Advice: how to authenticate high-frequency endpoints?
I have an api endpoint which is being hit very frequently (/api/thumbnail/:provider/:id). That endpoint needs to fetch the
account associated with that provider (e.g. getting/refreshing the access token) and then makes an api request to the provider (e.g. google drive) with the bearer token, etc.
Alas, this is overwhelming supabase and I'm getting 504 errors 😦
What should I do? I'd like not to re-invent the wheel so perhaps someone can give me some advice?
Some things I'm thinking about:
1. turn on cookieCache (duh!) - but that only caches the session not the accounts - so only a 50% solution
2. store more of the account data in the session cookie (how do I do that?)
3. use a redis cache for the account data instead of getting it from supabase
4. use redis for the better-auth database (I think I'd need to write my own adaptor)?
5. do a ton of nasty work on the client to pool <img> src requests with a batch thumbnail api
Advice appreciated!2 Replies
504 means timeout so it's more a problem of the where the api route is hosted and probably not a database error
vercel have timeout of 10 seconds for route
where do you host the server?, redis is not possible to use as database for auth
it's a sveltekit server hosted at vercel (serverless). The database is at supabase using pg w/ connection pooling (IPv4). The auth endpoints just fwd to the handler. The auth hook just sets events.locals based on getSession() - so pretty vanilla. Presumably the hang is in auth-hook - I'll instrument that further. Any other suggestions/ideas appreciated!
ps: I'm not using better-auth/svelte-kit, just calling the handler directly from the /api/auth endpoints (GET, PUT, ...) but again, I suspect the timeouts/504 are coming from the auth hook, not the auth endpoints...