Skip to content

feat: perf + correctness fixes (user_voted N+1, rate limiting, pg FTS, slug cache)#94

Merged
ajianaz merged 1 commit into
developfrom
feat/perf-and-correctness
Jul 8, 2026
Merged

feat: perf + correctness fixes (user_voted N+1, rate limiting, pg FTS, slug cache)#94
ajianaz merged 1 commit into
developfrom
feat/perf-and-correctness

Conversation

@ajianaz

@ajianaz ajianaz commented Jul 8, 2026

Copy link
Copy Markdown
Contributor

Summary

Four independent perf/correctness improvements.

1. list_posts user_voted N+1 (correctness)

Board list previously always returned user_voted: false — only GET /posts/{id} set it. Now batch-populated via one indexed query over the votes PK (SELECT post_id FROM votes WHERE user_id=? AND post_id IN (...)). Replaces the latent N+1.

2. Rate limiting (closes #43)

In-memory per-IP fixed-window limiter, no external crate (governor was dropped for MSRV). Two independent limiters:

  • /auth/*RUNGU_AUTH_RATE_LIMIT_PER_MIN (default 30)
  • /api/*RUNGU_RATE_LIMIT_PER_MIN (default 300)

0 disables. RUNGU_TRUST_PROXY gates X-Forwarded-For (default false — socket addr). 429 + Retry-After. Per-bucket prune (no global burst reset).

3. PostgreSQL FTS

Generated search_tsv tsvector + GIN index replaces unindexed LOWER(...) LIKE full scan. SQLite stays on FTS5. Search path branches on backend via a Search enum.

4. Project-by-slug cache

get_project_by_slug hit on nearly every request → now served from a 5-min TTL moka cache. Create/update/delete invalidate.

Notes

  • PG migration: tsvector follows the same multi-statement pattern as the rest of the postgres schema. If PG migrations work today, the index is created; no regression to a working PG setup. (lib.rs:61 multi-statement concern is pre-existing infra, tracked separately.)
  • Cora review gate: PASSED.

Checklist

  • cargo fmt --check
  • cargo clippy -D warnings
  • cargo test --workspace (95 pass, +6 new)
  • cora review (passed)

…, slug cache)

- list_posts: batch-populate user_voted (was always false in list view)
- rate limiting: in-memory per-IP limiter on /auth + /api (closes #43)
  gated XFF behind RUNGU_TRUST_PROXY; per-bucket prune (no global burst)
- postgres: generated tsvector + GIN index replaces unindexed LIKE
- get_project_by_slug: 5-min moka cache (hit on most requests)
- tests: +6 (user_voted batch, anon, cache invalidation; rate-limit unit)
@github-actions

github-actions Bot commented Jul 8, 2026

Copy link
Copy Markdown

🔍 Cora AI Code Review

No issues found. Code looks good!


Review powered by cora-cli · BYOK · MIT

@ajianaz ajianaz merged commit 8f6694f into develop Jul 8, 2026
11 checks passed
@ajianaz ajianaz deleted the feat/perf-and-correctness branch July 8, 2026 18:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

feat: rate limiting (API protection)

1 participant