⚡ perf: Add Redis caching to /v1/analytics/{user_email} with privacy-safe email hashing

DevaOnBreaches · DevaOnBreaches · commit 99ab840bf8d3 · 2025-12-24T18:47:42.000+05:30
diff --git a/api/v1/analytics.py b/api/v1/analytics.py
@@ -2,6 +2,7 @@
 
 # Standard library imports
 import datetime
+import hashlib
 import html
 import json
 import logging
@@ -94,6 +95,11 @@ def cache_analytics(
         pass
 
 
+def hash_email(email: str) -> str:
+    """Hash email for privacy-safe cache keys."""
+    return hashlib.sha256(email.lower().encode()).hexdigest()[:16]
+
+
 class ShieldOnException(Exception):
     """Exception raised when shield is on."""
 
@@ -1050,12 +1056,20 @@ async def get_analytics(
         alert_key = data_store.key("xon_alert", user_email)
         alert_record = data_store.get(alert_key)
 
+        # Always check shieldOn first (privacy - can't cache this)
         if alert_record and alert_record.get("shieldOn"):
             raise ShieldOnException("Shield is on")
 
+        # Check cache after shieldOn validation
+        cache_key = f"analytics-hierarchy:{hash_email(user_email)}"
+        cached_result = get_cached_analytics(cache_key)
+        if cached_result:
+            return BreachHierarchyResponse(**cached_result)
+
         if xon_record:
             site = str(xon_record["site"])
             breach_hierarchy = await get_breach_hierarchy_analytics(site, "")
+            cache_analytics(cache_key, breach_hierarchy)
             return BreachHierarchyResponse(**breach_hierarchy)
 
         return JSONResponse(content=None)
