Summary
The public profile cache is not invalidated when platform links are created, updated, deleted, or reordered.
As a result, users can successfully modify their profile links while visitors continue seeing stale data until the cache expires.
Affected Files
- profileService.ts
- publicService.ts
Root Cause
Public profile data is cached using a username-based cache key.
However, platform link mutation flows update the database without invalidating the corresponding cached profile entry.
The cache therefore continues serving outdated platform link information until the configured TTL expires.
Reproduction
- Open a public DevCard profile.
- Ensure the profile response is cached.
- Create, update, delete, or reorder a platform link.
- Immediately revisit the public profile.
- Observe that the old link state is still returned.
- Wait for cache expiration and observe that the updated state finally appears.
Expected Behavior
Profile mutations should invalidate the cached public profile immediately.
Visitors should always see the latest platform link configuration.
Actual Behavior
Stale profile data continues to be served until cache expiration.
Why This Is Difficult To Detect
Most tests validate database state immediately after mutations and do not execute through a warm cache layer.
The issue only appears when cached profile data already exists.
Production Impact
- Deleted links remain visible
- New links remain hidden
- Reordered links appear incorrect
- Public profile consistency is lost
- User actions appear unsuccessful
Suggested Fix
Invalidate the corresponding public profile cache entry after all platform link mutations complete successfully.
Severity
High
Summary
The public profile cache is not invalidated when platform links are created, updated, deleted, or reordered.
As a result, users can successfully modify their profile links while visitors continue seeing stale data until the cache expires.
Affected Files
Root Cause
Public profile data is cached using a username-based cache key.
However, platform link mutation flows update the database without invalidating the corresponding cached profile entry.
The cache therefore continues serving outdated platform link information until the configured TTL expires.
Reproduction
Expected Behavior
Profile mutations should invalidate the cached public profile immediately.
Visitors should always see the latest platform link configuration.
Actual Behavior
Stale profile data continues to be served until cache expiration.
Why This Is Difficult To Detect
Most tests validate database state immediately after mutations and do not execute through a warm cache layer.
The issue only appears when cached profile data already exists.
Production Impact
Suggested Fix
Invalidate the corresponding public profile cache entry after all platform link mutations complete successfully.
Severity
High