fix: slow queries for account linking (#1103)

* fix: indexes for account linking

* fix: typos

* fix: mask password in 500 response

Author: sattvikc

CHANGELOG.md

@@ -7,6 +7,41 @@ to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 ## [Unreleased]
 
+## [10.0.1]
+
+- Fixes slow queries for account linking
+- Masks db password in 500 response
+
+### Migration
+
+If using PostgreSQL, run the following SQL script:
+
+```sql
+CREATE INDEX IF NOT EXISTS emailpassword_users_email_index ON emailpassword_users (app_id, email);
+CREATE INDEX IF NOT EXISTS emailpassword_user_to_tenant_email_index ON emailpassword_user_to_tenant (app_id, tenant_id, email);
+
+CREATE INDEX IF NOT EXISTS passwordless_users_email_index ON passwordless_users (app_id, email);
+CREATE INDEX IF NOT EXISTS passwordless_users_phone_number_index ON passwordless_users (app_id, phone_number);
+CREATE INDEX IF NOT EXISTS passwordless_user_to_tenant_email_index ON passwordless_user_to_tenant (app_id, tenant_id, email);
+CREATE INDEX IF NOT EXISTS passwordless_user_to_tenant_phone_number_index ON passwordless_user_to_tenant (app_id, tenant_id, phone_number);
+
+CREATE INDEX IF NOT EXISTS thirdparty_user_to_tenant_third_party_user_id_index ON thirdparty_user_to_tenant (app_id, tenant_id, third_party_id, third_party_user_id);
+```
+
+If using MySQL, run the following SQL script:
+
+```sql
+CREATE INDEX emailpassword_users_email_index ON emailpassword_users (app_id, email);
+CREATE INDEX emailpassword_user_to_tenant_email_index ON emailpassword_user_to_tenant (app_id, tenant_id, email);
+
+CREATE INDEX passwordless_users_email_index ON passwordless_users (app_id, email);
+CREATE INDEX passwordless_users_phone_number_index ON passwordless_users (app_id, phone_number);
+CREATE INDEX passwordless_user_to_tenant_email_index ON passwordless_user_to_tenant (app_id, tenant_id, email);
+CREATE INDEX passwordless_user_to_tenant_phone_number_index ON passwordless_user_to_tenant (app_id, tenant_id, phone_number);
+
+CREATE INDEX thirdparty_user_to_tenant_third_party_user_id_index ON thirdparty_user_to_tenant (app_id, tenant_id, third_party_id, third_party_user_id);
+```
+
 ## [10.0.0]
 
 ### Added

build.gradle

@@ -19,7 +19,7 @@ compileTestJava { options.encoding = "UTF-8" }
 //    }
 //}
 
-version = "10.0.0"
+version = "10.0.1"
 
 repositories {
     mavenCentral()

src/main/java/io/supertokens/inmemorydb/queries/EmailPasswordQueries.java

@@ -58,6 +58,11 @@ static String getQueryToCreateUsersTable(Start start) {
                 + ");";
     }
 
+    static String getQueryToCreateEmailPasswordUsersEmailIndex(Start start) {
+        return "CREATE INDEX emailpassword_users_email_index ON "
+                + Config.getConfig(start).getEmailPasswordUsersTable() + "(app_id, email);";
+    }
+
     static String getQueryToCreateEmailPasswordUserToTenantTable(Start start) {
         String emailPasswordUserToTenantTable = Config.getConfig(start).getEmailPasswordUserToTenantTable();
         // @formatter:off
@@ -75,6 +80,11 @@ static String getQueryToCreateEmailPasswordUserToTenantTable(Start start) {
         // @formatter:on
     }
 
+    static String getQueryToCreateEmailPasswordUserToTenantEmailIndex(Start start) {
+        return "CREATE INDEX emailpassword_user_to_tenant_email_index ON "
+                + Config.getConfig(start).getEmailPasswordUserToTenantTable() + "(app_id, tenant_id, email);";
+    }
+
     static String getQueryToCreatePasswordResetTokensTable(Start start) {
         return "CREATE TABLE IF NOT EXISTS " + Config.getConfig(start).getPasswordResetTokensTable() + " ("
                 + "app_id VARCHAR(64) DEFAULT 'public',"

src/main/java/io/supertokens/inmemorydb/queries/GeneralQueries.java

@@ -292,12 +292,19 @@ public static void createTablesIfNotExists(Start start, Main main) throws SQLExc
         if (!doesTableExists(start, Config.getConfig(start).getEmailPasswordUsersTable())) {
             getInstance(main).addState(CREATING_NEW_TABLE, null);
             update(start, EmailPasswordQueries.getQueryToCreateUsersTable(start), NO_OP_SETTER);
+
+            // index
+            update(start, EmailPasswordQueries.getQueryToCreateEmailPasswordUsersEmailIndex(start), NO_OP_SETTER);
         }
 
         if (!doesTableExists(start, Config.getConfig(start).getEmailPasswordUserToTenantTable())) {
             getInstance(main).addState(CREATING_NEW_TABLE, null);
             update(start, EmailPasswordQueries.getQueryToCreateEmailPasswordUserToTenantTable(start),
                     NO_OP_SETTER);
+
+            // index
+            update(start, EmailPasswordQueries.getQueryToCreateEmailPasswordUserToTenantEmailIndex(start),
+                    NO_OP_SETTER);
         }
 
         if (!doesTableExists(start, Config.getConfig(start).getPasswordResetTokensTable())) {
@@ -322,6 +329,7 @@ public static void createTablesIfNotExists(Start start, Main main) throws SQLExc
         if (!doesTableExists(start, Config.getConfig(start).getThirdPartyUsersTable())) {
             getInstance(main).addState(CREATING_NEW_TABLE, null);
             update(start, ThirdPartyQueries.getQueryToCreateUsersTable(start), NO_OP_SETTER);
+
             // index
             update(start, ThirdPartyQueries.getQueryToThirdPartyUserEmailIndex(start), NO_OP_SETTER);
             update(start, ThirdPartyQueries.getQueryToThirdPartyUserIdIndex(start), NO_OP_SETTER);
@@ -330,6 +338,9 @@ public static void createTablesIfNotExists(Start start, Main main) throws SQLExc
         if (!doesTableExists(start, Config.getConfig(start).getThirdPartyUserToTenantTable())) {
             getInstance(main).addState(CREATING_NEW_TABLE, null);
             update(start, ThirdPartyQueries.getQueryToCreateThirdPartyUserToTenantTable(start), NO_OP_SETTER);
+
+            // index
+            update(start, ThirdPartyQueries.getQueryToCreateThirdPartyUserToTenantThirdPartyUserIdIndex(start), NO_OP_SETTER);
         }
 
         if (!doesTableExists(start, Config.getConfig(start).getJWTSigningKeysTable())) {
@@ -340,12 +351,20 @@ public static void createTablesIfNotExists(Start start, Main main) throws SQLExc
         if (!doesTableExists(start, Config.getConfig(start).getPasswordlessUsersTable())) {
             getInstance(main).addState(CREATING_NEW_TABLE, null);
             update(start, PasswordlessQueries.getQueryToCreateUsersTable(start), NO_OP_SETTER);
+
+            // index
+            update(start, PasswordlessQueries.getQueryToCreatePasswordlessUsersEmailIndex(start), NO_OP_SETTER);
+            update(start, PasswordlessQueries.getQueryToCreatePasswordlessUsersPhoneNumberIndex(start), NO_OP_SETTER);
         }
 
         if (!doesTableExists(start, Config.getConfig(start).getPasswordlessUserToTenantTable())) {
             getInstance(main).addState(CREATING_NEW_TABLE, null);
             update(start, PasswordlessQueries.getQueryToCreatePasswordlessUserToTenantTable(start),
                     NO_OP_SETTER);
+
+            // index
+            update(start, PasswordlessQueries.getQueryToCreatePasswordlessUserToTenantEmailIndex(start), NO_OP_SETTER);
+            update(start, PasswordlessQueries.getQueryToCreatePasswordlessUserToTenantPhoneNumberIndex(start), NO_OP_SETTER);
         }
 
         if (!doesTableExists(start, Config.getConfig(start).getPasswordlessDevicesTable())) {

src/main/java/io/supertokens/inmemorydb/queries/PasswordlessQueries.java

@@ -60,6 +60,16 @@ public static String getQueryToCreateUsersTable(Start start) {
                 + ");";
     }
 
+    static String getQueryToCreatePasswordlessUsersEmailIndex(Start start) {
+        return "CREATE INDEX passwordless_users_email_index ON "
+                + Config.getConfig(start).getPasswordlessUsersTable() + "(app_id, email);";
+    }
+
+    static String getQueryToCreatePasswordlessUsersPhoneNumberIndex(Start start) {
+        return "CREATE INDEX passwordless_users_phone_number_index ON "
+                + Config.getConfig(start).getPasswordlessUsersTable() + "(app_id, phone_number);";
+    }
+
     static String getQueryToCreatePasswordlessUserToTenantTable(Start start) {
         String passwordlessUserToTenantTable = Config.getConfig(start).getPasswordlessUserToTenantTable();
         // @formatter:off
@@ -79,6 +89,16 @@ static String getQueryToCreatePasswordlessUserToTenantTable(Start start) {
         // @formatter:on
     }
 
+    static String getQueryToCreatePasswordlessUserToTenantEmailIndex(Start start) {
+        return "CREATE INDEX passwordless_user_to_tenant_email_index ON "
+                + Config.getConfig(start).getPasswordlessUserToTenantTable() + "(app_id, tenant_id, email);";
+    }
+
+    static String getQueryToCreatePasswordlessUserToTenantPhoneNumberIndex(Start start) {
+        return "CREATE INDEX passwordless_user_to_tenant_phone_number_index ON "
+                + Config.getConfig(start).getPasswordlessUserToTenantTable() + "(app_id, tenant_id, phone_number);";
+    }
+
     public static String getQueryToCreateDevicesTable(Start start) {
         return "CREATE TABLE IF NOT EXISTS " + Config.getConfig(start).getPasswordlessDevicesTable() + " ("
                 + "app_id VARCHAR(64) DEFAULT 'public',"

src/main/java/io/supertokens/inmemorydb/queries/ThirdPartyQueries.java

@@ -85,6 +85,11 @@ static String getQueryToCreateThirdPartyUserToTenantTable(Start start) {
         // @formatter:on
     }
 
+    static String getQueryToCreateThirdPartyUserToTenantThirdPartyUserIdIndex(Start start) {
+        return "CREATE INDEX thirdparty_user_to_tenant_third_party_user_id_index ON "
+                + Config.getConfig(start).getThirdPartyUserToTenantTable() + "(app_id, tenant_id, third_party_id, third_party_user_id);";
+    }
+
     public static AuthRecipeUserInfo signUp(Start start, TenantIdentifier tenantIdentifier, String id, String email,
                                             LoginMethod.ThirdParty thirdParty, long timeJoined)
             throws StorageQueryException, StorageTransactionLogicException {

src/main/java/io/supertokens/webserver/WebserverAPI.java

@@ -46,6 +46,8 @@
 import java.io.IOException;
 import java.util.HashSet;
 import java.util.Set;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
 import java.util.regex.PatternSyntaxException;
 
 public abstract class WebserverAPI extends HttpServlet {
@@ -532,10 +534,14 @@ protected void service(HttpServletRequest req, HttpServletResponse resp) throws
                 } else if (rootCause instanceof BadPermissionException) {
                     sendTextResponse(403, rootCause.getMessage(), resp);
                 } else {
-                    sendTextResponse(500, rootCause.toString(), resp);
+                    String msg = rootCause.toString();
+                    msg = maskDBPassword(msg);
+                    sendTextResponse(500, msg, resp);
                 }
             } else {
-                sendTextResponse(500, e.toString(), resp);
+                String msg = e.toString();
+                msg = maskDBPassword(msg);
+                sendTextResponse(500, msg, resp);
             }
         }
         Logging.info(main, tenantIdentifier, "API ended: " + req.getRequestURI() + ". Method: " + req.getMethod(),
@@ -550,6 +556,21 @@ protected void service(HttpServletRequest req, HttpServletResponse resp) throws
         }
     }
 
+    public static String maskDBPassword(String log) {
+        String regex = "(\\|db_pass\\|)(.*?)(\\|db_pass\\|)";
+
+        Matcher matcher = Pattern.compile(regex).matcher(log);
+        StringBuffer maskedLog = new StringBuffer();
+
+        while (matcher.find()) {
+            String maskedPassword = "*".repeat(8);
+            matcher.appendReplacement(maskedLog, "|" + maskedPassword + "|");
+        }
+
+        matcher.appendTail(maskedLog);
+        return maskedLog.toString();
+    }
+
     protected String getRIDFromRequest(HttpServletRequest req) {
         return req.getHeader("rId");
     }