feat(be): improve guard performance using caching strategy with redis (#34)

* feat: improve guard performance using caching strategy with redis

Co-authored-by: shl0501 <[email protected]>
Co-authored-by: 유영재 <[email protected]>

* test: add redis mock data

---------

Co-authored-by: wlgh1553 <[email protected]>
Co-authored-by: shl0501 <[email protected]>
Co-authored-by: 유영재 <[email protected]>

Author: 3 people

apps/server/package.json

@@ -37,6 +37,7 @@
     "class-validator": "^0.14.1",
     "cookie-parser": "^1.4.7",
     "express": "^4.21.1",
+    "ioredis": "^5.4.2",
     "multer": "1.4.5-lts.1",
     "nanoid": "^5.0.8",
     "nest-winston": "^1.9.7",

apps/server/src/app.module.ts

@@ -9,6 +9,7 @@ import { ChatsModule } from '@chats/chats.module';
 import { GlobalExceptionFilter } from '@common/filters/global-exception.filter';
 import { HttpExceptionFilter } from '@common/filters/http-exception.filter';
 import { HttpLoggerMiddleware } from '@common/middlewares/http-logger.middleware';
+import { RedisModule } from '@common/redis.module';
 import { PrismaModule } from '@prisma-alias/prisma.module';
 import { QuestionsModule } from '@questions/questions.module';
 import { RepliesModule } from '@replies/replies.module';
@@ -20,6 +21,7 @@ import { UsersModule } from '@users/users.module';
 
 @Module({
   imports: [
+    RedisModule,
     ConfigModule.forRoot({
       isGlobal: true,
       envFilePath: '.env',

apps/server/src/common/guards/session-token-validation.guard.ts

@@ -1,32 +1,57 @@
-import { CanActivate, ExecutionContext, ForbiddenException, Injectable } from '@nestjs/common';
+import { CanActivate, ExecutionContext, ForbiddenException, Inject, Injectable } from '@nestjs/common';
+import Redis from 'ioredis';
 
 import { SessionsRepository } from '@sessions/sessions.repository';
 import { SessionsAuthRepository } from '@sessions-auth/sessions-auth.repository';
 
 @Injectable()
 export class SessionTokenValidationGuard implements CanActivate {
+  private readonly ttl = 300; // 5분
+
   constructor(
     private readonly sessionsRepository: SessionsRepository,
     private readonly sessionsAuthRepository: SessionsAuthRepository,
+
+    @Inject('REDIS_SESSION') private readonly sessionRedisClient: Redis,
+    @Inject('REDIS_TOKEN') private readonly tokenRedisClient: Redis,
   ) {}
 
   async validateSessionToken(sessionId: string, token: string) {
     if (!sessionId || !token) {
       throw new ForbiddenException('세션 ID와 사용자 토큰이 필요합니다.');
     }
 
-    const session = await this.sessionsRepository.findById(sessionId);
-    if (!session) {
-      throw new ForbiddenException('세션이 존재하지 않습니다.');
-    }
-
+    const sessionKey = sessionId;
+    const expiredDate = await this.sessionRedisClient.get(sessionKey);
     const currentTime = new Date();
-    if (session.expiredAt && session.expiredAt < currentTime) {
-      throw new ForbiddenException('세션이 만료되었습니다.');
+
+    if (!expiredDate) {
+      const session = await this.sessionsRepository.findById(sessionId);
+      if (!session) {
+        throw new ForbiddenException('세션이 존재하지 않습니다.');
+      }
+      if (session.expiredAt && session.expiredAt < currentTime) {
+        throw new ForbiddenException('세션이 만료되었습니다.');
+      }
+      await this.sessionRedisClient.set(sessionKey, session.expiredAt.toISOString(), 'EX', this.ttl);
+    } else {
+      const expiredDateTime = new Date(expiredDate);
+      if (expiredDateTime < currentTime) {
+        await this.sessionRedisClient.del(sessionKey);
+        throw new ForbiddenException('세션이 만료되었습니다.');
+      }
     }
 
-    const userSessionToken = await this.sessionsAuthRepository.findByToken(token);
-    if (!userSessionToken || userSessionToken.sessionId !== sessionId) {
+    const tokenKey = token;
+    const sessionValue = await this.tokenRedisClient.get(tokenKey);
+    if (!sessionValue) {
+      const userSessionToken = await this.sessionsAuthRepository.findByToken(token);
+      if (!userSessionToken || userSessionToken.sessionId !== sessionId) {
+        throw new ForbiddenException('해당 세션에 접근할 권한이 없습니다.');
+      }
+
+      await this.tokenRedisClient.set(tokenKey, userSessionToken.sessionId, 'EX', this.ttl);
+    } else if (sessionValue !== sessionId) {
       throw new ForbiddenException('해당 세션에 접근할 권한이 없습니다.');
     }
   }

apps/server/src/common/redis.module.ts

@@ -0,0 +1,30 @@
+import { Global, Module } from '@nestjs/common';
+import Redis from 'ioredis';
+
+@Global()
+@Module({
+  providers: [
+    {
+      provide: 'REDIS_SESSION',
+      useFactory: () => {
+        return new Redis({
+          host: process.env.REDIS_HOST,
+          port: Number(process.env.REDIS_PORT),
+          db: 0, // 세션용 DB
+        });
+      },
+    },
+    {
+      provide: 'REDIS_TOKEN',
+      useFactory: () => {
+        return new Redis({
+          host: process.env.REDIS_HOST,
+          port: Number(process.env.REDIS_PORT),
+          db: 1, // 토큰용 DB
+        });
+      },
+    },
+  ],
+  exports: ['REDIS_SESSION', 'REDIS_TOKEN'],
+})
+export class RedisModule {}

apps/server/src/sessions/sessions.service.spec.ts

@@ -43,6 +43,12 @@ describe('세션 서비스 (SessionsService)', () => {
             findByTokenWithPermissions: jest.fn(),
           },
         },
+        {
+          provide: 'REDIS_SESSION',
+          useValue: {
+            del: jest.fn().mockResolvedValue(1),
+          },
+        },
       ],
     }).compile();
 

apps/server/src/sessions/sessions.service.ts

@@ -1,4 +1,5 @@
-import { ForbiddenException, Injectable } from '@nestjs/common';
+import { ForbiddenException, Inject, Injectable } from '@nestjs/common';
+import Redis from 'ioredis';
 
 import { CreateSessionDto } from './dto/create-session.dto';
 import { SessionCreateData } from './interface/session-create-data.interface';
@@ -15,6 +16,7 @@ export class SessionsService {
   constructor(
     private readonly sessionRepository: SessionsRepository,
     private readonly sessionsAuthRepository: SessionsAuthRepository,
+    @Inject('REDIS_SESSION') private readonly sessionRedisClient: Redis,
   ) {}
 
   async create(data: CreateSessionDto, userId: number) {
@@ -63,6 +65,7 @@ export class SessionsService {
 
     const expireTime = new Date();
     await this.sessionRepository.updateSessionExpiredAt(sessionId, expireTime);
+    await this.sessionRedisClient.del(sessionId);
     return { expired: true };
   }
 }