Added a column disallow list in the content API posts serializer #20207
Conversation
ref https://linear.app/tryghost/issue/CFR-29 - Removed the mobiledoc and lexical columns from the posts input serializer, meaning they will no longer be queried for. Get helpers are essentially a gateway to the Content API. We already strip out the mobiledoc and lexical fields in the output serializer/returned response, but this means we're passing the mobiledoc and lexical fields back from the db. This is pointless and these fields are substantial in size - by far the largest fields in the whole ghost db - leading to slowed performance. I've updated the input serializer to strip out the lexical and mobiledoc columns so we stop doing a `select *` with every query.
|
I'm not sure of a better way to grab the column list. Knex appears to have something we may be able to use here. |
IMO this is the best way - the schema file is a cheap way to lookup our DB state |
ghost/core/core/server/api/endpoints/utils/serializers/input/posts.js
Outdated
Show resolved
Hide resolved
| frame.options.columns = frame.options.columns.filter((column) => { | ||
| return !['mobiledoc', 'lexical'].includes(column); | ||
| }); | ||
| } else if (frame.options.selectRaw) { |
There was a problem hiding this comment.
I don't feel strongly about this but I wonder if we should strip these columns out if they're explicitly being asked for in selectRaw. I don't think we do this anywhere currently, so this is more of a maintenance concern than anything, but if we have some future use-case where we need to parse the lexical to generate some calculated field, I could see this causing me an hour or two of confusion when I can't get these fields returned no matter what I do.
Not a blocker at all, just a thought
There was a problem hiding this comment.
I think it would be worth running in to something like this and recognizing the performance concern of doing so. I'm split 50-50 on it and considered this earlier, just going to go with it as-is for now. I think/hope we should be moving to some sort of pattern to accomplish this for all of our queries - especially with the content API - and we can revisit implementation.
ref https://linear.app/tryghost/issue/CFR-29
Get helpers are essentially a gateway to the Content API. We already strip out the mobiledoc and lexical fields in the output serializer/returned response, but this means we're passing the mobiledoc and lexical fields back from the db. This is pointless and these fields are substantial in size - by far the largest fields in the whole ghost db - leading to slowed performance.
I've updated the input serializer to strip out the lexical and mobiledoc columns so we stop doing a
select *with every query.