removeExpiredKeys not scalable?

[peteruithoven]

Superlogin currently seems to authorizes / deauthorizes databases per user (session). When running for example removeExpiredKeys it queries the userDocs for expired keys, collects those per user and then goes per user through all that user's databases to deauthorize the keys. But to deauthorize keys it needs to download the _security document, update it and then upload it again. So this happens amount of users * amount of sessions * amount of personal databases. So say I have 2000 users, each user has 2 sessions and they have 3 databases, this means 12'000 _security document update requests. If I understand the code all these requests are basically started at the same time. This doesn't seem very scalable?

I'm afraid it already fails in our production database, running removeExpiredKeys() goes through quite a lot of users / sessions, but not all and it then throws the following error:

(node:22227) UnhandledPromiseRejectionWarning: Unhandled promise rejection (rejection id: 1): Error: read ECONNRESET

Could be a separate issue, but I'm assuming it's just to much to fast.

A first step might be to make sure these requests happen in series instead of parallel? Maybe like we use an asyncIterator in this code: https://github.com/colinskow/superlogin/issues/63#issuecomment-301041076 Another step might be to cache the _security document and use pouchDB's bulkDocs function to update them?