refactor: optimize trusted origins retrieval and caching in auth and admin services

2026-06-15 20:25:23 +02:00 · 2026-02-28 22:33:31 -06:00
parent 1ba0eb0c2e
commit e29a86a85f
2 changed files with 38 additions and 25 deletions
--- a/packages/server/src/lib/auth.ts
+++ b/packages/server/src/lib/auth.ts
@@ -73,23 +73,25 @@ const { handler, api } = betterAuth({
 		disabled: process.env.NODE_ENV === "production",
 	},
 	async trustedOrigins() {
-		const trustedOrigins = await getTrustedOrigins();
 		if (IS_CLOUD) {
-			return trustedOrigins;
+			return getTrustedOrigins();
 		}
-		const settings = await getWebServerSettings();
-		if (!settings) {
-			return [];
-		}
-		return [
-			...(settings?.serverIp ? [`http://${settings?.serverIp}:3000`] : []),
-			...(settings?.host ? [`https://${settings?.host}`] : []),
-			...(process.env.NODE_ENV === "development"
+		const [trustedOrigins, settings] = await Promise.all([
+			getTrustedOrigins(),
+			getWebServerSettings(),
+		]);
+		if (!settings) return [];
+		const devOrigins =
+			process.env.NODE_ENV === "development"
 				? [
 						"http://localhost:3000",
 						"https://absolutely-handy-falcon.ngrok-free.app",
 					]
-				: []),
+				: [];
+		return [
+			...(settings?.serverIp ? [`http://${settings?.serverIp}:3000`] : []),
+			...(settings?.host ? [`https://${settings?.host}`] : []),
+			...devOrigins,
 			...trustedOrigins,
 		];
 	},
--- a/packages/server/src/services/admin.ts
+++ b/packages/server/src/services/admin.ts
@@ -117,23 +117,34 @@ export const getDokployUrl = async () => {
 	return `http://${settings?.serverIp}:${process.env.PORT}`;
 };

-export const getTrustedOrigins = async () => {
-	const members = await db.query.member.findMany({
-		where: eq(member.role, "owner"),
-		with: {
-			user: true,
-		},
-	});
+const TRUSTED_ORIGINS_CACHE_TTL_MS = 60_000;
+let trustedOriginsCache: { data: string[]; expiresAt: number } | null = null;

-	if (members.length === 0) {
-		return [];
+export const getTrustedOrigins = async () => {
+	const runQuery = async () => {
+		const rows = await db
+			.select({ trustedOrigins: user.trustedOrigins })
+			.from(member)
+			.innerJoin(user, eq(member.userId, user.id))
+			.where(eq(member.role, "owner"));
+		return Array.from(new Set(rows.flatMap((r) => r.trustedOrigins ?? [])));
+	};
+
+	if (IS_CLOUD) {
+		const now = Date.now();
+		console.log("trustedOriginsCache", trustedOriginsCache?.data.length);
+		if (trustedOriginsCache && now < trustedOriginsCache.expiresAt) {
+			return trustedOriginsCache.data;
+		}
+		const trustedOrigins = await runQuery();
+		trustedOriginsCache = {
+			data: trustedOrigins,
+			expiresAt: now + TRUSTED_ORIGINS_CACHE_TTL_MS,
+		};
+		return trustedOrigins;
 	}

-	const trustedOrigins = members.flatMap(
-		(member) => member.user.trustedOrigins || [],
-	);
-
-	return Array.from(new Set(trustedOrigins));
+	return runQuery();
 };

 export const getTrustedProviders = async () => {