mirror of
https://github.com/zitadel/zitadel.git
synced 2024-12-14 03:54:21 +00:00
8d94d1b468
# Which Problems Are Solved
When executing many concurrent authentication requests on a single
machine user, there were performance issues. As the same aggregate is
being searched and written to concurrently, we traced it down to a
locking issue on the used index.
We already optimized the token endpoint by creating a separate OIDC
aggregate.
At the time we decided to push a single event to the user aggregate, for
the user audit log. See [technical advisory
10010](https://zitadel.com/docs/support/advisory/a10010) for more
details.
However, a recent security fix introduced an additional search query on
the user aggregate, causing the locking issue we found.
# How the Problems Are Solved
Add a feature flag which disables pushing of the `user.token.v2.added`.
The event has no importance and was only added for informational
purposes on the user objects. The `oidc_session.access_token.added` is
the actual payload event and is pushed on the OIDC session aggregate and
can still be used for audit trail.
# Additional Changes
- Fix an event mapper type for
`SystemOIDCSingleV1SessionTerminationEventType`
# Additional Context
- Reported by support request
- https://github.com/zitadel/zitadel/pull/7822 changed the token
aggregate
- https://github.com/zitadel/zitadel/pull/8631 introduced user state
check
Load test trace graph with `user.token.v2.added` **enabled**. Query
times are steadily increasing:
![image](https://github.com/user-attachments/assets/4aa25055-8721-4e93-b695-625560979909)
Load test trace graph with `user.token.v2.added` **disabled**. Query
times constant:
![image](https://github.com/user-attachments/assets/a7657f6c-0c55-401b-8291-453da5d5caf9)
---------
Co-authored-by: Livio Spring <livio.a@gmail.com>
(cherry picked from commit 63d733b3a2
)
42 lines
1.1 KiB
Go
42 lines
1.1 KiB
Go
package query
|
|
|
|
import (
|
|
"context"
|
|
|
|
"github.com/zitadel/zitadel/internal/domain"
|
|
"github.com/zitadel/zitadel/internal/feature"
|
|
)
|
|
|
|
type FeatureSource[T any] struct {
|
|
Level feature.Level
|
|
Value T
|
|
}
|
|
|
|
func (f *FeatureSource[T]) set(level feature.Level, value any) {
|
|
f.Level = level
|
|
f.Value = value.(T)
|
|
}
|
|
|
|
type SystemFeatures struct {
|
|
Details *domain.ObjectDetails
|
|
|
|
LoginDefaultOrg FeatureSource[bool]
|
|
TriggerIntrospectionProjections FeatureSource[bool]
|
|
LegacyIntrospection FeatureSource[bool]
|
|
UserSchema FeatureSource[bool]
|
|
TokenExchange FeatureSource[bool]
|
|
Actions FeatureSource[bool]
|
|
ImprovedPerformance FeatureSource[[]feature.ImprovedPerformanceType]
|
|
OIDCSingleV1SessionTermination FeatureSource[bool]
|
|
DisableUserTokenEvent FeatureSource[bool]
|
|
}
|
|
|
|
func (q *Queries) GetSystemFeatures(ctx context.Context) (_ *SystemFeatures, err error) {
|
|
m := NewSystemFeaturesReadModel()
|
|
if err := q.eventstore.FilterToQueryReducer(ctx, m); err != nil {
|
|
return nil, err
|
|
}
|
|
m.system.Details = readModelToObjectDetails(m.ReadModel)
|
|
return m.system, nil
|
|
}
|