refactor(core,schemas): refactor to improve lib method performance

packages/core/src/libraries/jwt-customizer.ts

@@ -1,71 +1,64 @@
 import type { JwtCustomizerUserContext } from '@logto/schemas';
-import {
-  userInfoSelectFields,
-  OrganizationScopes,
-  jwtCustomizerUserContextGuard,
-} from '@logto/schemas';
+import { userInfoSelectFields, jwtCustomizerUserContextGuard } from '@logto/schemas';
 import { deduplicate, pick, pickState } from '@silverhand/essentials';
 
+import { type ScopeLibrary } from '#src/libraries/scope.js';
 import { type UserLibrary } from '#src/libraries/user.js';
 import type Queries from '#src/tenants/Queries.js';
 
-export const createJwtCustomizerLibrary = (queries: Queries, userLibrary: UserLibrary) => {
+// Show top 20 organization roles.
+const limit = 20;
+const offset = 0;
+
+export const createJwtCustomizerLibrary = (
+  queries: Queries,
+  userLibrary: UserLibrary,
+  scopeLibrary: ScopeLibrary
+) => {
   const {
     users: { findUserById },
-    rolesScopes: { findRolesScopesByRoleId },
-    scopes: { findScopeById },
-    resources: { findResourceById },
+    rolesScopes: { findRolesScopesByRoleIds },
+    scopes: { findScopesByIds },
     userSsoIdentities,
-    organizations: { relations },
+    organizations: { relations, roles: organizationRoles },
   } = queries;
   const { findUserRoles } = userLibrary;
+  const { attachResourceToScopes } = scopeLibrary;
 
   const getUserContext = async (userId: string): Promise<JwtCustomizerUserContext> => {
     const user = await findUserById(userId);
     const fullSsoIdentities = await userSsoIdentities.findUserSsoIdentitiesByUserId(userId);
     const roles = await findUserRoles(userId);
+    const rolesScopes = await findRolesScopesByRoleIds(roles.map(({ id }) => id));
+    const scopeIds = rolesScopes.map(({ scopeId }) => scopeId);
+    const scopes = await findScopesByIds(scopeIds);
+    const scopesWithResources = await attachResourceToScopes(scopes);
     const organizationsWithRoles = await relations.users.getOrganizationsByUserId(userId);
+    const [_, organizationRolesWithScopes] = await organizationRoles.findAll(limit, offset);
     const userContext = {
       ...pick(user, ...userInfoSelectFields),
       ssoIdentities: fullSsoIdentities.map(pickState('issuer', 'identityId', 'detail')),
       mfaVerificationFactors: deduplicate(user.mfaVerifications.map(({ type }) => type)),
-      roles: await Promise.all(
-        roles.map(async (role) => {
-          const fullRolesScopes = await findRolesScopesByRoleId(role.id);
-          const scopeIds = fullRolesScopes.map(({ scopeId }) => scopeId);
-          return {
-            ...pick(role, 'id', 'name', 'description'),
-            scopes: await Promise.all(
-              scopeIds.map(async (scopeId) => {
-                const scope = await findScopeById(scopeId);
-                return {
-                  ...pick(scope, 'id', 'name', 'description'),
-                  ...(await findResourceById(scope.resourceId).then(
-                    ({ indicator, id: resourceId }) => ({ indicator, resourceId })
-                  )),
-                };
-              })
-            ),
-          };
-        })
-      ),
-      organizations: await Promise.all(
-        organizationsWithRoles.map(async ({ organizationRoles, ...organization }) => ({
-          id: organization.id,
-          roles: await Promise.all(
-            organizationRoles.map(async ({ id, name }) => {
-              const [_, fullOrganizationScopes] = await relations.rolesScopes.getEntities(
-                OrganizationScopes,
-                { organizationRoleId: id }
-              );
-              return {
-                id,
-                name,
-                scopes: fullOrganizationScopes.map(pickState('id', 'name', 'description')),
-              };
-            })
-          ),
-        }))
+      roles: roles.map((role) => {
+        const scopeIds = new Set(
+          rolesScopes.filter(({ roleId }) => roleId === role.id).map(({ scopeId }) => scopeId)
+        );
+        return {
+          ...pick(role, 'id', 'name', 'description'),
+          scopes: scopesWithResources
+            .filter(({ id }) => scopeIds.has(id))
+            .map(pickState('id', 'name', 'description', 'resourceId', 'resource')),
+        };
+      }),
+      organizations: organizationsWithRoles.map(pickState('id', 'name', 'description')),
+      organizationRoles: organizationsWithRoles.flatMap(
+        ({ id: organizationId, organizationRoles }) =>
+          organizationRoles.map(({ id: roleId, name: roleName }) => ({
+            organizationId,
+            roleId,
+            roleName,
+            scopes: organizationRolesWithScopes.find(({ id }) => id === roleId)?.scopes ?? [],
+          }))
       ),
     };
 

packages/core/src/libraries/scope.ts

@@ -0,0 +1,30 @@
+import type { Scope, ScopeResponse } from '@logto/schemas';
+
+import type Queries from '#src/tenants/Queries.js';
+import assertThat from '#src/utils/assert-that.js';
+
+export type ScopeLibrary = ReturnType<typeof createScopeLibrary>;
+
+export const createScopeLibrary = (queries: Queries) => {
+  const {
+    resources: { findResourcesByIds },
+  } = queries;
+
+  const attachResourceToScopes = async (scopes: readonly Scope[]): Promise<ScopeResponse[]> => {
+    const resources = await findResourcesByIds(scopes.map(({ resourceId }) => resourceId));
+    return scopes.map((scope) => {
+      const resource = resources.find(({ id }) => id === scope.resourceId);
+
+      assertThat(resource, new Error(`Cannot find resource for id ${scope.resourceId}`));
+
+      return {
+        ...scope,
+        resource,
+      };
+    });
+  };
+
+  return {
+    attachResourceToScopes,
+  };
+};

packages/core/src/routes/role.scope.ts

@@ -1,4 +1,3 @@
-import type { Scope, ScopeResponse } from '@logto/schemas';
 import { scopeResponseGuard, Scopes } from '@logto/schemas';
 import { generateStandardId } from '@logto/shared';
 import { tryThat } from '@silverhand/essentials';
@@ -7,7 +6,6 @@ import { object, string } from 'zod';
 import RequestError from '#src/errors/RequestError/index.js';
 import koaGuard from '#src/middleware/koa-guard.js';
 import koaPagination from '#src/middleware/koa-pagination.js';
-import assertThat from '#src/utils/assert-that.js';
 import { parseSearchParamsForSearch } from '#src/utils/search.js';
 
 import type { AuthedRouter, RouterInitArgs } from './types.js';
@@ -16,7 +14,6 @@ export default function roleScopeRoutes<T extends AuthedRouter>(
   ...[router, { queries, libraries }]: RouterInitArgs<T>
 ) {
   const {
-    resources: { findResourcesByIds },
     rolesScopes: { deleteRolesScope, findRolesScopesByRoleId, insertRolesScopes },
     roles: { findRoleById },
     scopes: { findScopesByIds, countScopesByScopeIds, searchScopesByScopeIds },
@@ -24,22 +21,9 @@ export default function roleScopeRoutes<T extends AuthedRouter>(
   const {
     quota,
     roleScopes: { validateRoleScopeAssignment },
+    scopes: { attachResourceToScopes },
   } = libraries;
 
-  const attachResourceToScopes = async (scopes: readonly Scope[]): Promise<ScopeResponse[]> => {
-    const resources = await findResourcesByIds(scopes.map(({ resourceId }) => resourceId));
-    return scopes.map((scope) => {
-      const resource = resources.find(({ id }) => id === scope.resourceId);
-
-      assertThat(resource, new Error(`Cannot find resource for id ${scope.resourceId}`));
-
-      return {
-        ...scope,
-        resource,
-      };
-    });
-  };
-
   router.get(
     '/roles/:id/scopes',
     koaPagination({ isOptional: true }),

packages/core/src/tenants/Libraries.ts

@@ -10,6 +10,7 @@ import { createPhraseLibrary } from '#src/libraries/phrase.js';
 import { createProtectedAppLibrary } from '#src/libraries/protected-app.js';
 import { createQuotaLibrary } from '#src/libraries/quota.js';
 import { createRoleScopeLibrary } from '#src/libraries/role-scope.js';
+import { createScopeLibrary } from '#src/libraries/scope.js';
 import { createSignInExperienceLibrary } from '#src/libraries/sign-in-experience/index.js';
 import { createSocialLibrary } from '#src/libraries/social.js';
 import { createSsoConnectorLibrary } from '#src/libraries/sso-connector.js';
@@ -22,8 +23,9 @@ export default class Libraries {
   users = createUserLibrary(this.queries);
   phrases = createPhraseLibrary(this.queries);
   hooks = createHookLibrary(this.queries);
+  scopes = createScopeLibrary(this.queries);
   socials = createSocialLibrary(this.queries, this.connectors);
-  jwtCustomizers = createJwtCustomizerLibrary(this.queries, this.users);
+  jwtCustomizers = createJwtCustomizerLibrary(this.queries, this.users, this.scopes);
   passcodes = createPasscodeLibrary(this.queries, this.connectors);
   applications = createApplicationLibrary(this.queries);
   verificationStatuses = createVerificationStatusLibrary(this.queries);

packages/schemas/src/types/jwt-customizer.ts

@@ -1,44 +1,39 @@
 import { z } from 'zod';
 
 import {
-  OrganizationRoles,
+  Organizations,
   OrganizationScopes,
-  Resources,
   Roles,
-  Scopes,
   UserSsoIdentities,
 } from '../db-entries/index.js';
 import { mfaFactorsGuard, jsonObjectGuard } from '../foundations/index.js';
 
 import { jwtCustomizerGuard } from './logto-config/index.js';
+import { scopeResponseGuard } from './scope.js';
 import { userInfoGuard } from './user.js';
 
-const organizationDetailGuard = z.object({
-  id: z.string(),
-  roles: z.array(
-    OrganizationRoles.guard.pick({ id: true, name: true }).extend({
-      scopes: z.array(OrganizationScopes.guard.pick({ id: true, name: true, description: true })),
-    })
-  ),
-});
-
-export type OrganizationDetail = z.infer<typeof organizationDetailGuard>;
-
 export const jwtCustomizerUserContextGuard = userInfoGuard.extend({
-  ssoIdentities: z.array(
-    UserSsoIdentities.guard.pick({ issuer: true, identityId: true, detail: true })
-  ),
+  ssoIdentities: UserSsoIdentities.guard
+    .pick({ issuer: true, identityId: true, detail: true })
+    .array(),
   mfaVerificationFactors: mfaFactorsGuard,
-  roles: z.array(
-    Roles.guard.pick({ id: true, name: true, description: true }).extend({
-      scopes: z.array(
-        Scopes.guard
-          .pick({ id: true, name: true, description: true, resourceId: true })
-          .merge(Resources.guard.pick({ indicator: true }))
-      ),
+  roles: Roles.guard
+    .pick({ id: true, name: true, description: true })
+    .extend({
+      scopes: scopeResponseGuard
+        .pick({ id: true, name: true, description: true, resourceId: true, resource: true })
+        .array(),
     })
-  ),
-  organizations: z.array(organizationDetailGuard),
+    .array(),
+  organizations: Organizations.guard.pick({ id: true, name: true, description: true }).array(),
+  organizationRoles: z
+    .object({
+      organizationId: z.string(),
+      roleId: z.string(),
+      roleName: z.string(),
+      scopes: OrganizationScopes.guard.pick({ id: true, name: true }).array(),
+    })
+    .array(),
 });
 
 export type JwtCustomizerUserContext = z.infer<typeof jwtCustomizerUserContextGuard>;

packages/schemas/src/types/user.ts

@@ -18,24 +18,13 @@ export const userInfoSelectFields = Object.freeze([
   'isSuspended',
 ] as const);
 
-/**
- * The `pick` method of previous implementation will be overridden by `merge`/`extend` method, should explicitly specify keys in `pick` method.
- * DO REMEMBER TO UPDATE THIS GUARD WHEN YOU UPDATE `userInfoSelectFields`.
- */
-export const userInfoGuard = Users.guard.pick({
-  id: true,
-  username: true,
-  primaryEmail: true,
-  primaryPhone: true,
-  name: true,
-  avatar: true,
-  customData: true,
-  identities: true,
-  lastSignInAt: true,
-  createdAt: true,
-  applicationId: true,
-  isSuspended: true,
-});
+export const userInfoGuard = Users.guard.pick(
+  // eslint-disable-next-line no-restricted-syntax
+  Object.fromEntries(userInfoSelectFields.map((field) => [field, true])) as Record<
+    (typeof userInfoSelectFields)[number],
+    true
+  >
+);
 
 export type UserInfo = z.infer<typeof userInfoGuard>;