Optimize fetching of remaining package names in security advisories API endpoint to do less redis round trips

Author: Seldaek

config/packages/snc_redis.yaml

@@ -18,6 +18,7 @@ snc_redis:
                 commands:
                     fetchVersionIds: 'App\Redis\FetchVersionIds'
                     downloadsIncr: 'App\Redis\DownloadsIncr'
+                    packagesExist: 'App\Redis\PackagesExist'
 
         cache:
             type: predis

src/Controller/ApiController.php

@@ -366,8 +366,11 @@ public function securityAdvisoryAction(Request $request, ProviderManager $provid
 
         // Ensure known packages are returned even if no advisory is present to ensure they do not get retried by composer in lower prio repos
         // Do a max of 1000 packages to prevent abuse
-        foreach (array_slice($packageNames, 0, 1000) as $name) {
-            if (!isset($response['advisories'][$name]) && $providerManager->packageExists($name)) {
+        $packagesToCheck = array_slice($packageNames, 0, 1000);
+        $packageExists = $providerManager->packagesExist($packagesToCheck);
+        
+        foreach ($packagesToCheck as $name) {
+            if (!isset($response['advisories'][$name]) && ($packageExists[strtolower($name)] ?? false)) {
                 $response['advisories'][$name] = [];
             }
         }

src/Model/DownloadManager.php

@@ -186,7 +186,7 @@ public function addDownloads(array $jobs, string $ip, string $phpMinor, string $
         $args[] = $month;
         $args[] = $throttleExpiry;
 
-        /** @phpstan-ignore-next-line */
+        /** @phpstan-ignore-next-line method.notFound */
         $this->redis->downloadsIncr(...$args);
     }
 

src/Model/ProviderManager.php

@@ -29,6 +29,30 @@ public function packageExists(string $name): bool
         return (bool) $this->redis->sismember('set:packages', strtolower($name));
     }
 
+    /**
+     * Check if multiple packages exist in the registry
+     *
+     * @param string[] $names Package names to check
+     * @return array<string, bool> Associative array of package name => exists
+     */
+    public function packagesExist(array $names): array
+    {
+        if (0 === count($names)) {
+            return [];
+        }
+
+        $names = array_map('strtolower', $names);
+        /** @phpstan-ignore-next-line method.notFound */
+        $results = $this->redis->packagesExist(...$names);
+
+        $exists = [];
+        foreach ($results as $i => $result) {
+            $exists[$names[$i]] = (bool) $result;
+        }
+
+        return $exists;
+    }
+
     public function packageIsProvided(string $name): bool
     {
         if (false === $this->initializedProviders) {

src/Model/VersionIdCache.php

@@ -33,7 +33,7 @@ public function augmentDownloadPayloadWithIds(array $payload): array
             $args[] = 'ids:'.strtolower($package['name']);
             $args[] = strtolower($package['version']);
         }
-        /** @phpstan-ignore-next-line */
+        /** @phpstan-ignore-next-line method.notFound */
         $results = $this->redis->fetchVersionIds(...$args);
 
         foreach ($results as $key => $result) {

src/Redis/PackagesExist.php

@@ -0,0 +1,29 @@
+<?php declare(strict_types=1);
+
+/*
+ * This file is part of Packagist.
+ *
+ * (c) Jordi Boggiano <[email protected]>
+ *     Nils Adermann <[email protected]>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace App\Redis;
+
+class PackagesExist extends \Predis\Command\ScriptCommand
+{
+    public function getScript(): string
+    {
+        return <<<LUA
+local results = {};
+for i, packageName in ipairs(ARGV) do
+    local exists = redis.call("SISMEMBER", "set:packages", packageName);
+    table.insert(results, exists);
+end
+
+return results;
+LUA;
+    }
+}

src/Security/RecaptchaHelper.php

@@ -70,7 +70,7 @@ public function increaseCounter(RecaptchaContext $context): void
             return;
         }
 
-        /** @phpstan-ignore-next-line */
+        /** @phpstan-ignore-next-line method.notFound */
         $this->redisCache->incrFailedLoginCounter(...$context->getRedisKeys());
     }