 		trackData.eventId,
 		VALIDATION_LIMITS.SHORT_STRING_MAX_LENGTH
@@ -285,11 +291,17 @@ export async function insertTrackEvent(
 		eventId = randomUUID();
 	}
 
-	if (await checkDuplicate(eventId, "track")) {
+	const [isDuplicate, geoData] = await Promise.all([
+		checkDuplicate(eventId, "track"),
+		getGeo(ip),
+	]);
+
+	if (isDuplicate) {
+		console.timeEnd("insertTrackEvent");
 		return;
 	}
 
-	const { anonymizedIP, country, region, city } = await getGeo(ip);
+	const { anonymizedIP, country, region, city } = geoData;
 	const {
 		browserName,
 		browserVersion,
@@ -381,11 +393,13 @@ export async function insertTrackEvent(
 
 	try {
 		sendEvent("analytics-events", trackEvent);
+		console.timeEnd("insertTrackEvent");
 	} catch (error) {
 		logger.error(
 			{ error, eventId },
 			"Failed to queue track event"
 		);
+		console.timeEnd("insertTrackEvent");
 	}
 }
 

apps/basket/src/lib/request-validation.ts

@@ -1,3 +1,4 @@
+import { cacheable } from "@databuddy/redis";
 import { Autumn as autumn } from "autumn-js";
 import { getWebsiteByIdV2, isValidOrigin } from "../hooks/auth";
 import { extractIpFromRequest } from "../utils/ip-geo";
@@ -22,6 +23,25 @@ type ValidationError = {
 	error: { status: string; message: string };
 };
 
+const checkAutumnCached = cacheable(
+	async (ownerId: string) => {
+		console.time("autumnCheck");
+		const result = await autumn.check({
+			customer_id: ownerId,
+			feature_id: "events",
+			send_event: true,
+		});
+		console.timeEnd("autumnCheck");
+		return result.data;
+	},
+	{
+		expireInSec: 60,
+		prefix: "autumn_check_events",
+		staleWhileRevalidate: true,
+		staleTime: 30,
+	}
+);
+
 /**
  * Validate incoming request for analytics events
  */
@@ -30,6 +50,7 @@ export async function validateRequest(
 	query: any,
 	request: Request
 ): Promise<ValidationResult | ValidationError> {
+	console.time("validateRequest");
 	if (!validatePayloadSize(body, VALIDATION_LIMITS.PAYLOAD_MAX_SIZE)) {
 		await logBlockedTraffic(
 			request,
@@ -38,6 +59,7 @@ export async function validateRequest(
 			"payload_too_large",
 			"Validation Error"
 		);
+		console.timeEnd("validateRequest");
 		return { error: { status: "error", message: "Payload too large" } };
 	}
 
@@ -53,6 +75,7 @@ export async function validateRequest(
 			"missing_client_id",
 			"Validation Error"
 		);
+		console.timeEnd("validateRequest");
 		return { error: { status: "error", message: "Missing client ID" } };
 	}
 
@@ -67,18 +90,15 @@ export async function validateRequest(
 			undefined,
 			clientId
 		);
+		console.timeEnd("validateRequest");
 		return {
 			error: { status: "error", message: "Invalid or inactive client ID" },
 		};
 	}
 
 	if (website.ownerId) {
 		try {
-			const { data } = await autumn.check({
-				customer_id: website.ownerId,
-				feature_id: "events",
-				send_event: true,
-			});
+			const data = await checkAutumnCached(website.ownerId);
 
 			if (data && !(data.allowed || data.overage_allowed)) {
 				await logBlockedTraffic(
@@ -90,6 +110,7 @@ export async function validateRequest(
 					undefined,
 					clientId
 				);
+				console.timeEnd("validateRequest");
 				return { error: { status: "error", message: "Exceeded event limit" } };
 			}
 		} catch (error) {
@@ -108,6 +129,7 @@ export async function validateRequest(
 			undefined,
 			clientId
 		);
+		console.timeEnd("validateRequest");
 		return { error: { status: "error", message: "Origin not authorized" } };
 	}
 
@@ -119,6 +141,7 @@ export async function validateRequest(
 
 	const ip = extractIpFromRequest(request);
 
+	console.timeEnd("validateRequest");
 	return {
 		success: true,
 		clientId,

apps/basket/src/lib/security.ts

@@ -1,63 +1,69 @@
 import crypto, { createHash } from "node:crypto";
 import { redis } from "@databuddy/redis";
 import { logger } from "./logger";
-/**
- * Get or generate a daily salt for anonymizing user IDs
- * The salt rotates daily to maintain privacy while allowing same-day tracking
- */
+
+const MS_PER_DAY = 24 * 60 * 60 * 1000;
+const SALT_TTL = 60 * 60 * 24;
+const EXIT_EVENT_TTL = 172_800;
+const STANDARD_EVENT_TTL = 86_400;
+
+function getCurrentDay(): number {
+	return Math.floor(Date.now() / MS_PER_DAY);
+}
+
 export async function getDailySalt(): Promise<string> {
-	const saltKey = `salt:${Math.floor(Date.now() / (24 * 60 * 60 * 1000))}`;
+	console.time("getDailySalt");
+	const saltKey = `salt:${getCurrentDay()}`;
 	try {
-		let salt = await redis.get(saltKey);
-		if (!salt) {
-			salt = crypto.randomBytes(32).toString("hex");
-			await redis.setex(saltKey, 60 * 60 * 24, salt);
+		const salt = await redis.get(saltKey);
+		if (salt) {
+			console.timeEnd("getDailySalt");
+			return salt;
 		}
-		return salt;
+
+		const newSalt = crypto.randomBytes(32).toString("hex");
+		redis.setex(saltKey, SALT_TTL, newSalt).catch((error) => {
+			logger.error({ error }, "Failed to set daily salt in Redis");
+		});
+		console.timeEnd("getDailySalt");
+		return newSalt;
 	} catch (error) {
-		logger.error({ error }, "Failed to get or set daily salt from Redis");
-		// Fallback: generate a new salt if Redis fails
-		// This ensures the function doesn't break, but salt won't be shared across instances
+		logger.error({ error }, "Failed to get daily salt from Redis");
+		console.timeEnd("getDailySalt");
 		return crypto.randomBytes(32).toString("hex");
 	}
 }
 
-/**
- * Salt and hash an anonymous ID for privacy
- */
 export function saltAnonymousId(anonymousId: string, salt: string): string {
 	try {
-		return createHash("sha256")
-			.update(anonymousId + salt)
-			.digest("hex");
+		return createHash("sha256").update(anonymousId + salt).digest("hex");
 	} catch (error) {
 		logger.error({ error, anonymousId }, "Failed to salt anonymous ID");
-		// Fallback: return a hash of just the anonymousId if salting fails
 		return createHash("sha256").update(anonymousId).digest("hex");
 	}
 }
 
-/**
- * Check if an event has already been processed (deduplication)
- * Returns true if duplicate, false if new
- */
 export async function checkDuplicate(
 	eventId: string,
 	eventType: string
 ): Promise<boolean> {
+	console.time("checkDuplicate");
 	const key = `dedup:${eventType}:${eventId}`;
 	try {
 		if (await redis.exists(key)) {
+			console.timeEnd("checkDuplicate");
 			return true;
 		}
 
-		const ttl = eventId.startsWith("exit_") ? 172_800 : 86_400;
-		await redis.setex(key, ttl, "1");
+		const ttl = eventId.startsWith("exit_") ? EXIT_EVENT_TTL : STANDARD_EVENT_TTL;
+		redis.setex(key, ttl, "1").catch((error) => {
+			logger.error({ error, eventId, eventType }, "Failed to set duplicate key in Redis");
+		});
+		console.timeEnd("checkDuplicate");
 		return false;
 	} catch (error) {
 		logger.error({ error, eventId, eventType }, "Failed to check duplicate event in Redis");
-		// Return false (not duplicate) to avoid blocking events if Redis fails
-		// This allows events to proceed, but deduplication won't work
+		console.timeEnd("checkDuplicate");
 		return false;
 	}
 }