refactor: comprehensive code review fixes (security, performance, QA)
## Security Improvements - Fix timing attack in verifyApiKey with fixed 256-byte buffer - Fix sortOrder SQL injection with whitelist validation - Fix rate limiting bypass for non-Cloudflare traffic (fail-closed) - Remove stack trace exposure in error responses - Add request_id for audit trail (X-Request-ID header) - Sanitize origin header to prevent log injection - Add content-length validation for /sync endpoint (10KB limit) - Replace Math.random() with crypto.randomUUID() for sync IDs - Expand sensitive data masking patterns (8 → 18) ## Performance Improvements - Reduce rate limiter KV reads from 3 to 1 per request (66% reduction) - Increase sync batch size from 100 to 500 (80% fewer batches) - Fix health check N+1 query with efficient JOINs - Fix COUNT(*) Cartesian product with COUNT(DISTINCT) - Implement shared logger cache pattern across repositories - Add CacheService singleton pattern in recommend.ts - Add composite index for recommendation queries - Implement Anvil pricing query batching (100 per chunk) ## QA Improvements - Add BATCH_SIZE bounds validation (1-1000) - Add pagination bounds (page >= 1, MAX_OFFSET = 100000) - Add min/max range consistency validation - Add DB reference validation for singleton services - Add type guards for database result validation - Add timeout mechanism for external API calls (10-60s) - Use SUPPORTED_PROVIDERS constant instead of hardcoded list ## Removed - Remove Vault integration (using Wrangler secrets) - Remove 6-hour pricing cron (daily sync only) ## Configuration - Add idx_instance_types_specs_filter composite index - Add CORS Access-Control-Expose-Headers Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
kappa
16
schema.sql
16
schema.sql
@@ -77,6 +77,11 @@ CREATE INDEX IF NOT EXISTS idx_instance_types_memory_mb ON instance_types(memory
|
||||
CREATE INDEX IF NOT EXISTS idx_instance_types_instance_family ON instance_types(instance_family);
|
||||
CREATE INDEX IF NOT EXISTS idx_instance_types_gpu_count ON instance_types(gpu_count);
|
||||
|
||||
-- Composite index for recommendation service query pattern
|
||||
-- Optimizes: WHERE provider_id = ? AND memory_mb >= ? AND vcpu >= ?
|
||||
CREATE INDEX IF NOT EXISTS idx_instance_types_specs_filter
|
||||
ON instance_types(provider_id, memory_mb, vcpu);
|
||||
|
||||
-- ============================================================
|
||||
-- Table: pricing
|
||||
-- Description: Region-specific pricing for instance types
|
||||
@@ -105,6 +110,17 @@ CREATE INDEX IF NOT EXISTS idx_pricing_hourly_price ON pricing(hourly_price);
|
||||
CREATE INDEX IF NOT EXISTS idx_pricing_monthly_price ON pricing(monthly_price);
|
||||
CREATE INDEX IF NOT EXISTS idx_pricing_available ON pricing(available);
|
||||
|
||||
-- Composite partial indexes for optimized price sorting with availability filter
|
||||
-- These optimize the most common query pattern: filtering by available=1 and sorting by price
|
||||
-- Partial indexes reduce index size by only indexing available instances
|
||||
CREATE INDEX IF NOT EXISTS idx_pricing_available_hourly_price
|
||||
ON pricing(available, hourly_price)
|
||||
WHERE available = 1;
|
||||
|
||||
CREATE INDEX IF NOT EXISTS idx_pricing_available_monthly_price
|
||||
ON pricing(available, monthly_price)
|
||||
WHERE available = 1;
|
||||
|
||||
-- ============================================================
|
||||
-- Table: price_history
|
||||
-- Description: Historical price tracking for trend analysis
|
||||
|
||||
Reference in New Issue
Block a user