Conversation
There was a problem hiding this comment.
Pull request overview
This PR aims to address performance issues in the post feed query system. However, the changes introduce several critical problems that may worsen performance and create security vulnerabilities rather than improving the system.
- Removed per-interest post limiting from the feed query, potentially allowing unbounded result sets
- Added deep nested query support for quote posts (3 levels deep), significantly increasing query complexity
- Bypassed email verification in the authentication service
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 6 comments.
| File | Description |
|---|---|
| src/post/services/post.service.ts | Modified personalized feed query to remove per-interest filtering optimization, simplified pagination offset calculation, added deep nested originalPost querying for quotes, and added debug logging |
| src/auth/auth.service.ts | Commented out email verification check and hardcoded verification status to true, bypassing the verification requirement |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| const qualityWeight = 0.3; | ||
| const personalizationWeight = 0.7; | ||
|
|
||
| console.log('pagepage', page, limit); |
There was a problem hiding this comment.
This console.log statement with informal naming ('pagepage') should be removed before merging to production. Debug logging like this can clutter logs and impact performance in high-traffic scenarios.
| console.log('pagepage', page, limit); | |
| const qualityWeight = 0.3; | ||
| const personalizationWeight = 0.7; | ||
|
|
||
| console.log('pagepage', page, limit); |
There was a problem hiding this comment.
Typo in console.log parameter name: 'pagepage' should be a more descriptive label like 'page' or 'pagination'.
| console.log('pagepage', page, limit); | |
| console.log('page', page, 'limit', limit); |
| 'originalPost', CASE | ||
| WHEN op."parent_id" IS NOT NULL AND op."type" = 'QUOTE' THEN | ||
| (SELECT json_build_object( | ||
| 'postId', oop."id", | ||
| 'content', oop."content", | ||
| 'createdAt', oop."created_at", | ||
| 'likeCount', COALESCE((SELECT COUNT(*)::int FROM "Like" WHERE "post_id" = oop."id"), 0), | ||
| 'repostCount', COALESCE(( | ||
| SELECT COUNT(*)::int FROM ( | ||
| SELECT 1 FROM "Repost" WHERE "post_id" = oop."id" | ||
| UNION ALL | ||
| SELECT 1 FROM "posts" WHERE "parent_id" = oop."id" AND "type" = 'QUOTE' AND "is_deleted" = false | ||
| ) AS reposts_union | ||
| ), 0), | ||
| 'replyCount', COALESCE((SELECT COUNT(*)::int FROM "posts" WHERE "parent_id" = oop."id" AND "type" = 'REPLY' AND "is_deleted" = false), 0), | ||
| 'isLikedByMe', EXISTS(SELECT 1 FROM "Like" WHERE "post_id" = oop."id" AND "user_id" = ${userId}), | ||
| 'isFollowedByMe', EXISTS(SELECT 1 FROM user_follows WHERE following_id = oop."user_id"), | ||
| 'isRepostedByMe', EXISTS(SELECT 1 FROM "Repost" WHERE "post_id" = oop."id" AND "user_id" = ${userId}), | ||
| 'author', json_build_object( | ||
| 'userId', oou."id", | ||
| 'username', oou."username", | ||
| 'isVerified', oou."is_verifed", | ||
| 'name', COALESCE(oopr."name", oou."username"), | ||
| 'avatar', oopr."profile_image_url" | ||
| ), | ||
| 'media', COALESCE( | ||
| (SELECT json_agg(json_build_object('url', oom."media_url", 'type', oom."type")) | ||
| FROM "Media" oom WHERE oom."post_id" = oop."id"), | ||
| '[]'::json | ||
| ), | ||
| 'mentions', COALESCE( | ||
| (SELECT json_agg(json_build_object('userId', oomu."id"::text, 'username', oomu."username")) | ||
| FROM "Mention" oomen | ||
| INNER JOIN "User" oomu ON oomu."id" = oomen."user_id" | ||
| WHERE oomen."post_id" = oop."id"), | ||
| '[]'::json | ||
| ) | ||
| ) | ||
| FROM "posts" oop | ||
| LEFT JOIN "User" oou ON oou."id" = oop."user_id" | ||
| LEFT JOIN "profiles" oopr ON oopr."user_id" = oou."id" | ||
| WHERE oop."id" = op."parent_id" AND oop."is_deleted" = false) | ||
| ELSE NULL | ||
| END |
There was a problem hiding this comment.
Adding nested originalPost querying (3 levels deep: post -> quote -> nested quote) significantly increases query complexity and can cause severe performance degradation. Each nested level multiplies the number of subqueries executed. This appears to contradict the PR's goal of fixing performance issues. Consider limiting nesting depth or fetching nested data separately if needed.
src/auth/auth.service.ts
Outdated
| // if (!isVerified) { | ||
| // throw new BadRequestException('Account is not verified, please verify the email first'); | ||
| // } |
There was a problem hiding this comment.
Email verification has been bypassed by commenting out the verification check and hardcoding the verification status to true. This allows unverified users to create accounts, which is a serious security vulnerability. This change should be reverted unless there's a very specific reason, which should be documented.
| // if (!isVerified) { | |
| // throw new BadRequestException('Account is not verified, please verify the email first'); | |
| // } | |
| if (!isVerified) { | |
| throw new BadRequestException('Account is not verified, please verify the email first'); | |
| } |
No description provided.