feat: implement cache layer, CSP improvements, and database performance optimizations

- Add Redis cache implementation with LRU eviction - Enhance Content Security Policy with nonce generation - Optimize database queries with connection pooling - Add cache invalidation API endpoints - Improve security monitoring performance
2026-01-16 18:12:08 +01:00 · 2025-07-12 04:44:50 +02:00
parent 7a3eabccd9
commit e1abedb148
56 changed files with 6881 additions and 7040 deletions
--- a/lib/auth.ts
+++ b/lib/auth.ts
@ -1,6 +1,7 @@
 import bcrypt from "bcryptjs";
 import type { NextAuthOptions } from "next-auth";
 import CredentialsProvider from "next-auth/providers/credentials";
+import { Cache } from "./cache";
 import { prisma } from "./prisma";
 import {
  AuditOutcome,
@ -76,10 +77,43 @@ export const authOptions: NextAuthOptions = {
          return null;
        }

-        const user = await prisma.user.findUnique({
-          where: { email: credentials.email },
-          include: { company: true },
-        });
+        // Try to get user from cache first
+        const cachedUser = await Cache.getUserByEmail(credentials.email);
+        let fullUser: any = null;
+
+        if (cachedUser) {
+          // Get full user data from database if cached user found
+          fullUser = await prisma.user.findUnique({
+            where: { id: cachedUser.id },
+            include: { company: true },
+          });
+        } else {
+          // Cache miss - get from database and cache for next time
+          fullUser = await prisma.user.findUnique({
+            where: { email: credentials.email },
+            include: { company: true },
+          });
+
+          if (fullUser) {
+            // Cache the user data
+            await Cache.setUserByEmail(credentials.email, {
+              id: fullUser.id,
+              email: fullUser.email,
+              name: fullUser.name || undefined,
+              role: fullUser.role,
+              companyId: fullUser.companyId,
+            });
+            await Cache.setUser(fullUser.id, {
+              id: fullUser.id,
+              email: fullUser.email,
+              name: fullUser.name || undefined,
+              role: fullUser.role,
+              companyId: fullUser.companyId,
+            });
+          }
+        }
+
+        const user = fullUser;

        if (!user || !user.password) {
          await enhancedSecurityLog(
@ -199,7 +233,7 @@ export const authOptions: NextAuthOptions = {
      name: "app-auth.session-token",
      options: {
        httpOnly: true,
-        sameSite: "lax",
+        sameSite: process.env.NODE_ENV === "production" ? "strict" : "lax",
        path: "/",
        secure: process.env.NODE_ENV === "production",
      },