Home Dashboard GitHub

Auth middleware: fold tenant status into Redis key cache + hoist dynamic import

2026-05-07

apiauthredis

What We Built

Every authenticated request fired an unconditional second DB query (lookupTenantStatus) even when the API key was found in Redis cache. Fix: extend lookupKeyInDb to JOIN on tenants, fold tenantStatus into ResolvedApiKey and the cached blob, skip the second query on Redis hit. Also hoisted dynamic import out of the per-request hot path.

Why It Matters

The other half of PR #198's pool exhaustion. Auth was holding ~2 connections per request (cache miss + always-tenant-status). Cache-hit requests now hold ZERO connections.

How It Works

Test spies the DB store's lookupTenantStatus call count. First request hits DB; second request with same key asserts tenantStatus queries === 0. Regression confirmed pre-fix value of 1.

Lockstep Checklist

  • [x] No API route changes (middleware/internal — lockstep N/A)
  • [x] No SDK changes
  • [x] No MCP tool changes
  • [x] Regression test included (test-first invariant per /quality-fleet protocol)
  • [x] Linked to /quality-fleet R1 dashboard at .quality/dashboard.md

Provenance

Auto-found by /quality-fleet R1 (2026-05-07) scanner round, fixed in fix-agent batch under "go for all of it" autonomy grant. PR #204 merged to main as commit d769077b8. Finding(s) tracked at .quality/findings.jsonl (entries: "a8f3c2d91b4e", "c7e2b9f4a816"). Production-deployed via ECS task-def revision 732 series.