perf(server): bulk DB loops + React.cache repeated queries (#91)

f-amine · web-flow · commit fae5f2272fae · 2026-05-15T16:23:20.000+01:00
Closes #88. - affiliate.topReferrers: replace per-row SELECT with single inArray + Map lookup; also drops the buggy stub 'satisfy and() arity' query that was always one-row and discarded - gdpr.purgeExpiredDeletions: parallelize the markPurgedAt + audit insert per row, and reorder so we mark+audit BEFORE the user delete (previously the cascade wiped accountDeletion before the update, making the purgedAt write a silent no-op) - referral.recordAcceptance: Promise.all the update + audit per row, iterations themselves via Promise.allSettled - webhooks.processPendingDeliveries: parallelize the two status updates per delivery (delivery row + subscription row) - onboarding.hasCompletedOnboarding: wrap in React.cache so the layout + page no longer double-query per request
diff --git a/apps/web/src/lib/onboarding.ts b/apps/web/src/lib/onboarding.ts
@@ -2,22 +2,27 @@ import "server-only";
 import { db } from "@starter-saas/db";
 import { auditLog } from "@starter-saas/db/schema/audit";
 import { and, eq } from "drizzle-orm";
+import { cache } from "react";
 
 export const ONBOARDING_DONE_ACTION = "onboarding.completed";
 
-export async function hasCompletedOnboarding(userId: string): Promise<boolean> {
-	if (!userId) {
-		return true;
-	}
-	const rows = await db
-		.select({ id: auditLog.id })
-		.from(auditLog)
-		.where(
-			and(
-				eq(auditLog.action, ONBOARDING_DONE_ACTION),
-				eq(auditLog.actorUserId, userId),
-			),
-		)
-		.limit(1);
-	return rows.length > 0;
-}
+// Wrapped in React.cache so the dashboard layout + onboarding page (or
+// any other RSC that asks per-request) share a single DB round-trip.
+export const hasCompletedOnboarding = cache(
+	async (userId: string): Promise<boolean> => {
+		if (!userId) {
+			return true;
+		}
+		const rows = await db
+			.select({ id: auditLog.id })
+			.from(auditLog)
+			.where(
+				and(
+					eq(auditLog.action, ONBOARDING_DONE_ACTION),
+					eq(auditLog.actorUserId, userId),
+				),
+			)
+			.limit(1);
+		return rows.length > 0;
+	},
+);
diff --git a/packages/api/src/affiliate.ts b/packages/api/src/affiliate.ts
@@ -13,7 +13,7 @@ import {
 } from "@starter-saas/db/schema/affiliate";
 import { auditLog } from "@starter-saas/db/schema/audit";
 import { env } from "@starter-saas/env/server";
-import { and, count, desc, eq } from "drizzle-orm";
+import { and, count, desc, eq, inArray } from "drizzle-orm";
 
 export const AFFILIATE_COOKIE_NAME = "aff_ref";
 export const DEFAULT_PAYOUT_MIN_CENTS = 2500;
@@ -253,38 +253,26 @@ export async function topReferrers(limit = 100) {
 	if (rows.length === 0) {
 		return [];
 	}
+	const ids = rows.map((r) => r.affiliateId);
 	const affRows = await db
-		.select()
+		.select({
+			id: affiliate.id,
+			userId: affiliate.userId,
+			code: affiliate.code,
+		})
 		.from(affiliate)
-		.where(
-			and(
-				...rows
-					.slice(0, 1) // satisfy and() arity
-					.map((r) => eq(affiliate.id, r.affiliateId)),
-			),
-		);
-	// One-by-one lookup avoids `inArray` collisions with `text` arrays.
-	const enriched: Array<{
-		affiliateId: string;
-		userId: string;
-		code: string;
-		signups: number;
-	}> = [];
-	for (const row of rows) {
-		const [aff] = await db
-			.select()
-			.from(affiliate)
-			.where(eq(affiliate.id, row.affiliateId))
-			.limit(1);
-		if (aff) {
-			enriched.push({
+		.where(inArray(affiliate.id, ids));
+	const byId = new Map(affRows.map((a) => [a.id, a]));
+	return rows.flatMap((row) => {
+		const aff = byId.get(row.affiliateId);
+		if (!aff) return [];
+		return [
+			{
 				affiliateId: aff.id,
 				userId: aff.userId,
 				code: aff.code,
 				signups: Number(row.signups),
-			});
-		}
-	}
-	void affRows;
-	return enriched;
+			},
+		];
+	});
 }
diff --git a/packages/api/src/gdpr.ts b/packages/api/src/gdpr.ts
@@ -154,28 +154,33 @@ export async function purgeExpiredDeletions(): Promise<{ purged: number }> {
 		.select()
 		.from(accountDeletion)
 		.where(lt(accountDeletion.scheduledAt, now));
-	let purged = 0;
-	for (const row of rows) {
-		if (row.canceledAt || row.purgedAt) {
-			continue;
-		}
-		await db.delete(userTable).where(eq(userTable.id, row.userId));
-		await db
-			.update(accountDeletion)
-			.set({ purgedAt: new Date() })
-			.where(eq(accountDeletion.id, row.id));
-		await db
-			.insert(auditLog)
-			.values({
-				id: randomUUID(),
-				actorUserId: null,
-				action: "gdpr.deletion.purged",
-				targetType: "user",
-				targetId: row.userId,
-				metadata: { scheduledAt: row.scheduledAt.toISOString() },
-			})
-			.onConflictDoNothing();
-		purged++;
-	}
-	return { purged };
+	const due = rows.filter((row) => !row.canceledAt && !row.purgedAt);
+	const purgedAt = new Date();
+	const results = await Promise.allSettled(
+		due.map(async (row) => {
+			// Mark + audit before delete so the audit row references the user
+			// id while the user still exists; the FK cascade on accountDeletion
+			// also wipes our marked row after the user delete commits, which is
+			// fine — pendingDeletion checks for the row's absence too.
+			await Promise.all([
+				db
+					.update(accountDeletion)
+					.set({ purgedAt })
+					.where(eq(accountDeletion.id, row.id)),
+				db
+					.insert(auditLog)
+					.values({
+						id: randomUUID(),
+						actorUserId: null,
+						action: "gdpr.deletion.purged",
+						targetType: "user",
+						targetId: row.userId,
+						metadata: { scheduledAt: row.scheduledAt.toISOString() },
+					})
+					.onConflictDoNothing(),
+			]);
+			await db.delete(userTable).where(eq(userTable.id, row.userId));
+		}),
+	);
+	return { purged: results.filter((r) => r.status === "fulfilled").length };
 }
diff --git a/packages/api/src/referral.ts b/packages/api/src/referral.ts
@@ -79,33 +79,36 @@ export async function recordAcceptance(input: {
 				eq(referral.status, "pending"),
 			),
 		);
-	let matched = 0;
-	for (const row of rows) {
-		await db
-			.update(referral)
-			.set({
-				status: "accepted",
-				referredUserId: input.newUserId,
-				acceptedAt: new Date(),
-			})
-			.where(eq(referral.id, row.id));
-		await db
-			.insert(auditLog)
-			.values({
-				id: randomUUID(),
-				actorUserId: input.newUserId,
-				action: "referral.accepted",
-				targetType: "referral",
-				targetId: row.id,
-				metadata: {
-					referrerUserId: row.referrerUserId,
-					rewardCents: row.rewardCents,
-				},
-			})
-			.onConflictDoNothing();
-		matched++;
-	}
-	return { matched };
+	const acceptedAt = new Date();
+	const results = await Promise.allSettled(
+		rows.map((row) =>
+			Promise.all([
+				db
+					.update(referral)
+					.set({
+						status: "accepted",
+						referredUserId: input.newUserId,
+						acceptedAt,
+					})
+					.where(eq(referral.id, row.id)),
+				db
+					.insert(auditLog)
+					.values({
+						id: randomUUID(),
+						actorUserId: input.newUserId,
+						action: "referral.accepted",
+						targetType: "referral",
+						targetId: row.id,
+						metadata: {
+							referrerUserId: row.referrerUserId,
+							rewardCents: row.rewardCents,
+						},
+					})
+					.onConflictDoNothing(),
+			]),
+		),
+	);
+	return { matched: results.filter((r) => r.status === "fulfilled").length };
 }
 
 export async function pendingReward(userId: string): Promise<number> {
diff --git a/packages/api/src/webhooks.ts b/packages/api/src/webhooks.ts
@@ -186,40 +186,46 @@ export async function processPendingDeliveries(limit = 50): Promise<{
 
 		if (succeeded) {
 			delivered++;
-			await db
-				.update(webhookDelivery)
-				.set({
-					status: "delivered",
-					attempts,
-					responseCode: status,
-					responseBody: bodyText,
-					deliveredAt: new Date(),
-				})
-				.where(eq(webhookDelivery.id, row.id));
-			await db
-				.update(userWebhook)
-				.set({ lastDeliveryAt: new Date(), failureCount: 0 })
-				.where(eq(userWebhook.id, sub.id));
+			const deliveredAt = new Date();
+			// Both updates touch different rows; parallelize.
+			await Promise.all([
+				db
+					.update(webhookDelivery)
+					.set({
+						status: "delivered",
+						attempts,
+						responseCode: status,
+						responseBody: bodyText,
+						deliveredAt,
+					})
+					.where(eq(webhookDelivery.id, row.id)),
+				db
+					.update(userWebhook)
+					.set({ lastDeliveryAt: deliveredAt, failureCount: 0 })
+					.where(eq(userWebhook.id, sub.id)),
+			]);
 			continue;
 		}
 
 		failed++;
 		const giveUp = attempts >= MAX_ATTEMPTS;
 		const next = giveUp ? null : new Date(Date.now() + backoffMs(attempts));
-		await db
-			.update(webhookDelivery)
-			.set({
-				status: giveUp ? "failed" : "retry",
-				attempts,
-				responseCode: status || null,
-				responseBody: bodyText ?? null,
-				nextRetryAt: next,
-			})
-			.where(eq(webhookDelivery.id, row.id));
-		await db
-			.update(userWebhook)
-			.set({ failureCount: sub.failureCount + 1 })
-			.where(eq(userWebhook.id, sub.id));
+		await Promise.all([
+			db
+				.update(webhookDelivery)
+				.set({
+					status: giveUp ? "failed" : "retry",
+					attempts,
+					responseCode: status || null,
+					responseBody: bodyText ?? null,
+					nextRetryAt: next,
+				})
+				.where(eq(webhookDelivery.id, row.id)),
+			db
+				.update(userWebhook)
+				.set({ failureCount: sub.failureCount + 1 })
+				.where(eq(userWebhook.id, sub.id)),
+		]);
 	}
 
 	return { processed: pending.length, delivered, failed };
