meteor-integration icon indicating copy to clipboard operation
meteor-integration copied to clipboard

Published 20 hours ago • verified publisher icon apollographql

Optimize getUserForContext to fetch the minimun required user fields

Open j0nd0n7 opened this issue 7 years ago • 3 comments

For every request made by a logged in user getUserForContext fetch the entire user doc. Normally only the userId (+ a role flied) is relevant for access controlling.

It would be more performant if getUserForContext fetch the minimum required fields for this package to work properly as well as allowing the developer to configure additional fields to fetch wich are required by the app.

/label feature

j0nd0n7 avatar Mar 27 '18 17:03 j0nd0n7

Hi @lorensr since Meteor "recently" supports $expr by Mongo 3.6 and now 4.0, I'm using this query to delegate token checking to mongo and fetch only the minimum required user fields.

export const getUser = async (loginToken, fields) => {
  if (!loginToken) return null;
  check(loginToken, String);

  const hashedToken = Accounts._hashLoginToken(loginToken);
  const tokenLifetime = Accounts._getTokenLifetimeMs();
  return await Meteor.users.rawCollection().findOne(
    {
      'services.resume.loginTokens.hashedToken': hashedToken,
      $expr: {
        $ne: [
          {
            $size: {
              $ifNull: [
                {
                  $filter: {
                    input: '$services.resume.loginTokens',
                    as: 'token',
                    cond: {
                      $and: [
                        {$eq: ['$$token.hashedToken', hashedToken]},
                        {$lt: [new Date(), {$add: ['$$token.when', tokenLifetime]}]},
                      ],
                    },
                  },
                },
                [],
              ],
            },
          },
          0,
        ],
      },
    },
    {fields},
  );
};

I think it would be a nice addition to integrate something like this using either:

  • an if to check which version of mongo is using the app (I don't know how to check it),
  • provide 2 getUser functions, and let the developer pick the prefered one
  • a flag to let the developer select the checking+fetch method.

Let me know what do you think. Regards

j0nd0n7 avatar Oct 15 '18 04:10 j0nd0n7

Oh cool! Didn't know you could do that with Mongo. Not sure if the speed improvement is worth the added complexity—perhaps the rare cases in which the JS logic is a speed problem can find this issue and use your code.

I like the fields, maybe as

export const getUser = async (loginToken, { fields } = {}) => {

to provide for future options in the second arg

lorensr avatar Oct 15 '18 04:10 lorensr

Note it's not only js processing, you save the network bandwidth required to retrieve the user object, for all the request that require token verification. Depending on the application, that requests could be the majority.

j0nd0n7 avatar Oct 18 '18 23:10 j0nd0n7