feat: moved session to database stored procedure for individual store

Author: adrianprelipcean

source/migrations/7-move-session-to-db-ind.sql

@@ -0,0 +1,108 @@
+--Migration generated Sat, 17 Feb 2024 15:02:12 +0000
+
+DROP FUNCTION IF EXISTS rate_limit.ind_increment(key_ text, session_id_ uuid);
+DROP FUNCTION IF EXISTS rate_limit.ind_decrement(key_ text, session_id_ uuid);
+DROP FUNCTION IF EXISTS rate_limit.ind_reset_key(key_ text, session_id_ uuid);
+DROP FUNCTION IF EXISTS rate_limit.ind_reset_session(session_id_ uuid);
+
+CREATE OR REPLACE FUNCTION rate_limit.ind_increment(key_ text, prefix text, window_ms double precision, reference_time timestamptz DEFAULT now())
+RETURNS record AS
+$bd$
+    DECLARE
+        in_session_id uuid;
+        in_session_expiration timestamptz;
+        session_type text = 'individual';
+        record_count int = 0;
+        ret RECORD;
+    BEGIN
+
+    LOCK TABLE rate_limit.sessions;
+    
+    SELECT id, expires_at
+    FROM rate_limit.session_select($2, session_type)
+    WHERE expires_at > $4
+    INTO in_session_id, in_session_expiration;
+  
+    IF in_session_id is null THEN
+        in_session_expiration = to_timestamp(extract (epoch from $4)+ $3/1000.0);
+        SELECT id, in_session_expiration
+        FROM rate_limit.session_reset(
+            $2, session_type, in_session_expiration
+        ) 
+        INTO in_session_id;
+    END IF;
+
+
+    INSERT INTO rate_limit.individual_records(key, session_id) VALUES ($1, in_session_id);
+    
+    SELECT count(id)::int AS count FROM rate_limit.individual_records WHERE key = $1 AND session_id = in_session_id
+    INTO record_count;
+   
+   	ret:= (record_count, in_session_expiration);
+
+    RETURN ret;
+    END; 
+$bd$
+LANGUAGE plpgsql;
+
+CREATE OR REPLACE FUNCTION rate_limit.ind_decrement(key_ text, prefix text, reference_time timestamptz DEFAULT now())
+RETURNS void AS
+$bd$
+    DECLARE 
+        in_session_id uuid;
+        session_type text = 'individual';
+    BEGIN
+    
+    SELECT id
+    FROM rate_limit.session_select($2, session_type)
+    WHERE expires_at > $3
+    INTO in_session_id;
+
+    WITH 
+    rows_to_delete AS (
+        SELECT id FROM rate_limit.individual_records
+        WHERE key = $1 and session_id = in_session_id ORDER BY event_time LIMIT 1
+        )
+    DELETE FROM rate_limit.individual_records 
+    USING rows_to_delete WHERE individual_records.id = rows_to_delete.id;
+    END;
+$bd$
+LANGUAGE plpgsql;
+
+CREATE OR REPLACE FUNCTION rate_limit.ind_reset_key(key_ text, prefix text, reference_time timestamptz DEFAULT now())
+RETURNS void AS
+$bd$
+    DECLARE 
+        in_session_id uuid;
+        session_type text = 'individual';
+    BEGIN
+    
+    SELECT id
+    FROM rate_limit.session_select($2, session_type)
+    WHERE expires_at > $3
+    INTO in_session_id;
+
+    DELETE FROM rate_limit.individual_records
+    WHERE key = $1 AND session_id = in_session_id;
+    END;
+$bd$
+LANGUAGE plpgsql;
+
+CREATE OR REPLACE FUNCTION rate_limit.ind_reset_session(prefix text, reference_time timestamptz DEFAULT now())
+RETURNS void AS
+$bd$
+    DECLARE 
+        in_session_id uuid;
+        session_type text = 'individual';
+    BEGIN
+    
+    SELECT id
+    FROM rate_limit.session_select($1, session_type)
+    WHERE expires_at > $2
+    INTO in_session_id;
+
+    DELETE FROM rate_limit.individual_records
+    WHERE session_id = in_session_id;
+    END;
+$bd$
+LANGUAGE plpgsql;

source/stores/individual_ip/store_individual_ip.ts

@@ -1,8 +1,6 @@
 import { Store, Options, ClientRateLimitInfo } from 'express-rate-limit'
 
 import Pool from 'pg-pool'
-import { Session } from '../../models/session'
-import { getSession, isSessionValid } from '../../util/session_handler'
 import { applyMigrations } from '../../util/migration_handler'
 
 /**
@@ -34,16 +32,6 @@ class PostgresStoreIndividualIP implements Store {
 	 */
 	SESSION_TYPE: string = 'individual'
 
-	/**
-	 * The session instance persisted on the client side.
-	 */
-	session: Session = {
-		id: 'init',
-		name: 'init',
-		type: this.SESSION_TYPE,
-		expires_at: undefined,
-	}
-
 	/**
 	 * The duration of time before which all hit counts are reset (in milliseconds).
 	 */
@@ -91,24 +79,20 @@ class PostgresStoreIndividualIP implements Store {
 	 */
 	async increment(key: string): Promise<ClientRateLimitInfo> {
 		let recordInsertQuery =
-			'SELECT ind_increment as count FROM rate_limit.ind_increment($1, $2)'
-		if (!isSessionValid(this.session)) {
-			this.session = await getSession(
-				this.prefix,
-				this.SESSION_TYPE,
-				this.windowMs,
-				this.pool,
-			)
-		}
+			'SELECT * FROM rate_limit.ind_increment($1, $2, $3) AS (count int, expires_at timestamptz);'
 
 		try {
 			let result = await this.pool.query(recordInsertQuery, [
 				key,
-				this.session.id,
+				this.prefix,
+				this.windowMs,
 			])
 			let totalHits: number = 0
-			if (result.rows.length > 0) totalHits = parseInt(result.rows[0].count)
-			let resetTime: Date | undefined = this.session.expires_at
+			let resetTime: Date | undefined = undefined
+			if (result.rows.length > 0) {
+				totalHits = parseInt(result.rows[0].count)
+				resetTime = result.rows[0].expires_at
+			}
 			return {
 				totalHits,
 				resetTime,
@@ -132,7 +116,7 @@ class PostgresStoreIndividualIP implements Store {
         `
 
 		try {
-			await this.pool.query(decrementQuery, [key, this.session.id])
+			await this.pool.query(decrementQuery, [key, this.prefix])
 		} catch (err) {
 			console.error(err)
 			throw err
@@ -152,7 +136,7 @@ class PostgresStoreIndividualIP implements Store {
             `
 
 		try {
-			await this.pool.query(resetQuery, [key, this.session.id])
+			await this.pool.query(resetQuery, [key, this.prefix])
 		} catch (err) {
 			console.error(err)
 			throw err
@@ -172,7 +156,7 @@ class PostgresStoreIndividualIP implements Store {
             `
 
 		try {
-			await this.pool.query(resetAllQuery, [this.session.id])
+			await this.pool.query(resetAllQuery, [this.prefix])
 		} catch (err) {
 			console.error(err)
 			throw err