Speed up some requests

[fm3]

Speeding up some of the requests that are needed before actual data can be loaded.

• The full api/features response is now cached on the server
• organizationsIsEmpty now uses COUNT(*) in sql rather than findAll + count
• old tokens aren’t looked up if deleteOld is false anyway (e.g. the case for api/userToken/generate)
• Also some refactoring (marked a few methods as private, removed default parameter value of deleteOld, for more explicit code)

The speedups on my local machine are pretty small, but I think some may yield more in production if the respective tables are bigger.

The biggest waits, for me at least, are still olvy (700ms!) and some frontend code (shader compilation?)

URL of deployed dev instance (used for testing):

• https://speeduppageloadrequests.webknossos.xyz

Steps to test:

• Open a dataset, hit F5, look at request timing

Issues:

• contributes to Speed up initial page loading #7982

---

• Considered common edge cases

[coderabbitai]

📝 Walkthrough

📝 Walkthrough

Walkthrough

This pull request introduces modifications across several Scala files in the application, focusing on dependency injection, authentication, and organization management. The changes primarily involve updating method signatures, adding new methods, and refining the logic in controllers and services. Key modifications include enhancing the WebknossosModule with eager singleton binding, optimizing the Application controller's feature rendering, updating authentication token handling, and improving organization-related operations.

Changes

File	Change Summary
app/WebknossosModule.scala	Added eager singleton binding for Application class
app/controllers/Application.scala	Cached features result, optimized features action
app/controllers/AuthenticationController.scala	Updated password reset token creation with deleteOld parameter
app/controllers/OrganizationController.scala	Enhanced organization management methods with improved checks and error handling
app/models/organization/Organization.scala	Added isEmpty method, updated findOne method
app/security/BearerTokenAuthenticatorRepository.scala	Modified token addition logic with deleteOld parameter
app/security/CombinedAuthenticatorService.scala	Adjusted method visibility and token creation logic
app/security/WebknossosBearerTokenAuthenticatorService.scala	Removed default parameters, added logging to token creation

Possibly related PRs

• Route to register aiModel #8127: New route for registering AI models, related to Application class modifications.
• Improve error messages for starting jobs on other orgs datasets #8181: Improved error messages for job processing, indirectly related to error handling improvements in the main PR.
• Log data loading errors in conversion / mapping application #8202: Enhanced error logging, relevant to dependency management and initialization changes.
• Fix accessing public datasets #8242: Modifications to access control and validation, connecting with changes in dependency injection.
• Fix nml upload with only ds name in nml by using user's orga as fallback #8277: Changes regarding fallback mechanisms for organization ID, relating to overall application structure.

Suggested labels

new feature, bug

Suggested reviewers

• frcroth
• normanrz

Poem

🐰 In the realm of code, where rabbits hop and play,
Modules bind, authenticators sway,
Organizations dance with newfound grace,
Tokens spin in a digital embrace,
A symphony of changes, bright and clear! 🌟

---

📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between dcff37c and f97af80.

📒 Files selected for processing (1)

• app/security/WebknossosBearerTokenAuthenticatorService.scala (2 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• app/security/WebknossosBearerTokenAuthenticatorService.scala

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR. (Beta)
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (4)

app/models/organization/Organization.scala (1)

83-87: Excellent performance optimization!

The implementation efficiently uses COUNT(*) instead of retrieving all records, which aligns perfectly with the PR objectives for improving request performance.

Consider adding an index on the table if not already present, as this query might be frequently used during application startup.

app/security/CombinedAuthenticatorService.scala (1)

Line range hint 42-61: Consider improving documentation for token management

Given the recent changes to token management (particularly the deleteOld parameter), it would be helpful to:

1. Document the token cleanup behavior in the class-level comments
2. Add scaladoc to the createToken method explaining when old tokens are deleted
3. Consider adding logging for token cleanup operations

Example documentation:

/**
 * Combines cookie and bearer token authentication strategies.
 * Token management:
 * - New tokens are created with automatic cleanup of old tokens
 * - Old tokens for the same login info are removed during token initialization
 */

app/WebknossosModule.scala (1)

20-20: LGTM! Consider monitoring cache memory impact.

The eager singleton binding for Application class aligns well with the caching strategy. This ensures the features response is cached at startup and readily available for subsequent requests.

Consider implementing cache size monitoring and potentially adding cache eviction policies if the cached response grows significantly in production. This would help prevent memory issues if the features configuration becomes large.

app/controllers/Application.scala (1)

59-59: Consider adding cache hit/miss metrics.

To validate the caching effectiveness in production, consider adding metrics to track cache usage.

  def features: Action[AnyContent] = sil.UserAwareAction {
+   metrics.counter("features.cache.hit").increment()
    cachedFeaturesResult
  }

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 32257f1 and dcff37c.

📒 Files selected for processing (8)

• app/WebknossosModule.scala (2 hunks)
• app/controllers/Application.scala (2 hunks)
• app/controllers/AuthenticationController.scala (1 hunks)
• app/controllers/OrganizationController.scala (1 hunks)
• app/models/organization/Organization.scala (1 hunks)
• app/security/BearerTokenAuthenticatorRepository.scala (1 hunks)
• app/security/CombinedAuthenticatorService.scala (2 hunks)
• app/security/WebknossosBearerTokenAuthenticatorService.scala (2 hunks)

🔇 Additional comments (8)

app/controllers/OrganizationController.scala (1)

44-46: Well-implemented optimization!

The controller now efficiently uses the optimized isEmpty method from the DAO, maintaining the same API contract while improving performance.

Let's verify the API contract hasn't changed:

✅ Verification successful

Let me verify the API contract by checking the implementation details of the frontend consumer.

---

API contract verification successful

The frontend consumer correctly expects and handles a JSON boolean response, negating it to determine organization existence. The optimized isEmpty implementation in the controller maintains this contract by returning the boolean wrapped in JSON, ensuring compatibility with the existing frontend implementation.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Check if there are any direct consumers of this endpoint that might be affected
rg -A 2 "organizationsIsEmpty" --type ts --type js

Length of output: 256

---

Script:

#!/bin/bash
# Check the implementation context of the frontend consumer
rg -B 2 -A 5 "organizationsIsEmpty" frontend/javascripts/admin/admin_rest_api.ts

Length of output: 401

app/security/CombinedAuthenticatorService.scala (1)

42-49: LGTM: Good encapsulation improvement

Making cookieAuthenticatorService private is a good practice as it's an implementation detail that should only be accessed through the public methods of CombinedAuthenticatorService.

app/security/BearerTokenAuthenticatorRepository.scala (1)

59-66: Verify backward compatibility with deleteOld parameter.

The default value of true for deleteOld parameter might affect existing callers. Ensure all call sites are updated appropriately.

✅ Verification successful

Let me search for more context about the usage of this method.

---

Let me search for the method's history to understand if this is a new parameter or an existing one.

---

Let me try a broader search to understand the method's usage and inheritance.

---

Based on the search results, I can generate the final response:

The deleteOld parameter appears to be safe for backward compatibility

The codebase search shows only one direct caller of the add method in BearerTokenAuthenticatorRepository, which is an internal call using TokenType.Authentication without explicitly setting the deleteOld parameter. Since the parameter has a default value of true, this maintains the existing behavior for the single identified caller.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Search for direct calls to add method to verify parameter usage
rg -A 2 "add\(.*TokenType" 

Length of output: 344

---

Script:

#!/bin/bash
# Search for the complete class definition to understand the method signature
ast-grep --pattern 'class BearerTokenAuthenticatorRepository {
  $$$
}'

# Search for any other potential callers of this method
rg -A 3 "add.*authenticator.*TokenType|add.*TokenType.*authenticator"

Length of output: 575

---

Script:

#!/bin/bash
# Search for the method definition to understand its visibility and inheritance
rg -B 3 "def add.*deleteOld.*BearerTokenAuthenticator"

# Search for any potential parent traits or interfaces
rg "trait.*BearerTokenAuthenticator.*Repository"

Length of output: 107

---

Script:

#!/bin/bash
# Search for the add method definition with more context
rg -B 5 -A 5 "def add.*authenticator.*tokenType"

# Look for any abstract or trait definitions related to this repository
rg "trait.*Repository.*extends|abstract.*Repository.*extends"

Length of output: 114

app/controllers/Application.scala (1)

54-57: LGTM! Consider monitoring response size.

The caching implementation is appropriate for static configuration that only changes on server restart.

Let's verify the features configuration structure:

✅ Verification successful

LGTM! Features configuration structure verified.

The caching implementation is appropriate, and the features configuration structure is well-defined in conf/application.conf with clear settings:

• discussionBoard
• discussionBoardRequiresAdmin
• hideNavbarLogin
• isWkorgInstance
• recommendWkorgInstance

The cached response will be compact as it uses ConfigRenderOptions.concise() for rendering.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Check the features configuration structure
rg -l "features\s*{" --type conf

Length of output: 122

---

Script:

#!/bin/bash
# Let's try a different approach to find configuration files and check their content
fd -e conf -e config -e json | xargs cat 2>/dev/null | grep -A5 "features"

Length of output: 894

---

Script:

#!/bin/bash
# Also search for references to features configuration in the code
rg "getConfig\(\"features\""

Length of output: 181

---

Script:

#!/bin/bash
# Look for configuration files directly
fd -e conf -e config -e json

Length of output: 397

app/security/WebknossosBearerTokenAuthenticatorService.scala (3)

67-73: LGTM! Good addition of performance logging.

The method properly implements token creation with performance monitoring, which aligns with the PR's performance focus.

---

Line range hint 75-79: LGTM! Method signature change is consistent.

The method properly implements the token creation and initialization flow with explicit deleteOld parameter.

---

Line range hint 57-65: LGTM! Verify all callers pass explicit deleteOld parameter.

The removal of the default parameter value improves code clarity by making token deletion behavior explicit.

✅ Verification successful

Let me search for any potential callers that might not be using the three-parameter version to ensure completeness.

---

Let me check the CombinedAuthenticatorService implementation to understand how it's using the init method.

---

All callers correctly pass the deleteOld parameter

The verification confirms that all usages of the init method in WebknossosBearerTokenAuthenticatorService properly include the deleteOld parameter. There are two types of callers:

1. Direct call in the same file with explicit parameters:

   • Line 78: init(tokenAuthenticator, tokenType, deleteOld)

2. Indirect call through CombinedAuthenticatorService:

   • Line 52: tokenAuthenticatorService.init(_, TokenType.Authentication, deleteOld = true)

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify all callers of init method pass the deleteOld parameter
ast-grep --pattern 'init($_, $_, $_)'

Length of output: 167

---

Script:

#!/bin/bash
# Search for any calls to init method with different parameter counts
rg "\.init\(" -A 1

Length of output: 2959

---

Script:

#!/bin/bash
# Get the implementation of CombinedAuthenticatorService
cat app/security/CombinedAuthenticatorService.scala

Length of output: 6658

app/controllers/AuthenticationController.scala (1)

280-281: LGTM! Proper handling of password reset tokens.

Setting deleteOld=true is the correct security practice for password reset tokens, ensuring that old reset tokens are invalidated when a new one is generated.

[coderabbitai]

⚠️ Potential issue

Fix unused Future in createToken method

There's an issue with Future handling in this method:

1. Line 60 creates a Future that's not used (the result of tokenAuthenticatorService.init is discarded)
2. Line 61 creates a new Future without waiting for the initialization

Consider this fix to properly chain the operations:

  private def createToken(loginInfo: LoginInfo): Future[CombinedAuthenticator] = {
    val tokenAuthenticator = tokenAuthenticatorService.create(loginInfo, TokenType.Authentication)
-   tokenAuthenticator.map(tokenAuthenticatorService.init(_, TokenType.Authentication, deleteOld = true))
-   tokenAuthenticator.map(CombinedAuthenticator(_))
+   tokenAuthenticator.flatMap { auth =>
+     tokenAuthenticatorService.init(auth, TokenType.Authentication, deleteOld = true)
+     Future.successful(CombinedAuthenticator(auth))
+   }
  }

Committable suggestion skipped: line range outside the PR's diff.

[coderabbitai]

🛠️ Refactor suggestion

Optimize Future handling in removeByLoginInfoIfPresent.

The nested Future operations could potentially block. Consider flattening the Future chain:

-  private def removeByLoginInfoIfPresent(loginInfo: LoginInfo, tokenType: TokenType): Unit =
-    for {
-      oldOpt <- findOneByLoginInfo(loginInfo, tokenType)
-      _ = oldOpt.foreach(old => remove(old.id))
-    } yield ()
+  private def removeByLoginInfoIfPresent(loginInfo: LoginInfo, tokenType: TokenType): Future[Unit] =
+    findOneByLoginInfo(loginInfo, tokenType).flatMap {
+      case Some(old) => remove(old.id)
+      case None => Future.successful(())
+    }

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	private def removeByLoginInfoIfPresent(loginInfo: LoginInfo, tokenType: TokenType): Unit =
	for {
	oldOpt <- findOneByLoginInfo(loginInfo, tokenType)
	_ = oldOpt.foreach(old => remove(old.id))
	} yield ()
	private def removeByLoginInfoIfPresent(loginInfo: LoginInfo, tokenType: TokenType): Future[Unit] =
	findOneByLoginInfo(loginInfo, tokenType).flatMap {
	case Some(old) => remove(old.id)
	case None => Future.successful(())
	}