Cover image loading performance analysis

[mikiher]

I'm starting this to describe my experiments and analysis of cover image loading.

Background

I noticed for some time that cold rendering (i.e. without browser caching) of pages containing many cover images (e.g. Homepage, Library, and especially the Series page) takes a long time, especially when the server is accessed through https. So I wanted to investigate a bit more.

There was also a lengthy discussion around this on #dev-chat around this on Oct 14, where a number of interesting ideas were raised.
But I felt like we first needed to get a clear sense of where the issues lay.

Initial observations

Setup:

• I went to my Audiobookshelf Homepage (through https and reverse proxy to the local machine, running v2.16.1 on Windows)
• I opened the Network tab in Chrome DevTools, set Disable cache, and cleared the list.
• I then clicked on Audiobookshelf's Library page

Result:

Observations:

• The data API calls and the book_placeholder images take (on average) less than the cover images to complete
  • Cover images take more to complete even though they are smaller in size.
  • API calls and book_placeholder wait less for server response, vs. the cover images which spend most of time waiting for server reposnse.
  • All cover images are queued and started within a short period of roughly 45 ms (i.e. they are requested tightly together)
• Another observation is that while my visible browser screen showed only 20 books (4 rows with 5 books each), we were bringing 30 covers.
  • I leave this for a different investigation - this is likely due to some client side logic that needs to be optimized

So, the main conclusion from this was that there's certainly something on the server side that delays the cover image requests.

Server experiments

So the first thing I wanted to understand was where do cover image requests spend most of the their time.
For that, I first revived some code I wrote a while ago to debug some other issue:

measureRequestServingTime() is an Express middleware that measures the total time, average total time, and pending requests for requests matching some pattern (e.g. /cover). It is used by inserting it as the first middleware.

measureMiddlewareTime() is a wrapper that you can wrap around another a specific middleware to measure the time, average time, and pending requests for requests that pass within that middleware. The wrapper is a middleware itself, so if you have a call like this in the code:

app.use(someMiddleware)

You can replace it with:

app.use(measureMiddlewareTime(someMiddleware, 'someMiddleware'))

to enable time measurements.

BufferedLogger is a special logger that doesn't immediately print to the console or writes to file. I use it instead of the standard Logger to make sure that logging itself (which in the case of Logger might take a few milliseconds) doesn't significantly impact the measurement. The BufferedLogger keeps the logged messages in an array, and can be flushed on command.

const { performance } = require('perf_hooks')
const Logger = require('../BufferedLogger')

function measureRequestServingTime(pathPattern) {
  let totalTime = 0
  let count = 0
  let liveRequests = 0

  return (req, res, next) => {
    if (pathPattern && !req.path.match(pathPattern)) {
      return next() // Skip if path does not match
    }

    liveRequests += 1
    const start = performance.now()

    res.on('finish', () => {
      const end = performance.now()
      const timeInMs = end - start
      totalTime += timeInMs
      count += 1
      const averageTime = totalTime / count
      liveRequests -= 1

      Logger.log(`[ServingTime] [${req.path}] ${timeInMs.toFixed(3)}. avg: ${averageTime.toFixed(3)}. count: ${count}. live: ${liveRequests}`)
    })

    next()
  }
}

function measureMiddlewareTime(middleware, name) {
  let totalTime = 0
  let count = 0
  let liveRequests = 0

  return async (req, res, next) => {
    liveRequests += 1
    const start = performance.now()
    await middleware(req, res, () => {
      const end = performance.now()
      const timeInMs = end - start
      totalTime += timeInMs
      count += 1
      const averageTime = totalTime / count
      liveRequests -= 1

      Logger.log(`[${name}] [${req.path}] ${timeInMs.toFixed(3)}. avg: ${averageTime.toFixed(3)}. count: ${count}. live: ${liveRequests}`)

      next()
    })
  }
}

I started by adding app.use(measureRequestServingTime(/\/cover/)) as the first middleware, and made sure the times I've seen in the devtools roughly matched the time measured on the server.

Then I started going through the registered middlewares one-by-one. For each middleware I:

• wrapped it with measureMiddlewareTime
• ran the Library page load test.
• flushed the log, and checked it.
• removed the wrapper.

I found the first choke-point at app.use(passport.session()). It looked like many requests were spending most of their time here.

After some reading about what passport.session does, I found that likely the heaviest thing it does is run deserializeUser (a user-provided function that reads the user data from storage given a user info record extracted from the session cookie), in order to put its result in req.user.

in our case, deserializeUser (in Auth.js) looks like this:

    passport.deserializeUser(
      function (user, cb) {
        process.nextTick(
          async function () {
            const parsedUserInfo = JSON.parse(user)
            // load the user by ID that is stored in the session
            const dbUser = await Database.userModel.getUserById(parsedUserInfo.id)
            return cb(null, dbUser)
          }.bind(this)
        )
      }.bind(this)
    )

I instrumented it to measure time and pending requests, like this:

    let liveRequests = 0
    passport.deserializeUser(
      function (req, user, cb) {
        process.nextTick(
          async function () {
            liveRequests += 1
            BufferedLogger.log(`[${req.path}] start. pending: ${liveRequests}`)
            const start = performance.now()
            const parsedUserInfo = JSON.parse(user)
            // load the user by ID that is stored in the session
            const dbUser = await Database.userModel.getUserById(parsedUserInfo.id)
            const end = performance.now()
            const timeInMs = end - start
            liveRequests -= 1
            BufferedLogger.log(`[${req.path}] end. pending: ${liveRequests}. time: ${timeInMs.toFixed(3)}`)
            return cb(null, dbUser)
          }.bind(this)
        )
      }.bind(this)
    )
    passport.passReqToCallback = true

These are the log messages from the buffered logger:

[2024-10-30 22:02:47.527] BUFFERED: [/api/libraries/b3bf8580-edba-4d7d-90eb-3b54206d16c3] start. pending: 1
[2024-10-30 22:02:47.542] BUFFERED: [/api/libraries/b3bf8580-edba-4d7d-90eb-3b54206d16c3] end. pending: 0. time: 14.174
[2024-10-30 22:02:47.661] BUFFERED: [/book_placeholder.jpg] start. pending: 1
[2024-10-30 22:02:47.678] BUFFERED: [/book_placeholder.jpg] end. pending: 0. time: 16.425
[2024-10-30 22:02:47.682] BUFFERED: [/api/libraries/b3bf8580-edba-4d7d-90eb-3b54206d16c3/items] start. pending: 1
[2024-10-30 22:02:47.696] BUFFERED: [/api/libraries/b3bf8580-edba-4d7d-90eb-3b54206d16c3/items] end. pending: 0. time: 13.983
[2024-10-30 22:02:47.802] BUFFERED: [/book_placeholder.jpg] start. pending: 1
[2024-10-30 22:02:47.818] BUFFERED: [/book_placeholder.jpg] end. pending: 0. time: 15.720
[2024-10-30 22:02:47.840] BUFFERED: [/api/items/6d3437e9-3ba2-41fb-ab49-69edf9b1b415/cover] start. pending: 1
[2024-10-30 22:02:47.841] BUFFERED: [/api/items/1bae1fea-5d73-48b2-88d3-758d5e69e4df/cover] start. pending: 2
[2024-10-30 22:02:47.842] BUFFERED: [/api/items/c9379c09-dfcd-473e-b4ab-fb370f652144/cover] start. pending: 3
[2024-10-30 22:02:47.843] BUFFERED: [/api/items/9451eab7-307d-43dc-951f-19a7996683b9/cover] start. pending: 4
[2024-10-30 22:02:47.844] BUFFERED: [/api/items/db7d6d9b-2bc6-40c7-860f-f5f6123c10be/cover] start. pending: 5
[2024-10-30 22:02:47.845] BUFFERED: [/api/items/04d73e0f-c9fe-4a07-b2e6-575cd144f1c3/cover] start. pending: 6
[2024-10-30 22:02:47.845] BUFFERED: [/api/items/53e8b44e-b22e-4e6b-b136-43d07fd2f54d/cover] start. pending: 7
[2024-10-30 22:02:47.846] BUFFERED: [/api/items/2efc636a-b54f-4254-84d8-bb1c728e83c5/cover] start. pending: 8
[2024-10-30 22:02:47.848] BUFFERED: [/api/items/c6ca32fc-23a7-4874-9b9b-ec0c2fc686af/cover] start. pending: 9
[2024-10-30 22:02:47.849] BUFFERED: [/api/items/b6fe713c-e0dd-4207-b664-8ea5ef307679/cover] start. pending: 10
[2024-10-30 22:02:47.849] BUFFERED: [/api/items/cd9c369a-7961-4169-bd74-ebd5620452f5/cover] start. pending: 11
[2024-10-30 22:02:47.852] BUFFERED: [/api/items/335c5dcb-c26f-4ab8-bf68-5bfb0f64a70c/cover] start. pending: 12
[2024-10-30 22:02:47.852] BUFFERED: [/api/items/46728c78-d3c6-498b-9a8f-4e99f0f86233/cover] start. pending: 13
[2024-10-30 22:02:47.853] BUFFERED: [/api/items/e8d936bf-1ada-4af9-9fdb-4aa368b44bef/cover] start. pending: 14
[2024-10-30 22:02:47.854] BUFFERED: [/api/items/d44c528e-33c0-4e77-8791-c296842652c3/cover] start. pending: 15
[2024-10-30 22:02:47.855] BUFFERED: [/api/items/ffa58059-8fb8-4deb-a629-8a756e24cf4c/cover] start. pending: 16
[2024-10-30 22:02:47.855] BUFFERED: [/api/items/a9468226-b65b-4ac5-a0de-f66ac1a226ae/cover] start. pending: 17
[2024-10-30 22:02:47.856] BUFFERED: [/api/items/0056fadd-fec9-4ab7-af9b-da3a3bd05eb4/cover] start. pending: 18
[2024-10-30 22:02:47.857] BUFFERED: [/api/items/3f9f4e28-4427-4daf-8361-ff8f1938b0fe/cover] start. pending: 19
[2024-10-30 22:02:47.858] BUFFERED: [/api/items/6a6d2547-efe9-4f26-a5c1-17d1acd8255f/cover] start. pending: 20
[2024-10-30 22:02:47.859] BUFFERED: [/api/items/5bcd1bc5-0630-4714-b303-630c3f8c6289/cover] start. pending: 21
[2024-10-30 22:02:47.859] BUFFERED: [/api/items/c1579eb6-f50b-4ce7-8134-4462e03e16a6/cover] start. pending: 22
[2024-10-30 22:02:47.860] BUFFERED: [/api/items/a163c209-e579-42b2-b701-ced934343b0b/cover] start. pending: 23
[2024-10-30 22:02:47.860] BUFFERED: [/api/items/a70c0c62-6c6f-4ae5-b959-d9b9295bf406/cover] start. pending: 24
[2024-10-30 22:02:47.862] BUFFERED: [/api/items/d5b0e6b6-d79e-4b5f-863f-1e5f542d3e01/cover] start. pending: 25
[2024-10-30 22:02:47.863] BUFFERED: [/api/items/9e988de7-c1b1-4957-a3b2-a2e65f343e14/cover] start. pending: 26
[2024-10-30 22:02:47.864] BUFFERED: [/api/items/745b50b1-87a8-4adf-8f53-b0f4eef43f24/cover] start. pending: 27
[2024-10-30 22:02:47.865] BUFFERED: [/api/items/bcc92836-f798-4a2b-a67b-1e97e6983906/cover] start. pending: 28
[2024-10-30 22:02:47.877] BUFFERED: [/api/items/6d3437e9-3ba2-41fb-ab49-69edf9b1b415/cover] end. pending: 27. time: 37.178
[2024-10-30 22:02:47.879] BUFFERED: [/api/items/e42df329-76d9-4aa9-a820-3a10874ea2a9/cover] start. pending: 28
[2024-10-30 22:02:47.879] BUFFERED: [/api/items/d6ff75d0-4c97-4180-b5ef-3575104d25e2/cover] start. pending: 29
[2024-10-30 22:02:47.891] BUFFERED: [/api/items/c9379c09-dfcd-473e-b4ab-fb370f652144/cover] end. pending: 28. time: 49.181
[2024-10-30 22:02:47.906] BUFFERED: [/api/items/2efc636a-b54f-4254-84d8-bb1c728e83c5/cover] end. pending: 27. time: 59.728
[2024-10-30 22:02:47.918] BUFFERED: [/api/items/1bae1fea-5d73-48b2-88d3-758d5e69e4df/cover] end. pending: 26. time: 77.078
[2024-10-30 22:02:47.934] BUFFERED: [/api/items/9451eab7-307d-43dc-951f-19a7996683b9/cover] end. pending: 25. time: 90.748
[2024-10-30 22:02:47.947] BUFFERED: [/api/items/cd9c369a-7961-4169-bd74-ebd5620452f5/cover] end. pending: 24. time: 98.273
[2024-10-30 22:02:47.963] BUFFERED: [/api/items/db7d6d9b-2bc6-40c7-860f-f5f6123c10be/cover] end. pending: 23. time: 118.984
[2024-10-30 22:02:47.975] BUFFERED: [/api/items/e8d936bf-1ada-4af9-9fdb-4aa368b44bef/cover] end. pending: 22. time: 122.271
[2024-10-30 22:02:47.997] BUFFERED: [/api/items/04d73e0f-c9fe-4a07-b2e6-575cd144f1c3/cover] end. pending: 21. time: 152.353
[2024-10-30 22:02:48.010] BUFFERED: [/api/items/53e8b44e-b22e-4e6b-b136-43d07fd2f54d/cover] end. pending: 20. time: 164.463
[2024-10-30 22:02:48.022] BUFFERED: [/api/items/a70c0c62-6c6f-4ae5-b959-d9b9295bf406/cover] end. pending: 19. time: 161.032
[2024-10-30 22:02:48.042] BUFFERED: [/api/items/c6ca32fc-23a7-4874-9b9b-ec0c2fc686af/cover] end. pending: 18. time: 194.369
[2024-10-30 22:02:48.054] BUFFERED: [/api/items/b6fe713c-e0dd-4207-b664-8ea5ef307679/cover] end. pending: 17. time: 204.870
[2024-10-30 22:02:48.070] BUFFERED: [/api/items/335c5dcb-c26f-4ab8-bf68-5bfb0f64a70c/cover] end. pending: 16. time: 218.837
[2024-10-30 22:02:48.083] BUFFERED: [/api/items/46728c78-d3c6-498b-9a8f-4e99f0f86233/cover] end. pending: 15. time: 231.210
[2024-10-30 22:02:48.101] BUFFERED: [/api/items/d44c528e-33c0-4e77-8791-c296842652c3/cover] end. pending: 14. time: 247.023
[2024-10-30 22:02:48.113] BUFFERED: [/api/items/3f9f4e28-4427-4daf-8361-ff8f1938b0fe/cover] end. pending: 13. time: 256.466
[2024-10-30 22:02:48.126] BUFFERED: [/api/items/6a6d2547-efe9-4f26-a5c1-17d1acd8255f/cover] end. pending: 12. time: 268.070
[2024-10-30 22:02:48.138] BUFFERED: [/api/items/5bcd1bc5-0630-4714-b303-630c3f8c6289/cover] end. pending: 11. time: 279.267
[2024-10-30 22:02:48.149] BUFFERED: [/api/items/c1579eb6-f50b-4ce7-8134-4462e03e16a6/cover] end. pending: 10. time: 290.501
[2024-10-30 22:02:48.162] BUFFERED: [/api/items/a163c209-e579-42b2-b701-ced934343b0b/cover] end. pending: 9. time: 302.240
[2024-10-30 22:02:48.177] BUFFERED: [/api/items/a9468226-b65b-4ac5-a0de-f66ac1a226ae/cover] end. pending: 8. time: 321.927
[2024-10-30 22:02:48.189] BUFFERED: [/api/items/0056fadd-fec9-4ab7-af9b-da3a3bd05eb4/cover] end. pending: 7. time: 332.580
[2024-10-30 22:02:48.202] BUFFERED: [/api/items/ffa58059-8fb8-4deb-a629-8a756e24cf4c/cover] end. pending: 6. time: 347.262
[2024-10-30 22:02:48.220] BUFFERED: [/api/items/e42df329-76d9-4aa9-a820-3a10874ea2a9/cover] end. pending: 5. time: 341.351
[2024-10-30 22:02:48.232] BUFFERED: [/api/items/d6ff75d0-4c97-4180-b5ef-3575104d25e2/cover] end. pending: 4. time: 352.836
[2024-10-30 22:02:48.247] BUFFERED: [/api/items/9e988de7-c1b1-4957-a3b2-a2e65f343e14/cover] end. pending: 3. time: 383.840
[2024-10-30 22:02:48.259] BUFFERED: [/api/items/d5b0e6b6-d79e-4b5f-863f-1e5f542d3e01/cover] end. pending: 2. time: 396.293
[2024-10-30 22:02:48.270] BUFFERED: [/api/items/bcc92836-f798-4a2b-a67b-1e97e6983906/cover] end. pending: 1. time: 405.378
[2024-10-30 22:02:48.286] BUFFERED: [/api/items/745b50b1-87a8-4adf-8f53-b0f4eef43f24/cover] end. pending: 0. time: 421.465

Observations:

• When there are no other pending requests, this function takes ~15 ms to complete.
  • You can see this in the first few requests
• However, when there's more than one request pending, the requests seem to be handled almost sequentially
  • The image requests start to accumulate from 47.840 until 47.879
  • Only one request resolves during that period at 47.877, taking 37 ms
  • All other image requests only start to resolve at 47.891, at 12-16 ms intervals.

So it looks like even though sequelize calls are asynchronous and non-blocking, it doesn't seem to handle concurrency very well.

Many questions come to mind:

• For all the requests above, it is the same database query. Obviously, it can be cached.
• Does the query have include the mediaProgress records? the join complicates the query.
• Do we need req.user at all for cover image requests?
• What exactly is the process.nextTick() call trying to achieve here? I don't think it matters much, but what happens if we remove it?
• Can we change sequelize setup so it handles concurrent queries better?

This is what I have right now. Will continue tomorrow.

[nichwall]

Thanks for taking the time to write up your findings. My thoughts:

• For caching, I think we want a short TTL but agree that caching is a great idea.
• I don't think the media progress needs to be included for the cover image, I think that should only be included with the normal book information (for drawing the progress bar beneath the image)
• In Discord we discussed removing the user access requirement check for the image fetch, because we are already not including that in the author image check. This does raise a concern of being able to access the images without authentication, but I think that doesn't really matter for the ABS use case. (Edit to remove because I didn't understand how X-Accel worked) because the images are the only thing that can be returned without authentication (and already can be accessed this way using X-Accel). This also removes the need to include the API key in the URL as mentioned in Discord.

I'm not sure about the other two questions you asked, but those are my initial thoughts.

[advplyr]

• Does the query have include the mediaProgress records? the join complicates the query.

This is something I'm hoping to eliminate with the new data models. When the data model was all json objects and the project was very small it was easier to put the media progress on the user. Now that the data model is relational we don't want to have to pull media progresses every time we load a user.

• Do we need req.user at all for cover image requests?

This is a good question that I hadn't thought of. We don't need to load the user in a lot of cases if we store the users account type in the serialized user data. In that case we would create a new API token when changing the users account type.

• What exactly is the process.nextTick() call trying to achieve here? I don't think it matters much, but what happens if we remove it?

I'm not sure why they have it in their example. https://www.passportjs.org/concepts/authentication/sessions/

• Can we change sequelize setup so it handles concurrent queries better?

I've seen some things about improving concurrency for node sqlite3 but haven't done any testing. It will be good to look into that even though it looks like we can make some improvements that could allow for not making so many concurrent queries.

[nichwall]

Looks like the nextTick is just there as an example of async.

https://stackoverflow.com/questions/20743348/passport-js-and-process-nexttick-in-strategy

[mikiher]

Performance analysis day 2

process.nextTick removal

I removed the process.nextTick call like this:

    let liveRequests = 0
    passport.deserializeUser(
      function (req, user, cb) {
        liveRequests += 1
        BufferedLogger.log(`[${req.path}] start. pending: ${liveRequests}`)
        const start = performance.now()
        const parsedUserInfo = JSON.parse(user)
        // load the user by ID that is stored in the session
        Database.userModel.getUserById(parsedUserInfo.id).then((dbUser) => {
          const end = performance.now()
          const timeInMs = end - start
          liveRequests -= 1
          BufferedLogger.log(`[${req.path}] end. pending: ${liveRequests}. time: ${timeInMs.toFixed(3)}`)
          return cb(null, dbUser)
        })
      }.bind(this)
    )
    passport.passReqToCallback = true
  }

This had no visible effect on the timing and bottleneck.

bottom line - I think using process.nextTick is harmless but also not needed.

mediaProgress exclusion

I then tried changing getUserById so it doesn't include mediaProgress, like this:

  static async getUserById(userId) {
    if (!userId) return null
    return this.findByPk(userId)
    /*
    return this.findByPk(userId, {
      include: this.sequelize.models.mediaProgress
    })
    */
  }

This had massive impact on the deserializeUser timing. These are the log messages:

[2024-10-31 09:46:14.956] BUFFERED: [/api/libraries/b3bf8580-edba-4d7d-90eb-3b54206d16c3] start. pending: 1
[2024-10-31 09:46:14.958] BUFFERED: [/api/libraries/b3bf8580-edba-4d7d-90eb-3b54206d16c3] end. pending: 0. time: 1.076
[2024-10-31 09:46:15.058] BUFFERED: [/book_placeholder.jpg] start. pending: 1
[2024-10-31 09:46:15.059] BUFFERED: [/book_placeholder.jpg] end. pending: 0. time: 0.582
[2024-10-31 09:46:15.075] BUFFERED: [/api/libraries/b3bf8580-edba-4d7d-90eb-3b54206d16c3/items] start. pending: 1
[2024-10-31 09:46:15.075] BUFFERED: [/api/libraries/b3bf8580-edba-4d7d-90eb-3b54206d16c3/items] end. pending: 0. time: 0.681
[2024-10-31 09:46:15.162] BUFFERED: [/book_placeholder.jpg] start. pending: 1
[2024-10-31 09:46:15.163] BUFFERED: [/book_placeholder.jpg] end. pending: 0. time: 0.683
[2024-10-31 09:46:15.202] BUFFERED: [/api/items/6d3437e9-3ba2-41fb-ab49-69edf9b1b415/cover] start. pending: 1
[2024-10-31 09:46:15.203] BUFFERED: [/api/items/1bae1fea-5d73-48b2-88d3-758d5e69e4df/cover] start. pending: 2
[2024-10-31 09:46:15.203] BUFFERED: [/api/items/c9379c09-dfcd-473e-b4ab-fb370f652144/cover] start. pending: 3
[2024-10-31 09:46:15.204] BUFFERED: [/api/items/9451eab7-307d-43dc-951f-19a7996683b9/cover] start. pending: 4
[2024-10-31 09:46:15.204] BUFFERED: [/api/items/db7d6d9b-2bc6-40c7-860f-f5f6123c10be/cover] start. pending: 5
[2024-10-31 09:46:15.205] BUFFERED: [/api/items/6d3437e9-3ba2-41fb-ab49-69edf9b1b415/cover] end. pending: 4. time: 2.712
[2024-10-31 09:46:15.205] BUFFERED: [/api/items/db7d6d9b-2bc6-40c7-860f-f5f6123c10be/cover] end. pending: 3. time: 0.999
[2024-10-31 09:46:15.206] BUFFERED: [/api/items/04d73e0f-c9fe-4a07-b2e6-575cd144f1c3/cover] start. pending: 4
[2024-10-31 09:46:15.206] BUFFERED: [/api/items/53e8b44e-b22e-4e6b-b136-43d07fd2f54d/cover] start. pending: 5
[2024-10-31 09:46:15.207] BUFFERED: [/api/items/1bae1fea-5d73-48b2-88d3-758d5e69e4df/cover] end. pending: 4. time: 3.618
[2024-10-31 09:46:15.207] BUFFERED: [/api/items/c9379c09-dfcd-473e-b4ab-fb370f652144/cover] end. pending: 3. time: 3.986
[2024-10-31 09:46:15.208] BUFFERED: [/api/items/9451eab7-307d-43dc-951f-19a7996683b9/cover] end. pending: 2. time: 3.780
[2024-10-31 09:46:15.208] BUFFERED: [/api/items/2efc636a-b54f-4254-84d8-bb1c728e83c5/cover] start. pending: 3
[2024-10-31 09:46:15.212] BUFFERED: [/api/items/c6ca32fc-23a7-4874-9b9b-ec0c2fc686af/cover] start. pending: 4
[2024-10-31 09:46:15.212] BUFFERED: [/api/items/b6fe713c-e0dd-4207-b664-8ea5ef307679/cover] start. pending: 5
[2024-10-31 09:46:15.212] BUFFERED: [/api/items/cd9c369a-7961-4169-bd74-ebd5620452f5/cover] start. pending: 6
[2024-10-31 09:46:15.214] BUFFERED: [/api/items/335c5dcb-c26f-4ab8-bf68-5bfb0f64a70c/cover] start. pending: 7
[2024-10-31 09:46:15.214] BUFFERED: [/api/items/46728c78-d3c6-498b-9a8f-4e99f0f86233/cover] start. pending: 8
[2024-10-31 09:46:15.215] BUFFERED: [/api/items/e8d936bf-1ada-4af9-9fdb-4aa368b44bef/cover] start. pending: 9
[2024-10-31 09:46:15.215] BUFFERED: [/api/items/d44c528e-33c0-4e77-8791-c296842652c3/cover] start. pending: 10
[2024-10-31 09:46:15.215] BUFFERED: [/api/items/04d73e0f-c9fe-4a07-b2e6-575cd144f1c3/cover] end. pending: 9. time: 8.953
[2024-10-31 09:46:15.217] BUFFERED: [/api/items/ffa58059-8fb8-4deb-a629-8a756e24cf4c/cover] start. pending: 10
[2024-10-31 09:46:15.218] BUFFERED: [/api/items/a9468226-b65b-4ac5-a0de-f66ac1a226ae/cover] start. pending: 11
[2024-10-31 09:46:15.218] BUFFERED: [/api/items/0056fadd-fec9-4ab7-af9b-da3a3bd05eb4/cover] start. pending: 12
[2024-10-31 09:46:15.218] BUFFERED: [/api/items/3f9f4e28-4427-4daf-8361-ff8f1938b0fe/cover] start. pending: 13
[2024-10-31 09:46:15.219] BUFFERED: [/api/items/6a6d2547-efe9-4f26-a5c1-17d1acd8255f/cover] start. pending: 14
[2024-10-31 09:46:15.220] BUFFERED: [/api/items/53e8b44e-b22e-4e6b-b136-43d07fd2f54d/cover] end. pending: 13. time: 13.438
[2024-10-31 09:46:15.221] BUFFERED: [/api/items/2efc636a-b54f-4254-84d8-bb1c728e83c5/cover] end. pending: 12. time: 12.847
[2024-10-31 09:46:15.223] BUFFERED: [/api/items/5bcd1bc5-0630-4714-b303-630c3f8c6289/cover] start. pending: 13
[2024-10-31 09:46:15.225] BUFFERED: [/api/items/c1579eb6-f50b-4ce7-8134-4462e03e16a6/cover] start. pending: 14
[2024-10-31 09:46:15.226] BUFFERED: [/api/items/a163c209-e579-42b2-b701-ced934343b0b/cover] start. pending: 15
[2024-10-31 09:46:15.226] BUFFERED: [/api/items/a70c0c62-6c6f-4ae5-b959-d9b9295bf406/cover] start. pending: 16
[2024-10-31 09:46:15.226] BUFFERED: [/api/items/d5b0e6b6-d79e-4b5f-863f-1e5f542d3e01/cover] start. pending: 17
[2024-10-31 09:46:15.228] BUFFERED: [/api/items/9e988de7-c1b1-4957-a3b2-a2e65f343e14/cover] start. pending: 18
[2024-10-31 09:46:15.229] BUFFERED: [/api/items/745b50b1-87a8-4adf-8f53-b0f4eef43f24/cover] start. pending: 19
[2024-10-31 09:46:15.229] BUFFERED: [/api/items/bcc92836-f798-4a2b-a67b-1e97e6983906/cover] start. pending: 20
[2024-10-31 09:46:15.230] BUFFERED: [/api/items/e42df329-76d9-4aa9-a820-3a10874ea2a9/cover] start. pending: 21
[2024-10-31 09:46:15.230] BUFFERED: [/api/items/d6ff75d0-4c97-4180-b5ef-3575104d25e2/cover] start. pending: 22
[2024-10-31 09:46:15.235] BUFFERED: [/api/items/c6ca32fc-23a7-4874-9b9b-ec0c2fc686af/cover] end. pending: 21. time: 23.152
[2024-10-31 09:46:15.239] BUFFERED: [/api/items/b6fe713c-e0dd-4207-b664-8ea5ef307679/cover] end. pending: 20. time: 26.335
[2024-10-31 09:46:15.239] BUFFERED: [/api/items/d5b0e6b6-d79e-4b5f-863f-1e5f542d3e01/cover] end. pending: 19. time: 12.759
[2024-10-31 09:46:15.239] BUFFERED: [/api/items/cd9c369a-7961-4169-bd74-ebd5620452f5/cover] end. pending: 18. time: 26.622
[2024-10-31 09:46:15.251] BUFFERED: [/api/items/335c5dcb-c26f-4ab8-bf68-5bfb0f64a70c/cover] end. pending: 17. time: 37.321
[2024-10-31 09:46:15.252] BUFFERED: [/api/items/bcc92836-f798-4a2b-a67b-1e97e6983906/cover] end. pending: 16. time: 22.958
[2024-10-31 09:46:15.254] BUFFERED: [/api/items/46728c78-d3c6-498b-9a8f-4e99f0f86233/cover] end. pending: 15. time: 39.834
[2024-10-31 09:46:15.255] BUFFERED: [/api/items/ffa58059-8fb8-4deb-a629-8a756e24cf4c/cover] end. pending: 14. time: 37.320
[2024-10-31 09:46:15.255] BUFFERED: [/api/items/a9468226-b65b-4ac5-a0de-f66ac1a226ae/cover] end. pending: 13. time: 37.222
[2024-10-31 09:46:15.255] BUFFERED: [/api/items/0056fadd-fec9-4ab7-af9b-da3a3bd05eb4/cover] end. pending: 12. time: 37.272
[2024-10-31 09:46:15.255] BUFFERED: [/api/items/3f9f4e28-4427-4daf-8361-ff8f1938b0fe/cover] end. pending: 11. time: 36.859
[2024-10-31 09:46:15.255] BUFFERED: [/api/items/6a6d2547-efe9-4f26-a5c1-17d1acd8255f/cover] end. pending: 10. time: 36.340
[2024-10-31 09:46:15.256] BUFFERED: [/api/items/5bcd1bc5-0630-4714-b303-630c3f8c6289/cover] end. pending: 9. time: 33.361
[2024-10-31 09:46:15.256] BUFFERED: [/api/items/d6ff75d0-4c97-4180-b5ef-3575104d25e2/cover] end. pending: 8. time: 26.022
[2024-10-31 09:46:15.258] BUFFERED: [/api/items/e8d936bf-1ada-4af9-9fdb-4aa368b44bef/cover] end. pending: 7. time: 43.823
[2024-10-31 09:46:15.260] BUFFERED: [/api/items/d44c528e-33c0-4e77-8791-c296842652c3/cover] end. pending: 6. time: 44.959
[2024-10-31 09:46:15.264] BUFFERED: [/api/items/a163c209-e579-42b2-b701-ced934343b0b/cover] end. pending: 5. time: 37.939
[2024-10-31 09:46:15.264] BUFFERED: [/api/items/c1579eb6-f50b-4ce7-8134-4462e03e16a6/cover] end. pending: 4. time: 38.609
[2024-10-31 09:46:15.264] BUFFERED: [/api/items/a70c0c62-6c6f-4ae5-b959-d9b9295bf406/cover] end. pending: 3. time: 38.219
[2024-10-31 09:46:15.269] BUFFERED: [/api/items/9e988de7-c1b1-4957-a3b2-a2e65f343e14/cover] end. pending: 2. time: 40.738
[2024-10-31 09:46:15.269] BUFFERED: [/api/items/745b50b1-87a8-4adf-8f53-b0f4eef43f24/cover] end. pending: 1. time: 40.784
[2024-10-31 09:46:15.273] BUFFERED: [/api/items/e42df329-76d9-4aa9-a820-3a10874ea2a9/cover] end. pending: 0. time: 43.100

Although we still see concurrency issues, deserializeUser performs much better, as the complexity of the database query is reduced to essentially a table lookup. The average time for completing a cover image request on browser reduces from ~500ms to ~100ms

Bottom line: there's absolutely no justification to populate media progress in req.user for any request. If an API call requires the user's media progress, it can perform a separate query for it.

[advplyr]

I think around v2.13.0 I removed the old user object so now we should be able to remove the media progress sub-query without much effort. Just need to identify the places where the user is being sent to the client and load the media progress there.

Thanks for digging into that. This should be even more impactful for the users with really large libraries.

[wommy]

look into 11ty's image plugin
https://www.11ty.dev/docs/plugins/image/

zachs left nothing on the table when it comes to image optimization

the blogpost about it
https://www.zachleat.com/web/eleventy-image/

[mikiher]

More experiments

No req.user for cover requests

In the next experiment, if the request is a cover request, we don't perform user deserialization at all and req.user is set to null.
I also removed the only piece of code where req.user was used in LibraryItemController.getCover(), here:

    if (!req.user.checkCanAccessLibraryItem(libraryItem)) {
      return res.sendStatus(403)
    }

This of course reduces deserializeUser time to almost 0 for cover requests, but then the choke-point moves somewhere else.

After some further digging, I found the next choke point to be in jwtAuthCheck (see code below), which is called by passport JwtStrategy after JWT verification.

  async jwtAuthCheck(jwt_payload, done) {
    // load user by id from the jwt token
    const user = await Database.userModel.getUserByIdOrOldId(jwt_payload.userId)

    if (!user?.isActive) {
      // deny login
      done(null, null)
      return
    }
    // approve login
    done(null, user)
    return
  }

No authentication for cover requests

So for the next experiment, I disabled authentication for cover requests, by modifying Auth.isAuthenticated() like this:

  isAuthenticated(req, res, next) {
    // check if session cookie says that we are authenticated
    if (req.isAuthenticated() || req.path.includes('/cover')) {
      next()
    } else {
      // try JWT to authenticate
      passport.authenticate('jwt')(req, res, next)
    }
  }

Now the total serving time went down to ~60ms on average, and finally most of that time is spent in getCover (~45ms on average), where it should.

Using getCover2

I now experimented with @advplyr's suggested getCover2, which essentially does away with database queries altogether if the cover is found in the image disk cache (note that this specific one might crash if the cover is not in the cache, but it's fine for experimentation purposes, and also reflects the reality for most users).

  async getCover2(req, res) {
    const {
      query: { width, height, format, raw }
    } = req

    const options = {
      format: format || (reqSupportsWebp(req) ? 'webp' : 'jpeg'),
      height: height ? parseInt(height) : null,
      width: width ? parseInt(width) : null
    }
    return CacheManager.handleCoverCache(res, req.params.id, null, options)
  }

Now, total serving time goes down to ~20ms on average, and time spent in getCover2 is around 3ms(!) on average.
Much better!!!

Moving the express.static middlewares after apiRouter

I noticed during my experimentations that the express.static middlewares seem to take a few ms, even though they're not doing anything for API requests. moving those after router.use('/api', this.authMiddleware.bind(this), this.apiRouter.router) shaves off an additional ~10ms of the average total serving time for covers, which is now ~10ms.

At this point, I'm stopping my experiments since I'm seeing diminishing returns from server optimizations - time on the same scale is spent in different unrelated places (e.g. network, reverse-proxy).

[mikiher]

Conclusions

I'm really happy to have gone through these experiments. They've taught me a lot about the server's behavior and hidden costs.
Specifically cover images (and probably the same applies for author images) present the server with db concurrency performance issues.

My recommendations are pretty obvious from experiments:

1. Skip req.user population for cover (and author) images
2. Skip authentication for covers and author images
3. Skip db access if images are found in the disk image cache.
4. Remove media progress from req.user
5. Cache req.user

1-3 will vastly improve response time for the homepage, library, and series pages. They wil also allow us to remove the token from the url, which is quite a glaring secutiry issue.

4 and 5 are less important if 1-3 are implemented, but I think they should also be done. @advplyr also suggested storing the required user information in the JWT, which may obviate the need to go to the database at all for populating req.user.

So unless I hear other suggestions, my first focus will be 1-3.

[advplyr]

This has been really helpful. I will definitely use that method of measuring performance for APIs in the future.

Those recommendations look good to me.

[mikiher]

Just note that the version of measureMiddlewareTime above is buggy (especially in the sense that it expects middleware to call next, which it doesn't have to).

It is quite tricky to come up with a function that will work for every arbitrary middleware input. I'm sure someone has something like this on Github, but I have not had the wits to look for one before I wrote it myself... :)