mirror of
https://github.com/koala73/worldmonitor.git
synced 2026-04-25 17:14:57 +02:00
f179e03127
* perf(cache): add CF edge caching, eliminate request storms Three changes to reduce origin request volume: 1. Gateway cache tiers now include `public, s-maxage` so Cloudflare can cache API responses at edge (previously browser-only). Bumped 27 slow-seeded endpoints to appropriate tiers (static->daily for 6h+ seeds, slow->static for 2h seeds). 2. Population exposure: moved computation client-side. The server handler is pure math on 20 hardcoded countries, no reason for network calls. Eliminates ~17.7M requests/week (20 calls per page load -> 0). 3. Consumer prices: wrapped fetchAllMarketsOverview in a circuit breaker so the combined 8-market result is cached as a unit. Returning visitors within 30min hit localStorage instead of firing 8 separate API calls. * test: update shipping-rates tier assertion (static -> daily) * test: update cache tier assertions for three-tier caching design * fix(security): force slow-browser tier for premium endpoints Premium endpoints (PREMIUM_RPC_PATHS + ENDPOINT_ENTITLEMENTS) must not get public s-maxage headers. CF would cache authenticated responses and serve them without re-running auth/entitlement checks. Force these to slow-browser tier (browser-only max-age, no public/s-maxage). * fix(security): add list-market-implications to PREMIUM_RPC_PATHS PRO-only panel endpoint was missing from premium paths, allowing CF edge caching to serve authenticated responses to unauthenticated users. * chore: disable deduct-situation panel and endpoint Panel set to enabled:false in panels.ts, server handler returns early with provider:'disabled'. Code preserved for re-enabling later. * fix(security): suppress CDN-Cache-Control for premium endpoints too P1: slow-browser tier still had CDN-Cache-Control with public s-maxage, letting Vercel CDN cache premium responses for same-origin requests. Now CDN caching is fully disabled for premium endpoints. P2: revert server-side deduct-situation disable. Keep backend intact so the published API and correlation engine enrichment still work. Only the panel is disabled (enabled:false in panels.ts).
98 lines
3.6 KiB
JavaScript
98 lines
3.6 KiB
JavaScript
import { describe, it } from 'node:test';
|
|
import assert from 'node:assert/strict';
|
|
import { readFileSync, readdirSync, statSync } from 'node:fs';
|
|
import { dirname, resolve, join } from 'node:path';
|
|
import { fileURLToPath } from 'node:url';
|
|
|
|
const __dirname = dirname(fileURLToPath(import.meta.url));
|
|
const root = resolve(__dirname, '..');
|
|
|
|
function extractGetRoutes() {
|
|
const generatedDir = join(root, 'src', 'generated', 'server', 'worldmonitor');
|
|
const routes = [];
|
|
|
|
function walk(dir) {
|
|
for (const entry of readdirSync(dir)) {
|
|
const full = join(dir, entry);
|
|
if (statSync(full).isDirectory()) {
|
|
walk(full);
|
|
} else if (entry === 'service_server.ts') {
|
|
const src = readFileSync(full, 'utf-8');
|
|
// Match both object literal { method: "GET", path: "/..." }
|
|
// and factory call makeHandler(..., "/...") which is hardcoded as GET
|
|
const re = /method:\s*"GET",[\s\S]*?path:\s*"([^"]+)"/g;
|
|
const re2 = /makeHandler\s*\(\s*"[^"]+",\s*"([^"]+)"/g;
|
|
let m;
|
|
while ((m = re.exec(src)) !== null) {
|
|
routes.push(m[1]);
|
|
}
|
|
while ((m = re2.exec(src)) !== null) {
|
|
routes.push(m[1]);
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
walk(generatedDir);
|
|
return routes.sort();
|
|
}
|
|
|
|
function extractCacheTierKeys() {
|
|
const gatewayPath = join(root, 'server', 'gateway.ts');
|
|
const src = readFileSync(gatewayPath, 'utf-8');
|
|
const re = /'\/(api\/[^']+)':\s*'(fast|medium|slow|slow-browser|static|daily|no-store)'/g;
|
|
const entries = {};
|
|
let m;
|
|
while ((m = re.exec(src)) !== null) {
|
|
entries['/' + m[1]] = m[2];
|
|
}
|
|
return entries;
|
|
}
|
|
|
|
describe('RPC_CACHE_TIER route parity', () => {
|
|
const getRoutes = extractGetRoutes();
|
|
const tierMap = extractCacheTierKeys();
|
|
const tierKeys = Object.keys(tierMap);
|
|
|
|
it('finds at least 50 GET routes in generated server files', () => {
|
|
assert.ok(getRoutes.length >= 50, `Expected ≥50 GET routes, found ${getRoutes.length}`);
|
|
});
|
|
|
|
it('every generated GET route has an explicit cache tier entry', () => {
|
|
const missing = getRoutes.filter((r) => !(r in tierMap));
|
|
assert.deepStrictEqual(
|
|
missing,
|
|
[],
|
|
`Missing RPC_CACHE_TIER entries for:\n ${missing.join('\n ')}\n\nAdd explicit tier entries in server/gateway.ts`,
|
|
);
|
|
});
|
|
|
|
it('every cache tier key maps to a real generated route', () => {
|
|
const stale = tierKeys.filter((k) => !getRoutes.includes(k));
|
|
assert.deepStrictEqual(
|
|
stale,
|
|
[],
|
|
`Stale RPC_CACHE_TIER entries (no matching generated route):\n ${stale.join('\n ')}`,
|
|
);
|
|
});
|
|
|
|
it('no route uses the implicit default tier', () => {
|
|
const gatewaySrc = readFileSync(join(root, 'server', 'gateway.ts'), 'utf-8');
|
|
assert.match(
|
|
gatewaySrc,
|
|
/RPC_CACHE_TIER\[pathname\]\s*\?\?\s*'medium'/,
|
|
'Gateway still has medium default fallback — ensure all routes are explicit',
|
|
);
|
|
});
|
|
|
|
it('slow tier includes public s-maxage for CF edge caching, slow-browser does not', () => {
|
|
const gatewaySrc = readFileSync(join(root, 'server', 'gateway.ts'), 'utf-8');
|
|
const slowLine = gatewaySrc.match(/^\s+slow: '.*'/m)?.[0] ?? '';
|
|
assert.ok(slowLine.includes('public'), 'slow tier must include public for CF caching');
|
|
assert.ok(slowLine.includes('s-maxage'), 'slow tier must include s-maxage for CF edge TTL');
|
|
const slowBrowserLine = gatewaySrc.match(/^\s+'slow-browser': '.*'/m)?.[0] ?? '';
|
|
assert.ok(!slowBrowserLine.includes('public'), 'slow-browser tier must NOT include public');
|
|
assert.ok(!slowBrowserLine.includes('s-maxage'), 'slow-browser tier must NOT include s-maxage');
|
|
});
|
|
});
|