Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Tracker API speed: avoid DB query when recording historical data or other authenticated tracking requests #15986

Merged
merged 2 commits into from May 26, 2020
Merged

Tracker API speed: avoid DB query when recording historical data or other authenticated tracking requests #15986

merged 2 commits into from May 26, 2020

Conversation

tsteur
Copy link
Member

@tsteur tsteur commented May 26, 2020

Was just looking into matomo-org/matomo-for-wordpress#288 and then noticed we always first issue a query against the user table before actually checking the cached data.

Should a token be used with admin or write permission, then we actually save the user query.

It shouldn't cause any security issue cause if the token is not a valid admin or write permission token, then below code would be still executed and eg the brute force check should be executed just like before.

@tsteur
Avoid DB query when recording historical data
b94f04a 
Was just looking into matomo-org/matomo-for-wordpress#288 and then noticed we always first issue a query against the user table before actually checking the cached data.

Should a token be used with admin or write permission, then we actually save the user query.

It shouldn't cause any security issue cause if the token is not a valid `admin` or `write` permission token, then below code would be still executed and eg the brute force check should be executed just like before.
@tsteur tsteur added c: Performance For when we could improve the performance / speed of Matomo. Needs Review PRs that need a code review labels May 26, 2020
@tsteur tsteur added this to the 4.0.0 milestone May 26, 2020
sgiehl
sgiehl requested changes May 26, 2020
View reviewed changes
Copy link
Member

@sgiehl sgiehl left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looking at the code, the changes seems fine, but actually most tracking tests started to fail with this change...

core/Tracker/Request.php Outdated Show resolved Hide resolved
@tsteur tsteur changed the title Avoid DB query when recording historical data Avoid DB query when recording historical data or other authenticated tracking requests May 26, 2020
@tsteur
Copy link
Member Author

tsteur commented May 26, 2020

Thanks @sgiehl the change fixed the tests

@tsteur tsteur merged commit 1f71d04 into 4.x-dev May 26, 2020
@mattab mattab deleted the trackerperformanceauth branch September 28, 2020 22:42
@mattab mattab changed the title Avoid DB query when recording historical data or other authenticated tracking requests Tracker API speed: avoid DB query when recording historical data or other authenticated tracking requests Sep 28, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sgiehl sgiehl sgiehl requested changes

Assignees
No one assigned
Labels
c: Performance For when we could improve the performance / speed of Matomo. Needs Review PRs that need a code review
Projects
None yet
Milestone
4.0.0
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@tsteur @sgiehl