feat: Changed raw SQL calls to stored procedures.

Author: adrianprelipcean

source/migrations/2-add-db-functions-agg.sql

@@ -0,0 +1,35 @@
+CREATE OR REPLACE FUNCTION rate_limit.agg_increment(key_ text, session_id_ uuid)
+RETURNS int AS
+$bd$
+    INSERT INTO rate_limit.records_aggregated(key, session_id)
+    VALUES ($1, $2)
+    ON CONFLICT ON CONSTRAINT unique_session_key DO UPDATE
+    SET count = records_aggregated.count + 1
+    RETURNING count;
+$bd$
+LANGUAGE SQL;
+
+CREATE OR REPLACE FUNCTION rate_limit.agg_decrement(key_ text, session_id_ uuid)
+RETURNS void AS
+$bd$
+    UPDATE rate_limit.records_aggregated
+    SET count = greatest(0, count-1)
+    WHERE key = $1 and session_id = $2;
+$bd$
+LANGUAGE SQL;
+
+CREATE OR REPLACE FUNCTION rate_limit.agg_reset_key(key_ text, session_id_ uuid)
+RETURNS void AS
+$bd$
+    DELETE FROM rate_limit.records_aggregated
+    WHERE key = $1 and session_id = $2
+$bd$
+LANGUAGE SQL;
+
+CREATE OR REPLACE FUNCTION rate_limit.agg_reset_session(session_id_ uuid)
+RETURNS void AS
+$bd$
+    DELETE FROM rate_limit.records_aggregated
+    WHERE session_id = $1
+$bd$
+LANGUAGE SQL;

source/migrations/3-add-db-functions-ind.sql

@@ -0,0 +1,37 @@
+CREATE OR REPLACE FUNCTION rate_limit.ind_increment(key_ text, session_id_ uuid)
+RETURNS int AS
+$bd$
+    INSERT INTO rate_limit.individual_records(key, session_id) VALUES ($1, $2);
+
+    SELECT count(id) AS count FROM rate_limit.individual_records WHERE key = $1 AND session_id = $2;
+$bd$
+LANGUAGE SQL;
+
+CREATE OR REPLACE FUNCTION rate_limit.ind_decrement(key_ text, session_id_ uuid)
+RETURNS void AS
+$bd$
+    WITH 
+    rows_to_delete AS (
+        SELECT id FROM rate_limit.individual_records
+        WHERE key = $1 and session_id = $2 ORDER BY event_time LIMIT 1
+        )
+    DELETE FROM rate_limit.individual_records 
+    USING rows_to_delete WHERE individual_records.id = rows_to_delete.id
+$bd$
+LANGUAGE SQL;
+
+CREATE OR REPLACE FUNCTION rate_limit.ind_reset_key(key_ text, session_id_ uuid)
+RETURNS void AS
+$bd$
+    DELETE FROM rate_limit.individual_records
+    WHERE key = $1 AND session_id = $2
+$bd$
+LANGUAGE SQL;
+
+CREATE OR REPLACE FUNCTION rate_limit.ind_reset_session(session_id_ uuid)
+RETURNS void AS
+$bd$
+    DELETE FROM rate_limit.individual_records
+    WHERE session_id = $1
+$bd$
+LANGUAGE SQL;

source/migrations/4-add-db-functions-sessions.sql

@@ -0,0 +1,21 @@
+CREATE OR REPLACE FUNCTION rate_limit.session_select(name_ text, type_ text)
+RETURNS TABLE(id uuid, name_ text, type_ text, expires_at timestamptz) AS
+$bd$
+    SELECT id, name_, type_, expires_at
+    FROM rate_limit.sessions
+    WHERE name_ = $1 and type_ = $2
+    LIMIT 1;
+$bd$
+LANGUAGE SQL;
+
+CREATE OR REPLACE FUNCTION rate_limit.session_reset(name_ text, type_ text, expires_at_ timestamptz)
+RETURNS TABLE(id uuid, name_ text, type_ text) AS
+$bd$
+    DELETE FROM rate_limit.sessions 
+    WHERE name_ = $1 and type_ = $2;
+
+    INSERT INTO rate_limit.sessions(name_, type_, expires_at) 
+    SELECT $1, $2, $3 
+    RETURNING id, name_, type_;
+$bd$
+LANGUAGE SQL;

source/stores/aggregated_ip/store_aggregated_ip.ts

@@ -91,10 +91,7 @@ class PostgresStoreAggregatedIP implements Store {
 	 */
 	async increment(key: string): Promise<ClientRateLimitInfo> {
 		let recordInsertGetRecordsQuery = `
-            INSERT INTO rate_limit.records_aggregated(key, session_id) VALUES ($1, $2)
-            ON CONFLICT ON CONSTRAINT unique_session_key DO UPDATE
-            SET count = records_aggregated.count + 1
-            RETURNING count
+			SELECT agg_increment as count FROM rate_limit.agg_increment($1, $2);
             `
 		if (!isSessionValid(this.session)) {
 			this.session = await getSession(
@@ -132,9 +129,7 @@ class PostgresStoreAggregatedIP implements Store {
 	 */
 	async decrement(key: string): Promise<void> {
 		let decrementQuery = `
-            UPDATE rate_limit.records_aggregated
-            SET count = greatest(0, count-1)
-            WHERE key = $1 and session_id = $2          
+			SELECT * FROM rate_limit.agg_decrement($1, $2);
         `
 
 		try {
@@ -154,8 +149,7 @@ class PostgresStoreAggregatedIP implements Store {
 	 */
 	async resetKey(key: string): Promise<void> {
 		let resetQuery = `
-            DELETE FROM rate_limit.records_aggregated
-            WHERE key = $1 and session_id = $2
+			SELECT * FROM rate_limit.agg_reset_key($1, $2)
             `
 
 		try {
@@ -175,7 +169,7 @@ class PostgresStoreAggregatedIP implements Store {
 	 */
 	async resetAll(): Promise<void> {
 		let resetAllQuery = `
-            DELETE FROM rate_limit.records_aggregated WHERE session_id = $1
+			SELECT * FROM rate_limit.agg_reset_session($1);
             `
 
 		try {

source/stores/individual_ip/store_individual_ip.ts

@@ -91,9 +91,7 @@ class PostgresStoreIndividualIP implements Store {
 	 */
 	async increment(key: string): Promise<ClientRateLimitInfo> {
 		let recordInsertQuery =
-			'INSERT INTO rate_limit.individual_records(key, session_id) VALUES ($1, $2)'
-		let numberOfRecordsQuery =
-			'SELECT count(id) AS count FROM rate_limit.individual_records WHERE key = $1 AND session_id = $2'
+			'SELECT ind_increment as count FROM rate_limit.ind_increment($1, $2)'
 		if (!isSessionValid(this.session)) {
 			this.session = await getSession(
 				this.prefix,
@@ -104,8 +102,7 @@ class PostgresStoreIndividualIP implements Store {
 		}
 
 		try {
-			await this.pool.query(recordInsertQuery, [key, this.session.id])
-			let result = await this.pool.query(numberOfRecordsQuery, [
+			let result = await this.pool.query(recordInsertQuery, [
 				key,
 				this.session.id,
 			])
@@ -131,13 +128,7 @@ class PostgresStoreIndividualIP implements Store {
 	 */
 	async decrement(key: string): Promise<void> {
 		let decrementQuery = `
-            WITH 
-            rows_to_delete AS (
-                SELECT id FROM rate_limit.individual_records
-                WHERE key = $1 and session_id = $2 ORDER BY event_time LIMIT 1
-                )
-            DELETE FROM rate_limit.individual_records 
-              USING rows_to_delete WHERE individual_records.id = rows_to_delete.id            
+            SELECT * FROM rate_limit.ind_decrement($1, $2);
         `
 
 		try {
@@ -157,8 +148,7 @@ class PostgresStoreIndividualIP implements Store {
 	 */
 	async resetKey(key: string): Promise<void> {
 		let resetQuery = `
-            DELETE FROM rate_limit.individual_records
-            WHERE key = $1 AND session_id = $2
+            SELECT * FROM rate_limit.ind_reset_key($1, $2);
             `
 
 		try {
@@ -178,7 +168,7 @@ class PostgresStoreIndividualIP implements Store {
 	 */
 	async resetAll(): Promise<void> {
 		let resetAllQuery = `
-            DELETE FROM rate_limit.individual_records WHERE session_id = $1
+            SELECT * FROM rate_limit.ind_reset_session($1);
             `
 
 		try {

source/util/session_handler.ts

@@ -28,7 +28,7 @@ export async function getSession(
 	pool: Pool,
 ): Promise<Session> {
 	let selectSessionQuery =
-		'SELECT id, name_, type_, expires_at FROM rate_limit.sessions WHERE name_ = $1 and type_ = $2 LIMIT 1'
+		'SELECT id, name_, type_, expires_at FROM rate_limit.session_select($1, $2);'
 	try {
 		let result = await pool.query(selectSessionQuery, [name_, type_])
 
@@ -87,24 +87,20 @@ export async function createNewSession(
 		expires_at: calculateNextResetTime(windowMs),
 	}
 
-	let deleteSessionQuery = `DELETE FROM rate_limit.sessions
-        WHERE name_ = $1 and type_ = $2
-        `
-	let insertSessionQuery = `INSERT INTO rate_limit.sessions(name_, type_, expires_at) 
-        SELECT $1, $2, $3 
-        RETURNING id, name_, type_`
+	let resetSessionQuery = `
+		SELECT id, name_, type_ from rate_limit.session_reset($1, $2, $3)
+	`
 
-	let client = await pool.connect()
 	try {
-		await client.query(deleteSessionQuery, [name_, type_])
-		let result = await client.query(insertSessionQuery, [
+		let result = await pool.query(resetSessionQuery, [
 			name_,
 			type_,
 			newSession.expires_at,
 		])
 		newSession.id = result.rows[0].id
-	} finally {
-		client.release()
+	} catch (err) {
+		console.error(err)
+		throw err
 	}
 
 	return newSession

test/stores/store_aggregated_ip.spec.ts

@@ -71,19 +71,15 @@ describe('Postgres Store Aggregated IP', () => {
 		let testStore = new PostgresStore({}, 'test')
 		testStore.pool = pool
 		testStore.session = newCreatedSession
-
+		let recordInsertGetRecordsQuery = `
+			SELECT agg_increment as count FROM rate_limit.agg_increment($1, $2);
+            `
 		let incrementCount = await testStore.increment('key')
 		sinon.assert.callCount(isSessionValidSpy, 1)
-		sinon.assert.calledWith(
-			query,
-			`
-            INSERT INTO rate_limit.records_aggregated(key, session_id) VALUES ($1, $2)
-            ON CONFLICT ON CONSTRAINT unique_session_key DO UPDATE
-            SET count = records_aggregated.count + 1
-            RETURNING count
-            `,
-			['key', newCreatedSession.id],
-		)
+		sinon.assert.calledWith(query, recordInsertGetRecordsQuery, [
+			'key',
+			newCreatedSession.id,
+		])
 		assert.equal(incrementCount.totalHits, dbCount)
 		assert.isTrue(
 			(incrementCount.resetTime?.getMilliseconds() ||
@@ -106,9 +102,7 @@ describe('Postgres Store Aggregated IP', () => {
 
 		await testStore.decrement('key')
 		let decrementQuery = `
-            UPDATE rate_limit.records_aggregated
-            SET count = greatest(0, count-1)
-            WHERE key = $1 and session_id = $2          
+			SELECT * FROM rate_limit.agg_decrement($1, $2);
         `
 		sinon.assert.calledWith(query, decrementQuery, [
 			'key',
@@ -128,8 +122,7 @@ describe('Postgres Store Aggregated IP', () => {
 
 		await testStore.resetKey('key')
 		let resetQuery = `
-            DELETE FROM rate_limit.records_aggregated
-            WHERE key = $1 and session_id = $2
+			SELECT * FROM rate_limit.agg_reset_key($1, $2)
             `
 		sinon.assert.calledWith(query, resetQuery, ['key', newCreatedSession.id])
 	})
@@ -146,7 +139,7 @@ describe('Postgres Store Aggregated IP', () => {
 
 		await testStore.resetAll()
 		let resetAllQuery = `
-            DELETE FROM rate_limit.records_aggregated WHERE session_id = $1
+			SELECT * FROM rate_limit.agg_reset_session($1);
             `
 		sinon.assert.calledWith(query, resetAllQuery, [newCreatedSession.id])
 	})

test/stores/store_individual_ip.spec.ts

@@ -61,11 +61,8 @@ describe('Postgres Store Individual IP', () => {
 		let dbCount = 1
 
 		isSessionValidSpy.returns(true)
-		query.onFirstCall().returns({
-			rows: [],
-		})
 
-		query.onSecondCall().returns({
+		query.onFirstCall().returns({
 			rows: [
 				{
 					count: dbCount,
@@ -78,16 +75,12 @@ describe('Postgres Store Individual IP', () => {
 
 		let incrementCount = await testStore.increment('key')
 		sinon.assert.callCount(isSessionValidSpy, 1)
-		sinon.assert.calledWith(
-			query,
-			'INSERT INTO rate_limit.individual_records(key, session_id) VALUES ($1, $2)',
-			['key', newCreatedSession.id],
-		)
-		sinon.assert.calledWith(
-			query,
-			'SELECT count(id) AS count FROM rate_limit.individual_records WHERE key = $1 AND session_id = $2',
-			['key', newCreatedSession.id],
-		)
+		let recordInsertQuery =
+			'SELECT ind_increment as count FROM rate_limit.ind_increment($1, $2)'
+		sinon.assert.calledWith(query, recordInsertQuery, [
+			'key',
+			newCreatedSession.id,
+		])
 		assert.equal(incrementCount.totalHits, dbCount)
 		assert.isTrue(
 			(incrementCount.resetTime?.getMilliseconds() ||
@@ -110,13 +103,7 @@ describe('Postgres Store Individual IP', () => {
 
 		await testStore.decrement('key')
 		let decrementQuery = `
-            WITH 
-            rows_to_delete AS (
-                SELECT id FROM rate_limit.individual_records
-                WHERE key = $1 and session_id = $2 ORDER BY event_time LIMIT 1
-                )
-            DELETE FROM rate_limit.individual_records 
-              USING rows_to_delete WHERE individual_records.id = rows_to_delete.id            
+            SELECT * FROM rate_limit.ind_decrement($1, $2);
         `
 		sinon.assert.calledWith(query, decrementQuery, [
 			'key',
@@ -136,8 +123,7 @@ describe('Postgres Store Individual IP', () => {
 
 		await testStore.resetKey('key')
 		let resetQuery = `
-            DELETE FROM rate_limit.individual_records
-            WHERE key = $1 AND session_id = $2
+            SELECT * FROM rate_limit.ind_reset_key($1, $2);
             `
 		sinon.assert.calledWith(query, resetQuery, ['key', newCreatedSession.id])
 	})
@@ -154,7 +140,7 @@ describe('Postgres Store Individual IP', () => {
 
 		await testStore.resetAll()
 		let resetAllQuery = `
-            DELETE FROM rate_limit.individual_records WHERE session_id = $1
+            SELECT * FROM rate_limit.ind_reset_session($1);
             `
 		sinon.assert.calledWith(query, resetAllQuery, [newCreatedSession.id])
 	})