From 98461088f8b00ceafec7e38f75602b498537dd1b Mon Sep 17 00:00:00 2001 From: Daniel Salazar Date: Fri, 26 Jun 2026 12:33:04 -0700 Subject: [PATCH] fix: decrease puts for unused stamps (#3310) --- .../core/http/middleware/authProbe.test.ts | 124 +++--------------- src/backend/core/http/middleware/authProbe.ts | 26 +--- src/backend/server.ts | 1 - .../services/metering/MeteringService.test.ts | 12 -- .../services/metering/MeteringService.ts | 22 ---- 5 files changed, 20 insertions(+), 165 deletions(-) diff --git a/src/backend/core/http/middleware/authProbe.test.ts b/src/backend/core/http/middleware/authProbe.test.ts index 33a9deaaa..ab0aae7e2 100644 --- a/src/backend/core/http/middleware/authProbe.test.ts +++ b/src/backend/core/http/middleware/authProbe.test.ts @@ -545,30 +545,10 @@ describe('createAuthProbe — actor attachment + failure tracking', () => { }); }); -// ── Reauth signal + KV counters ───────────────────────────────────── +// ── Reauth signal ─────────────────────────────────────────────────── describe('createAuthProbe — reauth signal', () => { - /** Capture KV increments without a real store. */ - const makeKvStub = () => { - const calls: Array<{ - key: string; - pathAndAmountMap: Record; - }> = []; - return { - calls, - store: { - incr: async (args: { - key: string; - pathAndAmountMap: Record; - }) => { - calls.push(args); - return { res: {} as Record, usage: 0 }; - }, - }, - }; - }; - - it('sets requiresReauth and counts v1 + reauth.token_v1 for a legacy v1 token', async () => { + it('sets requiresReauth with a signed token for a legacy v1 token', async () => { const stub = makeStubAuth(); stub.setNextResult({ reauth: { reason: 'token_v1', auth_id: 'u-legacy' }, @@ -576,11 +556,7 @@ describe('createAuthProbe — reauth signal', () => { // The probe must still set requiresReauth; gate emits 401. actor: { user: { uuid: 'u-legacy' } }, } as never); - const kv = makeKvStub(); - const probe = createAuthProbe({ - authService: stub.service, - kvStore: kv.store, - }); + const probe = createAuthProbe({ authService: stub.service }); const { req } = await runProbe( probe, makeReq({ headers: { authorization: 'Bearer v1-tok' } }), @@ -590,109 +566,36 @@ describe('createAuthProbe — reauth signal', () => { auth_id: 'u-legacy', reauth_token: 'reauth-jwt:u-legacy', }); - // Both increments fire under the same day-bucketed key. - expect(kv.calls).toHaveLength(1); - expect(kv.calls[0].key).toMatch(/^auth-v2:metrics:\d{4}-\d{2}-\d{2}$/); - expect(kv.calls[0].pathAndAmountMap).toEqual({ - v1: 1, - 'reauth.token_v1': 1, - }); }); - it('sets requiresReauth and counts reauth.session_revoked', async () => { + it('sets requiresReauth for a revoked session', async () => { const stub = makeStubAuth(); stub.setNextResult({ reauth: { reason: 'session_revoked', auth_id: 'u-1' }, }); - const kv = makeKvStub(); - const probe = createAuthProbe({ - authService: stub.service, - kvStore: kv.store, - }); + const probe = createAuthProbe({ authService: stub.service }); const { req } = await runProbe( probe, makeReq({ headers: { authorization: 'Bearer tok' } }), ); expect(req.requiresReauth?.reason).toBe('session_revoked'); - expect(kv.calls[0].pathAndAmountMap).toEqual({ - v1: 1, - 'reauth.session_revoked': 1, - }); }); - it('sets requiresReauth and counts reauth.session_expired', async () => { + it('sets requiresReauth for an expired session', async () => { const stub = makeStubAuth(); stub.setNextResult({ reauth: { reason: 'session_expired', auth_id: 'u-1' }, }); - const kv = makeKvStub(); - const probe = createAuthProbe({ - authService: stub.service, - kvStore: kv.store, - }); + const probe = createAuthProbe({ authService: stub.service }); const { req } = await runProbe( probe, makeReq({ headers: { authorization: 'Bearer tok' } }), ); expect(req.requiresReauth?.reason).toBe('session_expired'); - expect(kv.calls[0].pathAndAmountMap).toEqual({ - v1: 1, - 'reauth.session_expired': 1, - }); }); - it('counts v2 verify (no reauth) for a healthy token', async () => { + it('attaches an actor and no reauth for a healthy v2 token', async () => { const stub = makeStubAuth({ user: { uuid: 'u-1' } }); - const kv = makeKvStub(); - const probe = createAuthProbe({ - authService: stub.service, - kvStore: kv.store, - }); - const { req } = await runProbe( - probe, - makeReq({ headers: { authorization: 'Bearer good-tok' } }), - ); - expect(req.actor).toBeTruthy(); - expect(req.requiresReauth).toBeUndefined(); - expect(kv.calls[0].pathAndAmountMap).toEqual({ v2: 1 }); - }); - - it('does not increment counters when no token is presented', async () => { - const stub = makeStubAuth(); - const kv = makeKvStub(); - const probe = createAuthProbe({ - authService: stub.service, - kvStore: kv.store, - }); - await runProbe(probe, makeReq({})); - // Anonymous-OK routes pay no metrics cost. - expect(kv.calls).toHaveLength(0); - }); - - it('absorbs KV failures — never rejects on the hot path', async () => { - const stub = makeStubAuth({ user: { uuid: 'u-1' } }); - // Failing KV: increments throw. Probe must still succeed. - const failingKv = { - incr: async () => { - throw new Error('kv unavailable'); - }, - }; - const probe = createAuthProbe({ - authService: stub.service, - kvStore: failingKv, - }); - const { req, next } = await runProbe( - probe, - makeReq({ headers: { authorization: 'Bearer good-tok' } }), - ); - expect(next).toHaveBeenCalledWith(); - expect(req.actor).toBeTruthy(); - }); - - it('works without a kvStore (counters become no-ops)', async () => { - const stub = makeStubAuth({ user: { uuid: 'u-1' } }); - // Production may not always pass a KV — fresh installs without - // dynamo wired still need a functioning probe. const probe = createAuthProbe({ authService: stub.service }); const { req } = await runProbe( probe, @@ -702,6 +605,17 @@ describe('createAuthProbe — reauth signal', () => { expect(req.requiresReauth).toBeUndefined(); }); + it('never rejects on the hot path', async () => { + const stub = makeStubAuth({ user: { uuid: 'u-1' } }); + const probe = createAuthProbe({ authService: stub.service }); + const { req, next } = await runProbe( + probe, + makeReq({ headers: { authorization: 'Bearer good-tok' } }), + ); + expect(next).toHaveBeenCalledWith(); + expect(req.actor).toBeTruthy(); + }); + it('logs `[auth-v2] reauth reason= auth_id=` per event', async () => { // The log line is the human-facing forensic counterpart to the // KV counter. Asserting the exact shape so ops can `grep diff --git a/src/backend/core/http/middleware/authProbe.ts b/src/backend/core/http/middleware/authProbe.ts index 2c1cf0583..121b68870 100644 --- a/src/backend/core/http/middleware/authProbe.ts +++ b/src/backend/core/http/middleware/authProbe.ts @@ -22,7 +22,6 @@ import type { AuthService, ReauthReason, } from '../../../services/auth/AuthService'; -import type { SystemKVStore } from '../../../stores/systemKv/SystemKVStore'; // Ensure the `Request.actor` / `Request.token` augmentation is in scope // wherever this middleware is imported. @@ -32,25 +31,8 @@ interface AuthProbeOptions { authService: AuthService; /** Name of the session cookie to inspect. Falls back to `config.cookie_name`. */ cookieName?: string; - kvStore?: SystemKVStore; } -const authV2MetricsKey = (): string => { - const now = new Date(); - const yyyy = now.getUTCFullYear(); - const mm = String(now.getUTCMonth() + 1).padStart(2, '0'); - const dd = String(now.getUTCDate()).padStart(2, '0'); - return `auth-v2:metrics:${yyyy}-${mm}-${dd}`; -}; - -const bumpCounter = ( - kv: Pick | undefined, - pathAndAmountMap: Record, -): void => { - if (!kv) return; - kv.incr({ key: authV2MetricsKey(), pathAndAmountMap }).catch(() => {}); -}; - /** * Non-enforcing auth probe. Runs globally (installed by `PuterServer`) on * every request, tries to locate a token in the usual places, and — if one @@ -70,7 +52,7 @@ const bumpCounter = ( * 6. Socket handshake query (for ws upgrades that pass through HTTP first) */ export const createAuthProbe = (opts: AuthProbeOptions): RequestHandler => { - const { authService, cookieName, kvStore } = opts; + const { authService, cookieName } = opts; return async (req, _res, next): Promise => { // If something upstream already attached an actor, respect it. if (req.actor) { @@ -94,10 +76,6 @@ export const createAuthProbe = (opts: AuthProbeOptions): RequestHandler => { }); if (result.reauth) { - bumpCounter(kvStore, { - v1: 1, - [`reauth.${result.reauth.reason}`]: 1, - }); // Bind a short-lived JWT proving the rejected session // identified this auth_id. The GUI echoes this back on // /login or /signup; the raw auth_id is informational @@ -113,8 +91,6 @@ export const createAuthProbe = (opts: AuthProbeOptions): RequestHandler => { console.info( `[auth-v2] reauth reason=${result.reauth.reason} auth_id=${result.reauth.auth_id ?? '-'}`, ); - } else if (result.actor) { - bumpCounter(kvStore, { v2: 1 }); } if (result.actor) { diff --git a/src/backend/server.ts b/src/backend/server.ts index 64081e7e1..9dcea8f4e 100644 --- a/src/backend/server.ts +++ b/src/backend/server.ts @@ -481,7 +481,6 @@ export class PuterServer { createAuthProbe({ authService, cookieName: this.#config.cookie_name, - kvStore: this.stores.kv, }), ); } diff --git a/src/backend/services/metering/MeteringService.test.ts b/src/backend/services/metering/MeteringService.test.ts index a9dfb1cc0..f2732a68f 100644 --- a/src/backend/services/metering/MeteringService.test.ts +++ b/src/backend/services/metering/MeteringService.test.ts @@ -835,18 +835,6 @@ describe('MeteringService', () => { const { res } = await server.stores.kv.get({ key }); expect(res).toMatchObject({ purchasedCredits: 250 }); }); - - it('persists lastUpdated after an increment', async () => { - const userId = actor.user.uuid; - await target.incrementUsage(actor, 'kv:read', 1, 50); - await waitFor(async () => { - const { res } = await server.stores.kv.get({ - key: `${METRICS_PREFIX}:actor:${userId}:lastUpdated`, - }); - expect(typeof res).toBe('number'); - expect(res).toBeGreaterThan(0); - }); - }); }); // ── Resolver registration ──────────────────────────────────────── diff --git a/src/backend/services/metering/MeteringService.ts b/src/backend/services/metering/MeteringService.ts index 07e0972f4..41d67a7bc 100644 --- a/src/backend/services/metering/MeteringService.ts +++ b/src/backend/services/metering/MeteringService.ts @@ -238,14 +238,6 @@ export class MeteringService extends PuterService { }), ); - this.handleAuxPromise( - 'lastUpdated', - this.stores.kv.set({ - key: `${METRICS_PREFIX}:actor:${userId}:lastUpdated`, - value: Date.now(), - }), - ); - const [actorUsages, actorSubscription, actorAddons] = await Promise.all([ actorUsagesPromise, @@ -401,13 +393,6 @@ export class MeteringService extends PuterService { }, }), ); - this.handleAuxPromise( - 'lastUpdated', - this.stores.kv.set({ - key: `${METRICS_PREFIX}:actor:${userId}:lastUpdated`, - value: Date.now(), - }), - ); const [actorUsages, actorSubscription, actorAddons] = await Promise.all([ @@ -586,13 +571,6 @@ export class MeteringService extends PuterService { }, }), ); - this.handleAuxPromise( - 'lastUpdated', - this.stores.kv.set({ - key: `${METRICS_PREFIX}:actor:${userId}:lastUpdated`, - value: Date.now(), - }), - ); return updated; }