Now we have a normalized sequence of "security" middlewares for public endpoints:
1. crash recovery (always first)
2. CDN security (whatever that means)
3. HTTP metrics (prometheus)
4. rate limiter (effect will be visible via metrics, but not logs)
5. out tracing (for logs)
6. All the rest
Since this commit, this sequence is same in both portal and API servers.
- fix not using "order by" for top usage query in CH
- skip querying users from CH entirely because we anyway have to get them
- fix typo in job crash handler
- more aggressive caching of API keys and added cache warmup
- remove direct DB access in APIkey() middleware immediately
- decrease resources usage for test puzzles
- decrease cache collision possibility for cached solved puzzles
- cosmetic improvement in rate limiter and leaky bucket Updater logic
- move user limits check and API key backfill to a separate goroutine
Main reason being otter/v2 release with APIs for sliding expiration.
- added new cache API to use Loader logic from otter/v2 (fetch from DB)
- main direction of work is improving "negative caching" performance
(currently it is still intertwined with the main cache)
- expose new Prometheus metric for cache hit ratio
Taras Kushnir