Fix N+1 SQL query by creating a user validator to call current_user a single time.

[petecheslock]

Currently in the base_controller if the doorkeeper_token is not set then the require_user function will call current_user multiple times unnecessarily.

mastodon/app/controllers/api/base_controller.rb

Lines 111 to 141 in 623d3d2

	def current_resource_owner
	@current_user ||= User.find(doorkeeper_token.resource_owner_id) if doorkeeper_token
	end
	def current_user
	current_resource_owner || super
	rescue ActiveRecord::RecordNotFound
	nil
	end
	def require_authenticated_user!
	render json: { error: 'This method requires an authenticated user' }, status: 401 unless current_user
	end
	def require_not_suspended!
	render json: { error: 'Your login is currently disabled' }, status: 403 if current_user&.account&.suspended?
	end
	def require_user!
	if !current_user
	render json: { error: 'This method requires an authenticated user' }, status: 422
	elsif !current_user.confirmed?
	render json: { error: 'Your login is missing a confirmed e-mail address' }, status: 403
	elsif !current_user.approved?
	render json: { error: 'Your login is currently pending approval' }, status: 403
	elsif !current_user.functional?
	render json: { error: 'Your login is currently disabled' }, status: 403
	else
	update_user_sign_in
	end
	end

To fix this we'll create a function to validate the user so that we can pass current_user to it a single time.

Here is a link to an AppMap showing the function calling this SQL query.

[ClearlyClaire]

It seems to me we'd better change Api::BaseController#current_user and/or Api::BaseController#current_resource_owner to avoid that behavior.

[mjankowski]

Closing in favor of relying on the existing memoization in those methods.

If I'm missing something, can you re-open with a sql query trace during this request to show multiple queries? (or otherwise describe how to replicate) ... I think rails should be caching this query at the AR level, and the controller method should be returning a memoized i-var.