perf: improve scalability of session api (#9635)

This pull request improves the scalability of the session API by enhancing middleware tracing and refining SQL query behavior for user authentication methods. # Which Problems Are Solved - Eventstore subscriptions locked each other during they wrote the events to the event channels of the subscribers in push. - `ListUserAuthMethodTypesRequired` query used `Bitmap heap scan` to join the tables needed. - The auth and oidc package triggered projections often when data were read. - The session API triggered the user projection each time a user was searched to write the user check command. # How the Problems Are Solved - the `sync.Mutex` was replaced with `sync.RWMutex` to allow parallel read of the map - The query was refactored to use index scans only - if the data should already be up-to-date `shouldTriggerBulk` is set to false - as the user should already exist for some time the trigger was removed. # Additional Changes - refactoring of `tracing#Span.End` calls # Additional Context - part of https://github.com/zitadel/zitadel/issues/9239 --------- Co-authored-by: Tim Möhlmann <tim+github@zitadel.com>
2025-08-11 19:07:30 +00:00 · 2025-03-28 13:36:05 +01:00
parent 79d1e7d434
commit 817670f1f7
13 changed files with 101 additions and 226 deletions
--- a/internal/query/user_auth_method_test.go
+++ b/internal/query/user_auth_method_test.go
@@ -14,7 +14,6 @@ import (

 	"github.com/zitadel/zitadel/internal/api/authz"
 	"github.com/zitadel/zitadel/internal/domain"
-	"github.com/zitadel/zitadel/internal/zerrors"
 )

 func TestUser_authMethodsCheckPermission(t *testing.T) {
@@ -664,106 +663,6 @@ func Test_UserAuthMethodPrepares(t *testing.T) {
 			},
 			object: (*AuthMethodTypes)(nil),
 		},
-		{
-			name: "prepareUserAuthMethodTypesRequiredQuery no result",
-			prepare: func(ctx context.Context, db prepareDatabase) (sq.SelectBuilder, func(*sql.Row) (*UserAuthMethodRequirements, error)) {
-				builder, scan := prepareUserAuthMethodTypesRequiredQuery(ctx, db)
-				return builder, func(row *sql.Row) (*UserAuthMethodRequirements, error) {
-					return scan(row)
-				}
-			},
-			want: want{
-				sqlExpectations: mockQueriesScanErr(
-					regexp.QuoteMeta(prepareAuthMethodTypesRequiredStmt),
-					nil,
-					nil,
-				),
-				err: func(err error) (error, bool) {
-					if !zerrors.IsNotFound(err) {
-						return fmt.Errorf("err should be zitadel.NotFoundError got: %w", err), false
-					}
-					return nil, true
-				},
-			},
-			object: (*UserAuthMethodRequirements)(nil),
-		},
-		{
-			name: "prepareUserAuthMethodTypesRequiredQuery one second factor",
-			prepare: func(ctx context.Context, db prepareDatabase) (sq.SelectBuilder, func(*sql.Row) (*UserAuthMethodRequirements, error)) {
-				builder, scan := prepareUserAuthMethodTypesRequiredQuery(ctx, db)
-				return builder, func(row *sql.Row) (*UserAuthMethodRequirements, error) {
-					return scan(row)
-				}
-			},
-			want: want{
-				sqlExpectations: mockQueries(
-					regexp.QuoteMeta(prepareAuthMethodTypesRequiredStmt),
-					prepareAuthMethodTypesRequiredCols,
-					[][]driver.Value{
-						{
-							domain.UserTypeHuman,
-							true,
-							true,
-						},
-					},
-				),
-			},
-			object: &UserAuthMethodRequirements{
-				UserType:          domain.UserTypeHuman,
-				ForceMFA:          true,
-				ForceMFALocalOnly: true,
-			},
-		},
-		{
-			name: "prepareUserAuthMethodTypesRequiredQuery multiple second factors",
-			prepare: func(ctx context.Context, db prepareDatabase) (sq.SelectBuilder, func(*sql.Row) (*UserAuthMethodRequirements, error)) {
-				builder, scan := prepareUserAuthMethodTypesRequiredQuery(ctx, db)
-				return builder, func(row *sql.Row) (*UserAuthMethodRequirements, error) {
-					return scan(row)
-				}
-			},
-			want: want{
-				sqlExpectations: mockQueries(
-					regexp.QuoteMeta(prepareAuthMethodTypesRequiredStmt),
-					prepareAuthMethodTypesRequiredCols,
-					[][]driver.Value{
-						{
-							domain.UserTypeHuman,
-							true,
-							true,
-						},
-					},
-				),
-			},
-
-			object: &UserAuthMethodRequirements{
-				UserType:          domain.UserTypeHuman,
-				ForceMFA:          true,
-				ForceMFALocalOnly: true,
-			},
-		},
-		{
-			name: "prepareUserAuthMethodTypesRequiredQuery sql err",
-			prepare: func(ctx context.Context, db prepareDatabase) (sq.SelectBuilder, func(*sql.Row) (*UserAuthMethodRequirements, error)) {
-				builder, scan := prepareUserAuthMethodTypesRequiredQuery(ctx, db)
-				return builder, func(row *sql.Row) (*UserAuthMethodRequirements, error) {
-					return scan(row)
-				}
-			},
-			want: want{
-				sqlExpectations: mockQueryErr(
-					regexp.QuoteMeta(prepareAuthMethodTypesRequiredStmt),
-					sql.ErrConnDone,
-				),
-				err: func(err error) (error, bool) {
-					if !errors.Is(err, sql.ErrConnDone) {
-						return fmt.Errorf("err should be sql.ErrConnDone got: %w", err), false
-					}
-					return nil, true
-				},
-			},
-			object: nil,
-		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {