Skip to content

fix: scope cache keys to a workspace to prevent leaking of data#3633

Merged
Flo4604 merged 1 commit intomainfrom
07-18-fix_scope_cache_keys_to_a_workspace_to_prevent_leaking_of_data
Jul 21, 2025
Merged

fix: scope cache keys to a workspace to prevent leaking of data#3633
Flo4604 merged 1 commit intomainfrom
07-18-fix_scope_cache_keys_to_a_workspace_to_prevent_leaking_of_data

Conversation

@chronark
Copy link
Collaborator

@chronark chronark commented Jul 18, 2025
edited by coderabbitai bot
Loading

What does this PR do?

Refactors the ratelimit namespace cache to use a more robust scoped key approach. This change replaces the previous RatelimitNamespaceByNameCache with a new RatelimitNamespaceCache that uses a ScopedKey type to properly isolate cached data between workspaces.

The new implementation:

  • Introduces a ScopedKey type that combines workspace ID with resource keys
  • Updates all ratelimit handlers to use the new cache interface
  • Improves cache invalidation by supporting removal of multiple keys at once
  • Ensures proper workspace isolation for cached ratelimit namespace data

Fixes # (issue)

Type of change

  • Chore (refactoring code, technical debt, workflow improvements)
  • Enhancement (small improvements)

How should this be tested?

  • Test all ratelimit API endpoints to ensure they work correctly with the new cache implementation
  • Verify that cache isolation works properly between workspaces
  • Check that cache invalidation works when setting or deleting overrides

Checklist

Required

  • Filled out the "How to test" section in this PR
  • Read Contributing Guide
  • Self-reviewed my own code
  • Commented on my code in hard-to-understand areas
  • Ran pnpm build
  • Ran pnpm fmt
  • Checked for warnings, there are none
  • Removed all console.logs
  • Merged the latest changes from main onto my branch with git pull origin main
  • My changes don't cause any responsiveness issues

Summary by CodeRabbit

  • New Features

    • Added a new cache key type to improve workspace-level isolation for cached resources.

  • Refactor

    • Updated cache keying for rate limit namespace operations to use workspace-scoped keys instead of simple strings.
    • Improved cache invalidation logic to support removal of multiple entries at once.
    • Renamed and updated cache-related fields and methods to reflect new keying strategy.

  • Tests

    • Updated test setups to use the new cache field names and keying approach.

@vercel
Copy link

vercel bot commented Jul 18, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
dashboard ✅ Ready (Inspect) Visit Preview 💬 Add feedback Jul 18, 2025 6:11pm
engineering ✅ Ready (Inspect) Visit Preview 💬 Add feedback Jul 18, 2025 6:11pm

@coderabbitai
Copy link
Contributor

coderabbitai bot commented Jul 18, 2025
edited
Loading

📝 Walkthrough

Walkthrough

The changes update the ratelimit namespace cache system to use a new ScopedKey struct, enabling cache entries to be scoped by workspace and resource identifier (name or ID). Cache field names and types are updated throughout handlers, tests, and the cache infrastructure. The cache removal API now supports removing multiple keys at once.

Changes

Files / Areas Change Summary
go/apps/api/routes/register.go, .../handler.go, test files for ratelimit routes Renamed cache field from RatelimitNamespaceByNameCache (keyed by string) to RatelimitNamespaceCache (keyed by ScopedKey).
go/internal/services/caches/caches.go Renamed and retyped cache field in Caches struct; updated initialization to use ScopedKey.
go/pkg/cache/interface.go, go/pkg/cache/cache.go, go/pkg/cache/noop.go, .../tracing.go Changed Remove method to accept variadic keys for bulk removal; updated interface and all implementations.
go/pkg/cache/scoped_key.go Added new ScopedKey struct for workspace-scoped cache keys, with documentation and usage rationale.

Sequence Diagram(s)

sequenceDiagram
    participant Handler
    participant Cache
    participant DB

    Handler->>Cache: Get(ScopedKey{WorkspaceID, Key})
    alt Cache miss
        Cache->>DB: Query FindRatelimitNamespace by WorkspaceID and Key
        DB-->>Cache: Return namespace data
        Cache-->>Handler: Return namespace data
    else Cache hit
        Cache-->>Handler: Return cached namespace data
    end

    Handler->>Cache: Remove(ctx, ScopedKey{WorkspaceID, NamespaceID}, ScopedKey{WorkspaceID, NamespaceName})
Loading

Suggested reviewers

  • perkinsjr
  • mcstepp
  • MichaelUnkey
  • ogzhanolguncu
📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: ASSERTIVE
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between bd4f010 and 006329c.

📒 Files selected for processing (32)
  • go/apps/api/routes/register.go (1 hunks)
  • go/apps/api/routes/v2_ratelimit_delete_override/200_test.go (1 hunks)
  • go/apps/api/routes/v2_ratelimit_delete_override/400_test.go (1 hunks)
  • go/apps/api/routes/v2_ratelimit_delete_override/401_test.go (1 hunks)
  • go/apps/api/routes/v2_ratelimit_delete_override/403_test.go (1 hunks)
  • go/apps/api/routes/v2_ratelimit_delete_override/404_test.go (1 hunks)
  • go/apps/api/routes/v2_ratelimit_delete_override/handler.go (2 hunks)
  • go/apps/api/routes/v2_ratelimit_get_override/200_test.go (1 hunks)
  • go/apps/api/routes/v2_ratelimit_get_override/400_test.go (1 hunks)
  • go/apps/api/routes/v2_ratelimit_get_override/401_test.go (1 hunks)
  • go/apps/api/routes/v2_ratelimit_get_override/403_test.go (1 hunks)
  • go/apps/api/routes/v2_ratelimit_get_override/404_test.go (1 hunks)
  • go/apps/api/routes/v2_ratelimit_get_override/handler.go (1 hunks)
  • go/apps/api/routes/v2_ratelimit_limit/200_test.go (1 hunks)
  • go/apps/api/routes/v2_ratelimit_limit/400_test.go (1 hunks)
  • go/apps/api/routes/v2_ratelimit_limit/401_test.go (1 hunks)
  • go/apps/api/routes/v2_ratelimit_limit/403_test.go (1 hunks)
  • go/apps/api/routes/v2_ratelimit_limit/404_test.go (1 hunks)
  • go/apps/api/routes/v2_ratelimit_limit/accuracy_test.go (1 hunks)
  • go/apps/api/routes/v2_ratelimit_limit/handler.go (2 hunks)
  • go/apps/api/routes/v2_ratelimit_set_override/200_test.go (1 hunks)
  • go/apps/api/routes/v2_ratelimit_set_override/400_test.go (1 hunks)
  • go/apps/api/routes/v2_ratelimit_set_override/401_test.go (1 hunks)
  • go/apps/api/routes/v2_ratelimit_set_override/403_test.go (1 hunks)
  • go/apps/api/routes/v2_ratelimit_set_override/404_test.go (1 hunks)
  • go/apps/api/routes/v2_ratelimit_set_override/handler.go (2 hunks)
  • go/internal/services/caches/caches.go (3 hunks)
  • go/pkg/cache/cache.go (1 hunks)
  • go/pkg/cache/interface.go (1 hunks)
  • go/pkg/cache/middleware/tracing.go (1 hunks)
  • go/pkg/cache/noop.go (1 hunks)
  • go/pkg/cache/scoped_key.go (1 hunks)
🧰 Additional context used
🧠 Learnings (27)
📓 Common learnings 
Learnt from: ogzhanolguncu
PR: unkeyed/unkey#2872
File: apps/dashboard/lib/trpc/routers/ratelimit/createNamespace.ts:36-39
Timestamp: 2025-04-08T09:34:24.576Z
Learning: When querying or updating namespaces in the Unkey dashboard, always scope the operations to the current workspace using `eq(table.workspaceId, ctx.workspace.id)` to prevent cross-workspace access.

Learnt from: ogzhanolguncu
PR: unkeyed/unkey#2872
File: apps/dashboard/lib/trpc/routers/ratelimit/createNamespace.ts:36-39
Timestamp: 2025-04-08T09:34:24.576Z
Learning: In the Unkey dashboard, when making database queries involving workspaces, use `ctx.workspace.id` directly instead of fetching the workspace separately for better performance and security.
go/apps/api/routes/v2_ratelimit_delete_override/400_test.go (1) 
Learnt from: chronark
PR: unkeyed/unkey#2126
File: apps/api/src/routes/v1_ratelimit_getOverride.happy.test.ts:36-36
Timestamp: 2024-11-13T19:06:36.786Z
Learning: In the rate limit test files (e.g., `apps/api/src/routes/v1_ratelimit_getOverride.happy.test.ts`), URL parameters like `namespaceId` and `identifier` do not need to be URL-encoded in the test code because the values used are always considered safe within the test environment.
go/apps/api/routes/v2_ratelimit_limit/200_test.go (2) 
Learnt from: chronark
PR: unkeyed/unkey#2126
File: apps/api/src/routes/v1_ratelimit_getOverride.happy.test.ts:36-36
Timestamp: 2024-11-13T19:06:36.786Z
Learning: In the rate limit test files (e.g., `apps/api/src/routes/v1_ratelimit_getOverride.happy.test.ts`), URL parameters like `namespaceId` and `identifier` do not need to be URL-encoded in the test code because the values used are always considered safe within the test environment.

Learnt from: chronark
PR: unkeyed/unkey#2544
File: apps/api/src/pkg/env.ts:4-6
Timestamp: 2024-10-23T12:05:31.121Z
Learning: The `cloudflareRatelimiter` type definition in `apps/api/src/pkg/env.ts` should not have its interface changed; it should keep the `limit` method returning `Promise<{ success: boolean }>` without additional error properties.
go/apps/api/routes/v2_ratelimit_limit/accuracy_test.go (2) 
Learnt from: chronark
PR: unkeyed/unkey#2126
File: apps/api/src/routes/v1_ratelimit_getOverride.happy.test.ts:36-36
Timestamp: 2024-11-13T19:06:36.786Z
Learning: In the rate limit test files (e.g., `apps/api/src/routes/v1_ratelimit_getOverride.happy.test.ts`), URL parameters like `namespaceId` and `identifier` do not need to be URL-encoded in the test code because the values used are always considered safe within the test environment.

Learnt from: chronark
PR: unkeyed/unkey#2544
File: apps/api/src/pkg/env.ts:4-6
Timestamp: 2024-10-23T12:05:31.121Z
Learning: The `cloudflareRatelimiter` type definition in `apps/api/src/pkg/env.ts` should not have its interface changed; it should keep the `limit` method returning `Promise<{ success: boolean }>` without additional error properties.
go/apps/api/routes/v2_ratelimit_limit/404_test.go (1) 
Learnt from: chronark
PR: unkeyed/unkey#2126
File: apps/api/src/routes/v1_ratelimit_getOverride.happy.test.ts:36-36
Timestamp: 2024-11-13T19:06:36.786Z
Learning: In the rate limit test files (e.g., `apps/api/src/routes/v1_ratelimit_getOverride.happy.test.ts`), URL parameters like `namespaceId` and `identifier` do not need to be URL-encoded in the test code because the values used are always considered safe within the test environment.
go/apps/api/routes/v2_ratelimit_get_override/200_test.go (1) 
Learnt from: chronark
PR: unkeyed/unkey#2126
File: apps/api/src/routes/v1_ratelimit_getOverride.happy.test.ts:36-36
Timestamp: 2024-11-13T19:06:36.786Z
Learning: In the rate limit test files (e.g., `apps/api/src/routes/v1_ratelimit_getOverride.happy.test.ts`), URL parameters like `namespaceId` and `identifier` do not need to be URL-encoded in the test code because the values used are always considered safe within the test environment.
go/apps/api/routes/v2_ratelimit_limit/403_test.go (1) 
Learnt from: chronark
PR: unkeyed/unkey#2126
File: apps/api/src/routes/v1_ratelimit_getOverride.happy.test.ts:36-36
Timestamp: 2024-11-13T19:06:36.786Z
Learning: In the rate limit test files (e.g., `apps/api/src/routes/v1_ratelimit_getOverride.happy.test.ts`), URL parameters like `namespaceId` and `identifier` do not need to be URL-encoded in the test code because the values used are always considered safe within the test environment.
go/apps/api/routes/v2_ratelimit_get_override/404_test.go (1) 
Learnt from: chronark
PR: unkeyed/unkey#2126
File: apps/api/src/routes/v1_ratelimit_getOverride.happy.test.ts:36-36
Timestamp: 2024-11-13T19:06:36.786Z
Learning: In the rate limit test files (e.g., `apps/api/src/routes/v1_ratelimit_getOverride.happy.test.ts`), URL parameters like `namespaceId` and `identifier` do not need to be URL-encoded in the test code because the values used are always considered safe within the test environment.
go/apps/api/routes/v2_ratelimit_get_override/403_test.go (1) 
Learnt from: chronark
PR: unkeyed/unkey#2126
File: apps/api/src/routes/v1_ratelimit_getOverride.happy.test.ts:36-36
Timestamp: 2024-11-13T19:06:36.786Z
Learning: In the rate limit test files (e.g., `apps/api/src/routes/v1_ratelimit_getOverride.happy.test.ts`), URL parameters like `namespaceId` and `identifier` do not need to be URL-encoded in the test code because the values used are always considered safe within the test environment.
go/apps/api/routes/v2_ratelimit_set_override/401_test.go (1) 
Learnt from: chronark
PR: unkeyed/unkey#2126
File: apps/api/src/routes/v1_ratelimit_getOverride.happy.test.ts:36-36
Timestamp: 2024-11-13T19:06:36.786Z
Learning: In the rate limit test files (e.g., `apps/api/src/routes/v1_ratelimit_getOverride.happy.test.ts`), URL parameters like `namespaceId` and `identifier` do not need to be URL-encoded in the test code because the values used are always considered safe within the test environment.
go/apps/api/routes/v2_ratelimit_set_override/400_test.go (1) 
Learnt from: chronark
PR: unkeyed/unkey#2126
File: apps/api/src/routes/v1_ratelimit_getOverride.happy.test.ts:36-36
Timestamp: 2024-11-13T19:06:36.786Z
Learning: In the rate limit test files (e.g., `apps/api/src/routes/v1_ratelimit_getOverride.happy.test.ts`), URL parameters like `namespaceId` and `identifier` do not need to be URL-encoded in the test code because the values used are always considered safe within the test environment.
go/apps/api/routes/v2_ratelimit_delete_override/403_test.go (1) 
Learnt from: chronark
PR: unkeyed/unkey#2126
File: apps/api/src/routes/v1_ratelimit_getOverride.happy.test.ts:36-36
Timestamp: 2024-11-13T19:06:36.786Z
Learning: In the rate limit test files (e.g., `apps/api/src/routes/v1_ratelimit_getOverride.happy.test.ts`), URL parameters like `namespaceId` and `identifier` do not need to be URL-encoded in the test code because the values used are always considered safe within the test environment.
go/apps/api/routes/v2_ratelimit_delete_override/200_test.go (1) 
Learnt from: chronark
PR: unkeyed/unkey#2126
File: apps/api/src/routes/v1_ratelimit_getOverride.happy.test.ts:36-36
Timestamp: 2024-11-13T19:06:36.786Z
Learning: In the rate limit test files (e.g., `apps/api/src/routes/v1_ratelimit_getOverride.happy.test.ts`), URL parameters like `namespaceId` and `identifier` do not need to be URL-encoded in the test code because the values used are always considered safe within the test environment.
go/apps/api/routes/v2_ratelimit_get_override/401_test.go (1) 
Learnt from: chronark
PR: unkeyed/unkey#2126
File: apps/api/src/routes/v1_ratelimit_getOverride.happy.test.ts:36-36
Timestamp: 2024-11-13T19:06:36.786Z
Learning: In the rate limit test files (e.g., `apps/api/src/routes/v1_ratelimit_getOverride.happy.test.ts`), URL parameters like `namespaceId` and `identifier` do not need to be URL-encoded in the test code because the values used are always considered safe within the test environment.
go/apps/api/routes/v2_ratelimit_set_override/handler.go (1) 
Learnt from: ogzhanolguncu
PR: unkeyed/unkey#2872
File: apps/dashboard/lib/trpc/routers/ratelimit/createNamespace.ts:36-39
Timestamp: 2025-04-08T09:34:24.576Z
Learning: When querying or updating namespaces in the Unkey dashboard, always scope the operations to the current workspace using `eq(table.workspaceId, ctx.workspace.id)` to prevent cross-workspace access.
go/apps/api/routes/v2_ratelimit_delete_override/404_test.go (1) 
Learnt from: chronark
PR: unkeyed/unkey#2126
File: apps/api/src/routes/v1_ratelimit_getOverride.happy.test.ts:36-36
Timestamp: 2024-11-13T19:06:36.786Z
Learning: In the rate limit test files (e.g., `apps/api/src/routes/v1_ratelimit_getOverride.happy.test.ts`), URL parameters like `namespaceId` and `identifier` do not need to be URL-encoded in the test code because the values used are always considered safe within the test environment.
go/apps/api/routes/v2_ratelimit_set_override/403_test.go (2) 
Learnt from: chronark
PR: unkeyed/unkey#2126
File: apps/api/src/routes/v1_ratelimit_getOverride.happy.test.ts:36-36
Timestamp: 2024-11-13T19:06:36.786Z
Learning: In the rate limit test files (e.g., `apps/api/src/routes/v1_ratelimit_getOverride.happy.test.ts`), URL parameters like `namespaceId` and `identifier` do not need to be URL-encoded in the test code because the values used are always considered safe within the test environment.

Learnt from: ogzhanolguncu
PR: unkeyed/unkey#2707
File: apps/dashboard/lib/trpc/routers/ratelimit/createOverride.ts:63-63
Timestamp: 2024-12-05T13:27:55.555Z
Learning: In `apps/dashboard/lib/trpc/routers/ratelimit/createOverride.ts`, when determining the maximum number of rate limit overrides (`max`), the intentional use of `const max = hasWorkspaceAccess("ratelimitOverrides", namespace.workspace) || 5;` allows `max` to fall back to `5` when `hasWorkspaceAccess` returns `0` or `false`. This fallback behavior is expected and intended in the codebase.
go/apps/api/routes/v2_ratelimit_set_override/404_test.go (1) 
Learnt from: chronark
PR: unkeyed/unkey#2126
File: apps/api/src/routes/v1_ratelimit_getOverride.happy.test.ts:36-36
Timestamp: 2024-11-13T19:06:36.786Z
Learning: In the rate limit test files (e.g., `apps/api/src/routes/v1_ratelimit_getOverride.happy.test.ts`), URL parameters like `namespaceId` and `identifier` do not need to be URL-encoded in the test code because the values used are always considered safe within the test environment.
go/apps/api/routes/v2_ratelimit_get_override/handler.go (1) 
Learnt from: chronark
PR: unkeyed/unkey#2544
File: apps/api/src/pkg/env.ts:4-6
Timestamp: 2024-10-23T12:05:31.121Z
Learning: The `cloudflareRatelimiter` type definition in `apps/api/src/pkg/env.ts` should not have its interface changed; it should keep the `limit` method returning `Promise<{ success: boolean }>` without additional error properties.
go/apps/api/routes/v2_ratelimit_limit/400_test.go (1) 
Learnt from: chronark
PR: unkeyed/unkey#2126
File: apps/api/src/routes/v1_ratelimit_getOverride.happy.test.ts:36-36
Timestamp: 2024-11-13T19:06:36.786Z
Learning: In the rate limit test files (e.g., `apps/api/src/routes/v1_ratelimit_getOverride.happy.test.ts`), URL parameters like `namespaceId` and `identifier` do not need to be URL-encoded in the test code because the values used are always considered safe within the test environment.
go/apps/api/routes/v2_ratelimit_delete_override/401_test.go (1) 
Learnt from: chronark
PR: unkeyed/unkey#2126
File: apps/api/src/routes/v1_ratelimit_getOverride.happy.test.ts:36-36
Timestamp: 2024-11-13T19:06:36.786Z
Learning: In the rate limit test files (e.g., `apps/api/src/routes/v1_ratelimit_getOverride.happy.test.ts`), URL parameters like `namespaceId` and `identifier` do not need to be URL-encoded in the test code because the values used are always considered safe within the test environment.
go/apps/api/routes/v2_ratelimit_limit/handler.go (2) 
Learnt from: chronark
PR: unkeyed/unkey#2544
File: apps/api/src/pkg/env.ts:4-6
Timestamp: 2024-10-23T12:05:31.121Z
Learning: The `cloudflareRatelimiter` type definition in `apps/api/src/pkg/env.ts` should not have its interface changed; it should keep the `limit` method returning `Promise<{ success: boolean }>` without additional error properties.

Learnt from: ogzhanolguncu
PR: unkeyed/unkey#2872
File: apps/dashboard/lib/trpc/routers/ratelimit/createNamespace.ts:36-39
Timestamp: 2025-04-08T09:34:24.576Z
Learning: When querying or updating namespaces in the Unkey dashboard, always scope the operations to the current workspace using `eq(table.workspaceId, ctx.workspace.id)` to prevent cross-workspace access.
go/pkg/cache/scoped_key.go (2) 
Learnt from: ogzhanolguncu
PR: unkeyed/unkey#2872
File: apps/dashboard/lib/trpc/routers/ratelimit/createNamespace.ts:36-39
Timestamp: 2025-04-08T09:34:24.576Z
Learning: In the Unkey dashboard, when making database queries involving workspaces, use `ctx.workspace.id` directly instead of fetching the workspace separately for better performance and security.

Learnt from: ogzhanolguncu
PR: unkeyed/unkey#2872
File: apps/dashboard/lib/trpc/routers/ratelimit/createNamespace.ts:36-39
Timestamp: 2025-04-08T09:34:24.576Z
Learning: When querying or updating namespaces in the Unkey dashboard, always scope the operations to the current workspace using `eq(table.workspaceId, ctx.workspace.id)` to prevent cross-workspace access.
go/apps/api/routes/v2_ratelimit_limit/401_test.go (1) 
Learnt from: chronark
PR: unkeyed/unkey#2126
File: apps/api/src/routes/v1_ratelimit_getOverride.happy.test.ts:36-36
Timestamp: 2024-11-13T19:06:36.786Z
Learning: In the rate limit test files (e.g., `apps/api/src/routes/v1_ratelimit_getOverride.happy.test.ts`), URL parameters like `namespaceId` and `identifier` do not need to be URL-encoded in the test code because the values used are always considered safe within the test environment.
go/apps/api/routes/v2_ratelimit_set_override/200_test.go (1) 
Learnt from: chronark
PR: unkeyed/unkey#2126
File: apps/api/src/routes/v1_ratelimit_getOverride.happy.test.ts:36-36
Timestamp: 2024-11-13T19:06:36.786Z
Learning: In the rate limit test files (e.g., `apps/api/src/routes/v1_ratelimit_getOverride.happy.test.ts`), URL parameters like `namespaceId` and `identifier` do not need to be URL-encoded in the test code because the values used are always considered safe within the test environment.
go/apps/api/routes/v2_ratelimit_get_override/400_test.go (1) 
Learnt from: chronark
PR: unkeyed/unkey#2126
File: apps/api/src/routes/v1_ratelimit_getOverride.happy.test.ts:36-36
Timestamp: 2024-11-13T19:06:36.786Z
Learning: In the rate limit test files (e.g., `apps/api/src/routes/v1_ratelimit_getOverride.happy.test.ts`), URL parameters like `namespaceId` and `identifier` do not need to be URL-encoded in the test code because the values used are always considered safe within the test environment.
go/apps/api/routes/v2_ratelimit_delete_override/handler.go (1) 
Learnt from: ogzhanolguncu
PR: unkeyed/unkey#2872
File: apps/dashboard/lib/trpc/routers/ratelimit/createNamespace.ts:36-39
Timestamp: 2025-04-08T09:34:24.576Z
Learning: When querying or updating namespaces in the Unkey dashboard, always scope the operations to the current workspace using `eq(table.workspaceId, ctx.workspace.id)` to prevent cross-workspace access.
🧬 Code Graph Analysis (22)
go/apps/api/routes/v2_ratelimit_delete_override/400_test.go (1)
go/internal/services/caches/caches.go (1)
  • Caches (15-27)
go/apps/api/routes/v2_ratelimit_limit/404_test.go (1)
go/internal/services/caches/caches.go (1)
  • Caches (15-27)
go/apps/api/routes/v2_ratelimit_get_override/200_test.go (1)
go/internal/services/caches/caches.go (1)
  • Caches (15-27)
go/apps/api/routes/v2_ratelimit_limit/403_test.go (1)
go/internal/services/caches/caches.go (1)
  • Caches (15-27)
go/apps/api/routes/v2_ratelimit_get_override/404_test.go (1)
go/internal/services/caches/caches.go (1)
  • Caches (15-27)
go/apps/api/routes/v2_ratelimit_get_override/403_test.go (1)
go/internal/services/caches/caches.go (1)
  • Caches (15-27)
go/apps/api/routes/v2_ratelimit_set_override/401_test.go (1)
go/internal/services/caches/caches.go (1)
  • Caches (15-27)
go/apps/api/routes/v2_ratelimit_set_override/400_test.go (1)
go/internal/services/caches/caches.go (1)
  • Caches (15-27)
go/apps/api/routes/v2_ratelimit_delete_override/403_test.go (1)
go/internal/services/caches/caches.go (1)
  • Caches (15-27)
go/apps/api/routes/v2_ratelimit_delete_override/200_test.go (1)
go/internal/services/caches/caches.go (1)
  • Caches (15-27)
go/apps/api/routes/v2_ratelimit_get_override/401_test.go (1)
go/internal/services/caches/caches.go (1)
  • Caches (15-27)
go/apps/api/routes/v2_ratelimit_set_override/handler.go (2)
go/pkg/cache/interface.go (2)
  • Cache (7-32)
  • Key (34-36)
go/pkg/cache/scoped_key.go (1)
  • ScopedKey (44-57)
go/apps/api/routes/v2_ratelimit_delete_override/404_test.go (1)
go/internal/services/caches/caches.go (1)
  • Caches (15-27)
go/apps/api/routes/v2_ratelimit_set_override/403_test.go (1)
go/internal/services/caches/caches.go (1)
  • Caches (15-27)
go/apps/api/routes/v2_ratelimit_set_override/404_test.go (1)
go/internal/services/caches/caches.go (1)
  • Caches (15-27)
go/apps/api/routes/v2_ratelimit_limit/400_test.go (1)
go/internal/services/caches/caches.go (1)
  • Caches (15-27)
go/apps/api/routes/v2_ratelimit_delete_override/401_test.go (1)
go/internal/services/caches/caches.go (1)
  • Caches (15-27)
go/pkg/cache/scoped_key.go (1)
go/pkg/cache/interface.go (1)
  • Key (34-36)
go/apps/api/routes/v2_ratelimit_limit/401_test.go (1)
go/internal/services/caches/caches.go (1)
  • Caches (15-27)
go/apps/api/routes/v2_ratelimit_set_override/200_test.go (1)
go/internal/services/caches/caches.go (1)
  • Caches (15-27)
go/apps/api/routes/register.go (6)
go/internal/services/caches/caches.go (1)
  • Caches (15-27)
go/pkg/zen/server.go (1)
  • Flags (37-40)
go/apps/api/routes/v2_ratelimit_delete_override/handler.go (1)
  • Handler (27-33)
go/apps/api/routes/v2_ratelimit_limit/handler.go (1)
  • Handler (33-42)
go/apps/api/routes/v2_ratelimit_get_override/handler.go (1)
  • Handler (27-33)
go/apps/api/routes/v2_ratelimit_set_override/handler.go (1)
  • Handler (29-36)
go/apps/api/routes/v2_ratelimit_get_override/400_test.go (1)
go/internal/services/caches/caches.go (1)
  • Caches (15-27)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (5)
  • GitHub Check: Build / Build
  • GitHub Check: Test Agent Local / test_agent_local
  • GitHub Check: Test Go API Local / Test
  • GitHub Check: Test API / API Test Local
  • GitHub Check: Test Packages / Test
🔇 Additional comments (37)
go/apps/api/routes/v2_ratelimit_delete_override/403_test.go (1)

48-53: LGTM - Cache field renaming aligns with workspace scoping.

The update from RatelimitNamespaceByNameCache to RatelimitNamespaceCache is consistent with the broader refactor to use workspace-scoped cache keys. This change appropriately supports the workspace permission testing being performed in this file.

go/pkg/cache/noop.go (1)

16-16: LGTM - Variadic parameters support bulk cache removal.

The update to accept variadic parameters (keys ...K) correctly implements the new bulk removal interface while maintaining the no-op behavior. This aligns with the broader cache interface improvements mentioned in the PR.

go/apps/api/routes/v2_ratelimit_get_override/200_test.go (1)

49-54: LGTM - Consistent cache field renaming.

The cache field update from RatelimitNamespaceByNameCache to RatelimitNamespaceCache is consistent with the workspace scoping refactor. The test functionality remains intact while supporting the new scoped cache key structure.

go/apps/api/routes/v2_ratelimit_delete_override/400_test.go (1)

20-25: LGTM - Cache field update maintains test consistency.

The renaming of the cache field from RatelimitNamespaceByNameCache to RatelimitNamespaceCache is consistent with the workspace scoping refactor across all ratelimit handlers. The bad request validation logic remains intact.

go/apps/api/routes/v2_ratelimit_limit/404_test.go (1)

22-28: LGTM - Cache field renaming supports workspace isolation.

The cache field update from RatelimitNamespaceByNameCache to RatelimitNamespaceCache is consistent with the workspace scoping refactor. The 404 test logic for namespace not found scenarios remains unchanged while benefiting from improved cache isolation.

go/pkg/cache/interface.go (1)

18-20: LGTM: Enhanced cache interface for bulk operations.

The variadic Remove method signature enables efficient removal of multiple cache keys simultaneously, which is essential for the workspace scoping feature. This change maintains backward compatibility while adding the new bulk removal capability.

go/apps/api/routes/v2_ratelimit_delete_override/404_test.go (1)

38-38: LGTM: Consistent cache field refactoring.

The cache field has been correctly updated from RatelimitNamespaceByNameCache to RatelimitNamespaceCache to align with the new scoped key implementation. Test logic remains unchanged, ensuring functionality is preserved.

go/apps/api/routes/v2_ratelimit_set_override/403_test.go (1)

38-38: LGTM: Cache field updated for workspace scoping.

The cache field update is consistent with the workspace scoping refactor. This change is particularly relevant for this permissions test, as it ensures the cache properly isolates data between workspaces.

go/apps/api/routes/v2_ratelimit_get_override/404_test.go (1)

37-37: LGTM: Consistent cache field refactoring.

The cache field has been appropriately updated to use the new scoped cache implementation. The test functionality remains intact while supporting the enhanced workspace isolation.

go/apps/api/routes/v2_ratelimit_get_override/400_test.go (1)

25-25: LGTM: Final consistent cache field update.

The cache field has been correctly updated to complete the systematic refactoring across all ratelimit test files. Test validation logic remains unchanged while supporting the new workspace-scoped cache implementation.

go/apps/api/routes/v2_ratelimit_get_override/401_test.go (1)

17-21: LGTM! Cache field correctly updated for scoped keys.

The handler initialization properly updates the cache field name from RatelimitNamespaceByNameCache to RatelimitNamespaceCache and the cache reference from h.Caches.RatelimitNamespaceByName to h.Caches.RatelimitNamespace. This change aligns with the broader refactor to use workspace-scoped cache keys.

go/pkg/cache/cache.go (1)

156-160: LGTM! Enhanced cache removal with variadic keys support.

The Remove method now accepts variadic keys, enabling efficient bulk removal of cache entries. The implementation correctly iterates over all provided keys and deletes each one from the underlying otter cache. This enhancement supports the broader refactor where handlers need to invalidate multiple scoped keys simultaneously.

go/apps/api/routes/v2_ratelimit_get_override/403_test.go (1)

47-52: LGTM! Consistent cache field update for workspace permissions test.

The handler initialization correctly updates the cache field name and reference to match the new scoped cache implementation. This change maintains consistency with the broader refactor while preserving the test's purpose of validating workspace permission isolation.

go/apps/api/routes/v2_ratelimit_set_override/404_test.go (1)

17-23: LGTM! Cache field consistently updated for set override handler.

The handler initialization properly updates the cache field name and reference to align with the new scoped cache implementation. This change maintains consistency across all ratelimit handlers while preserving the test's validation of namespace not found scenarios.

go/apps/api/routes/v2_ratelimit_limit/accuracy_test.go (1)

59-66: LGTM! Cache field updated for rate limit accuracy test.

The handler initialization correctly updates the cache field name and reference to match the new scoped cache implementation. This change maintains consistency with the broader refactor while preserving the comprehensive accuracy testing logic for rate limiting functionality.

go/apps/api/routes/v2_ratelimit_set_override/400_test.go (1)

24-24: Cache field update aligns with workspace scoping refactor.

The renaming from RatelimitNamespaceByNameCache to RatelimitNamespaceCache and the corresponding cache reference update are consistent with the broader refactor to use ScopedKey for workspace isolation.

go/apps/api/routes/v2_ratelimit_limit/200_test.go (1)

30-30: Consistent cache field update.

The cache field renaming is consistent with the workspace scoping refactor and aligns with changes across other test files.

go/pkg/cache/middleware/tracing.go (1)

47-56: Bulk key removal support with proper tracing.

The Remove method has been correctly updated to support variadic keys, enabling bulk cache invalidation. The tracing attributes properly capture both the keys slice and count for observability.

go/apps/api/routes/v2_ratelimit_set_override/401_test.go (1)

21-21: Cache field update maintains consistency.

The cache field renaming is consistent with the workspace scoping refactor across the codebase.

go/apps/api/routes/v2_ratelimit_limit/403_test.go (1)

38-38: Cache field update supports workspace isolation.

The cache field renaming is consistent with the workspace scoping refactor. This change is particularly relevant for this test file since it validates workspace permissions, and the new scoped cache keys will improve isolation between workspaces.

go/apps/api/routes/v2_ratelimit_delete_override/401_test.go (1)

21-21: LGTM: Cache field update aligns with workspace scoping refactor.

The renaming of RatelimitNamespaceByNameCache to RatelimitNamespaceCache and updating the reference to use h.Caches.RatelimitNamespace is consistent with the PR's goal of improving cache isolation between workspaces.

go/apps/api/routes/v2_ratelimit_limit/401_test.go (1)

20-20: LGTM: Consistent cache field update.

The cache field renaming follows the same pattern as other v2 ratelimit route tests, ensuring consistency across the codebase.

go/apps/api/routes/v2_ratelimit_delete_override/200_test.go (1)

51-51: LGTM: Cache field update maintains test functionality.

The cache field renaming is consistent with the workspace scoping refactor while preserving the test's ability to verify override deletion functionality.

go/apps/api/routes/v2_ratelimit_limit/400_test.go (1)

27-27: LGTM: Cache field update for bad request testing.

The cache field renaming is consistent with the workspace scoping refactor. The test logic for handling bad requests remains unchanged and functional.

go/apps/api/routes/v2_ratelimit_set_override/200_test.go (1)

37-37: LGTM: Cache field update preserves comprehensive test coverage.

The cache field renaming is consistent with the workspace scoping refactor while maintaining the test's comprehensive coverage of set override functionality using both namespace names and IDs.

go/apps/api/routes/register.go (1)

81-81: LGTM: Consistent cache field renaming

The field renaming from RatelimitNamespaceByNameCache to RatelimitNamespaceCache is consistently applied across all affected ratelimit handlers. This aligns with the broader refactoring to use workspace-scoped cache keys.

Also applies to: 94-94, 105-105, 117-117

go/apps/api/routes/v2_ratelimit_get_override/handler.go (1)

32-32: LGTM: Cache field updated for workspace scoping

The field renaming to RatelimitNamespaceCache and type change to cache.ScopedKey enables proper workspace isolation in the cache, which aligns with the PR objective of preventing data leakage between workspaces.

go/apps/api/routes/v2_ratelimit_set_override/handler.go (2)

35-35: LGTM: Cache field updated for workspace scoping

The field renaming to RatelimitNamespaceCache and type change to cache.ScopedKey enables proper workspace isolation in the cache.

140-149: LGTM: Proper cache invalidation with workspace scoping

The cache removal logic correctly invalidates both namespace ID and namespace name cache entries, with both keys properly scoped to the authorized workspace ID. This ensures complete cache invalidation while maintaining workspace isolation.

go/apps/api/routes/v2_ratelimit_limit/handler.go (2)

40-40: LGTM: Cache field updated for workspace scoping

The field renaming to RatelimitNamespaceCache and type change to cache.ScopedKey enables proper workspace isolation in the cache.

73-111: LGTM: Proper workspace-scoped cache lookup

The cache lookup correctly uses a ScopedKey with the authorized workspace ID and namespace name. This ensures that cache entries are properly isolated per workspace, preventing data leakage between workspaces as intended by the PR objectives.

go/apps/api/routes/v2_ratelimit_delete_override/handler.go (2)

32-32: LGTM: Cache field updated for workspace scoping

The field renaming to RatelimitNamespaceCache and type change to cache.ScopedKey enables proper workspace isolation in the cache.

159-168: LGTM: Proper cache invalidation with workspace scoping

The cache removal logic correctly invalidates both namespace ID and namespace name cache entries, with both keys properly scoped to the authorized workspace ID. This ensures complete cache invalidation while maintaining workspace isolation.

go/pkg/cache/scoped_key.go (1)

1-57: Excellent implementation with comprehensive documentation.

The ScopedKey struct is well-designed for workspace isolation in caching. The extensive documentation clearly explains the purpose, usage patterns, and design rationale. The examples demonstrate proper usage, and the explicit struct approach provides better type safety than string concatenation.

go/internal/services/caches/caches.go (3)

16-18: Good field refactoring to support scoped keys.

The field rename from RatelimitNamespaceByName to RatelimitNamespace better reflects its expanded capability to cache lookups by both name and ID. The type change to use cache.ScopedKey properly implements workspace isolation.

68-78: Proper cache initialization with scoped keys.

The cache initialization correctly uses the new cache.ScopedKey type while maintaining appropriate configuration parameters. The field assignment in the returned struct properly uses the renamed field.

Also applies to: 106-106

16-18: Cache refactor confirmed: no residual old cache field usages

All references to the old cache field name (RatelimitNamespaceByName) have been removed. The search showed no occurrences of RatelimitNamespaceByNameCache and all usages now reference RatelimitNamespace. The remaining FindRatelimitNamespaceByName DB methods are part of generated code and unrelated to the cache refactoring.

✨ Finishing Touches
  • 📝 Generate Docstrings

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share
🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

  • Review comments: Directly reply to a review comment made by CodeRabbit. Example:
    • I pushed a fix in commit <commit_id>, please review it.
    • Explain this complex logic.
    • Open a follow-up GitHub issue for this discussion.
  • Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
    • @coderabbitai explain this code block.
    • @coderabbitai modularize this function.
  • PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
    • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
    • @coderabbitai read src/utils.ts and explain its main purpose.
    • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
    • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

  • @coderabbitai pause to pause the reviews on a PR.
  • @coderabbitai resume to resume the paused reviews.
  • @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
  • @coderabbitai full review to do a full review from scratch and review all the files again.
  • @coderabbitai summary to regenerate the summary of the PR.
  • @coderabbitai generate docstrings to generate docstrings for this PR.
  • @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
  • @coderabbitai resolve resolve all the CodeRabbit review comments.
  • @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
  • @coderabbitai help to get help.

Other keywords and placeholders

  • Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
  • Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
  • Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

  • You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
  • Please see the configuration documentation for more information.
  • If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

  • Visit our Documentation for detailed information on how to use CodeRabbit.
  • Join our Discord Community to get help, request features, and share feedback.
  • Follow us on X/Twitter for updates and announcements.

@chronark Graphite App
Copy link
Collaborator Author

chronark commented Jul 18, 2025
edited
Loading

This stack of pull requests is managed by Graphite. Learn more about stacking.

@chronark chronark mentioned this pull request Jul 18, 2025
Merged
18 tasks
@chronark chronark marked this pull request as ready for review July 18, 2025 18:11
@vercel vercel bot temporarily deployed to Preview – dashboard July 18, 2025 18:11 Inactive
@vercel vercel bot temporarily deployed to Preview – engineering July 18, 2025 18:11 Inactive
@github-actions
Copy link
Contributor

github-actions bot commented Jul 18, 2025

Thank you for following the naming conventions for pull request titles! 🙏

@graphite-app
Copy link

graphite-app bot commented Jul 18, 2025
edited
Loading

Graphite Automations

"Notify author when CI fails" took an action on this PR • (07/18/25)

1 teammate was notified to this PR based on Andreas Thomas's automation.

"Post a GIF when PR approved" took an action on this PR • (07/21/25)

1 gif was posted to this PR based on Andreas Thomas's automation.

@Flo4604 Pullflow.com
Copy link
Member

Flo4604 commented Jul 21, 2025

More of a nit, but what if we made the type a generic so we could later also scope keys to something else than a workspace

@chronark Pullflow.com
Copy link
Collaborator Author

chronark commented Jul 21, 2025

I thought about it, but figured there isn’t any point in preoptimizing this. any change would need a redeployment and therefore clean the cache anyways

@Flo4604 Pullflow.com
Copy link
Member

Flo4604 commented Jul 21, 2025

yeah fair

@Flo4604 Flo4604 enabled auto-merge July 21, 2025 17:07
@graphite-app
Copy link

graphite-app bot commented Jul 21, 2025

Video gif. A toddler sits at a table with a cracker in her hands. She looks at us with a big excited smile and then grins while giving a big thumbs up. Text, “Thank you!” (Added via Giphy)

@Flo4604 Flo4604 added this pull request to the merge queue Jul 21, 2025
Merged via the queue into main with commit c9d76d6 Jul 21, 2025
31 of 32 checks passed
@Flo4604 Flo4604 deleted the 07-18-fix_scope_cache_keys_to_a_workspace_to_prevent_leaking_of_data branch July 21, 2025 18:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Flo4604 Flo4604 Flo4604 approved these changes

@perkinsjr perkinsjr Awaiting requested review from perkinsjr perkinsjr is a code owner

@imeyer imeyer Awaiting requested review from imeyer imeyer is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@chronark @Flo4604