perf(models): add partial index for deactivated account lookups#39937
Open
himanshu2006 wants to merge 1 commit intoRocketChat:developfrom
Open
perf(models): add partial index for deactivated account lookups#39937himanshu2006 wants to merge 1 commit intoRocketChat:developfrom
himanshu2006 wants to merge 1 commit intoRocketChat:developfrom
Conversation
Contributor
|
Looks like this PR is not ready to merge, because of the following issues:
Please fix the issues and try again If you have any trouble, please check the PR guidelines |
🦋 Changeset detectedLatest commit: fb3c175 The changes in this PR will be included in the next version bump. This PR includes changesets to release 41 packages
Not sure what this means? Click here to learn what changesets are. Click here if you're a maintainer who wants to add another changeset to this PR |
Contributor
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (1)
✅ Files skipped from review due to trivial changes (1)
WalkthroughAdded a changeset for a patch release of Changes
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~20 minutes Suggested labels
🚥 Pre-merge checks | ✅ 3✅ Passed checks (3 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![cubic-dev-ai[bot]](https://avatars.githubusercontent.com/in/1082092?s=60&v=4){kind=small}
Implemented a partial compound index on { active: 1, lastLogin: 1 } for accounts where active is false. This ensures O(1) time complexity for security telemetry detection logic, preventing collection scans during brute-force attempts on deactivated accounts.
himanshu2006
force-pushed
the
perf/users-deactivated-index
branch
from
73f7e3b to
fb3c175
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Proposed changes:
This PR implements a partial compound index on the Users collection to optimize lookups for deactivated accounts.While an existing index on { active: 1, lastLogin: 1 } exists, it utilizes a partialFilterExpression that explicitly targets only active users (active: true). This creates a performance "blind spot" for security telemetry and auditing tools—such as the one proposed in my GSoC 2026 project—that must monitor failed login attempts on deactivated accounts (active: false) .
Technical Highlights:
O(1) Efficiency: Ensures that state-checks for deactivated accounts remain a constant-time operation rather than falling back to a collection scan .
Zero-Performance-Impact: Protects the authentication "hot path" from CPU spikes during high-volume brute-force attacks targeting dormant enterprise accounts.
Enterprise Scaling: Directly supports high-performance data aggregation for the upcoming security reporting engine .
Issue(s)N/A — GSoC 2026 Preparatory Work / Proactive Performance Audit .
Relates to:
PR #39798 (Foundational Telemetry Layer) .
Steps to test or reproduce
Verify Index Creation:
After starting the server, access the MongoDB shell and run:
db.users.getIndexes()
Confirm that the new index on { active: 1, lastLogin: 1 } with partialFilterExpression: { active: false } is present.
Performance Validation:
In a workspace with a large user base (e.g., 10k+ users), perform an explain() on a query targeting a deactivated user:db.users.find({ active: false, lastLogin: { $exists: true } }).explain("executionStats")
Verify that the winning
Plan utilizes the new IXSCAN rather than a COLLSCAN.
Further comments:
This optimization follows a "Safety First" engineering rhythm by identifying and resolving a potential database bottleneck before the core GSoC coding period begins. It ensures that the security hardening features proposed do not compromise the existing performance standards of the Rocket.Chat core
Summary by CodeRabbit
Performance
Bug Fixes
Chores