These are chat archives for Automattic/mongoose

12th
May 2016
Attila Egyed
@tsm91
May 12 2016 13:24
hey guys
Attila Egyed
@tsm91
May 12 2016 13:37

lets say when a user signs up and you save it to db and also to redis, you do something like client.hmsetAsync(users:${user.email}, user.toJSON());

so from now on i can only use the cached user object in redis to read data fast, but what about write?

because of .toJSON i lost all but the user object, in a nosql solution it is common that the user object gets written often

basically each time i write i need to query the db to have mongoose methods on user's prototype

i am very new to the 'caching' story and redis alltogether, so this is partly a theorical question too

maybe it is normal to do it this way and to query the db for user on writes and it only need to be fast on reads

Pier-Luc Gagnon
@Nepoxx
May 12 2016 13:43
Depends if you want read-through or read-aside
Attila Egyed
@tsm91
May 12 2016 13:43
mainly i want to speed up the authentication process, that i why i save users to redis
Pier-Luc Gagnon
@Nepoxx
May 12 2016 13:44
(look them up)
Mongo already caches stuff, btw
Attila Egyed
@tsm91
May 12 2016 13:44
because of this jwt thing you will need to authenticate on each request
Pier-Luc Gagnon
@Nepoxx
May 12 2016 13:44
Right, that's currently what I'm working on (express, redis, jwt, mongoose, etc.)
Attila Egyed
@tsm91
May 12 2016 13:45
ohh
Pier-Luc Gagnon
@Nepoxx
May 12 2016 13:45
I don't cache my users in Redis, I let mongo handle that caching.
You have to validate the JWT on each and every request, that's going to take some of your time anyways
Attila Egyed
@tsm91
May 12 2016 13:45
hmm i will definitely read up on that
i only save a unique field (email) in it, i dont think so decoding that jwt token would take a lot of time (but after each time query mogno to check if a user with that email exists)
anyway i read up on mongo cache solutions
Pier-Luc Gagnon
@Nepoxx
May 12 2016 13:47
The JWT content doesn'T matter much, validating the signature is what takes 99% of the time
Attila Egyed
@tsm91
May 12 2016 13:47
ahh i see
Pier-Luc Gagnon
@Nepoxx
May 12 2016 13:48
Also look into using ECDSA for your JWTs, it reduces the signature size dramatically
Attila Egyed
@tsm91
May 12 2016 13:49
hmm interesting, took a note about this
thanks a lot
Pier-Luc Gagnon
@Nepoxx
May 12 2016 13:50
a 256bit ECDSA key is as secure as a 3248 bit RSA key (it takes slightly longer to verify, though)
pixelul
@pixelul
May 12 2016 13:52
This message was deleted
This message was deleted
Attila Egyed
@tsm91
May 12 2016 13:52

btw how could they ever crack even a non secure key? and in my case they would gain an expire time and an email address

otherwise this key is like a session id, you have it you got acces to that user's acc... that is what bothers me the most

@pixelul i think that belongs to ng/ng2 room, anyways check out http://blog.mgechev.com/2016/01/23/angular2-viewchildren-contentchildren-difference-viewproviders/ :D
pixelul
@pixelul
May 12 2016 13:54
oh sorry... missed the window
but thanks for the answer... looking into :D
oodboo
@oodboo
May 12 2016 20:00
This message was deleted