sumba 2.12.0 → 2.13.0

package/extend/bajo/hook/waibu@pre-parsing.js

@@ -4,7 +4,8 @@ const preParsing = {
   level: 10,
   handler: async function (req, reply) {
     const { get } = this.app.lib._
-    req.site = await this.getSite(req)
+    const { getHostname } = this.app.waibu
+    req.site = await this.getSite(getHostname(req))
     const routes = get(req.site, checkNoRouteSettingKey)
     checkNoRouteSetting.call(this, req, routes)
   }

package/extend/masohiSocketIo/middleware/server/auth.js

@@ -8,7 +8,7 @@ const auth = {
     socket.join(camelCase(`site ${site.alias}`))
     let user
     if (session.userId) {
-      user = await this.getUser(session.userId)
+      user = await this.getUserById(session.userId)
       if (user) {
         socket.join(camelCase(`user ${user.username}`))
         for (const team of user.teams) {

package/extend/waibuMpa/route/signin.js

@@ -7,7 +7,7 @@ const signin = {
     let error
     if (req.method === 'POST') {
       try {
-        const user = await this.getUserFromUsernamePassword(username, password, req)
+        const user = await this.getUserByUsernamePassword(username, password, req)
         return await this.signin({ user, req, reply })
       } catch (err) {
         error = err

package/extend/waibuRestApi/route/user/access-token/@type/create.js

@@ -14,12 +14,11 @@ async function create () {
 
   const handler = async function (req, reply) {
     const { hash } = this.app.bajoExtra
-    const { getUserFromUsernamePassword, createJwtFromUserRecord } = this
 
     if (!['api-key', 'jwt', 'apiKey'].includes(req.params.type)) throw this.error('invalidTokenType')
-    const rec = await getUserFromUsernamePassword(req.body.username, req.body.password, req)
+    const rec = await this.getUserByUsernamePassword(req.body.username, req.body.password, req)
     if (req.params.type === 'jwt') {
-      const jwt = await createJwtFromUserRecord(rec)
+      const jwt = await this.createJwtFromUserRecord(rec)
       return { data: jwt }
     }
     return { data: { token: await hash(rec.salt) } }

package/index.js

@@ -2,7 +2,7 @@ import path from 'path'
 import createNewSite from './lib/create-new-site.js'
 import removeSite from './lib/remove-site.js'
 import getSite from './lib/get-site.js'
-import getUser from './lib/get-user.js'
+import { getUserById, getUserByToken, getUserByUsernamePassword } from './lib/get-user.js'
 
 /**
  * Plugin factory
@@ -132,10 +132,15 @@ async function factory (pkgName) {
             noWhitespace: false,
             latinOnlyChars: false
           }
+        },
+        cacheTtl: {
+          getSiteDur: '1m',
+          getUserByIdDur: '1m',
+          getUserByTokenDur: '1m'
         }
       }
       this.unsafeUserFields = ['password']
-      this.selfBind(['createNewSite', 'removeSite', 'getSite', 'getUser'])
+      this.selfBind(['createNewSite', 'removeSite', 'getSite', 'getUserById', 'getUserByToken', 'getUserByUsernamePassword'])
     }
 
     init = async () => {
@@ -204,22 +209,6 @@ async function factory (pkgName) {
       }]
     }
 
-    getUserFromUsernamePassword = async (username = '', password = '', req) => {
-      const { importPkg } = this.app.bajo
-      const model = getModel('SumbaUser')
-      await model.validate({ username, password }, null, { partial: true, ns: ['sumba', 'dobo'], fields: ['username', 'password'] })
-      const bcrypt = await importPkg('bajoExtra:bcrypt')
-
-      const query = { username, provider: 'local', siteId: req.site.id }
-      const rows = await model.findRecord({ query }, { req, forceNoHidden: true, noHook: true })
-      if (rows.length === 0) throw this.error('validationError', { details: [{ field: 'username', error: 'Unknown username' }], statusCode: 401 })
-      const rec = rows[0]
-      if (rec.status !== 'ACTIVE') throw this.error('validationError', { details: ['User is inactive or temporarily disabled'], statusCode: 401 })
-      const verified = await bcrypt.compare(password, rec.password)
-      if (!verified) throw this.error('validationError', { details: [{ field: 'password', error: 'invalidPassword' }], statusCode: 401 })
-      return rec
-    }
-
     createJwtFromUserRecord = async (rec) => {
       const { importPkg } = this.app.bajo
       const { dayjs } = this.app.lib
@@ -240,12 +229,11 @@ async function factory (pkgName) {
     }
 
     verifySession = async (req, reply, source, payload) => {
-      const { getUser } = this
       const { routePath } = this.app.waibu
 
       if (!req.session) return false
       if (req.session.userId) {
-        req.user = await getUser(req.session.userId)
+        req.user = await this.getUserById(req.session.userId, req)
         return true
       }
       const redir = routePath(this.config.redirect.signin, req)
@@ -256,22 +244,18 @@ async function factory (pkgName) {
     verifyApiKey = async (req, reply, source, payload) => {
       const { merge } = this.app.lib._
       const { isMd5, hash } = this.app.bajoExtra
-      const { getUser } = this
 
       let token = await this._getToken('apiKey', req, source)
       if (!isMd5(token)) return false
       token = await hash(token)
-      const query = { token }
-      const rows = await getModel('SumbaUser').findRecord({ query }, { req, noHook: true })
-      if (rows.length === 0) throw this.error('invalidKey', merge({ statusCode: 401 }, payload))
-      if (rows[0].status !== 'ACTIVE') throw this.error('userInactive', merge({ details: [{ field: 'status', error: 'inactive' }], statusCode: 401 }, payload))
-      req.user = await getUser(rows[0])
+      const user = await this.getUserByToken(token, req)
+      if (!user) throw this.error('invalidKey', merge({ statusCode: 401 }, payload))
+      if (user.status !== 'ACTIVE') throw this.error('userInactive', merge({ details: [{ field: 'status', error: 'inactive' }], statusCode: 401 }, payload))
+      req.user = user
       return true
     }
 
     verifyBasic = async (req, reply, source, payload) => {
-      const { getUserFromUsernamePassword } = this
-      const { getUser } = this
       const { isEmpty, merge } = this.app.lib._
 
       const setHeader = async (setting, reply) => {
@@ -299,8 +283,7 @@ async function factory (pkgName) {
       const decoded = Buffer.from(authInfo, 'base64').toString()
       const [username, password] = decoded.split(':')
       try {
-        const user = await getUserFromUsernamePassword(username, password, req)
-        req.user = await getUser(user)
+        req.user = await this.getUserByUsernamePassword(username, password, req)
       } catch (err) {
         if (err.statusCode === 401 && setting.realm) {
           await setHeader(setting, reply)
@@ -313,7 +296,6 @@ async function factory (pkgName) {
 
     verifyJwt = async (req, reply, source, payload) => {
       const { importPkg } = this.app.bajo
-      const { getUser } = this
       const { isEmpty, merge } = this.app.lib._
 
       const fastJwt = await importPkg('bajoExtra:fast-jwt')
@@ -328,10 +310,10 @@ async function factory (pkgName) {
       const decoded = await verifier(token)
       const id = decoded.payload.uid
       try {
-        const rec = await getModel('SumbaUser').getRecord(id, { req, noHook: true })
-        if (!rec) throw this.error('invalidToken', { statusCode: 401 })
-        if (rec.status !== 'ACTIVE') throw this.error('userInactive', { details: [{ field: 'status', error: 'inactive' }], statusCode: 401 })
-        req.user = await getUser(rec)
+        const user = await this.getUserById(id, req)
+        if (!user) throw this.error('invalidToken', { statusCode: 401 })
+        if (user.status !== 'ACTIVE') throw this.error('userInactive', { details: [{ field: 'status', error: 'inactive' }], statusCode: 401 })
+        req.user = user
       } catch (err) {
         merge(err, payload)
         throw err
@@ -494,7 +476,9 @@ async function factory (pkgName) {
     createNewSite = createNewSite
     removeSite = removeSite
     getSite = getSite
-    getUser = getUser
+    getUserById = getUserById
+    getUserByToken = getUserByToken
+    getUserByUsernamePassword = getUserByUsernamePassword
   }
 
   return Sumba

package/lib/get-site.js

@@ -1,12 +1,11 @@
 import { parseNsSettings } from './util.js'
 
-async function getSite (req) {
-  const { runHook } = this.app.bajo
-  const { omit, isPlainObject } = this.app.lib._
-  const { getHostname } = this.app.waibu
+async function getSite (input, byId = false) {
+  const { omit } = this.app.lib._
+  const { set: setCache, get: getCache } = this.app.bajoCache ?? {}
   const omitted = ['status']
 
-  await runHook(`${this.ns}:beforeGetSite`, req)
+  let site = {}
   const mergeSetting = async (site) => {
     const { defaultsDeep, isSet } = this.app.lib.aneka
     const { get, filter } = this.app.lib._
@@ -28,21 +27,32 @@ async function getSite (req) {
     // additional fields
     const country = await this.app.dobo.getModel('CdbCountry').getRecord(site.country, { noHook: true })
     site.countryName = (country ?? {}).name ?? site.country
-    await runHook(`${this.ns}:afterGetSite`, req, site)
   }
 
-  let site = {}
-
   const multiSite = this.config.multiSite === true ? { enabled: true, catchAll: 'default' } : this.config.multiSite
   if (!multiSite.enabled) {
-    const resp = await this.app.dobo.getModel('SumbaSite').findOneRecord({ query: { alias: 'default' } }, { noHook: true })
+    const filter = { query: { alias: 'default' } }
+    const key = 'getSite:default'
+    if (getCache) {
+      site = await getCache({ key })
+      if (site) return site
+    }
+    const resp = await this.app.dobo.getModel('SumbaSite').findOneRecord(filter, { noHook: true })
     site = omit(resp, omitted)
     await mergeSetting(site)
+    if (setCache) {
+      await setCache({ key, value: site, ttl: this.config.cacheTtl.getSiteDur })
+    }
     return site
   }
   let query
-  if (!isPlainObject(req)) query = { id: req }
-  else query = { hostname: getHostname(req) }
+  if (byId) query = { id: input }
+  else query = { hostname: input }
+  const key = `getSite:multiSite:${input}`
+  if (getCache) {
+    site = await getCache({ key })
+    if (site) return JSON.parse(site)
+  }
   let row = await this.app.dobo.getModel('SumbaSite').findOneRecord({ query }, { noHook: true })
   if (!row) {
     if (multiSite.catchAll) {
@@ -54,6 +64,9 @@ async function getSite (req) {
   if (row.status !== 'ACTIVE') throw this.error('siteInactiveInfo')
   site = omit(row, omitted)
   await mergeSetting(site)
+  if (setCache) {
+    await setCache({ key, value: JSON.stringify(site), ttl: this.config.cacheTtl.getSiteDur })
+  }
   return site
 }
 

package/lib/get-user.js

@@ -1,19 +1,8 @@
 import { parseNsSettings } from './util.js'
 
-async function getUser (rec, safe = true) {
-  const { runHook } = this.app.bajo
-  const { map, pick, omit, isPlainObject } = this.app.lib._
+export async function mergeTeam (user) {
+  const { map, pick } = this.app.lib._
   const { getModel } = this.app.dobo
-  await runHook(`${this.ns}:beforeGetUser`, rec, safe)
-  let user
-  if (!isPlainObject(rec)) {
-    const mdl = getModel('SumbaUser')
-    user = await mdl.getRecord(rec, { noHook: true, throwNotFound: false })
-  } else {
-    user = rec
-  }
-  if (!user) return null
-  // merge teams
   user.teams = []
   const query = { userId: user.id, siteId: user.siteId }
   let mdl = getModel('SumbaTeamUser')
@@ -25,7 +14,6 @@ async function getUser (rec, safe = true) {
   mdl = getModel('SumbaTeam')
   const teams = await mdl.findAllRecord({ query })
   if (teams.length > 0) {
-    // setting
     delete query.id
     delete query.status
     query.siteId = user.siteId
@@ -42,9 +30,60 @@ async function getUser (rec, safe = true) {
       user.teams.push(item)
     }
   }
-  user = safe ? omit(user, this.unsafeUserFields) : user
-  await runHook(`${this.ns}:afterGetUser`, rec, safe, user)
+  for (const field of this.unsafeUserFields) {
+    delete user[field]
+  }
+}
+
+export async function getUserById (id, req) {
+  const { getModel } = this.app.dobo
+  const { set: setCache, get: getCache } = this.app.bajoCache ?? {}
+  const key = `getUserById:${id}`
+  let user
+  if (getCache) {
+    user = await getCache({ key })
+    if (user) return JSON.parse(user)
+  }
+  user = await getModel('SumbaUser').getRecord(id, { noHook: true, throwNotFound: false, req })
+  if (!user) return
+  await mergeTeam.call(this, user)
+  if (setCache) {
+    await setCache({ key, value: JSON.stringify(user), ttl: this.config.cacheTtl.getUserByIdDur })
+  }
+  return user
+}
+
+export async function getUserByToken (token, req) {
+  const { getModel } = this.app.dobo
+  const { set: setCache, get: getCache } = this.app.bajoCache ?? {}
+  const key = `getUserByToken:${token}`
+  let user
+  if (getCache) {
+    user = await getCache({ key })
+    if (user) return JSON.parse(user)
+  }
+  user = await getModel('SumbaUser').findOneRecord({ query: { token } }, { noHook: true, throwNotFound: false, req })
+  if (!user) return
+  await mergeTeam.call(this, user)
+  if (setCache) {
+    await setCache({ key, value: JSON.stringify(user), ttl: this.config.cacheTtl.getUserByTokenDur })
+  }
   return user
 }
 
-export default getUser
+export async function getUserByUsernamePassword (username = '', password = '', req) {
+  const { getModel } = this.app.dobo
+  const { importPkg } = this.app.bajo
+  const model = getModel('SumbaUser')
+  await model.validate({ username, password }, null, { partial: true, ns: ['sumba', 'dobo'], fields: ['username', 'password'] })
+  const bcrypt = await importPkg('bajoExtra:bcrypt')
+
+  const query = { username, provider: 'local', siteId: req.site.id }
+  const user = await model.findOneRecord({ query }, { req, forceNoHidden: true, noHook: true })
+  if (!user) throw this.error('validationError', { details: [{ field: 'username', error: 'Unknown username' }], statusCode: 401 })
+  if (user.status !== 'ACTIVE') throw this.error('validationError', { details: ['User is inactive or temporarily disabled'], statusCode: 401 })
+  const verified = await bcrypt.compare(password, user.password)
+  if (!verified) throw this.error('validationError', { details: [{ field: 'password', error: 'invalidPassword' }], statusCode: 401 })
+  await mergeTeam.call(this, user)
+  return user
+}

package/lib/util.js

@@ -113,7 +113,7 @@ export async function checkUserId (req, reply, source) {
     const id = get(req, 'session.userId')
     if (!id) return
     try {
-      const user = await this.getUser(id)
+      const user = await this.getUserById(id, req)
       if (user) req.user = user
       else req.session.userId = null
     } catch (err) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "sumba",
-  "version": "2.12.0",
+  "version": "2.13.0",
   "description": "Biz Suite for Bajo Framework",
   "main": "index.js",
   "scripts": {

package/wiki/CHANGES.md

@@ -1,5 +1,9 @@
 # Changes
 
+## 2026-03-25
+
+- [2.13.0] Add bajo cache handling for ```getUser*()``` and ```getSite()```
+
 ## 2026-03-22
 
 - [2.12.0] Add no route settings sitewise