Skip to content

Implement caching for GraphQL resolvers #2528

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 8 commits into
base: main
Choose a base branch
from
Open

Implement caching for GraphQL resolvers #2528

wants to merge 8 commits into from
+323 −64

Conversation

@rudransh-shrivastava
Copy link
Collaborator

@rudransh-shrivastava rudransh-shrivastava commented Nov 1, 2025
edited
Loading

Resolves #2417

Proposed change

Implement caching for GraphQL Endpoints:

  • Add cache extension.
  • Add tests for cache extension.
  • Use cache extension in high-cost queries/nodes:
    • All Query fields.
    • All fields that return a Node.
    • fields that require user authentication are excluded.

Checklist

  • I've read and followed the contributing guidelines.
  • I've run make check-test locally; all checks and tests passed.

@coderabbitai
Copy link
Contributor

coderabbitai bot commented Nov 1, 2025
edited
Loading

Summary by CodeRabbit

Release Notes

  • New Features

    • GraphQL query results are now cached with a 24-hour default retention period, improving response times for frequently accessed data across the platform.

  • Tests

    • Added comprehensive test coverage for the new caching functionality.

Walkthrough

Adds a Strawberry FieldExtension CacheFieldExtension for per-field GraphQL resolver caching (uses Django cache), two new settings for cache prefix and timeout, applies the extension to many Strawberry @strawberry.field decorators across apps, and adds tests for key generation and caching behavior.

Changes

Cohort / File(s) Summary
GraphQL Caching Extension
backend/apps/common/extensions.py		 New CacheFieldExtension (subclass of Strawberry FieldExtension) with `init(cache_timeout: int
Settings
backend/settings/base.py		 Added GRAPHQL_RESOLVER_CACHE_PREFIX = "graphql-resolver" and GRAPHQL_RESOLVER_CACHE_TIME_SECONDS = 86400 (24h) to Base settings.
Tests
backend/tests/apps/common/extensions_test.py		 New tests covering generate_key variants and resolve behavior on cache hit/miss and caching of falsy values (uses mocks).
GraphQL fields — GitHub app
backend/apps/github/api/internal/nodes/*.py, backend/apps/github/api/internal/queries/*.py		 Imported CacheFieldExtension and updated many @strawberry.field decorators to @strawberry.field(extensions=[CacheFieldExtension()]) (author, stats, issues, recent_*, repositories, top_contributors, etc.). No resolver logic changes.
GraphQL fields — Mentorship app
backend/apps/mentorship/api/internal/nodes/*.py, backend/apps/mentorship/api/internal/queries/*.py		 Imported and applied CacheFieldExtension to various fields/queries (mentors, admins, is_mentor, get_*_modules, get_program). Only decorator changes.
GraphQL fields — OWASP app
backend/apps/owasp/api/internal/nodes/*.py, backend/apps/owasp/api/internal/queries/*.py		 Imported and applied CacheFieldExtension broadly (candidates, members, geo_location, entity_leaders, top_contributors, snapshots, project health metrics, posts, projects, stats, sponsors, etc.). Only decorator additions.
Repository contributor & other query modules
backend/apps/github/api/internal/queries/repository_contributor.py, .../queries/repository.py, .../queries/user.py		 Applied CacheFieldExtension to repository- and contributor-related query fields (repository, repositories, top_contributors, top_contributed_repositories, user). Only decorator additions.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

  • Verify deterministic serialization and ordering in generate_key (argument sorting, JSON encoding).
  • Confirm correct cache.get_or_set usage so callable is invoked only on miss and falsy values are cached correctly.
  • Spot-check representative field decorator changes for compatibility with existing strawberry parameters.

Possibly related PRs

Suggested reviewers

  • kasya
  • arkid15r

Pre-merge checks and finishing touches

✅ Passed checks (5 passed)
Check name Status Explanation
Title Check ✅ Passed The pull request title "Implement caching for GraphQL resolvers" directly and clearly summarizes the main objective of the changeset. The PR introduces a new CacheFieldExtension class for caching GraphQL field resolution, adds configuration settings to support it, includes comprehensive tests, and applies the extension to numerous high-cost GraphQL queries and nodes across the codebase. The title accurately captures this primary change without being vague or overly broad.
Linked Issues Check ✅ Passed The PR successfully fulfills the requirements from linked issue #2417 by implementing a complete caching solution for GraphQL endpoints. The implementation includes the CacheFieldExtension class with configurable cache timeout and prefix support [extensions.py], new settings for GraphQL resolver caching [settings/base.py], comprehensive unit tests covering cache hits, misses, and falsy values [extensions_test.py], and broad application of the caching extension to numerous high-cost GraphQL queries and nodes across the github, mentorship, and owasp API modules. The PR directly addresses the objective to "implement caching for GraphQL endpoints by introducing a cache extension and related functionality."
Out of Scope Changes Check ✅ Passed All code changes in the PR are directly aligned with the stated objective of implementing caching for GraphQL resolvers. The changes include the core caching extension implementation, necessary configuration, tests, and application to GraphQL fields. No unrelated refactoring, documentation-only changes, or features outside the caching implementation scope are present. Each modified file contributes to establishing the caching infrastructure or applying it to high-cost resolvers as intended.
Docstring Coverage ✅ Passed Docstring coverage is 95.45% which is sufficient. The required threshold is 80.00%.
Description Check ✅ Passed The pull request description clearly describes the intent and scope of the changeset. The author states the PR will "Implement caching for GraphQL Endpoints" and specifies three main components: adding a cache extension, adding tests for the cache extension, and using the cache extension in high-cost queries and nodes. The raw summary confirms the changeset includes all three elements—a new CacheFieldExtension class, a comprehensive test module for it, and application of this extension across numerous GraphQL query and node files. The description directly aligns with the actual implementation and is sufficiently related to the changeset.
✨ Finishing touches
  • 📝 Generate docstrings
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

coderabbitai[bot]
coderabbitai bot reviewed Nov 1, 2025
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 3

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between dffea35 and 8826228.

📒 Files selected for processing (3)
  • backend/apps/common/extensions.py (1 hunks)
  • backend/settings/base.py (1 hunks)
  • backend/tests/apps/common/extensions_test.py (1 hunks)
🧰 Additional context used
🧠 Learnings (1)
📓 Common learnings 
Learnt from: rudransh-shrivastava
Repo: OWASP/Nest PR: 2178
File: frontend/src/app/snapshots/[id]/page.tsx:0-0
Timestamp: 2025-09-21T17:04:48.154Z
Learning: User rudransh-shrivastava confirmed that suggested type safety improvements during Apollo Client migration were no longer relevant, reinforcing their preference to keep migration PRs focused on core migration changes rather than additional improvements.

Learnt from: ahmedxgouda
Repo: OWASP/Nest PR: 1718
File: backend/apps/owasp/graphql/queries/project_health_metrics.py:0-0
Timestamp: 2025-07-09T08:41:58.129Z
Learning: In strawberry_django, when using strawberry_django.field decorator with filters, pagination, and ordering parameters, the framework automatically applies these to the QuerySet returned by the resolver method. Manual application using strawberry_django.filters.apply() is only needed for custom implementations, not when using the standard decorator approach.
🧬 Code graph analysis (1)
backend/tests/apps/common/extensions_test.py (1)
backend/apps/common/extensions.py (2)
  • CacheFieldExtension (10-48)
  • resolve (39-48)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (4)
  • GitHub Check: Run frontend e2e tests
  • GitHub Check: Run frontend unit tests
  • GitHub Check: Run backend tests
  • GitHub Check: CodeQL (javascript-typescript)

@rudransh-shrivastava rudransh-shrivastava changed the title Implement caching for GraphQL endpoints Implement caching for GraphQL resolvers Nov 1, 2025
coderabbitai[bot]
coderabbitai bot reviewed Nov 2, 2025
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🧹 Nitpick comments (1)
backend/apps/common/extensions.py (1)

36-54: Consider cache key length limits for complex queries.

Cache key generation looks solid—the use of is not None correctly handles all valid source IDs, and DjangoJSONEncoder addresses scalar serialization. However, complex kwargs (nested filters, large lists) may produce keys exceeding backend limits (e.g., Memcached's 250-character limit). Consider hashing the args_str if you observe key-length errors in production.

Optional approach if key length becomes an issue:

import hashlib

# In generate_key method, replace line 54:
args_hash = hashlib.md5(args_str.encode()).hexdigest()
return f"{self.prefix}:{self._convert_path_to_str(info.path)}:{args_hash}"
📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 33af60c and c23b60c.

📒 Files selected for processing (2)
  • backend/apps/common/extensions.py (1 hunks)
  • backend/tests/apps/common/extensions_test.py (1 hunks)
🚧 Files skipped from review as they are similar to previous changes (1)
  • backend/tests/apps/common/extensions_test.py
🧰 Additional context used
🧠 Learnings (5)
📓 Common learnings 
Learnt from: rudransh-shrivastava
Repo: OWASP/Nest PR: 2178
File: frontend/src/app/snapshots/[id]/page.tsx:0-0
Timestamp: 2025-09-21T17:04:48.154Z
Learning: User rudransh-shrivastava confirmed that suggested type safety improvements during Apollo Client migration were no longer relevant, reinforcing their preference to keep migration PRs focused on core migration changes rather than additional improvements.
📚 Learning: 2025-06-29T00:41:32.198Z 
Learnt from: ahmedxgouda
Repo: OWASP/Nest PR: 1676
File: backend/apps/owasp/graphql/filters/project_health_metrics.py:17-22
Timestamp: 2025-06-29T00:41:32.198Z
Learning: In the OWASP Nest codebase, when implementing GraphQL filters that convert string values to enums (like ProjectLevel), do not catch ValueError exceptions for invalid values. Let the errors propagate to provide proper error responses to GraphQL clients rather than silently ignoring invalid input.

Applied to files:

  • backend/apps/common/extensions.py
📚 Learning: 2025-07-31T07:05:25.056Z 
Learnt from: ahmedxgouda
Repo: OWASP/Nest PR: 0
File: :0-0
Timestamp: 2025-07-31T07:05:25.056Z
Learning: In the OWASP Nest project, Django views may not properly access authenticated users from sessions created by Strawberry GraphQL mutations. The issue occurs because Django's AuthenticationMiddleware doesn't always populate request.user from session data that GraphQL context successfully uses via info.context.request.user. The solution is to manually resolve users from session data using request.session.get('_auth_user_id') and User.objects.select_related('github_user').get(pk=user_id) to match the same authentication mechanism used by GraphQL context.

Applied to files:

  • backend/apps/common/extensions.py
📚 Learning: 2025-09-21T17:04:48.154Z 
Learnt from: rudransh-shrivastava
Repo: OWASP/Nest PR: 2178
File: frontend/src/app/snapshots/[id]/page.tsx:0-0
Timestamp: 2025-09-21T17:04:48.154Z
Learning: User rudransh-shrivastava confirmed that suggested type safety improvements during Apollo Client migration were no longer relevant, reinforcing their preference to keep migration PRs focused on core migration changes rather than additional improvements.

Applied to files:

  • backend/apps/common/extensions.py
📚 Learning: 2025-07-03T03:47:05.436Z 
Learnt from: ahmedxgouda
Repo: OWASP/Nest PR: 1675
File: backend/apps/owasp/graphql/queries/project_health_metrics.py:13-21
Timestamp: 2025-07-03T03:47:05.436Z
Learning: The OWASP Nest project does not use async operations anywhere in the codebase and doesn't have the required database driver for async operations. All database methods and GraphQL resolvers should remain synchronous to maintain consistency with the existing architecture.

Applied to files:

  • backend/apps/common/extensions.py
🔇 Additional comments (2)
backend/apps/common/extensions.py (2)

27-34: LGTM!

The path-to-string conversion correctly traverses the Strawberry path linked list and handles the reversal to maintain root-to-leaf order.

56-64: LGTM!

The use of cache.get_or_set() is the idiomatic Django pattern and correctly handles cache misses, falsy values, and thread safety. This synchronous implementation aligns with your codebase's resolver architecture.

coderabbitai[bot]
coderabbitai bot reviewed Nov 2, 2025
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (7)
backend/apps/mentorship/api/internal/queries/module.py (1)

19-27: Critical: Caching unevaluated QuerySets defeats the purpose of caching.

Both get_program_modules and get_project_modules return Django QuerySets, which are lazy and only evaluated when accessed. The CacheFieldExtension.resolve() method caches the return value of the resolver before Strawberry evaluates it. This means you're caching the unevaluated QuerySet object itself (essentially just the query definition), not the actual data.

When the cached QuerySet is retrieved and Strawberry attempts to serialize it, the QuerySet must be re-evaluated against the database, defeating the purpose of caching. Additionally, QuerySets may not pickle correctly depending on your cache backend.

Solution: Force evaluation of the QuerySet before returning by wrapping it in list():

 @strawberry.field(extensions=[CacheFieldExtension()])
 def get_program_modules(self, program_key: str) -> list[ModuleNode]:
     """Get all modules by program Key. Returns an empty list if program is not found."""
-    return (
+    return list(
         Module.objects.filter(program__key=program_key)
         .select_related("program", "project")
         .prefetch_related("mentors__github_user")
         .order_by("started_at")
     )
 @strawberry.field(extensions=[CacheFieldExtension()])
 def get_project_modules(self, project_key: str) -> list[ModuleNode]:
     """Get all modules by project Key. Returns an empty list if project is not found."""
-    return (
+    return list(
         Module.objects.filter(project__key=project_key)
         .select_related("program", "project")
         .prefetch_related("mentors__github_user")
         .order_by("started_at")
     )

Note: This issue likely affects other GraphQL resolvers in this PR that return QuerySets. You may want to audit all files where CacheFieldExtension was added.

Also applies to: 29-37

backend/apps/github/api/internal/nodes/user.py (1)

36-51: Consider shorter cache timeout for user badges.

User badges change when users earn new achievements. A 24-hour cache means newly earned badges won't appear until the cache expires, which could negatively impact user experience.

Consider one of the following:

  1. Use a shorter cache timeout (e.g., 5-15 minutes) for better freshness
  2. Implement cache invalidation when badges are awarded
  3. Override the default timeout for this field:
-    @strawberry.field(extensions=[CacheFieldExtension()])
+    @strawberry.field(extensions=[CacheFieldExtension(cache_timeout=900)])  # 15 minutes
     def badges(self) -> list[BadgeNode]:
backend/apps/github/api/internal/queries/release.py (1)

15-68: 24-hour cache inappropriate for "recent_releases" query.

The query name "recent_releases" implies time-sensitive data, but the 24-hour default cache timeout means newly published releases won't appear for up to a day. This creates a poor user experience where "recent" data is actually stale.

Use a shorter cache timeout appropriate for time-sensitive data:

-    @strawberry.field(extensions=[CacheFieldExtension()])
+    @strawberry.field(extensions=[CacheFieldExtension(cache_timeout=1800)])  # 30 minutes
     def recent_releases(

Consider cache timeouts in the 15-60 minute range for "recent" queries to balance performance with data freshness.

backend/apps/github/api/internal/queries/issue.py (1)

15-66: 24-hour cache inappropriate for "recent_issues" query.

Caching "recent issues" for 24 hours defeats the purpose of a "recent" query—newly created issues won't appear for up to a day. This is especially problematic for active projects where issues are created frequently.

Use a much shorter cache timeout for time-sensitive queries:

-    @strawberry.field(extensions=[CacheFieldExtension()])
+    @strawberry.field(extensions=[CacheFieldExtension(cache_timeout=900)])  # 15 minutes
     def recent_issues(

Consider cache timeouts in the 5-30 minute range to ensure users see recently created issues while still benefiting from caching.

backend/apps/github/api/internal/queries/milestone.py (1)

16-81: 24-hour cache inappropriate for "recent_milestones" query.

The query returns "recent milestones" ordered by creation date, but 24-hour caching means newly created milestones won't appear for up to a day. Additionally, milestone state changes (open → closed) won't be reflected until cache expiration.

Use a shorter cache timeout for time-sensitive milestone queries:

-    @strawberry.field(extensions=[CacheFieldExtension()])
+    @strawberry.field(extensions=[CacheFieldExtension(cache_timeout=1800)])  # 30 minutes
     def recent_milestones(

Consider cache timeouts in the 15-60 minute range to balance performance with freshness for milestone data.

backend/apps/github/api/internal/queries/pull_request.py (1)

64-69: Fix potential AttributeError when project is not found.

If no project matches the filter, .first() returns None, and accessing .repositories on None will raise an AttributeError.

Apply this diff to handle the missing project case:

         if project:
-            queryset = queryset.filter(
-                repository_id__in=Project.objects.filter(key__iexact=f"www-project-{project}")
-                .first()
-                .repositories.values_list("id", flat=True)
-            )
+            project_obj = Project.objects.filter(key__iexact=f"www-project-{project}").first()
+            if project_obj:
+                queryset = queryset.filter(
+                    repository_id__in=project_obj.repositories.values_list("id", flat=True)
+                )
+            else:
+                queryset = queryset.none()
backend/apps/owasp/api/internal/queries/project.py (1)

56-67: Use shorter cache timeout for authorization checks.

This field performs an authorization check that determines project leadership status. Caching authorization data with the default timeout risks serving stale permissions, which could allow unauthorized access or incorrectly deny access when leadership changes occur.

Consider one of these approaches:

  1. Use a much shorter cache timeout for this specific field:
-    @strawberry.field(extensions=[CacheFieldExtension()])
+    @strawberry.field(extensions=[CacheFieldExtension(cache_timeout=60)])  # 1 minute instead of default
     def is_project_leader(self, info: strawberry.Info, login: str) -> bool:

  1. Implement cache invalidation when project leadership changes (e.g., via Django signals on Project model save/update).

  2. Remove caching from this field entirely if leadership changes are frequent or if serving stale authorization data poses security risks.

🧹 Nitpick comments (5)
backend/apps/mentorship/api/internal/queries/module.py (1)

19-51: Consider operational aspects of your caching strategy.

As you implement caching across GraphQL resolvers, consider these operational aspects:

  1. Cache timeout tuning: The default GRAPHQL_RESOLVER_CACHE_TIME_SECONDS applies to all cached fields. Different queries may benefit from different timeouts based on their cost and data freshness requirements. The extension accepts an optional cache_timeout parameter if you need per-field customization.

  2. Cache monitoring: Implement monitoring for cache hit rates, cache size, and eviction patterns to ensure caching is effective and not causing memory issues.

  3. Cache warming: For frequently accessed queries with expensive computations, consider implementing cache warming strategies on application startup or after data updates.

  4. Documentation: Document which queries are cached and the expected staleness tolerance for each, as this affects the user experience.

Since this PR is in draft and includes a TODO about using the cache extension in high-cost queries, these considerations will help guide your decisions about which queries to cache and with what parameters.

backend/apps/github/api/internal/nodes/pull_request.py (1)

21-24: Reconsider caching simple attribute access.

This field simply returns self.author, which is typically pre-loaded via select_related("author") in queries. Caching this adds overhead (cache lookup, serialization) with minimal benefit, and creates a separate cache entry per PullRequestNode instance (due to source ID in the cache key), potentially leading to cache bloat.

Consider removing the cache extension from this field unless profiling shows a specific performance benefit.

backend/apps/github/api/internal/nodes/milestone.py (1)

26-29: Reconsider caching simple attribute access.

This field returns self.author, likely pre-loaded via select_related. Caching adds overhead with minimal benefit and creates per-instance cache entries, potentially causing cache bloat.

Remove the cache extension unless profiling demonstrates a specific performance benefit.

backend/apps/github/api/internal/nodes/release.py (1)

24-27: Reconsider caching simple attribute access.

This field returns self.author, typically pre-loaded via select_related. The cache extension adds overhead without meaningful benefit and creates per-instance cache entries.

Remove the cache extension unless profiling shows a performance benefit.

backend/apps/github/api/internal/nodes/issue.py (1)

23-26: Reconsider caching simple attribute access.

This field returns self.author, typically pre-loaded via select_related. The cache extension adds overhead without meaningful benefit and creates per-instance cache entries.

Remove the cache extension unless profiling shows a performance benefit.

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between c23b60c and c1cd5b2.

📒 Files selected for processing (37)
  • backend/apps/github/api/internal/nodes/issue.py (2 hunks)
  • backend/apps/github/api/internal/nodes/milestone.py (2 hunks)
  • backend/apps/github/api/internal/nodes/organization.py (2 hunks)
  • backend/apps/github/api/internal/nodes/pull_request.py (2 hunks)
  • backend/apps/github/api/internal/nodes/release.py (2 hunks)
  • backend/apps/github/api/internal/nodes/repository.py (4 hunks)
  • backend/apps/github/api/internal/nodes/user.py (2 hunks)
  • backend/apps/github/api/internal/queries/issue.py (2 hunks)
  • backend/apps/github/api/internal/queries/milestone.py (2 hunks)
  • backend/apps/github/api/internal/queries/organization.py (2 hunks)
  • backend/apps/github/api/internal/queries/pull_request.py (2 hunks)
  • backend/apps/github/api/internal/queries/release.py (2 hunks)
  • backend/apps/github/api/internal/queries/repository.py (3 hunks)
  • backend/apps/github/api/internal/queries/repository_contributor.py (2 hunks)
  • backend/apps/github/api/internal/queries/user.py (3 hunks)
  • backend/apps/mentorship/api/internal/nodes/module.py (2 hunks)
  • backend/apps/mentorship/api/internal/nodes/program.py (2 hunks)
  • backend/apps/mentorship/api/internal/queries/mentorship.py (2 hunks)
  • backend/apps/mentorship/api/internal/queries/module.py (4 hunks)
  • backend/apps/mentorship/api/internal/queries/program.py (2 hunks)
  • backend/apps/owasp/api/internal/nodes/board_of_directors.py (2 hunks)
  • backend/apps/owasp/api/internal/nodes/chapter.py (2 hunks)
  • backend/apps/owasp/api/internal/nodes/common.py (3 hunks)
  • backend/apps/owasp/api/internal/nodes/member_snapshot.py (2 hunks)
  • backend/apps/owasp/api/internal/nodes/project.py (4 hunks)
  • backend/apps/owasp/api/internal/nodes/snapshot.py (2 hunks)
  • backend/apps/owasp/api/internal/queries/board_of_directors.py (3 hunks)
  • backend/apps/owasp/api/internal/queries/chapter.py (2 hunks)
  • backend/apps/owasp/api/internal/queries/committee.py (2 hunks)
  • backend/apps/owasp/api/internal/queries/event.py (2 hunks)
  • backend/apps/owasp/api/internal/queries/member_snapshot.py (3 hunks)
  • backend/apps/owasp/api/internal/queries/post.py (2 hunks)
  • backend/apps/owasp/api/internal/queries/project.py (5 hunks)
  • backend/apps/owasp/api/internal/queries/project_health_metrics.py (4 hunks)
  • backend/apps/owasp/api/internal/queries/snapshot.py (3 hunks)
  • backend/apps/owasp/api/internal/queries/sponsor.py (2 hunks)
  • backend/apps/owasp/api/internal/queries/stats.py (2 hunks)
🧰 Additional context used
🧠 Learnings (5)
📓 Common learnings 
Learnt from: rudransh-shrivastava
Repo: OWASP/Nest PR: 2178
File: frontend/src/app/snapshots/[id]/page.tsx:0-0
Timestamp: 2025-09-21T17:04:48.154Z
Learning: User rudransh-shrivastava confirmed that suggested type safety improvements during Apollo Client migration were no longer relevant, reinforcing their preference to keep migration PRs focused on core migration changes rather than additional improvements.

Learnt from: ahmedxgouda
Repo: OWASP/Nest PR: 1718
File: backend/apps/owasp/graphql/queries/project_health_metrics.py:0-0
Timestamp: 2025-07-09T08:41:58.129Z
Learning: In strawberry_django, when using strawberry_django.field decorator with filters, pagination, and ordering parameters, the framework automatically applies these to the QuerySet returned by the resolver method. Manual application using strawberry_django.filters.apply() is only needed for custom implementations, not when using the standard decorator approach.
📚 Learning: 2025-07-11T15:57:56.648Z 
Learnt from: Rajgupta36
Repo: OWASP/Nest PR: 1717
File: backend/apps/mentorship/graphql/queries/module.py:39-50
Timestamp: 2025-07-11T15:57:56.648Z
Learning: In the OWASP Nest mentorship GraphQL queries, Strawberry GraphQL automatically converts between Django Module instances and ModuleNode types, so methods can return Module instances directly without manual conversion even when typed as ModuleNode.

Applied to files:

  • backend/apps/owasp/api/internal/nodes/member_snapshot.py
  • backend/apps/mentorship/api/internal/nodes/module.py
  • backend/apps/owasp/api/internal/queries/chapter.py
  • backend/apps/owasp/api/internal/nodes/snapshot.py
  • backend/apps/owasp/api/internal/nodes/chapter.py
  • backend/apps/mentorship/api/internal/queries/module.py
📚 Learning: 2025-08-31T13:47:15.861Z 
Learnt from: rudransh-shrivastava
Repo: OWASP/Nest PR: 2155
File: frontend/src/server/queries/programsQueries.ts:81-81
Timestamp: 2025-08-31T13:47:15.861Z
Learning: In frontend/src/server/queries/programsQueries.ts, GET_PROGRAM_DETAILS is actively used in frontend/src/app/my/mentorship/programs/[programKey]/edit/page.tsx for program editing functionality and cannot be removed. It serves a different purpose than GET_PROGRAM_ADMIN_DETAILS, providing comprehensive program information needed for editing.

Applied to files:

  • backend/apps/mentorship/api/internal/queries/program.py
📚 Learning: 2025-07-13T05:55:46.436Z 
Learnt from: Rajgupta36
Repo: OWASP/Nest PR: 1717
File: backend/apps/mentorship/graphql/mutations/program.py:166-166
Timestamp: 2025-07-13T05:55:46.436Z
Learning: In the OWASP Nest mentorship GraphQL mutations, Strawberry GraphQL automatically converts between Django Program instances and ProgramNode types, so mutations can return Program instances directly without manual conversion even when typed as ProgramNode, similar to the Module/ModuleNode pattern.

Applied to files:

  • backend/apps/mentorship/api/internal/queries/program.py
📚 Learning: 2025-07-09T08:41:58.129Z 
Learnt from: ahmedxgouda
Repo: OWASP/Nest PR: 1718
File: backend/apps/owasp/graphql/queries/project_health_metrics.py:0-0
Timestamp: 2025-07-09T08:41:58.129Z
Learning: In strawberry_django, when using strawberry_django.field decorator with filters, pagination, and ordering parameters, the framework automatically applies these to the QuerySet returned by the resolver method. Manual application using strawberry_django.filters.apply() is only needed for custom implementations, not when using the standard decorator approach.

Applied to files:

  • backend/apps/owasp/api/internal/queries/project_health_metrics.py
🧬 Code graph analysis (37)
backend/apps/owasp/api/internal/nodes/common.py (1)
backend/apps/common/extensions.py (1)
  • CacheFieldExtension (13-64)
backend/apps/github/api/internal/queries/release.py (1)
backend/apps/common/extensions.py (1)
  • CacheFieldExtension (13-64)
backend/apps/mentorship/api/internal/queries/mentorship.py (1)
backend/apps/common/extensions.py (1)
  • CacheFieldExtension (13-64)
backend/apps/owasp/api/internal/nodes/member_snapshot.py (1)
backend/apps/common/extensions.py (1)
  • CacheFieldExtension (13-64)
backend/apps/github/api/internal/queries/pull_request.py (1)
backend/apps/common/extensions.py (1)
  • CacheFieldExtension (13-64)
backend/apps/mentorship/api/internal/nodes/program.py (1)
backend/apps/common/extensions.py (1)
  • CacheFieldExtension (13-64)
backend/apps/github/api/internal/nodes/release.py (1)
backend/apps/common/extensions.py (1)
  • CacheFieldExtension (13-64)
backend/apps/owasp/api/internal/queries/post.py (1)
backend/apps/common/extensions.py (1)
  • CacheFieldExtension (13-64)
backend/apps/github/api/internal/queries/issue.py (1)
backend/apps/common/extensions.py (1)
  • CacheFieldExtension (13-64)
backend/apps/github/api/internal/nodes/organization.py (1)
backend/apps/common/extensions.py (1)
  • CacheFieldExtension (13-64)
backend/apps/github/api/internal/nodes/pull_request.py (1)
backend/apps/common/extensions.py (1)
  • CacheFieldExtension (13-64)
backend/apps/mentorship/api/internal/queries/program.py (1)
backend/apps/common/extensions.py (1)
  • CacheFieldExtension (13-64)
backend/apps/owasp/api/internal/queries/sponsor.py (1)
backend/apps/common/extensions.py (1)
  • CacheFieldExtension (13-64)
backend/apps/owasp/api/internal/queries/board_of_directors.py (1)
backend/apps/common/extensions.py (1)
  • CacheFieldExtension (13-64)
backend/apps/owasp/api/internal/queries/committee.py (1)
backend/apps/common/extensions.py (1)
  • CacheFieldExtension (13-64)
backend/apps/owasp/api/internal/queries/project_health_metrics.py (1)
backend/apps/common/extensions.py (1)
  • CacheFieldExtension (13-64)
backend/apps/github/api/internal/queries/user.py (1)
backend/apps/common/extensions.py (1)
  • CacheFieldExtension (13-64)
backend/apps/owasp/api/internal/nodes/board_of_directors.py (2)
backend/apps/common/extensions.py (1)
  • CacheFieldExtension (13-64)
backend/apps/owasp/models/board_of_directors.py (1)
  • get_candidates (41-49)
backend/apps/github/api/internal/queries/repository.py (1)
backend/apps/common/extensions.py (1)
  • CacheFieldExtension (13-64)
backend/apps/owasp/api/internal/queries/member_snapshot.py (1)
backend/apps/common/extensions.py (1)
  • CacheFieldExtension (13-64)
backend/apps/github/api/internal/queries/repository_contributor.py (1)
backend/apps/common/extensions.py (1)
  • CacheFieldExtension (13-64)
backend/apps/mentorship/api/internal/nodes/module.py (1)
backend/apps/common/extensions.py (1)
  • CacheFieldExtension (13-64)
backend/apps/owasp/api/internal/queries/stats.py (1)
backend/apps/common/extensions.py (1)
  • CacheFieldExtension (13-64)
backend/apps/owasp/api/internal/queries/chapter.py (2)
backend/apps/common/extensions.py (1)
  • CacheFieldExtension (13-64)
backend/apps/owasp/api/internal/nodes/chapter.py (2)
  • key (50-52)
  • ChapterNode (32-57)
backend/apps/github/api/internal/nodes/user.py (1)
backend/apps/common/extensions.py (1)
  • CacheFieldExtension (13-64)
backend/apps/owasp/api/internal/nodes/snapshot.py (2)
backend/apps/common/extensions.py (1)
  • CacheFieldExtension (13-64)
backend/apps/owasp/api/internal/nodes/project.py (1)
  • ProjectNode (40-113)
backend/apps/github/api/internal/nodes/issue.py (1)
backend/apps/common/extensions.py (1)
  • CacheFieldExtension (13-64)
backend/apps/github/api/internal/nodes/repository.py (3)
backend/apps/common/extensions.py (1)
  • CacheFieldExtension (13-64)
backend/apps/github/api/internal/nodes/milestone.py (1)
  • MilestoneNode (23-51)
backend/apps/github/api/internal/nodes/release.py (1)
  • ReleaseNode (21-55)
backend/apps/owasp/api/internal/queries/event.py (1)
backend/apps/common/extensions.py (1)
  • CacheFieldExtension (13-64)
backend/apps/github/api/internal/queries/milestone.py (1)
backend/apps/common/extensions.py (1)
  • CacheFieldExtension (13-64)
backend/apps/owasp/api/internal/queries/project.py (1)
backend/apps/common/extensions.py (1)
  • CacheFieldExtension (13-64)
backend/apps/owasp/api/internal/nodes/chapter.py (1)
backend/apps/common/extensions.py (1)
  • CacheFieldExtension (13-64)
backend/apps/owasp/api/internal/nodes/project.py (6)
backend/apps/common/extensions.py (1)
  • CacheFieldExtension (13-64)
backend/apps/github/api/internal/nodes/issue.py (1)
  • IssueNode (20-40)
backend/apps/github/api/internal/nodes/milestone.py (1)
  • MilestoneNode (23-51)
backend/apps/github/api/internal/nodes/pull_request.py (1)
  • PullRequestNode (18-43)
backend/apps/owasp/models/project.py (1)
  • pull_requests (226-232)
backend/apps/github/api/internal/nodes/release.py (1)
  • ReleaseNode (21-55)
backend/apps/github/api/internal/queries/organization.py (1)
backend/apps/common/extensions.py (1)
  • CacheFieldExtension (13-64)
backend/apps/mentorship/api/internal/queries/module.py (1)
backend/apps/common/extensions.py (1)
  • CacheFieldExtension (13-64)
backend/apps/owasp/api/internal/queries/snapshot.py (1)
backend/apps/common/extensions.py (1)
  • CacheFieldExtension (13-64)
backend/apps/github/api/internal/nodes/milestone.py (1)
backend/apps/common/extensions.py (1)
  • CacheFieldExtension (13-64)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (4)
  • GitHub Check: Run frontend e2e tests
  • GitHub Check: Run backend tests
  • GitHub Check: Run frontend unit tests
  • GitHub Check: CodeQL (javascript-typescript)
🔇 Additional comments (39)
backend/apps/mentorship/api/internal/queries/module.py (2)

8-8: LGTM: Import added correctly.

The import of CacheFieldExtension is necessary for the caching functionality applied to the query methods below.

39-51: Verify cache staleness implications for single object caching.

Unlike the list methods, get_module returns a single Module instance (via .get()), which can be pickled and cached successfully. However, this cached instance can become stale when the underlying Module data is updated in the database.

Ensure that:

  1. The cache timeout (GRAPHQL_RESOLVER_CACHE_TIME_SECONDS) is appropriately tuned for your data freshness requirements.
  2. You have a cache invalidation strategy in place for when Module objects are created, updated, or deleted.
  3. Related objects loaded via select_related and prefetch_related are also considered in your staleness tolerance.

Consider implementing cache invalidation signals or using a shorter timeout for frequently updated data:

# Example cache invalidation signal (to be added in models.py or signals.py)
from django.db.models.signals import post_save, post_delete
from django.core.cache import cache

@receiver([post_save, post_delete], sender=Module)
def invalidate_module_cache(sender, instance, **kwargs):
    # Invalidate relevant cache keys
    cache.delete_pattern(f"{settings.GRAPHQL_RESOLVER_CACHE_PREFIX}:*get_module*{instance.key}*")
backend/apps/owasp/api/internal/queries/event.py (1)

5-5: LGTM! Caching addition is appropriate.

The caching extension is correctly applied to the upcoming_events query field. The cache key will include the limit parameter, ensuring proper cache segmentation.

Also applies to: 14-17

backend/apps/owasp/api/internal/queries/chapter.py (1)

5-5: LGTM! Caching is well-suited for these query fields.

Both chapter and recent_chapters fields are appropriately cached with keys that include their respective parameters (key and limit).

Also applies to: 14-25

backend/apps/owasp/api/internal/queries/stats.py (1)

5-5: LGTM! Excellent caching candidate for expensive aggregations.

The stats_overview field performs multiple database queries and aggregations, making it an ideal candidate for caching. Since it returns global statistics with no parameters, all users will share the same cached result.

Also applies to: 18-44

backend/apps/mentorship/api/internal/queries/mentorship.py (1)

5-5: LGTM! Appropriate caching for lookup-intensive query.

The is_mentor field performs database lookups and is parameterized by login, making it a good candidate for caching. The cache key will properly differentiate between different login values.

Also applies to: 21-34

backend/apps/owasp/api/internal/queries/post.py (1)

5-5: LGTM! Standard caching pattern for recent items.

The caching extension is correctly applied with the limit parameter included in the cache key.

Also applies to: 14-17

backend/apps/owasp/api/internal/queries/snapshot.py (1)

5-5: LGTM! Appropriate caching for snapshot queries.

Both snapshot and snapshots fields are suitable for caching, with their respective parameters (key and limit) properly included in cache key generation.

Also applies to: 14-32

backend/apps/mentorship/api/internal/queries/program.py (1)

9-9: LGTM! Caching correctly applied to public query only.

The get_program field is appropriately cached with the program_key parameter. Note that my_programs is correctly NOT cached since it's user-specific with IsAuthenticated permission.

Also applies to: 23-33

backend/apps/owasp/api/internal/nodes/board_of_directors.py (1)

6-6: Caching applied consistently to member resolution fields.

The CacheFieldExtension is properly applied to both candidates and members fields, which should reduce database load for board directory queries.

However, consider that board member and candidate data cached for 24 hours may become stale if entity member status changes (e.g., a candidate is added/removed, review status changes). Verify whether this cache duration aligns with your data freshness requirements, or consider implementing cache invalidation signals on the EntityMember model to clear related cache entries when changes occur.

Also applies to: 22-30

backend/apps/owasp/api/internal/nodes/chapter.py (1)

40-47: LGTM! Appropriate caching for computed geographic data.

Caching the geo_location field makes sense since it's a computed value from latitude/longitude, which are relatively stable for chapters. The selective application (not caching simple indexed fields) demonstrates good judgment about what benefits from caching.

backend/apps/mentorship/api/internal/nodes/program.py (1)

32-35: Caching applied to program admins field.

The caching extension is properly applied to reduce database queries for program administrators.

Consider whether the 24-hour cache duration is appropriate if program admins change frequently. If admin roster changes need to be visible immediately, you may want to implement cache invalidation when program admin relationships are modified.

backend/apps/owasp/api/internal/nodes/common.py (1)

14-17: LGTM! Base class caching benefits all entity types.

Applying caching to entity_leaders and top_contributors in the GenericEntityNode base class is an efficient approach that benefits all entity types (chapters, projects, committees, etc.) without code duplication.

Also applies to: 29-32

backend/apps/owasp/api/internal/queries/board_of_directors.py (1)

14-28: LGTM! Query-level caching properly parameterized.

Both query methods correctly apply caching with proper argument handling—the cache keys will differentiate between different years and limit values, preventing incorrect cache hits.

Also applies to: 30-41

backend/apps/owasp/api/internal/queries/sponsor.py (1)

14-27: LGTM! Caching benefits the in-memory sorting.

Caching the sponsors query is beneficial since it includes in-memory sorting logic that would otherwise execute on every request.

Note that since this query has no parameters, all users/requests share the same cache entry. Changes to sponsor data (additions, type changes) won't be visible until the cache expires (24 hours by default). Verify this latency is acceptable, or consider implementing cache invalidation when sponsor records are modified.

backend/apps/owasp/api/internal/queries/committee.py (1)

14-29: LGTM! Caching applied with proper parameter handling.

The committee query correctly applies caching, and the cache key will include the committee key parameter to prevent cache collisions between different committees.

backend/apps/owasp/api/internal/queries/project_health_metrics.py (1)

19-44: LGTM! Caching appropriately applied to health metrics queries.

The three health metrics fields are good candidates for caching since they likely involve aggregations and complex queries. The cache keys will properly differentiate between different filter/pagination/ordering combinations, preventing incorrect cache hits.

Note: The manual application of filters in project_health_metrics_distinct_length (line 79) is appropriate for this use case where you need the count after filtering but outside the standard decorator flow. Based on learnings.

Also applies to: 46-57, 59-81

backend/apps/owasp/api/internal/nodes/snapshot.py (1)

35-58: Caching appears appropriate for snapshot fields, but verify data immutability.

The cache extension is applied to five relationship fields that return collections of related entities. Since snapshots typically represent immutable point-in-time data, 24-hour caching should be safe.

Please confirm that:

  1. Snapshot entities and their related data (new_chapters, new_issues, etc.) don't change after the snapshot is created
  2. The relationships themselves remain stable over the snapshot's lifetime

If snapshot data can be modified or relationships can change post-creation, consider a shorter cache timeout or implement cache invalidation on updates.

backend/apps/github/api/internal/queries/repository.py (2)

38-63: Consider shorter cache timeout for repository lists.

The repositories() query returns a list ordered by stars, which can change as repositories gain or lose stars. With 24-hour caching, the ordering and star counts will be stale.

Verify whether 24-hour staleness is acceptable for repository listings, particularly since they're ordered by a frequently-changing metric (stars_count).

14-36: Consider implementing cache invalidation for repository metadata updates.

Repository data (stars, forks, pushed_at, etc.) can change frequently. The current 24-hour cache timeout for the repository() query means stale metadata will persist until expiration, potentially impacting active repositories.

This is particularly important since repositories are synced via management commands (e.g., sync_repository()) that could trigger frequent updates without corresponding cache clears.

Recommendations:

  • Implement cache invalidation via Django signals when Repository objects are updated (e.g., post_save)
  • Consider shorter cache timeouts (1-6 hours) to balance freshness and performance
  • Or configure webhook handlers to clear the GraphQL cache when repository data changes upstream
backend/apps/github/api/internal/queries/organization.py (1)

14-32: Caching appears reasonable for organization queries.

Organization metadata is relatively stable (name, avatar, description), making 24-hour caching more appropriate than for "recent" queries. The cache key includes the login parameter, ensuring different organizations have separate cache entries.

Verify that 24-hour staleness is acceptable for organization metadata updates (e.g., avatar changes, description updates). If organizations frequently update their profiles, consider a shorter timeout (e.g., 6-12 hours).

backend/apps/owasp/api/internal/nodes/member_snapshot.py (1)

32-35: Caching appears appropriate for snapshot's github_user field.

Since MemberSnapshot appears to represent point-in-time data, caching the related github_user field is reasonable. The cache key includes the snapshot ID, so each snapshot has its own cache entry.

Please confirm that MemberSnapshot entities are immutable and that the github_user relationship doesn't change after snapshot creation. If snapshots can be modified, consider a shorter cache timeout.

backend/apps/github/api/internal/queries/pull_request.py (1)

16-90: Confirm cache invalidation strategy for pull request data.

Caching this query is appropriate given the complex filtering logic. However, ensure that cache entries are invalidated when pull requests are created, updated, or deleted to prevent serving stale data.

How will cache invalidation be handled when pull request data changes? Consider using Django signals or explicit cache invalidation in model save/delete methods.

backend/apps/github/api/internal/queries/user.py (1)

16-38: Confirm cache invalidation strategy for user-related queries.

Caching these user-related queries is appropriate. However, ensure cache entries are invalidated when:

  • User data changes (profile updates, name changes, etc.)
  • Repository contributions are updated

How will you handle cache invalidation when user or contribution data changes?

Also applies to: 40-54

backend/apps/github/api/internal/nodes/organization.py (1)

43-72: Good use of caching for expensive aggregation.

This field performs multiple database queries and aggregations, making it an excellent candidate for caching. Each organization will have its own cache entry, which is appropriate for this use case.

Ensure cache invalidation when repository stats change (stars, forks, issues, contributors). Consider invalidating on repository updates or using a periodic cache refresh.

backend/apps/github/api/internal/queries/repository_contributor.py (1)

14-65: Confirm cache invalidation for contributor rankings.

Caching this complex query with multiple filter parameters is appropriate for performance. However, ensure the cache is invalidated when contribution data changes to keep rankings current.

How will cache invalidation be handled when repository contributions are updated?

backend/apps/owasp/api/internal/queries/project.py (4)

6-6: LGTM: Import added for caching extension.

The import is correctly placed and necessary for the field-level caching functionality.

16-30: Verify cache invalidation strategy for project data.

Caching the project lookup is reasonable for performance. However, ensure that cached project data is invalidated when the underlying Project model is updated (e.g., name changes, is_active status changes).

Consider implementing Django signals or cache invalidation in the Project model's save/delete methods to clear related cache entries when data changes.

32-43: Verify cache invalidation for dynamic project lists.

Caching recent projects improves performance but may serve stale data when new projects are created or existing projects' is_active status changes. Ensure the cache invalidation strategy handles these scenarios.

45-54: Verify acceptable staleness for search results.

Caching search results is beneficial for frequently searched terms. However, newly created projects or status changes won't be reflected until the cache expires. Verify that the configured cache timeout provides an acceptable balance between performance and data freshness for search functionality.

backend/apps/owasp/api/internal/queries/member_snapshot.py (3)

5-5: LGTM: Import added for caching extension.

15-40: LGTM: Appropriate caching for snapshot queries.

Member snapshots are historical data that change infrequently, making them excellent candidates for caching. The cache key will properly distinguish between different user_login and start_year parameter combinations.

42-65: LGTM: Snapshot list caching is appropriate.

The historical nature of member snapshot data makes caching beneficial for performance without significant staleness concerns.

backend/apps/github/api/internal/nodes/repository.py (2)

8-8: LGTM: Import added for caching extension.

45-92: Verify cache invalidation when repository data is synchronized.

The cached fields (issues, organization, project, recent_milestones, releases, top_contributors) will serve stale data after GitHub data synchronization updates the repository. Ensure your data sync process invalidates or refreshes these cached entries.

The cache key generation properly includes the source repository ID, ensuring separate cache entries for different repositories. However, consider implementing cache invalidation hooks in your GitHub data sync workflow to clear cached entries for updated repositories.

backend/apps/owasp/api/internal/nodes/project.py (4)

6-6: LGTM: Import added for caching extension.

43-61: Verify cache invalidation for health metrics updates.

The health metrics fields query time-series data that grows when new metrics are calculated. Cached results, especially for health_metrics_latest, must be invalidated when new ProjectHealthMetrics records are created to ensure users see the most recent data.

Implement cache invalidation when new ProjectHealthMetrics records are created, either via Django signals or within your metrics calculation workflow.

78-98: Verify cache invalidation for recent GitHub activity.

The recent activity fields (recent_issues, recent_milestones, recent_pull_requests, recent_releases) will serve stale data after GitHub synchronization. Ensure your sync process invalidates these cached entries for affected projects.

100-103: Verify cache invalidation when project repositories change.

The repositories list should be invalidated when repositories are added, removed, or have their metadata updated (especially pushed_at and updated_at timestamps that affect ordering).

@rudransh-shrivastava rudransh-shrivastava marked this pull request as ready for review November 2, 2025 18:34
@sonarqubecloud
Copy link

sonarqubecloud bot commented Nov 3, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

@arkid15r arkid15r Awaiting requested review from arkid15r arkid15r is a code owner

@kasya kasya Awaiting requested review from kasya kasya is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

backend backend-tests

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Implement caching for GraphQL resolvers

1 participant

@rudransh-shrivastava