perf: optimize MCP server (O(1) auth, compact JSON, trashedAt fix) + memento-note performance (lazy loading, server-side filtering, XSS fixes, dead code removal, security hardening)
All checks were successful
Deploy to Production / Build and Deploy (push) Successful in 1m35s

MCP Server:
- Fix validateApiKey: O(1) direct lookup by shortId instead of loading all keys
- Add trashedAt:null filter to ALL note queries (trashed notes leaked in results)
- Compact JSON output (~40% smaller responses)
- Bounded session cache (Map with MAX_SESSIONS=500) to prevent memory leaks
- PostgreSQL connection pooling (connection_limit=10)
- Rewrite all 22 tool descriptions in clear English
- Fix /sse fallback to proper 307 redirect

memento-note Performance:
- loading=lazy on all note images
- Split notebooksRefreshKey from global refreshKey (note CRUD no longer re-fetches notebooks)
- Remove searchKey from trash count deps (no re-fetch on every keystroke)
- Server-side notebookId filter in getAllNotes() (biggest win)
- Skip collaborator fetch for non-shared notes (eliminates N+1 API calls)
- next/dynamic for MarkdownContent + 4 modals (code-split remark/rehype/KaTeX)
- Memoize DOMPurify sanitize with useMemo

Security:
- XSS: DOMPurify sanitize in note-card and note-history-modal
- Auth anti-enumeration: uniform errors in auth.ts
- CRON_SECRET mandatory on cron endpoints
- Rate limiting on login (5 attempts/min per email)
- Centralized API auth helpers (requireAuth/requireAdmin)
- randomize-labels changed GET→POST
- Removed debug endpoints (/api/debug/config, /api/debug/test-chat)

Cleanup:
- Removed dead code: .backup-keep, settings-backup, fix-*.js, debug-theme, fix-labels route
- Removed sensitive console.error in auth.ts
- Ollama fetchWithTimeout (30s/60s AbortController)
- i18n: full Arabic translation, Farsi missing keys
- Masonry drag-and-drop fix (localOrderMap, cross-section block)
- Sidebar notebook tooltip on truncation
This commit is contained in:
Antigravity
2026-05-03 18:41:38 +00:00
parent aee4b17306
commit 718f4c6900
58 changed files with 13249 additions and 7474 deletions

View File

@@ -96,52 +96,39 @@ export async function validateApiKey(prisma, rawKey) {
const keyHash = hashKey(rawKey);
// Check cache first
const cached = getCachedKey(keyHash);
if (cached) {
return cached;
}
// Optimized: Use startsWith to leverage index, then filter by hash
// This is much faster than loading all keys
const shortIdFromKey = rawKey.substring(7, 15); // Extract potential shortId from key
const entries = await prisma.systemConfig.findMany({
where: {
key: { startsWith: KEY_PREFIX },
},
take: 100, // Limit to prevent loading too many keys
});
const shortId = rawKey.substring(7, 15);
const configKey = `${KEY_PREFIX}${shortId}`;
for (const entry of entries) {
try {
const info = JSON.parse(entry.value);
if (info.keyHash === keyHash && info.active) {
// Update lastUsedAt (fire and forget - don't wait)
info.lastUsedAt = new Date().toISOString();
prisma.systemConfig.update({
where: { key: entry.key },
data: { value: JSON.stringify(info) },
}).catch(() => {}); // Ignore errors
const entry = await prisma.systemConfig.findUnique({ where: { key: configKey } });
if (!entry) return null;
const result = {
apiKeyId: info.shortId,
apiKeyName: info.name,
userId: info.userId,
userName: info.userName,
};
// Cache the result
setCachedKey(keyHash, result);
return result;
}
} catch {
// Invalid JSON, skip
}
try {
const info = JSON.parse(entry.value);
if (info.keyHash !== keyHash || !info.active) return null;
info.lastUsedAt = new Date().toISOString();
prisma.systemConfig.update({
where: { key: configKey },
data: { value: JSON.stringify(info) },
}).catch(() => {});
const result = {
apiKeyId: info.shortId,
apiKeyName: info.name,
userId: info.userId,
userName: info.userName,
};
setCachedKey(keyHash, result);
return result;
} catch {
return null;
}
return null;
}
/**