The latest articles on DEV Community by ahmet gedik (@ahmet_gedik778845). https://dev.to/ahmet_gedik778845 https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3801199%2Fcae54b2b-1a40-47e7-aefb-84cc64c80750.png https://dev.to/ahmet_gedik778845 en ahmet gedik Fri, 12 Jun 2026 18:00:02 +0000 https://dev.to/ahmet_gedik778845/real-time-video-metadata-invalidation-with-postgres-listen-and-notify-2fnl https://dev.to/ahmet_gedik778845/real-time-video-metadata-invalidation-with-postgres-listen-and-notify-2fnl <p>A viewer hits a watch page on <a href="https://dailywatch.video" rel="noopener noreferrer">DailyWatch</a> and sees a view count that is six hours stale, a title that was corrected last night, and a thumbnail that points at a video we already pulled for a copyright strike. Every one of those is a caching bug, and every one of them traces back to the same root cause: we had no fast, reliable way to tell the edge that a single video's metadata had changed. We cache aggressively — LiteSpeed page cache in front of PHP 8.4, a SQLite FTS5 index for discovery, and Cloudflare in front of all of it. Aggressive caching is what lets a free video discovery platform serve millions of requests on a small budget. The price is invalidation. When the canonical metadata for one video changes, that change has to ripple outward in seconds, not on the next cron tick.</p> <p>The naive fixes all fail in instructive ways. Short TTLs throw away the cache hit rate we depend on. A cron job that scans for <code>updated_at &gt; last_run</code> is coarse, polls a hot table constantly, and still leaves a window of staleness equal to its interval. Pushing every edit through an application-level message bus means the bus and the database can disagree the moment a transaction rolls back. What I actually wanted was for the database — the single source of truth for metadata — to be the thing that announces changes, transactionally, the instant a row is committed. That is exactly what Postgres <code>LISTEN</code>/<code>NOTIFY</code> gives you. This post walks through how we wired it up: the trigger that fires on commit, a long-lived Go listener that fans changes out, and the PHP and Python pieces that turn a notification into a surgical cache purge.</p> <h2> Why the source of truth should announce its own changes </h2> <p>Our metadata pipeline is Postgres, even though the read path that serves pages is SQLite FTS5. That split is deliberate. Ingestion workers in Python pull from upstream APIs, normalize, dedupe, and write canonical rows into Postgres. A separate process projects the relevant columns into the per-edge SQLite databases that LiteSpeed reads from. Postgres is where truth lives and where mutations happen, so Postgres is the natural place to emit "this changed" events.</p> <p><code>NOTIFY</code> is a Postgres command that sends a payload on a named channel. <code>LISTEN</code> subscribes a connection to that channel. The property that makes it useful for invalidation — and that an external broker cannot give you for free — is that <strong>notifications are delivered as part of the transaction</strong>. If you <code>NOTIFY</code> inside a transaction and the transaction commits, the notification is delivered. If it rolls back, the notification is discarded. You can never tell a downstream cache to purge a change that never actually landed. That single guarantee eliminates an entire category of phantom-invalidation bugs.</p> <p>There are real limits worth stating up front, because they shape the design:</p> <ul> <li>The payload is capped at 8000 bytes. You send identifiers and a reason code, never the full row.</li> <li>Delivery is at-most-once <em>to currently connected listeners</em>. If your listener is down when the <code>NOTIFY</code> fires, that event is gone. You need a catch-up path.</li> <li>Notifications are not queued durably. This is a signaling mechanism, not Kafka. Treat it as a hint that says "go look," not as the system of record.</li> </ul> <p>Those constraints push you toward a specific shape: send tiny payloads, design the consumer to be idempotent, and keep a reconciliation sweep as a safety net.</p> <h2> The trigger that fires on commit </h2> <p>The cleanest place to emit the event is a row-level trigger on the <code>videos</code> table. It fires for every insert, update, and delete, builds a compact JSON payload, and calls <code>pg_notify</code>. Because the trigger runs inside the same transaction as the write, the notification inherits the transaction's commit/rollback fate automatically.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">CREATE</span> <span class="k">OR</span> <span class="k">REPLACE</span> <span class="k">FUNCTION</span> <span class="n">notify_video_change</span><span class="p">()</span> <span class="k">RETURNS</span> <span class="k">trigger</span> <span class="k">AS</span> <span class="err">$$</span> <span class="k">DECLARE</span> <span class="n">payload</span> <span class="n">json</span><span class="p">;</span> <span class="n">changed_id</span> <span class="nb">text</span><span class="p">;</span> <span class="k">BEGIN</span> <span class="n">changed_id</span> <span class="p">:</span><span class="o">=</span> <span class="n">COALESCE</span><span class="p">(</span><span class="k">NEW</span><span class="p">.</span><span class="n">video_id</span><span class="p">,</span> <span class="k">OLD</span><span class="p">.</span><span class="n">video_id</span><span class="p">);</span> <span class="c1">-- For updates, only emit when a cache-relevant column actually changed.</span> <span class="n">IF</span> <span class="p">(</span><span class="n">TG_OP</span> <span class="o">=</span> <span class="s1">'UPDATE'</span><span class="p">)</span> <span class="k">THEN</span> <span class="n">IF</span> <span class="k">NEW</span><span class="p">.</span><span class="n">title</span> <span class="k">IS</span> <span class="k">NOT</span> <span class="k">DISTINCT</span> <span class="k">FROM</span> <span class="k">OLD</span><span class="p">.</span><span class="n">title</span> <span class="k">AND</span> <span class="k">NEW</span><span class="p">.</span><span class="n">description</span> <span class="k">IS</span> <span class="k">NOT</span> <span class="k">DISTINCT</span> <span class="k">FROM</span> <span class="k">OLD</span><span class="p">.</span><span class="n">description</span> <span class="k">AND</span> <span class="k">NEW</span><span class="p">.</span><span class="n">thumbnail_url</span> <span class="k">IS</span> <span class="k">NOT</span> <span class="k">DISTINCT</span> <span class="k">FROM</span> <span class="k">OLD</span><span class="p">.</span><span class="n">thumbnail_url</span> <span class="k">AND</span> <span class="k">NEW</span><span class="p">.</span><span class="n">status</span> <span class="k">IS</span> <span class="k">NOT</span> <span class="k">DISTINCT</span> <span class="k">FROM</span> <span class="k">OLD</span><span class="p">.</span><span class="n">status</span> <span class="k">AND</span> <span class="k">NEW</span><span class="p">.</span><span class="n">category_id</span> <span class="k">IS</span> <span class="k">NOT</span> <span class="k">DISTINCT</span> <span class="k">FROM</span> <span class="k">OLD</span><span class="p">.</span><span class="n">category_id</span> <span class="k">THEN</span> <span class="k">RETURN</span> <span class="k">NEW</span><span class="p">;</span> <span class="c1">-- view-count-only update, not worth a purge</span> <span class="k">END</span> <span class="n">IF</span><span class="p">;</span> <span class="k">END</span> <span class="n">IF</span><span class="p">;</span> <span class="n">payload</span> <span class="p">:</span><span class="o">=</span> <span class="n">json_build_object</span><span class="p">(</span> <span class="s1">'video_id'</span><span class="p">,</span> <span class="n">changed_id</span><span class="p">,</span> <span class="s1">'op'</span><span class="p">,</span> <span class="n">TG_OP</span><span class="p">,</span> <span class="s1">'category_id'</span><span class="p">,</span> <span class="n">COALESCE</span><span class="p">(</span><span class="k">NEW</span><span class="p">.</span><span class="n">category_id</span><span class="p">,</span> <span class="k">OLD</span><span class="p">.</span><span class="n">category_id</span><span class="p">),</span> <span class="s1">'ts'</span><span class="p">,</span> <span class="k">extract</span><span class="p">(</span><span class="n">epoch</span> <span class="k">FROM</span> <span class="n">clock_timestamp</span><span class="p">())</span> <span class="p">);</span> <span class="n">PERFORM</span> <span class="n">pg_notify</span><span class="p">(</span><span class="s1">'video_metadata'</span><span class="p">,</span> <span class="n">payload</span><span class="p">::</span><span class="nb">text</span><span class="p">);</span> <span class="k">RETURN</span> <span class="n">COALESCE</span><span class="p">(</span><span class="k">NEW</span><span class="p">,</span> <span class="k">OLD</span><span class="p">);</span> <span class="k">END</span><span class="p">;</span> <span class="err">$$</span> <span class="k">LANGUAGE</span> <span class="n">plpgsql</span><span class="p">;</span> <span class="k">CREATE</span> <span class="k">TRIGGER</span> <span class="n">trg_video_metadata_change</span> <span class="k">AFTER</span> <span class="k">INSERT</span> <span class="k">OR</span> <span class="k">UPDATE</span> <span class="k">OR</span> <span class="k">DELETE</span> <span class="k">ON</span> <span class="n">videos</span> <span class="k">FOR</span> <span class="k">EACH</span> <span class="k">ROW</span> <span class="k">EXECUTE</span> <span class="k">FUNCTION</span> <span class="n">notify_video_change</span><span class="p">();</span> </code></pre> </div> <p>The <code>IS NOT DISTINCT FROM</code> guard matters more than it looks. View counts and watch timestamps churn constantly; if every increment triggered an edge purge we would be invalidating the same hot pages thousands of times an hour and defeating the cache entirely. We only signal when a column that actually appears in rendered HTML or the search index changes. View counts get reconciled lazily on a slower path because nobody files a bug report over a count that is two minutes behind.</p> <p>One caution about firing <code>pg_notify</code> in <code>AFTER</code> triggers under heavy write load: notifications on a given channel are coalesced and ordered, and a flood of distinct payloads can add commit latency. We measured it at our write volume and it is negligible, but if you ingest tens of thousands of rows in a single transaction, batch the notify into one statement-level call instead of one per row.</p> <h2> A long-lived Go listener that fans out </h2> <p>The consumer is a separate daemon. It holds one dedicated Postgres connection open, blocks on incoming notifications, and translates each into concrete invalidation actions. I wrote ours in Go because the listener needs to be a rock-solid long-running process with good connection handling and cheap concurrency for the fan-out. <code>pgx</code> exposes the LISTEN/NOTIFY primitives directly through <code>WaitForNotification</code>.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">package</span> <span class="n">main</span> <span class="k">import</span> <span class="p">(</span> <span class="s">"context"</span> <span class="s">"encoding/json"</span> <span class="s">"log"</span> <span class="s">"time"</span> <span class="s">"github.com/jackc/pgx/v5"</span> <span class="p">)</span> <span class="k">type</span> <span class="n">VideoChange</span> <span class="k">struct</span> <span class="p">{</span> <span class="n">VideoID</span> <span class="kt">string</span> <span class="s">`json:"video_id"`</span> <span class="n">Op</span> <span class="kt">string</span> <span class="s">`json:"op"`</span> <span class="n">CategoryID</span> <span class="o">*</span><span class="kt">int</span> <span class="s">`json:"category_id"`</span> <span class="n">TS</span> <span class="kt">float64</span> <span class="s">`json:"ts"`</span> <span class="p">}</span> <span class="k">func</span> <span class="n">main</span><span class="p">()</span> <span class="p">{</span> <span class="n">ctx</span> <span class="o">:=</span> <span class="n">context</span><span class="o">.</span><span class="n">Background</span><span class="p">()</span> <span class="k">for</span> <span class="p">{</span> <span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">listen</span><span class="p">(</span><span class="n">ctx</span><span class="p">);</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">log</span><span class="o">.</span><span class="n">Printf</span><span class="p">(</span><span class="s">"listener dropped: %v; reconnecting in 2s"</span><span class="p">,</span> <span class="n">err</span><span class="p">)</span> <span class="n">time</span><span class="o">.</span><span class="n">Sleep</span><span class="p">(</span><span class="m">2</span> <span class="o">*</span> <span class="n">time</span><span class="o">.</span><span class="n">Second</span><span class="p">)</span> <span class="c">// On reconnect we may have missed events: trigger a catch-up sweep.</span> <span class="k">go</span> <span class="n">reconcileSince</span><span class="p">(</span><span class="n">ctx</span><span class="p">,</span> <span class="n">time</span><span class="o">.</span><span class="n">Now</span><span class="p">()</span><span class="o">.</span><span class="n">Add</span><span class="p">(</span><span class="o">-</span><span class="m">5</span><span class="o">*</span><span class="n">time</span><span class="o">.</span><span class="n">Minute</span><span class="p">))</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> <span class="k">func</span> <span class="n">listen</span><span class="p">(</span><span class="n">ctx</span> <span class="n">context</span><span class="o">.</span><span class="n">Context</span><span class="p">)</span> <span class="kt">error</span> <span class="p">{</span> <span class="n">conn</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">pgx</span><span class="o">.</span><span class="n">Connect</span><span class="p">(</span><span class="n">ctx</span><span class="p">,</span> <span class="s">"postgres://ingest@localhost/dailywatch"</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="n">err</span> <span class="p">}</span> <span class="k">defer</span> <span class="n">conn</span><span class="o">.</span><span class="n">Close</span><span class="p">(</span><span class="n">ctx</span><span class="p">)</span> <span class="k">if</span> <span class="n">_</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">conn</span><span class="o">.</span><span class="n">Exec</span><span class="p">(</span><span class="n">ctx</span><span class="p">,</span> <span class="s">"LISTEN video_metadata"</span><span class="p">);</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="n">err</span> <span class="p">}</span> <span class="n">log</span><span class="o">.</span><span class="n">Println</span><span class="p">(</span><span class="s">"listening on channel video_metadata"</span><span class="p">)</span> <span class="k">for</span> <span class="p">{</span> <span class="n">n</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">conn</span><span class="o">.</span><span class="n">WaitForNotification</span><span class="p">(</span><span class="n">ctx</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="n">err</span> <span class="c">// surface to the reconnect loop</span> <span class="p">}</span> <span class="k">var</span> <span class="n">c</span> <span class="n">VideoChange</span> <span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">json</span><span class="o">.</span><span class="n">Unmarshal</span><span class="p">([]</span><span class="kt">byte</span><span class="p">(</span><span class="n">n</span><span class="o">.</span><span class="n">Payload</span><span class="p">),</span> <span class="o">&amp;</span><span class="n">c</span><span class="p">);</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">log</span><span class="o">.</span><span class="n">Printf</span><span class="p">(</span><span class="s">"bad payload %q: %v"</span><span class="p">,</span> <span class="n">n</span><span class="o">.</span><span class="n">Payload</span><span class="p">,</span> <span class="n">err</span><span class="p">)</span> <span class="k">continue</span> <span class="p">}</span> <span class="c">// Fan out concurrently; each action is idempotent.</span> <span class="k">go</span> <span class="n">handleChange</span><span class="p">(</span><span class="n">ctx</span><span class="p">,</span> <span class="n">c</span><span class="p">)</span> <span class="p">}</span> <span class="p">}</span> <span class="k">func</span> <span class="n">handleChange</span><span class="p">(</span><span class="n">ctx</span> <span class="n">context</span><span class="o">.</span><span class="n">Context</span><span class="p">,</span> <span class="n">c</span> <span class="n">VideoChange</span><span class="p">)</span> <span class="p">{</span> <span class="n">projectToSQLite</span><span class="p">(</span><span class="n">c</span><span class="o">.</span><span class="n">VideoID</span><span class="p">,</span> <span class="n">c</span><span class="o">.</span><span class="n">Op</span><span class="p">)</span> <span class="c">// refresh the read-path FTS5 row</span> <span class="n">purgeCloudflare</span><span class="p">(</span><span class="s">"/watch/"</span> <span class="o">+</span> <span class="n">c</span><span class="o">.</span><span class="n">VideoID</span><span class="p">)</span> <span class="c">// edge purge for the watch page</span> <span class="k">if</span> <span class="n">c</span><span class="o">.</span><span class="n">CategoryID</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">purgeLocalPageCache</span><span class="p">(</span><span class="n">c</span><span class="o">.</span><span class="n">VideoID</span><span class="p">,</span> <span class="o">*</span><span class="n">c</span><span class="o">.</span><span class="n">CategoryID</span><span class="p">)</span> <span class="p">}</span> <span class="n">log</span><span class="o">.</span><span class="n">Printf</span><span class="p">(</span><span class="s">"invalidated %s (%s)"</span><span class="p">,</span> <span class="n">c</span><span class="o">.</span><span class="n">VideoID</span><span class="p">,</span> <span class="n">c</span><span class="o">.</span><span class="n">Op</span><span class="p">)</span> <span class="p">}</span> </code></pre> </div> <p>The reconnect loop is the whole point of using a dedicated daemon. <code>WaitForNotification</code> returns an error when the connection drops, we log it, sleep, reconnect, and — critically — kick off a reconciliation sweep for the window we might have missed. Because <code>NOTIFY</code> is at-most-once to live listeners, every reconnect is a potential gap, and the catch-up sweep is what makes the system eventually consistent rather than silently lossy.</p> <h2> Turning a notification into a surgical purge </h2> <p>The <code>handleChange</code> fan-out does three things, and each deserves a note.</p> <ul> <li> <strong>Project to SQLite FTS5.</strong> The read path queries SQLite, so the listener pushes the changed columns into the per-edge database and runs an <code>INSERT OR REPLACE</code> plus an FTS5 index update. This is the step that makes search results and listing pages reflect the edit.</li> <li> <strong>Purge the edge.</strong> A single targeted Cloudflare cache purge for the exact watch URL, not a zone-wide flush. Zone purges are a blunt instrument that tank your hit rate for minutes afterward.</li> <li> <strong>Purge the local page cache.</strong> LiteSpeed and our PHP file cache hold rendered HTML for the watch page and any category listing the video appears on, so we delete those specific files.</li> </ul> <p>The local PHP side is where the LiteSpeed and file-cache invalidation actually happens. This runs as a tiny endpoint the Go listener calls, or you can have PHP itself hold the listener connection on smaller deployments. Here is the file-cache purge in PHP 8.4:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="cp">&lt;?php</span> <span class="k">declare</span><span class="p">(</span><span class="n">strict_types</span><span class="o">=</span><span class="mi">1</span><span class="p">);</span> <span class="k">final</span> <span class="kd">class</span> <span class="nc">CacheInvalidator</span> <span class="p">{</span> <span class="k">public</span> <span class="k">function</span> <span class="n">__construct</span><span class="p">(</span> <span class="k">private</span> <span class="k">readonly</span> <span class="kt">string</span> <span class="nv">$pageCacheDir</span> <span class="o">=</span> <span class="s1">'/var/cache/dailywatch/pages'</span><span class="p">,</span> <span class="p">)</span> <span class="p">{}</span> <span class="k">public</span> <span class="k">function</span> <span class="n">purgeVideo</span><span class="p">(</span><span class="kt">string</span> <span class="nv">$videoId</span><span class="p">,</span> <span class="kt">int</span> <span class="nv">$categoryId</span><span class="p">):</span> <span class="kt">void</span> <span class="p">{</span> <span class="c1">// Watch page and the category listing the video appears on.</span> <span class="nv">$keys</span> <span class="o">=</span> <span class="p">[</span> <span class="s2">"watch:</span><span class="si">{</span><span class="nv">$videoId</span><span class="si">}</span><span class="s2">"</span><span class="p">,</span> <span class="s2">"category:</span><span class="si">{</span><span class="nv">$categoryId</span><span class="si">}</span><span class="s2">"</span><span class="p">,</span> <span class="s1">'home:index'</span><span class="p">,</span> <span class="p">];</span> <span class="k">foreach</span> <span class="p">(</span><span class="nv">$keys</span> <span class="k">as</span> <span class="nv">$key</span><span class="p">)</span> <span class="p">{</span> <span class="nv">$path</span> <span class="o">=</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="n">pageCacheDir</span> <span class="mf">.</span> <span class="s1">'/'</span> <span class="mf">.</span> <span class="nb">hash</span><span class="p">(</span><span class="s1">'xxh128'</span><span class="p">,</span> <span class="nv">$key</span><span class="p">)</span> <span class="mf">.</span> <span class="s1">'.html'</span><span class="p">;</span> <span class="k">if</span> <span class="p">(</span><span class="nb">is_file</span><span class="p">(</span><span class="nv">$path</span><span class="p">))</span> <span class="p">{</span> <span class="o">@</span><span class="nb">unlink</span><span class="p">(</span><span class="nv">$path</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> <span class="c1">// Tell LiteSpeed to drop its public cache entry for this tag.</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="nf">purgeLiteSpeed</span><span class="p">(</span><span class="s2">"watch_</span><span class="si">{</span><span class="nv">$videoId</span><span class="si">}</span><span class="s2">"</span><span class="p">);</span> <span class="p">}</span> <span class="k">private</span> <span class="k">function</span> <span class="n">purgeLiteSpeed</span><span class="p">(</span><span class="kt">string</span> <span class="nv">$tag</span><span class="p">):</span> <span class="kt">void</span> <span class="p">{</span> <span class="c1">// LiteSpeed honours this response header for tag-based purges.</span> <span class="k">if</span> <span class="p">(</span><span class="o">!</span><span class="nb">headers_sent</span><span class="p">())</span> <span class="p">{</span> <span class="nb">header</span><span class="p">(</span><span class="s1">'X-LiteSpeed-Purge: tag='</span> <span class="mf">.</span> <span class="nv">$tag</span><span class="p">,</span> <span class="kc">false</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> <span class="c1">// Invoked by the listener with a small JSON POST.</span> <span class="nv">$body</span> <span class="o">=</span> <span class="nb">json_decode</span><span class="p">(</span><span class="nb">file_get_contents</span><span class="p">(</span><span class="s1">'php://input'</span><span class="p">)</span> <span class="o">?:</span> <span class="s1">'{}'</span><span class="p">,</span> <span class="kc">true</span><span class="p">);</span> <span class="k">if</span> <span class="p">(</span><span class="k">isset</span><span class="p">(</span><span class="nv">$body</span><span class="p">[</span><span class="s1">'video_id'</span><span class="p">],</span> <span class="nv">$body</span><span class="p">[</span><span class="s1">'category_id'</span><span class="p">]))</span> <span class="p">{</span> <span class="p">(</span><span class="k">new</span> <span class="nc">CacheInvalidator</span><span class="p">())</span><span class="o">-&gt;</span><span class="nf">purgeVideo</span><span class="p">(</span> <span class="p">(</span><span class="n">string</span><span class="p">)</span> <span class="nv">$body</span><span class="p">[</span><span class="s1">'video_id'</span><span class="p">],</span> <span class="p">(</span><span class="n">int</span><span class="p">)</span> <span class="nv">$body</span><span class="p">[</span><span class="s1">'category_id'</span><span class="p">],</span> <span class="p">);</span> <span class="nb">http_response_code</span><span class="p">(</span><span class="mi">204</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p>The <code>X-LiteSpeed-Purge</code> header with a tag is the clean way to evict LiteSpeed's public cache for a specific entity, assuming you tagged the page when you cached it. Combined with deleting the PHP file-cache artifacts and the targeted Cloudflare purge, an edit propagates through all three cache layers within a second or two of the database commit.</p> <h2> The ingestion side and the reconciliation safety net </h2> <p>The writers stay blissfully ignorant of all this. Python ingestion workers just write to Postgres inside a transaction; the trigger handles notification. That separation is the elegance of doing it in the database — no application code has to remember to publish an event, and there is no way to commit a metadata change without the notification going out.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">psycopg</span> <span class="k">def</span> <span class="nf">upsert_video</span><span class="p">(</span><span class="n">conn</span><span class="p">:</span> <span class="n">psycopg</span><span class="p">.</span><span class="n">Connection</span><span class="p">,</span> <span class="n">video</span><span class="p">:</span> <span class="nb">dict</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="bp">None</span><span class="p">:</span> <span class="sh">"""</span><span class="s">Writers do nothing special; the AFTER trigger emits the NOTIFY.</span><span class="sh">"""</span> <span class="k">with</span> <span class="n">conn</span><span class="p">.</span><span class="nf">transaction</span><span class="p">():</span> <span class="n">conn</span><span class="p">.</span><span class="nf">execute</span><span class="p">(</span> <span class="sh">"""</span><span class="s"> INSERT INTO videos (video_id, title, description, thumbnail_url, category_id, status, updated_at) VALUES (%(video_id)s, %(title)s, %(description)s, %(thumbnail_url)s, %(category_id)s, %(status)s, now()) ON CONFLICT (video_id) DO UPDATE SET title = EXCLUDED.title, description = EXCLUDED.description, thumbnail_url = EXCLUDED.thumbnail_url, category_id = EXCLUDED.category_id, status = EXCLUDED.status, updated_at = now() </span><span class="sh">"""</span><span class="p">,</span> <span class="n">video</span><span class="p">,</span> <span class="p">)</span> <span class="c1"># On commit, trg_video_metadata_change fires pg_notify('video_metadata', ...). </span></code></pre> </div> <p>The reconciliation sweep is the other half of correctness. Because notifications can be missed during a listener restart or a network blip, a periodic job re-projects everything touched recently. It is cheap, it is idempotent, and it closes the at-most-once gap.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">datetime</span> <span class="k">def</span> <span class="nf">reconcile_since</span><span class="p">(</span><span class="n">conn</span><span class="p">:</span> <span class="n">psycopg</span><span class="p">.</span><span class="n">Connection</span><span class="p">,</span> <span class="n">since</span><span class="p">:</span> <span class="n">datetime</span><span class="p">.</span><span class="n">datetime</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="nb">int</span><span class="p">:</span> <span class="n">rows</span> <span class="o">=</span> <span class="n">conn</span><span class="p">.</span><span class="nf">execute</span><span class="p">(</span> <span class="sh">"""</span><span class="s"> SELECT video_id, category_id FROM videos WHERE updated_at &gt;= %s ORDER BY updated_at </span><span class="sh">"""</span><span class="p">,</span> <span class="p">(</span><span class="n">since</span><span class="p">,),</span> <span class="p">).</span><span class="nf">fetchall</span><span class="p">()</span> <span class="k">for</span> <span class="n">video_id</span><span class="p">,</span> <span class="n">category_id</span> <span class="ow">in</span> <span class="n">rows</span><span class="p">:</span> <span class="nf">project_to_sqlite</span><span class="p">(</span><span class="n">video_id</span><span class="p">)</span> <span class="nf">purge_caches</span><span class="p">(</span><span class="n">video_id</span><span class="p">,</span> <span class="n">category_id</span><span class="p">)</span> <span class="c1"># same idempotent purge path </span> <span class="k">return</span> <span class="nf">len</span><span class="p">(</span><span class="n">rows</span><span class="p">)</span> </code></pre> </div> <p>We run <code>reconcile_since</code> on a five-minute overlap window so consecutive sweeps always cover any gap, and the Go listener calls the same logic immediately after every reconnect. The result is a system that is fast in the common case — sub-second propagation driven by <code>NOTIFY</code> — and self-healing in the failure case, because the sweep guarantees that anything the live channel dropped still gets picked up.</p> <p>A few operational lessons from running this in production:</p> <ul> <li> <strong>Make every consumer action idempotent.</strong> Re-projecting a row and re-purging a URL must be safe to do twice, because the live path and the reconciliation path will sometimes both handle the same change.</li> <li> <strong>Keep payloads to identifiers.</strong> Sending the full row tempts you past the 8000-byte limit and makes the listener trust stale data. Send the id, fetch fresh on the consumer side if you need detail.</li> <li> <strong>Don't NOTIFY on view-count churn.</strong> Separate the columns that affect rendered output from the columns that are pure analytics, and only signal on the former.</li> <li> <strong>One dedicated connection per listener.</strong> Don't run <code>LISTEN</code> on a pooled connection that gets handed back; you will miss notifications and not know it.</li> </ul> <h2> Conclusion </h2> <p>The shape that worked for us is simple to state: let Postgres announce its own changes through a commit-bound trigger, consume those announcements in one resilient long-lived listener, fan each event out into surgical purges across SQLite FTS5, the PHP file cache, LiteSpeed, and Cloudflare, and back the whole thing with an idempotent reconciliation sweep that catches anything the at-most-once channel drops. <code>LISTEN</code>/<code>NOTIFY</code> is not a durable message queue and you will hurt yourself if you treat it like one. Treated as what it actually is — a transactional, low-latency signal that says "this id changed, go look" — it lets a free discovery platform keep an aggressive multi-layer cache and still reflect a corrected title or a pulled video within seconds. That combination, high hit rates plus fast invalidation, is exactly the thing that used to feel mutually exclusive, and it is the difference between a viewer seeing six-hour-stale metadata and seeing the truth.</p> postgres php caching go ahmet gedik Fri, 12 Jun 2026 11:00:01 +0000 https://dev.to/ahmet_gedik778845/deduplicating-video-urls-at-scale-with-a-php-canonicalization-pipeline-2dgm https://dev.to/ahmet_gedik778845/deduplicating-video-urls-at-scale-with-a-php-canonicalization-pipeline-2dgm <p>Last month I opened our admin dashboard and found the trailer for one Korean drama sitting in the discovery feed eleven separate times. Eleven rows, eleven thumbnails, eleven primary keys, all pointing at the exact same video. At <a href="https://trendvidstream.com" rel="noopener noreferrer">TrendVidStream</a> we fan out discovery crons across eight regions, and each region had ingested that clip with its own mix of tracking parameters, a different host alias, and in two cases a shortened link. To a person they are obviously the same video. To a <code>videos</code> table they were eleven unrelated facts. This is the URL canonicalization problem, and if you run any kind of content aggregator it will quietly wreck your data quality before you ever notice it.</p> <h2> Why one video becomes eleven rows </h2> <p>The variation comes from every layer of the stack at once. The same upstream video reaches us as all of these:</p> <ul> <li><code>https://www.youtube.com/watch?v=dQw4w9WgXcQ</code></li> <li><code>https://youtu.be/dQw4w9WgXcQ?si=8fJ2kLm</code></li> <li><code>https://m.youtube.com/watch?v=dQw4w9WgXcQ&amp;feature=share</code></li> <li><code>https://www.youtube.com/embed/dQw4w9WgXcQ</code></li> <li><code>https://www.youtube.com/shorts/dQw4w9WgXcQ</code></li> </ul> <p>Region crons receive tracking parameters that the upstream API hands back. Mobile endpoints return <code>m.</code> hosts. Share buttons append <code>si</code> and <code>feature</code>. Embed and shorts surfaces use entirely different path shapes for the identical video. If your dedup strategy is <code>INSERT OR IGNORE</code> keyed on the raw URL string, which is where almost everyone starts, every one of those becomes a brand new row, because as strings they genuinely are all different.</p> <p>The damage is not just cosmetic. A duplicated catalogue poisons everything downstream: your trending ranker counts the same video five times and over-promotes it, your FTS5 search returns five identical hits on the first page, your region-availability badges are wrong, and your sitemap ships five URLs that search engines treat as duplicate content. We were paying that tax on every one of eight regions, every cron cycle.</p> <h2> What canonical actually means here </h2> <p>Canonicalization is the process of reducing many equivalent representations of a thing down to one chosen representative. For video URLs I split it into two layers, because each layer solves a different failure mode.</p> <p>The first layer is <strong>string normalization</strong>: take a URL and produce a deterministic, cleaned-up version of the same URL. Same scheme, lowercased host, no tracking junk, sorted query string. This collapses <code>?v=X&amp;utm_source=...</code> and <code>?utm_source=...&amp;v=X</code> into one.</p> <p>The second layer is <strong>identity extraction</strong>: pull the platform-stable video ID out of the normalized URL, because two completely different URL shapes such as <code>youtu.be/X</code> and <code>youtube.com/embed/X</code> still point at the same video, and string normalization alone will never make them equal. The identity is what we actually deduplicate on. The normalized URL is what we store and serve.</p> <p>Treat these as separate steps. Bolting identity logic into your normalizer produces a tangled function that is impossible to test, and you will be testing this code constantly as platforms keep changing their URL formats.</p> <h2> Layer one normalizing the URL string </h2> <p>Here is the normalizer we run on PHP 8.4. It is deliberately boring: parse, rewrite the parts we care about, drop the rest.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="cp">&lt;?php</span> <span class="k">declare</span><span class="p">(</span><span class="n">strict_types</span><span class="o">=</span><span class="mi">1</span><span class="p">);</span> <span class="k">final</span> <span class="kd">class</span> <span class="nc">UrlNormalizer</span> <span class="p">{</span> <span class="k">private</span> <span class="k">const</span> <span class="no">STRIP_PARAMS</span> <span class="o">=</span> <span class="p">[</span> <span class="s1">'utm_source'</span><span class="p">,</span> <span class="s1">'utm_medium'</span><span class="p">,</span> <span class="s1">'utm_campaign'</span><span class="p">,</span> <span class="s1">'utm_term'</span><span class="p">,</span> <span class="s1">'utm_content'</span><span class="p">,</span> <span class="s1">'feature'</span><span class="p">,</span> <span class="s1">'gclid'</span><span class="p">,</span> <span class="s1">'fbclid'</span><span class="p">,</span> <span class="s1">'si'</span><span class="p">,</span> <span class="s1">'pp'</span><span class="p">,</span> <span class="s1">'ab_channel'</span><span class="p">,</span> <span class="p">];</span> <span class="k">private</span> <span class="k">const</span> <span class="no">HOST_ALIASES</span> <span class="o">=</span> <span class="p">[</span> <span class="s1">'m.youtube.com'</span> <span class="o">=&gt;</span> <span class="s1">'www.youtube.com'</span><span class="p">,</span> <span class="s1">'youtube.com'</span> <span class="o">=&gt;</span> <span class="s1">'www.youtube.com'</span><span class="p">,</span> <span class="s1">'youtu.be'</span> <span class="o">=&gt;</span> <span class="s1">'www.youtube.com'</span><span class="p">,</span> <span class="s1">'m.dailymotion.com'</span> <span class="o">=&gt;</span> <span class="s1">'www.dailymotion.com'</span><span class="p">,</span> <span class="p">];</span> <span class="k">public</span> <span class="k">function</span> <span class="n">normalize</span><span class="p">(</span><span class="kt">string</span> <span class="nv">$raw</span><span class="p">):</span> <span class="kt">string</span> <span class="p">{</span> <span class="nv">$parts</span> <span class="o">=</span> <span class="nb">parse_url</span><span class="p">(</span><span class="nb">trim</span><span class="p">(</span><span class="nv">$raw</span><span class="p">));</span> <span class="k">if</span> <span class="p">(</span><span class="nv">$parts</span> <span class="o">===</span> <span class="kc">false</span> <span class="o">||</span> <span class="k">empty</span><span class="p">(</span><span class="nv">$parts</span><span class="p">[</span><span class="s1">'host'</span><span class="p">]))</span> <span class="p">{</span> <span class="k">throw</span> <span class="k">new</span> <span class="nc">InvalidArgumentException</span><span class="p">(</span><span class="s1">'unparseable URL: '</span> <span class="mf">.</span> <span class="nv">$raw</span><span class="p">);</span> <span class="p">}</span> <span class="nv">$host</span> <span class="o">=</span> <span class="nb">strtolower</span><span class="p">(</span><span class="nv">$parts</span><span class="p">[</span><span class="s1">'host'</span><span class="p">]);</span> <span class="nv">$host</span> <span class="o">=</span> <span class="k">self</span><span class="o">::</span><span class="no">HOST_ALIASES</span><span class="p">[</span><span class="nv">$host</span><span class="p">]</span> <span class="o">??</span> <span class="nv">$host</span><span class="p">;</span> <span class="nv">$path</span> <span class="o">=</span> <span class="nb">rtrim</span><span class="p">(</span><span class="nv">$parts</span><span class="p">[</span><span class="s1">'path'</span><span class="p">]</span> <span class="o">??</span> <span class="s1">'/'</span><span class="p">,</span> <span class="s1">'/'</span><span class="p">)</span> <span class="o">?:</span> <span class="s1">'/'</span><span class="p">;</span> <span class="nv">$query</span> <span class="o">=</span> <span class="p">[];</span> <span class="k">if</span> <span class="p">(</span><span class="o">!</span><span class="k">empty</span><span class="p">(</span><span class="nv">$parts</span><span class="p">[</span><span class="s1">'query'</span><span class="p">]))</span> <span class="p">{</span> <span class="nb">parse_str</span><span class="p">(</span><span class="nv">$parts</span><span class="p">[</span><span class="s1">'query'</span><span class="p">],</span> <span class="nv">$query</span><span class="p">);</span> <span class="k">foreach</span> <span class="p">(</span><span class="k">self</span><span class="o">::</span><span class="no">STRIP_PARAMS</span> <span class="k">as</span> <span class="nv">$junk</span><span class="p">)</span> <span class="p">{</span> <span class="k">unset</span><span class="p">(</span><span class="nv">$query</span><span class="p">[</span><span class="nv">$junk</span><span class="p">]);</span> <span class="p">}</span> <span class="nb">ksort</span><span class="p">(</span><span class="nv">$query</span><span class="p">);</span> <span class="p">}</span> <span class="nv">$rebuilt</span> <span class="o">=</span> <span class="s1">'https://'</span> <span class="mf">.</span> <span class="nv">$host</span> <span class="mf">.</span> <span class="nv">$path</span><span class="p">;</span> <span class="k">if</span> <span class="p">(</span><span class="nv">$query</span> <span class="o">!==</span> <span class="p">[])</span> <span class="p">{</span> <span class="nv">$rebuilt</span> <span class="mf">.</span><span class="o">=</span> <span class="s1">'?'</span> <span class="mf">.</span> <span class="nb">http_build_query</span><span class="p">(</span><span class="nv">$query</span><span class="p">);</span> <span class="p">}</span> <span class="k">return</span> <span class="nv">$rebuilt</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>A few decisions worth calling out:</p> <ul> <li> <strong>Host aliasing is explicit, not clever.</strong> <code>youtu.be</code>, <code>m.youtube.com</code> and bare <code>youtube.com</code> all map to <code>www.youtube.com</code>. A lookup table you can read beats a regex you cannot.</li> <li> <strong>Tracking parameters are an allowlist-to-strip, not a denylist-to-keep.</strong> We strip known junk and keep everything else, because dropping an unknown parameter risks dropping something semantically meaningful like a playlist index.</li> <li> <strong>The query string is sorted.</strong> <code>ksort($query)</code> is the single line that makes <code>?a=1&amp;b=2</code> and <code>?b=2&amp;a=1</code> produce identical output. Without it your normalization is non-deterministic against input ordering.</li> <li> <strong>Trailing slashes are removed</strong> so <code>/watch/</code> and <code>/watch</code> agree.</li> </ul> <p>The function throws on unparseable input instead of returning a best-effort string. In a pipeline you want a bad record to stop loudly at the boundary, not flow downstream as a silently malformed canonical key.</p> <h2> Layer two extracting a platform-stable identity </h2> <p>Normalization gets us a clean string, but <code>www.youtube.com/embed/X</code> and <code>www.youtube.com/watch?v=X</code> are both already normalized and still describe the same video. That is what identity extraction is for.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="cp">&lt;?php</span> <span class="k">declare</span><span class="p">(</span><span class="n">strict_types</span><span class="o">=</span><span class="mi">1</span><span class="p">);</span> <span class="k">final</span> <span class="kd">class</span> <span class="nc">VideoIdentity</span> <span class="p">{</span> <span class="cd">/** @return array{platform: string, id: string} */</span> <span class="k">public</span> <span class="k">function</span> <span class="n">resolve</span><span class="p">(</span><span class="kt">string</span> <span class="nv">$normalizedUrl</span><span class="p">):</span> <span class="kt">array</span> <span class="p">{</span> <span class="nv">$u</span> <span class="o">=</span> <span class="nb">parse_url</span><span class="p">(</span><span class="nv">$normalizedUrl</span><span class="p">);</span> <span class="nv">$host</span> <span class="o">=</span> <span class="nv">$u</span><span class="p">[</span><span class="s1">'host'</span><span class="p">]</span> <span class="o">??</span> <span class="s1">''</span><span class="p">;</span> <span class="nv">$path</span> <span class="o">=</span> <span class="nv">$u</span><span class="p">[</span><span class="s1">'path'</span><span class="p">]</span> <span class="o">??</span> <span class="s1">''</span><span class="p">;</span> <span class="nb">parse_str</span><span class="p">(</span><span class="nv">$u</span><span class="p">[</span><span class="s1">'query'</span><span class="p">]</span> <span class="o">??</span> <span class="s1">''</span><span class="p">,</span> <span class="nv">$q</span><span class="p">);</span> <span class="k">return</span> <span class="k">match</span> <span class="p">(</span><span class="kc">true</span><span class="p">)</span> <span class="p">{</span> <span class="nf">str_contains</span><span class="p">(</span><span class="nv">$host</span><span class="p">,</span> <span class="s1">'youtube.com'</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">[</span> <span class="s1">'platform'</span> <span class="o">=&gt;</span> <span class="s1">'youtube'</span><span class="p">,</span> <span class="s1">'id'</span> <span class="o">=&gt;</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="nf">youtubeId</span><span class="p">(</span><span class="nv">$path</span><span class="p">,</span> <span class="nv">$q</span><span class="p">),</span> <span class="p">],</span> <span class="nf">str_contains</span><span class="p">(</span><span class="nv">$host</span><span class="p">,</span> <span class="s1">'dailymotion.com'</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">[</span> <span class="s1">'platform'</span> <span class="o">=&gt;</span> <span class="s1">'dailymotion'</span><span class="p">,</span> <span class="s1">'id'</span> <span class="o">=&gt;</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="nf">lastSegment</span><span class="p">(</span><span class="nv">$path</span><span class="p">),</span> <span class="p">],</span> <span class="nf">str_contains</span><span class="p">(</span><span class="nv">$host</span><span class="p">,</span> <span class="s1">'vimeo.com'</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">[</span> <span class="s1">'platform'</span> <span class="o">=&gt;</span> <span class="s1">'vimeo'</span><span class="p">,</span> <span class="s1">'id'</span> <span class="o">=&gt;</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="nf">lastSegment</span><span class="p">(</span><span class="nv">$path</span><span class="p">),</span> <span class="p">],</span> <span class="k">default</span> <span class="o">=&gt;</span> <span class="p">[</span> <span class="s1">'platform'</span> <span class="o">=&gt;</span> <span class="s1">'generic'</span><span class="p">,</span> <span class="s1">'id'</span> <span class="o">=&gt;</span> <span class="nb">hash</span><span class="p">(</span><span class="s1">'xxh128'</span><span class="p">,</span> <span class="nv">$normalizedUrl</span><span class="p">),</span> <span class="p">],</span> <span class="p">};</span> <span class="p">}</span> <span class="k">private</span> <span class="k">function</span> <span class="n">youtubeId</span><span class="p">(</span><span class="kt">string</span> <span class="nv">$path</span><span class="p">,</span> <span class="kt">array</span> <span class="nv">$q</span><span class="p">):</span> <span class="kt">string</span> <span class="p">{</span> <span class="k">if</span> <span class="p">(</span><span class="k">isset</span><span class="p">(</span><span class="nv">$q</span><span class="p">[</span><span class="s1">'v'</span><span class="p">])</span> <span class="o">&amp;&amp;</span> <span class="nb">preg_match</span><span class="p">(</span><span class="s1">'/^[A-Za-z0-9_-]{11}$/'</span><span class="p">,</span> <span class="nv">$q</span><span class="p">[</span><span class="s1">'v'</span><span class="p">]))</span> <span class="p">{</span> <span class="k">return</span> <span class="nv">$q</span><span class="p">[</span><span class="s1">'v'</span><span class="p">];</span> <span class="p">}</span> <span class="k">if</span> <span class="p">(</span><span class="nb">preg_match</span><span class="p">(</span><span class="s1">'#/(?:embed|shorts|v)/([A-Za-z0-9_-]{11})#'</span><span class="p">,</span> <span class="nv">$path</span><span class="p">,</span> <span class="nv">$m</span><span class="p">))</span> <span class="p">{</span> <span class="k">return</span> <span class="nv">$m</span><span class="p">[</span><span class="mi">1</span><span class="p">];</span> <span class="p">}</span> <span class="nv">$seg</span> <span class="o">=</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="nf">lastSegment</span><span class="p">(</span><span class="nv">$path</span><span class="p">);</span> <span class="k">if</span> <span class="p">(</span><span class="nb">preg_match</span><span class="p">(</span><span class="s1">'/^[A-Za-z0-9_-]{11}$/'</span><span class="p">,</span> <span class="nv">$seg</span><span class="p">))</span> <span class="p">{</span> <span class="k">return</span> <span class="nv">$seg</span><span class="p">;</span> <span class="p">}</span> <span class="k">throw</span> <span class="k">new</span> <span class="nc">RuntimeException</span><span class="p">(</span><span class="s1">'no YouTube id in '</span> <span class="mf">.</span> <span class="nv">$path</span><span class="p">);</span> <span class="p">}</span> <span class="k">private</span> <span class="k">function</span> <span class="n">lastSegment</span><span class="p">(</span><span class="kt">string</span> <span class="nv">$path</span><span class="p">):</span> <span class="kt">string</span> <span class="p">{</span> <span class="nv">$segments</span> <span class="o">=</span> <span class="nb">array_values</span><span class="p">(</span><span class="nb">array_filter</span><span class="p">(</span><span class="nb">explode</span><span class="p">(</span><span class="s1">'/'</span><span class="p">,</span> <span class="nv">$path</span><span class="p">)));</span> <span class="k">return</span> <span class="nv">$segments</span> <span class="o">?</span> <span class="nb">end</span><span class="p">(</span><span class="nv">$segments</span><span class="p">)</span> <span class="o">:</span> <span class="s1">''</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>The <code>match (true)</code> block dispatches on host and each platform gets a small handler. YouTube is the messy one: the ID can live in the <code>v</code> query parameter, or in an <code>/embed/</code>, <code>/shorts/</code>, or <code>/v/</code> path segment, or, once <code>youtu.be</code> has been aliased and its path reduced to <code>/&lt;id&gt;</code>, as the last path segment. Every YouTube ID is validated against the canonical eleven-character <code>[A-Za-z0-9_-]</code> pattern, so a malformed path raises instead of producing a junk identity.</p> <p>Anything we do not recognize falls through to a <code>generic</code> platform whose identity is just a hash of the normalized URL. That is a deliberate floor: an unknown source still gets a stable key, it just cannot be deduplicated across URL shapes the way a known platform can. When we add a new source we add a handler; until then nothing crashes.</p> <h2> The canonical key and an idempotent write </h2> <p>Now we can define the canonical key: <code>platform:id</code>, for example <code>youtube:dQw4w9WgXcQ</code>. It is human-readable in logs, collision-resistant across platforms, and makes a perfect primary key. Here is the schema:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">CREATE</span> <span class="k">TABLE</span> <span class="n">videos</span> <span class="p">(</span> <span class="n">canonical_key</span> <span class="nb">TEXT</span> <span class="k">PRIMARY</span> <span class="k">KEY</span><span class="p">,</span> <span class="c1">-- e.g. youtube:dQw4w9WgXcQ</span> <span class="n">platform</span> <span class="nb">TEXT</span> <span class="k">NOT</span> <span class="k">NULL</span><span class="p">,</span> <span class="n">video_id</span> <span class="nb">TEXT</span> <span class="k">NOT</span> <span class="k">NULL</span><span class="p">,</span> <span class="n">title</span> <span class="nb">TEXT</span> <span class="k">NOT</span> <span class="k">NULL</span><span class="p">,</span> <span class="n">first_seen</span> <span class="nb">INTEGER</span> <span class="k">NOT</span> <span class="k">NULL</span><span class="p">,</span> <span class="n">last_seen</span> <span class="nb">INTEGER</span> <span class="k">NOT</span> <span class="k">NULL</span> <span class="p">);</span> <span class="k">CREATE</span> <span class="k">TABLE</span> <span class="n">video_regions</span> <span class="p">(</span> <span class="n">canonical_key</span> <span class="nb">TEXT</span> <span class="k">NOT</span> <span class="k">NULL</span> <span class="k">REFERENCES</span> <span class="n">videos</span><span class="p">(</span><span class="n">canonical_key</span><span class="p">)</span> <span class="k">ON</span> <span class="k">DELETE</span> <span class="k">CASCADE</span><span class="p">,</span> <span class="n">region</span> <span class="nb">TEXT</span> <span class="k">NOT</span> <span class="k">NULL</span><span class="p">,</span> <span class="k">PRIMARY</span> <span class="k">KEY</span> <span class="p">(</span><span class="n">canonical_key</span><span class="p">,</span> <span class="n">region</span><span class="p">)</span> <span class="p">);</span> <span class="c1">-- Full-text discovery index, kept in sync with triggers on videos.</span> <span class="k">CREATE</span> <span class="n">VIRTUAL</span> <span class="k">TABLE</span> <span class="n">videos_fts</span> <span class="k">USING</span> <span class="n">fts5</span><span class="p">(</span> <span class="n">title</span><span class="p">,</span> <span class="n">content</span><span class="o">=</span><span class="s1">'videos'</span><span class="p">,</span> <span class="n">content_rowid</span><span class="o">=</span><span class="s1">'rowid'</span> <span class="p">);</span> </code></pre> </div> <p>The <code>videos</code> row is the canonical record. Region membership lives in a separate <code>video_regions</code> junction table, because a single canonical video legitimately appears in many regions and that is a many-to-many relationship, not a comma-joined string you have to parse and re-serialize on every write. The FTS5 virtual table is kept in sync with <code>AFTER INSERT</code>, <code>AFTER UPDATE</code> and <code>AFTER DELETE</code> triggers on <code>videos</code>, so search always sees exactly one row per real video.</p> <p>The write itself is a single idempotent upsert:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="cp">&lt;?php</span> <span class="k">declare</span><span class="p">(</span><span class="n">strict_types</span><span class="o">=</span><span class="mi">1</span><span class="p">);</span> <span class="k">final</span> <span class="kd">class</span> <span class="nc">CanonicalStore</span> <span class="p">{</span> <span class="k">public</span> <span class="k">function</span> <span class="n">__construct</span><span class="p">(</span><span class="k">private</span> <span class="kt">PDO</span> <span class="nv">$db</span><span class="p">)</span> <span class="p">{}</span> <span class="k">public</span> <span class="k">function</span> <span class="n">canonicalKey</span><span class="p">(</span><span class="kt">string</span> <span class="nv">$platform</span><span class="p">,</span> <span class="kt">string</span> <span class="nv">$id</span><span class="p">):</span> <span class="kt">string</span> <span class="p">{</span> <span class="k">return</span> <span class="nv">$platform</span> <span class="mf">.</span> <span class="s1">':'</span> <span class="mf">.</span> <span class="nv">$id</span><span class="p">;</span> <span class="p">}</span> <span class="k">public</span> <span class="k">function</span> <span class="n">upsert</span><span class="p">(</span><span class="kt">string</span> <span class="nv">$platform</span><span class="p">,</span> <span class="kt">string</span> <span class="nv">$id</span><span class="p">,</span> <span class="kt">string</span> <span class="nv">$title</span><span class="p">,</span> <span class="kt">string</span> <span class="nv">$region</span><span class="p">):</span> <span class="kt">void</span> <span class="p">{</span> <span class="nv">$key</span> <span class="o">=</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="nf">canonicalKey</span><span class="p">(</span><span class="nv">$platform</span><span class="p">,</span> <span class="nv">$id</span><span class="p">);</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="n">db</span><span class="o">-&gt;</span><span class="nf">beginTransaction</span><span class="p">();</span> <span class="nv">$video</span> <span class="o">=</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="n">db</span><span class="o">-&gt;</span><span class="nf">prepare</span><span class="p">(</span> <span class="s1">'INSERT INTO videos (canonical_key, platform, video_id, title, first_seen, last_seen) VALUES (:key, :platform, :vid, :title, unixepoch(), unixepoch()) ON CONFLICT(canonical_key) DO UPDATE SET last_seen = unixepoch(), title = excluded.title'</span> <span class="p">);</span> <span class="nv">$video</span><span class="o">-&gt;</span><span class="nf">execute</span><span class="p">([</span> <span class="s1">':key'</span> <span class="o">=&gt;</span> <span class="nv">$key</span><span class="p">,</span> <span class="s1">':platform'</span> <span class="o">=&gt;</span> <span class="nv">$platform</span><span class="p">,</span> <span class="s1">':vid'</span> <span class="o">=&gt;</span> <span class="nv">$id</span><span class="p">,</span> <span class="s1">':title'</span> <span class="o">=&gt;</span> <span class="nv">$title</span><span class="p">,</span> <span class="p">]);</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="n">db</span><span class="o">-&gt;</span><span class="nf">prepare</span><span class="p">(</span> <span class="s1">'INSERT OR IGNORE INTO video_regions (canonical_key, region) VALUES (:key, :region)'</span> <span class="p">)</span><span class="o">-&gt;</span><span class="nf">execute</span><span class="p">([</span><span class="s1">':key'</span> <span class="o">=&gt;</span> <span class="nv">$key</span><span class="p">,</span> <span class="s1">':region'</span> <span class="o">=&gt;</span> <span class="nv">$region</span><span class="p">]);</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="n">db</span><span class="o">-&gt;</span><span class="nf">commit</span><span class="p">();</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p><code>ON CONFLICT(canonical_key) DO UPDATE</code> means re-ingesting a video we already have is a no-op on identity: it just bumps <code>last_seen</code> and refreshes the title. Region membership is a separate <code>INSERT OR IGNORE</code>, so the eighth region to see a video adds itself to <code>video_regions</code> without touching or duplicating the canonical row. Run the same cron twice, run all eight regions concurrently, replay yesterday's feed, and the table converges to the same state every time. Idempotency is the property that lets you stop being afraid of your own cron.</p> <h2> Short links and redirects </h2> <p>One case the normalizer cannot handle on its own is a genuine redirect, a <code>t.co</code> or bare share link that only reveals its real target after an HTTP round trip. Resolving those inline would be a disaster: you would add network latency and an external failure mode to your ingest path, and a slow upstream would back up the whole cron.</p> <p>So we resolve redirects out of band. A short link gets a single <code>HEAD</code> request with a three-second timeout and <code>CURLOPT_FOLLOWLOCATION</code> capped at three hops; the resolved target is cached in a <code>url_redirects(short, resolved, resolved_at)</code> table keyed on the short URL. The next time any region sees that short link, and across eight regions they will see it repeatedly, it is a local SQLite lookup instead of a network call. Redirect resolution is the one place this pipeline touches the network, so it is the one place we cache aggressively and fail soft: if the HEAD request times out we keep the short URL as-is and try again next cycle, rather than dropping the video.</p> <h2> Wiring it into the multi-region cron </h2> <p>The eight region crons do not each need their own canonicalization logic; they call the same three steps. A region fetch does: pull the raw feed, and for each item run normalize, then resolve identity, then <code>upsert(region)</code>. Because region membership accumulates through the junction table, the order regions run in does not matter and they can overlap. The US cron at 02:00 and the JP cron at 02:05 both contributing the same video just produce two <code>video_regions</code> rows against one <code>videos</code> row.</p> <p>This matters operationally because we deploy over FTP. There is no build step or container on the host; the cron entry points are plain PHP files synced up and run by the host's own scheduler. The canonicalization classes are pure, dependency-free PHP that behaves identically on a laptop and on the LiteSpeed box it lands on. The less environment-specific magic in your ingest path, the less there is to go wrong on a host you reach through an FTP client.</p> <h2> Backfilling the rows we already had </h2> <p>That left the eleven-row mess already sitting in the table. A one-shot Python script handled the backfill, Python because our offline tooling already lives there and plain <code>sqlite3</code> is more than enough for a few hundred thousand rows.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">sqlite3</span> <span class="kn">from</span> <span class="n">collections</span> <span class="kn">import</span> <span class="n">defaultdict</span> <span class="kn">from</span> <span class="n">urllib.parse</span> <span class="kn">import</span> <span class="n">urlsplit</span><span class="p">,</span> <span class="n">parse_qs</span> <span class="k">def</span> <span class="nf">youtube_id</span><span class="p">(</span><span class="n">url</span><span class="p">):</span> <span class="n">parts</span> <span class="o">=</span> <span class="nf">urlsplit</span><span class="p">(</span><span class="n">url</span><span class="p">)</span> <span class="n">host</span> <span class="o">=</span> <span class="n">parts</span><span class="p">.</span><span class="n">netloc</span><span class="p">.</span><span class="nf">lower</span><span class="p">()</span> <span class="k">if</span> <span class="sh">'</span><span class="s">youtu.be</span><span class="sh">'</span> <span class="ow">in</span> <span class="n">host</span><span class="p">:</span> <span class="k">return</span> <span class="n">parts</span><span class="p">.</span><span class="n">path</span><span class="p">.</span><span class="nf">strip</span><span class="p">(</span><span class="sh">'</span><span class="s">/</span><span class="sh">'</span><span class="p">).</span><span class="nf">split</span><span class="p">(</span><span class="sh">'</span><span class="s">/</span><span class="sh">'</span><span class="p">)[</span><span class="mi">0</span><span class="p">]</span> <span class="ow">or</span> <span class="bp">None</span> <span class="k">if</span> <span class="sh">'</span><span class="s">youtube.com</span><span class="sh">'</span> <span class="ow">in</span> <span class="n">host</span><span class="p">:</span> <span class="n">q</span> <span class="o">=</span> <span class="nf">parse_qs</span><span class="p">(</span><span class="n">parts</span><span class="p">.</span><span class="n">query</span><span class="p">)</span> <span class="k">if</span> <span class="sh">'</span><span class="s">v</span><span class="sh">'</span> <span class="ow">in</span> <span class="n">q</span><span class="p">:</span> <span class="k">return</span> <span class="n">q</span><span class="p">[</span><span class="sh">'</span><span class="s">v</span><span class="sh">'</span><span class="p">][</span><span class="mi">0</span><span class="p">]</span> <span class="n">seg</span> <span class="o">=</span> <span class="n">parts</span><span class="p">.</span><span class="n">path</span><span class="p">.</span><span class="nf">strip</span><span class="p">(</span><span class="sh">'</span><span class="s">/</span><span class="sh">'</span><span class="p">).</span><span class="nf">split</span><span class="p">(</span><span class="sh">'</span><span class="s">/</span><span class="sh">'</span><span class="p">)</span> <span class="k">if</span> <span class="nf">len</span><span class="p">(</span><span class="n">seg</span><span class="p">)</span> <span class="o">==</span> <span class="mi">2</span> <span class="ow">and</span> <span class="n">seg</span><span class="p">[</span><span class="mi">0</span><span class="p">]</span> <span class="ow">in</span> <span class="p">{</span><span class="sh">'</span><span class="s">embed</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">shorts</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">v</span><span class="sh">'</span><span class="p">}:</span> <span class="k">return</span> <span class="n">seg</span><span class="p">[</span><span class="mi">1</span><span class="p">]</span> <span class="k">return</span> <span class="bp">None</span> <span class="k">def</span> <span class="nf">canonical_key</span><span class="p">(</span><span class="n">url</span><span class="p">):</span> <span class="n">vid</span> <span class="o">=</span> <span class="nf">youtube_id</span><span class="p">(</span><span class="n">url</span><span class="p">)</span> <span class="k">return</span> <span class="sa">f</span><span class="sh">'</span><span class="s">youtube:</span><span class="si">{</span><span class="n">vid</span><span class="si">}</span><span class="sh">'</span> <span class="k">if</span> <span class="n">vid</span> <span class="k">else</span> <span class="bp">None</span> <span class="n">con</span> <span class="o">=</span> <span class="n">sqlite3</span><span class="p">.</span><span class="nf">connect</span><span class="p">(</span><span class="sh">'</span><span class="s">data/videos.db</span><span class="sh">'</span><span class="p">)</span> <span class="n">con</span><span class="p">.</span><span class="n">row_factory</span> <span class="o">=</span> <span class="n">sqlite3</span><span class="p">.</span><span class="n">Row</span> <span class="n">rows</span> <span class="o">=</span> <span class="n">con</span><span class="p">.</span><span class="nf">execute</span><span class="p">(</span><span class="sh">'</span><span class="s">SELECT rowid, url, region FROM legacy_videos</span><span class="sh">'</span><span class="p">).</span><span class="nf">fetchall</span><span class="p">()</span> <span class="n">groups</span> <span class="o">=</span> <span class="nf">defaultdict</span><span class="p">(</span><span class="nb">list</span><span class="p">)</span> <span class="k">for</span> <span class="n">r</span> <span class="ow">in</span> <span class="n">rows</span><span class="p">:</span> <span class="n">key</span> <span class="o">=</span> <span class="nf">canonical_key</span><span class="p">(</span><span class="n">r</span><span class="p">[</span><span class="sh">'</span><span class="s">url</span><span class="sh">'</span><span class="p">])</span> <span class="k">if</span> <span class="n">key</span><span class="p">:</span> <span class="n">groups</span><span class="p">[</span><span class="n">key</span><span class="p">].</span><span class="nf">append</span><span class="p">(</span><span class="n">r</span><span class="p">)</span> <span class="n">merged</span><span class="p">,</span> <span class="n">dropped</span> <span class="o">=</span> <span class="mi">0</span><span class="p">,</span> <span class="mi">0</span> <span class="k">for</span> <span class="n">key</span><span class="p">,</span> <span class="n">members</span> <span class="ow">in</span> <span class="n">groups</span><span class="p">.</span><span class="nf">items</span><span class="p">():</span> <span class="n">keeper</span> <span class="o">=</span> <span class="nf">min</span><span class="p">(</span><span class="n">m</span><span class="p">[</span><span class="sh">'</span><span class="s">rowid</span><span class="sh">'</span><span class="p">]</span> <span class="k">for</span> <span class="n">m</span> <span class="ow">in</span> <span class="n">members</span><span class="p">)</span> <span class="n">regions</span> <span class="o">=</span> <span class="p">{</span><span class="n">m</span><span class="p">[</span><span class="sh">'</span><span class="s">region</span><span class="sh">'</span><span class="p">]</span> <span class="k">for</span> <span class="n">m</span> <span class="ow">in</span> <span class="n">members</span><span class="p">}</span> <span class="n">merged</span> <span class="o">+=</span> <span class="mi">1</span> <span class="n">dropped</span> <span class="o">+=</span> <span class="nf">len</span><span class="p">(</span><span class="n">members</span><span class="p">)</span> <span class="o">-</span> <span class="mi">1</span> <span class="c1"># upsert keeper into videos, INSERT OR IGNORE each region, delete the rest </span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">'</span><span class="si">{</span><span class="n">merged</span><span class="si">}</span><span class="s"> canonical videos, </span><span class="si">{</span><span class="n">dropped</span><span class="si">}</span><span class="s"> duplicate rows collapsed</span><span class="sh">'</span><span class="p">)</span> <span class="n">con</span><span class="p">.</span><span class="nf">close</span><span class="p">()</span> </code></pre> </div> <p>The strategy is read everything, group by canonical key, keep the lowest rowid as the survivor, union every duplicate's region into the survivor, and delete the rest, all inside one transaction with a dry-run flag that prints the counts without writing. The first real run collapsed about 38,000 rows into roughly 24,000 canonical videos. Always dry-run a destructive backfill against a copy of the database first; the cost of being wrong about your canonical key is deleting real data.</p> <h2> What it bought us </h2> <p>Concrete results after shipping this across all eight regions:</p> <ul> <li> <strong>Row count dropped by a third</strong> and stopped growing super-linearly with region count.</li> <li> <strong>FTS5 search returns one hit per video.</strong> First-page duplicates were the single most common complaint and they are gone.</li> <li> <strong>Region badges are correct</strong> because membership is tracked explicitly instead of inferred from whichever URL variant happened to land first.</li> <li> <strong>The trending ranker stopped double-counting</strong>, which quietly improved the entire discovery feed.</li> <li> <strong>The sitemap shrank</strong> and the duplicate-content warnings in Search Console cleared.</li> </ul> <h2> Conclusion </h2> <p>URL canonicalization looks like a string-cleaning chore and turns out to be a data-modeling decision. The leverage is in separating the two layers, normalize the string and then extract a platform-stable identity, and in making the write idempotent so that eight regions hammering the same endpoint converge instead of multiply. None of the code here is exotic; it is <code>parse_url</code>, a lookup table, a <code>match</code>, and an <code>ON CONFLICT</code>. The discipline is in choosing one canonical representative and routing every write through it. Build that boundary once, test it hard because platform URL formats will keep shifting under you, and your catalogue stays honest no matter how many regions you fan out to.</p> php sqlite backend webdev ahmet gedik Fri, 12 Jun 2026 00:00:01 +0000 https://dev.to/ahmet_gedik778845/building-video-metadata-semantic-search-with-pgvector-and-openai-embeddings-34c https://dev.to/ahmet_gedik778845/building-video-metadata-semantic-search-with-pgvector-and-openai-embeddings-34c <p>Our keyword search was quietly failing a third of our users. Someone would type "funny cat falls off table" into <a href="https://viralvidvault.com" rel="noopener noreferrer">ViralVidVault</a>, and our SQLite <code>LIKE '%funny%cat%'</code> query would return nothing — because the actual trending clip was titled "Maine Coon yeets itself into the void." Same video, zero lexical overlap. We track viral video metadata across European markets, and viral content is exactly where titles drift furthest from the words people use to search. Slang, regional phrasing, emoji-laden descriptions, machine-translated captions — keyword matching breaks on all of it.</p> <p>The fix was semantic search: embed every video's metadata into a vector, embed the query into the same space, and rank by cosine similarity. This post is the production write-up of how we built that on top of pgvector and OpenAI's <code>text-embedding-3-small</code>, how we kept it GDPR-clean, and how we glued it into a stack that is otherwise PHP 8.4, SQLite in WAL mode, LiteSpeed, and a Cloudflare Worker at the edge.</p> <h2> Why Postgres for vectors when the app runs on SQLite </h2> <p>The main site runs on SQLite with WAL enabled. It is fast, file-based, and survives traffic spikes on LiteSpeed without a separate daemon. But vector search wants three things SQLite does not give you natively: a <code>vector</code> column type, an approximate-nearest-neighbour index, and a distance operator that the planner understands. There are SQLite extensions (<code>sqlite-vec</code> is good), but our embedding corpus is ~2.1M rows and growing, and we wanted HNSW indexing with tunable recall. So we run a dedicated Postgres 16 instance with the <code>pgvector</code> extension purely as a search sidecar. The canonical metadata still lives in SQLite; Postgres holds a denormalised projection plus the vectors.</p> <p>This split matters for a GDPR reason too. The embedding service is the only component that talks to a US-based API (OpenAI). By isolating it, we can document exactly what data crosses the border and keep personal data out of it entirely. We embed <em>video metadata</em> — titles, descriptions, tags, channel names — never user queries tied to an identity, never IP-linked search history. The Postgres box lives in the EU (Hetzner Falkenstein) and logs nothing query-side.</p> <p>Schema first. The extension and the table:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">CREATE</span> <span class="n">EXTENSION</span> <span class="n">IF</span> <span class="k">NOT</span> <span class="k">EXISTS</span> <span class="n">vector</span><span class="p">;</span> <span class="k">CREATE</span> <span class="k">TABLE</span> <span class="n">video_embeddings</span> <span class="p">(</span> <span class="n">video_id</span> <span class="nb">TEXT</span> <span class="k">PRIMARY</span> <span class="k">KEY</span><span class="p">,</span> <span class="n">region</span> <span class="nb">TEXT</span> <span class="k">NOT</span> <span class="k">NULL</span><span class="p">,</span> <span class="c1">-- 'DE','FR','PL', etc.</span> <span class="n">title</span> <span class="nb">TEXT</span> <span class="k">NOT</span> <span class="k">NULL</span><span class="p">,</span> <span class="n">embedding</span> <span class="n">vector</span><span class="p">(</span><span class="mi">1536</span><span class="p">)</span> <span class="k">NOT</span> <span class="k">NULL</span><span class="p">,</span> <span class="n">content_hash</span> <span class="nb">TEXT</span> <span class="k">NOT</span> <span class="k">NULL</span><span class="p">,</span> <span class="c1">-- sha256 of the embedded text</span> <span class="n">updated_at</span> <span class="n">TIMESTAMPTZ</span> <span class="k">NOT</span> <span class="k">NULL</span> <span class="k">DEFAULT</span> <span class="n">now</span><span class="p">()</span> <span class="p">);</span> <span class="c1">-- HNSW index for cosine distance. m and ef_construction</span> <span class="c1">-- trade build time/memory for recall.</span> <span class="k">CREATE</span> <span class="k">INDEX</span> <span class="n">video_embeddings_hnsw</span> <span class="k">ON</span> <span class="n">video_embeddings</span> <span class="k">USING</span> <span class="n">hnsw</span> <span class="p">(</span><span class="n">embedding</span> <span class="n">vector_cosine_ops</span><span class="p">)</span> <span class="k">WITH</span> <span class="p">(</span><span class="n">m</span> <span class="o">=</span> <span class="mi">16</span><span class="p">,</span> <span class="n">ef_construction</span> <span class="o">=</span> <span class="mi">64</span><span class="p">);</span> <span class="c1">-- We filter by region constantly, so index it.</span> <span class="k">CREATE</span> <span class="k">INDEX</span> <span class="n">video_embeddings_region</span> <span class="k">ON</span> <span class="n">video_embeddings</span> <span class="p">(</span><span class="n">region</span><span class="p">);</span> </code></pre> </div> <p>The <code>content_hash</code> column is the unglamorous hero here. Embeddings cost money and rate limit. Re-embedding a video whose metadata has not changed is pure waste. We hash the exact string we send to OpenAI; if the hash already exists with the same value, we skip the API call entirely. On our corpus this drops re-embed cost by about 94% on each nightly refresh, because viral videos churn in <em>ranking</em> far more than they churn in <em>metadata</em>.</p> <h2> Generating embeddings without melting your rate limit </h2> <p>The embedding pipeline is a Python service — Python because the OpenAI SDK and async batching are pleasant there, and because it runs as a cron job outside the request path. It reads new and changed rows from a queue table, batches them (the embeddings endpoint accepts up to 2048 inputs per call), and upserts into Postgres.</p> <p>The text you embed is the highest-leverage decision in the whole system. Do not just embed the title. We concatenate a weighted, structured document so the vector captures channel and tag context:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">hashlib</span> <span class="kn">import</span> <span class="n">asyncio</span> <span class="kn">import</span> <span class="n">os</span> <span class="kn">import</span> <span class="n">psycopg</span> <span class="kn">from</span> <span class="n">openai</span> <span class="kn">import</span> <span class="n">AsyncOpenAI</span> <span class="n">client</span> <span class="o">=</span> <span class="nc">AsyncOpenAI</span><span class="p">(</span><span class="n">api_key</span><span class="o">=</span><span class="n">os</span><span class="p">.</span><span class="n">environ</span><span class="p">[</span><span class="sh">"</span><span class="s">OPENAI_API_KEY</span><span class="sh">"</span><span class="p">])</span> <span class="n">MODEL</span> <span class="o">=</span> <span class="sh">"</span><span class="s">text-embedding-3-small</span><span class="sh">"</span> <span class="c1"># 1536 dims, cheap, plenty good </span> <span class="k">def</span> <span class="nf">build_document</span><span class="p">(</span><span class="n">row</span><span class="p">:</span> <span class="nb">dict</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="nb">str</span><span class="p">:</span> <span class="c1"># Order matters: titles first, they carry the most signal. </span> <span class="n">parts</span> <span class="o">=</span> <span class="p">[</span> <span class="n">row</span><span class="p">[</span><span class="sh">"</span><span class="s">title</span><span class="sh">"</span><span class="p">],</span> <span class="sa">f</span><span class="sh">"</span><span class="s">Channel: </span><span class="si">{</span><span class="n">row</span><span class="p">[</span><span class="sh">'</span><span class="s">channel</span><span class="sh">'</span><span class="p">]</span><span class="si">}</span><span class="sh">"</span><span class="p">,</span> <span class="sa">f</span><span class="sh">"</span><span class="s">Tags: </span><span class="si">{</span><span class="sh">'</span><span class="s">, </span><span class="sh">'</span><span class="p">.</span><span class="n">join</span><span class="p">(</span><span class="n">row</span><span class="p">[</span><span class="sh">'</span><span class="s">tags</span><span class="sh">'</span><span class="p">][</span><span class="si">:</span><span class="mi">12</span><span class="p">])</span><span class="si">}</span><span class="sh">"</span><span class="p">,</span> <span class="p">(</span><span class="n">row</span><span class="p">[</span><span class="sh">"</span><span class="s">description</span><span class="sh">"</span><span class="p">]</span> <span class="ow">or</span> <span class="sh">""</span><span class="p">)[:</span><span class="mi">500</span><span class="p">],</span> <span class="p">]</span> <span class="k">return</span> <span class="sh">"</span><span class="se">\n</span><span class="sh">"</span><span class="p">.</span><span class="nf">join</span><span class="p">(</span><span class="n">p</span> <span class="k">for</span> <span class="n">p</span> <span class="ow">in</span> <span class="n">parts</span> <span class="k">if</span> <span class="n">p</span><span class="p">)</span> <span class="k">def</span> <span class="nf">content_hash</span><span class="p">(</span><span class="n">text</span><span class="p">:</span> <span class="nb">str</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="nb">str</span><span class="p">:</span> <span class="k">return</span> <span class="n">hashlib</span><span class="p">.</span><span class="nf">sha256</span><span class="p">(</span><span class="n">text</span><span class="p">.</span><span class="nf">encode</span><span class="p">(</span><span class="sh">"</span><span class="s">utf-8</span><span class="sh">"</span><span class="p">)).</span><span class="nf">hexdigest</span><span class="p">()</span> <span class="k">async</span> <span class="k">def</span> <span class="nf">embed_batch</span><span class="p">(</span><span class="n">rows</span><span class="p">:</span> <span class="nb">list</span><span class="p">[</span><span class="nb">dict</span><span class="p">])</span> <span class="o">-&gt;</span> <span class="nb">list</span><span class="p">[</span><span class="nb">dict</span><span class="p">]:</span> <span class="n">docs</span><span class="p">,</span> <span class="n">hashes</span> <span class="o">=</span> <span class="p">[],</span> <span class="p">[]</span> <span class="k">for</span> <span class="n">r</span> <span class="ow">in</span> <span class="n">rows</span><span class="p">:</span> <span class="n">doc</span> <span class="o">=</span> <span class="nf">build_document</span><span class="p">(</span><span class="n">r</span><span class="p">)</span> <span class="n">docs</span><span class="p">.</span><span class="nf">append</span><span class="p">(</span><span class="n">doc</span><span class="p">)</span> <span class="n">hashes</span><span class="p">.</span><span class="nf">append</span><span class="p">(</span><span class="nf">content_hash</span><span class="p">(</span><span class="n">doc</span><span class="p">))</span> <span class="n">resp</span> <span class="o">=</span> <span class="k">await</span> <span class="n">client</span><span class="p">.</span><span class="n">embeddings</span><span class="p">.</span><span class="nf">create</span><span class="p">(</span><span class="n">model</span><span class="o">=</span><span class="n">MODEL</span><span class="p">,</span> <span class="nb">input</span><span class="o">=</span><span class="n">docs</span><span class="p">)</span> <span class="n">out</span> <span class="o">=</span> <span class="p">[]</span> <span class="k">for</span> <span class="n">r</span><span class="p">,</span> <span class="n">h</span><span class="p">,</span> <span class="n">item</span> <span class="ow">in</span> <span class="nf">zip</span><span class="p">(</span><span class="n">rows</span><span class="p">,</span> <span class="n">hashes</span><span class="p">,</span> <span class="n">resp</span><span class="p">.</span><span class="n">data</span><span class="p">):</span> <span class="n">out</span><span class="p">.</span><span class="nf">append</span><span class="p">({</span> <span class="sh">"</span><span class="s">video_id</span><span class="sh">"</span><span class="p">:</span> <span class="n">r</span><span class="p">[</span><span class="sh">"</span><span class="s">video_id</span><span class="sh">"</span><span class="p">],</span> <span class="sh">"</span><span class="s">region</span><span class="sh">"</span><span class="p">:</span> <span class="n">r</span><span class="p">[</span><span class="sh">"</span><span class="s">region</span><span class="sh">"</span><span class="p">],</span> <span class="sh">"</span><span class="s">title</span><span class="sh">"</span><span class="p">:</span> <span class="n">r</span><span class="p">[</span><span class="sh">"</span><span class="s">title</span><span class="sh">"</span><span class="p">],</span> <span class="sh">"</span><span class="s">embedding</span><span class="sh">"</span><span class="p">:</span> <span class="n">item</span><span class="p">.</span><span class="n">embedding</span><span class="p">,</span> <span class="sh">"</span><span class="s">content_hash</span><span class="sh">"</span><span class="p">:</span> <span class="n">h</span><span class="p">,</span> <span class="p">})</span> <span class="k">return</span> <span class="n">out</span> <span class="k">async</span> <span class="k">def</span> <span class="nf">upsert</span><span class="p">(</span><span class="n">conn</span><span class="p">,</span> <span class="n">records</span><span class="p">:</span> <span class="nb">list</span><span class="p">[</span><span class="nb">dict</span><span class="p">])</span> <span class="o">-&gt;</span> <span class="bp">None</span><span class="p">:</span> <span class="k">async</span> <span class="k">with</span> <span class="n">conn</span><span class="p">.</span><span class="nf">cursor</span><span class="p">()</span> <span class="k">as</span> <span class="n">cur</span><span class="p">:</span> <span class="k">for</span> <span class="n">rec</span> <span class="ow">in</span> <span class="n">records</span><span class="p">:</span> <span class="k">await</span> <span class="n">cur</span><span class="p">.</span><span class="nf">execute</span><span class="p">(</span> <span class="sh">"""</span><span class="s"> INSERT INTO video_embeddings (video_id, region, title, embedding, content_hash, updated_at) VALUES (%(video_id)s, %(region)s, %(title)s, %(embedding)s, %(content_hash)s, now()) ON CONFLICT (video_id) DO UPDATE SET region = EXCLUDED.region, title = EXCLUDED.title, embedding = EXCLUDED.embedding, content_hash = EXCLUDED.content_hash, updated_at = now() WHERE video_embeddings.content_hash IS DISTINCT FROM EXCLUDED.content_hash </span><span class="sh">"""</span><span class="p">,</span> <span class="n">rec</span><span class="p">,</span> <span class="p">)</span> <span class="k">await</span> <span class="n">conn</span><span class="p">.</span><span class="nf">commit</span><span class="p">()</span> </code></pre> </div> <p>Two things worth calling out. First, the <code>WHERE ... IS DISTINCT FROM</code> clause on the upsert means even if the queue feeds us a row we have already embedded, the write is a no-op unless the content actually changed — belt and braces on top of the pre-call hash check. Second, <code>text-embedding-3-small</code> at 1536 dimensions is deliberate. The <code>-large</code> model (3072 dims) scored maybe 2–3% higher on our internal relevance evals but doubled both storage and index memory. For viral video discovery, where the corpus turns over weekly anyway, that is not worth it.</p> <p>Batching strategy in practice:</p> <ul> <li> <strong>Chunk to 256 inputs per request</strong>, not the 2048 max. Smaller chunks fail cheaper on transient errors and keep individual request latency under a second.</li> <li> <strong>Back off on 429</strong> with jittered exponential delay. The embeddings endpoint rate-limits on tokens-per-minute, not just requests, so a burst of long descriptions can trip it unexpectedly.</li> <li> <strong>Run embedding as a nightly cron</strong>, never inline. Search must keep working if OpenAI is down; you serve slightly stale vectors, nobody notices.</li> </ul> <h2> Querying from PHP 8.4 </h2> <p>The search request itself is dead simple once the index exists. The PHP front end embeds the user's query (one tiny API call), then asks Postgres for nearest neighbours. We connect to Postgres via PDO only for this one feature — the rest of the app stays on SQLite.</p> <p>Here is the search service. Note the <code>set_config</code> for <code>hnsw.ef_search</code>, which is the runtime recall knob: higher means more accurate, slower; we found 80 a good balance.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="cp">&lt;?php</span> <span class="k">declare</span><span class="p">(</span><span class="n">strict_types</span><span class="o">=</span><span class="mi">1</span><span class="p">);</span> <span class="k">final</span> <span class="kd">class</span> <span class="nc">SemanticVideoSearch</span> <span class="p">{</span> <span class="k">public</span> <span class="k">function</span> <span class="n">__construct</span><span class="p">(</span> <span class="k">private</span> <span class="k">readonly</span> <span class="no">\PDO</span> <span class="nv">$pg</span><span class="p">,</span> <span class="k">private</span> <span class="k">readonly</span> <span class="kt">string</span> <span class="nv">$openAiKey</span><span class="p">,</span> <span class="p">)</span> <span class="p">{}</span> <span class="cd">/** @return list&lt;array{video_id:string,title:string,score:float}&gt; */</span> <span class="k">public</span> <span class="k">function</span> <span class="n">search</span><span class="p">(</span><span class="kt">string</span> <span class="nv">$query</span><span class="p">,</span> <span class="kt">string</span> <span class="nv">$region</span><span class="p">,</span> <span class="kt">int</span> <span class="nv">$limit</span> <span class="o">=</span> <span class="mi">20</span><span class="p">):</span> <span class="kt">array</span> <span class="p">{</span> <span class="nv">$vector</span> <span class="o">=</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="nf">embedQuery</span><span class="p">(</span><span class="nv">$query</span><span class="p">);</span> <span class="nv">$literal</span> <span class="o">=</span> <span class="s1">'['</span> <span class="mf">.</span> <span class="nb">implode</span><span class="p">(</span><span class="s1">','</span><span class="p">,</span> <span class="nv">$vector</span><span class="p">)</span> <span class="mf">.</span> <span class="s1">']'</span><span class="p">;</span> <span class="c1">// Tune recall for this session only.</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="n">pg</span><span class="o">-&gt;</span><span class="nb">exec</span><span class="p">(</span><span class="s1">'SET LOCAL hnsw.ef_search = 80'</span><span class="p">);</span> <span class="nv">$sql</span> <span class="o">=</span> <span class="sh">&lt;&lt;&lt;SQL SELECT video_id, title, 1 - (embedding &lt;=&gt; :vec) AS score FROM video_embeddings WHERE region = :region ORDER BY embedding &lt;=&gt; :vec LIMIT :limit SQL;</span> <span class="nv">$stmt</span> <span class="o">=</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="n">pg</span><span class="o">-&gt;</span><span class="nf">prepare</span><span class="p">(</span><span class="nv">$sql</span><span class="p">);</span> <span class="nv">$stmt</span><span class="o">-&gt;</span><span class="nf">bindValue</span><span class="p">(</span><span class="s1">':vec'</span><span class="p">,</span> <span class="nv">$literal</span><span class="p">);</span> <span class="nv">$stmt</span><span class="o">-&gt;</span><span class="nf">bindValue</span><span class="p">(</span><span class="s1">':region'</span><span class="p">,</span> <span class="nv">$region</span><span class="p">);</span> <span class="nv">$stmt</span><span class="o">-&gt;</span><span class="nf">bindValue</span><span class="p">(</span><span class="s1">':limit'</span><span class="p">,</span> <span class="nv">$limit</span><span class="p">,</span> <span class="no">\PDO</span><span class="o">::</span><span class="no">PARAM_INT</span><span class="p">);</span> <span class="nv">$stmt</span><span class="o">-&gt;</span><span class="nf">execute</span><span class="p">();</span> <span class="k">return</span> <span class="nb">array_map</span><span class="p">(</span> <span class="k">static</span> <span class="k">fn</span><span class="p">(</span><span class="kt">array</span> <span class="nv">$r</span><span class="p">):</span> <span class="kt">array</span> <span class="o">=&gt;</span> <span class="p">[</span> <span class="s1">'video_id'</span> <span class="o">=&gt;</span> <span class="nv">$r</span><span class="p">[</span><span class="s1">'video_id'</span><span class="p">],</span> <span class="s1">'title'</span> <span class="o">=&gt;</span> <span class="nv">$r</span><span class="p">[</span><span class="s1">'title'</span><span class="p">],</span> <span class="s1">'score'</span> <span class="o">=&gt;</span> <span class="p">(</span><span class="n">float</span><span class="p">)</span> <span class="nv">$r</span><span class="p">[</span><span class="s1">'score'</span><span class="p">],</span> <span class="p">],</span> <span class="nv">$stmt</span><span class="o">-&gt;</span><span class="nf">fetchAll</span><span class="p">(</span><span class="no">\PDO</span><span class="o">::</span><span class="no">FETCH_ASSOC</span><span class="p">),</span> <span class="p">);</span> <span class="p">}</span> <span class="cd">/** @return list&lt;float&gt; */</span> <span class="k">private</span> <span class="k">function</span> <span class="n">embedQuery</span><span class="p">(</span><span class="kt">string</span> <span class="nv">$query</span><span class="p">):</span> <span class="kt">array</span> <span class="p">{</span> <span class="nv">$ch</span> <span class="o">=</span> <span class="nb">curl_init</span><span class="p">(</span><span class="s1">'https://api.openai.com/v1/embeddings'</span><span class="p">);</span> <span class="nb">curl_setopt_array</span><span class="p">(</span><span class="nv">$ch</span><span class="p">,</span> <span class="p">[</span> <span class="no">CURLOPT_RETURNTRANSFER</span> <span class="o">=&gt;</span> <span class="kc">true</span><span class="p">,</span> <span class="no">CURLOPT_TIMEOUT</span> <span class="o">=&gt;</span> <span class="mi">4</span><span class="p">,</span> <span class="no">CURLOPT_HTTPHEADER</span> <span class="o">=&gt;</span> <span class="p">[</span> <span class="s1">'Authorization: Bearer '</span> <span class="mf">.</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="n">openAiKey</span><span class="p">,</span> <span class="s1">'Content-Type: application/json'</span><span class="p">,</span> <span class="p">],</span> <span class="no">CURLOPT_POSTFIELDS</span> <span class="o">=&gt;</span> <span class="nb">json_encode</span><span class="p">([</span> <span class="s1">'model'</span> <span class="o">=&gt;</span> <span class="s1">'text-embedding-3-small'</span><span class="p">,</span> <span class="s1">'input'</span> <span class="o">=&gt;</span> <span class="nv">$query</span><span class="p">,</span> <span class="p">],</span> <span class="no">JSON_THROW_ON_ERROR</span><span class="p">),</span> <span class="p">]);</span> <span class="nv">$raw</span> <span class="o">=</span> <span class="nb">curl_exec</span><span class="p">(</span><span class="nv">$ch</span><span class="p">);</span> <span class="k">if</span> <span class="p">(</span><span class="nv">$raw</span> <span class="o">===</span> <span class="kc">false</span><span class="p">)</span> <span class="p">{</span> <span class="k">throw</span> <span class="k">new</span> <span class="nc">\RuntimeException</span><span class="p">(</span><span class="s1">'embedding failed: '</span> <span class="mf">.</span> <span class="nb">curl_error</span><span class="p">(</span><span class="nv">$ch</span><span class="p">));</span> <span class="p">}</span> <span class="nb">curl_close</span><span class="p">(</span><span class="nv">$ch</span><span class="p">);</span> <span class="nv">$data</span> <span class="o">=</span> <span class="nb">json_decode</span><span class="p">(</span><span class="nv">$raw</span><span class="p">,</span> <span class="kc">true</span><span class="p">,</span> <span class="mi">512</span><span class="p">,</span> <span class="no">JSON_THROW_ON_ERROR</span><span class="p">);</span> <span class="k">return</span> <span class="nv">$data</span><span class="p">[</span><span class="s1">'data'</span><span class="p">][</span><span class="mi">0</span><span class="p">][</span><span class="s1">'embedding'</span><span class="p">];</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>The <code>&lt;=&gt;</code> operator is pgvector's cosine distance. We return <code>1 - distance</code> as a 0..1 similarity score so the front end can show a relevance bar and, more usefully, threshold out garbage — anything under 0.25 we drop rather than show a weak match. The <code>SET LOCAL</code> is scoped to the transaction, so it never leaks into other connections from the pool.</p> <p>One gotcha that cost me an afternoon: passing the vector as a bound parameter. pgvector accepts the <code>[1,2,3]</code> text literal, and PDO sends it as a string, which is fine. But if you try to use a server-side prepared statement with a typed <code>vector</code> parameter through some drivers, you get cryptic cast errors. The text-literal-as-string approach is portable and the planner still uses the HNSW index. Verify with <code>EXPLAIN ANALYZE</code> that you see an <code>Index Scan using video_embeddings_hnsw</code> and not a sequential scan — if you see seq scan, your <code>ORDER BY</code> distance expression does not match the index's <code>vector_cosine_ops</code>.</p> <h2> Caching at the edge with a Cloudflare Worker </h2> <p>Embedding the query is one network round-trip to the US before we even hit Postgres. For popular queries — and viral search is <em>extremely</em> head-heavy, the same dozen trending terms dominate — that round-trip is wasted. We cache full search responses at the edge in a Cloudflare Worker keyed by normalised query plus region. Popular queries never touch the origin, never touch OpenAI, and never leave the EU edge node closest to the user.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="k">export</span> <span class="k">default</span> <span class="p">{</span> <span class="k">async</span> <span class="nf">fetch</span><span class="p">(</span><span class="nx">request</span><span class="p">,</span> <span class="nx">env</span><span class="p">,</span> <span class="nx">ctx</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">url</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">URL</span><span class="p">(</span><span class="nx">request</span><span class="p">.</span><span class="nx">url</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">q</span> <span class="o">=</span> <span class="p">(</span><span class="nx">url</span><span class="p">.</span><span class="nx">searchParams</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">"</span><span class="s2">q</span><span class="dl">"</span><span class="p">)</span> <span class="o">||</span> <span class="dl">""</span><span class="p">).</span><span class="nf">trim</span><span class="p">().</span><span class="nf">toLowerCase</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">region</span> <span class="o">=</span> <span class="nx">url</span><span class="p">.</span><span class="nx">searchParams</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">"</span><span class="s2">region</span><span class="dl">"</span><span class="p">)</span> <span class="o">||</span> <span class="dl">"</span><span class="s2">DE</span><span class="dl">"</span><span class="p">;</span> <span class="k">if </span><span class="p">(</span><span class="nx">q</span><span class="p">.</span><span class="nx">length</span> <span class="o">&lt;</span> <span class="mi">2</span><span class="p">)</span> <span class="k">return</span> <span class="k">new</span> <span class="nc">Response</span><span class="p">(</span><span class="dl">"</span><span class="s2">[]</span><span class="dl">"</span><span class="p">,</span> <span class="p">{</span> <span class="na">status</span><span class="p">:</span> <span class="mi">400</span> <span class="p">});</span> <span class="c1">// Normalise so "Funny Cat " and "funny cat" share a cache entry.</span> <span class="kd">const</span> <span class="nx">norm</span> <span class="o">=</span> <span class="nx">q</span><span class="p">.</span><span class="nf">replace</span><span class="p">(</span><span class="sr">/</span><span class="se">\s</span><span class="sr">+/g</span><span class="p">,</span> <span class="dl">"</span><span class="s2"> </span><span class="dl">"</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">cacheKey</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Request</span><span class="p">(</span> <span class="s2">`https://cache.internal/search?q=</span><span class="p">${</span><span class="nf">encodeURIComponent</span><span class="p">(</span><span class="nx">norm</span><span class="p">)}</span><span class="s2">&amp;region=</span><span class="p">${</span><span class="nx">region</span><span class="p">}</span><span class="s2">`</span><span class="p">,</span> <span class="p">{</span> <span class="na">method</span><span class="p">:</span> <span class="dl">"</span><span class="s2">GET</span><span class="dl">"</span> <span class="p">}</span> <span class="p">);</span> <span class="kd">const</span> <span class="nx">cache</span> <span class="o">=</span> <span class="nx">caches</span><span class="p">.</span><span class="k">default</span><span class="p">;</span> <span class="kd">let</span> <span class="nx">hit</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">cache</span><span class="p">.</span><span class="nf">match</span><span class="p">(</span><span class="nx">cacheKey</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="nx">hit</span><span class="p">)</span> <span class="k">return</span> <span class="nx">hit</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">origin</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">fetch</span><span class="p">(</span> <span class="s2">`</span><span class="p">${</span><span class="nx">env</span><span class="p">.</span><span class="nx">ORIGIN</span><span class="p">}</span><span class="s2">/api/semantic-search?q=</span><span class="p">${</span><span class="nf">encodeURIComponent</span><span class="p">(</span><span class="nx">norm</span><span class="p">)}</span><span class="s2">&amp;region=</span><span class="p">${</span><span class="nx">region</span><span class="p">}</span><span class="s2">`</span><span class="p">,</span> <span class="p">{</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="dl">"</span><span class="s2">X-Edge</span><span class="dl">"</span><span class="p">:</span> <span class="dl">"</span><span class="s2">vvv</span><span class="dl">"</span> <span class="p">}</span> <span class="p">}</span> <span class="p">);</span> <span class="kd">const</span> <span class="nx">body</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">origin</span><span class="p">.</span><span class="nf">text</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">resp</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Response</span><span class="p">(</span><span class="nx">body</span><span class="p">,</span> <span class="p">{</span> <span class="na">status</span><span class="p">:</span> <span class="nx">origin</span><span class="p">.</span><span class="nx">status</span><span class="p">,</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="dl">"</span><span class="s2">Content-Type</span><span class="dl">"</span><span class="p">:</span> <span class="dl">"</span><span class="s2">application/json</span><span class="dl">"</span><span class="p">,</span> <span class="c1">// Viral terms shift hourly; 600s is a sane TTL.</span> <span class="dl">"</span><span class="s2">Cache-Control</span><span class="dl">"</span><span class="p">:</span> <span class="dl">"</span><span class="s2">public, max-age=600</span><span class="dl">"</span><span class="p">,</span> <span class="p">},</span> <span class="p">});</span> <span class="k">if </span><span class="p">(</span><span class="nx">origin</span><span class="p">.</span><span class="nx">ok</span><span class="p">)</span> <span class="nx">ctx</span><span class="p">.</span><span class="nf">waitUntil</span><span class="p">(</span><span class="nx">cache</span><span class="p">.</span><span class="nf">put</span><span class="p">(</span><span class="nx">cacheKey</span><span class="p">,</span> <span class="nx">resp</span><span class="p">.</span><span class="nf">clone</span><span class="p">()));</span> <span class="k">return</span> <span class="nx">resp</span><span class="p">;</span> <span class="p">},</span> <span class="p">};</span> </code></pre> </div> <p>The 600-second TTL is a deliberate tradeoff: viral rankings move fast, but the <em>set</em> of videos matching "funny cat" semantically is stable across ten minutes even as their view counts climb. We invalidate aggressively only on the nightly re-embed by bumping a version prefix in the cache key, which the Worker reads from an environment variable. Edge hit rate sits around 70% during peak hours, which means 70% of searches cost us nothing in API calls or Postgres CPU.</p> <h2> Hybrid ranking: semantic is not always right </h2> <p>Pure vector search has a failure mode: it is <em>too</em> fuzzy. Someone searching for an exact channel name or a specific meme phrase wants the literal match first, not a vibes-based neighbour. So we run a cheap hybrid. The semantic results come back from Postgres, and we re-rank with a small lexical boost computed in PHP against the title:</p> <ul> <li>If the query appears as a substring in the title, add a fixed boost to the score.</li> <li>If query tokens overlap with the channel name, add a smaller boost.</li> <li>Otherwise, trust the cosine score as-is.</li> </ul> <p>This is not Reciprocal Rank Fusion or anything academic — it is a five-line nudge that fixed the most common complaint ("I searched the exact title and it was third"). The lesson generalises: semantic search is a recall machine, not a precision machine. Pair it with a cheap lexical signal and you get both.</p> <p>We also clamp results by region at the SQL level rather than post-filtering, because a German user searching trending content does not want Polish-only virals diluting the top 20. Because <code>region</code> is indexed and the HNSW scan respects the <code>WHERE</code>, this stays fast even with the filter.</p> <h2> What it cost and what it bought </h2> <p>Numbers from the first month in production:</p> <ul> <li> <strong>Initial backfill</strong> of 2.1M videos: about $42 in embedding API calls, run over two nights to stay under rate limits.</li> <li> <strong>Nightly incremental</strong>: roughly $0.40/day thanks to the content-hash skip — only genuinely changed metadata gets re-embedded.</li> <li> <strong>Storage</strong>: 1536 floats × 4 bytes × 2.1M rows ≈ 13 GB of vectors, plus the HNSW index at about 4 GB resident. Fits comfortably on a 32 GB Postgres box.</li> <li> <strong>Query latency</strong>: p50 of 38 ms at the origin (Postgres only, query already embedded), p95 of 110 ms. With edge caching, p50 perceived latency is under 10 ms for cached terms.</li> </ul> <p>The relevance win is harder to put one number on, but our "search returned zero results" rate fell from 31% to 4%. That 27-point swing is almost entirely the long tail of slang, translations, and creative titles that keyword matching could never reach.</p> <h2> Conclusion </h2> <p>Semantic search over video metadata turned out to be one of the highest-leverage, lowest-complexity features we have shipped. The architecture is boring on purpose: Postgres with pgvector as an isolated search sidecar, OpenAI embeddings generated offline in a nightly Python cron, a thin PHP query layer, and a Cloudflare Worker absorbing the head of the distribution at the edge. Nothing about it required abandoning our SQLite-on-LiteSpeed core.</p> <p>If you take three things away: embed a structured document and not just the title; hash your content so you never pay to re-embed unchanged rows; and pair the semantic recall with a cheap lexical boost so exact matches still win. Keep the US-bound API surface tiny and metadata-only, and the whole thing stays GDPR-defensible by construction. The viral clip titled "Maine Coon yeets itself into the void" now shows up for "funny cat falls off table" — which is the entire point.</p> postgres php ai webdev ahmet gedik Thu, 11 Jun 2026 16:00:01 +0000 https://dev.to/ahmet_gedik778845/building-video-heatmap-analytics-with-hyperloglog-in-postgres-42ah https://dev.to/ahmet_gedik778845/building-video-heatmap-analytics-with-hyperloglog-in-postgres-42ah <h2> The problem: counting unique viewers per second is a row explosion </h2> <p>A viewer scrubs to 4:12 of a 9-minute trending clip, watches for 40 seconds, jumps back to the intro, then bounces. Multiply that by the few hundred thousand sessions a day that hit a mid-size aggregator and you get the question every product person eventually asks: <em>which parts of this video do people actually watch, and how many distinct people watched each part?</em></p> <p>The naive answer is a <code>watch_events</code> table: one row per <code>(user, video, second)</code>. It works until it doesn't. A 9-minute video is 540 seconds. One viewer who watches the whole thing generates 540 rows. A million viewers across our catalog generate hundreds of millions of rows <em>per day</em>, and the only query anyone runs against them is <code>COUNT(DISTINCT user_id) GROUP BY second</code>. That <code>COUNT(DISTINCT)</code> is a sort-or-hash over the entire partition every single time someone opens the analytics tab.</p> <p>At <a href="https://topvideohub.com" rel="noopener noreferrer">TopVideoHub</a> we aggregate trending video across Asia-Pacific, so a single popular clip can spike from zero to half a million sessions in an afternoon when it lands in the JP and KR feeds simultaneously. We did not want a fact table that grew by hundreds of millions of rows a day to answer a question whose answer is <em>approximately</em> fine. "Roughly 41,000 unique viewers saw the hook at 0:08" is just as actionable as "41,287". That tolerance for approximation is exactly what HyperLogLog is built for, and Postgres has a battle-tested extension for it.</p> <p>This post is the design we landed on: fixed-size HLL sketches, one per <code>(video, time_bucket)</code>, that you can merge, slice, and union across regions in milliseconds. The main app is PHP 8.4 on LiteSpeed behind Cloudflare, with our search layer on SQLite FTS5; the analytics store is a separate Postgres instance, and HLL is what made that store affordable.</p> <h2> Why HyperLogLog instead of COUNT(DISTINCT) </h2> <p>HyperLogLog estimates the cardinality of a set using a fixed amount of memory regardless of how many elements you throw at it. The intuition: hash every element, look at the longest run of leading zeros you've seen, and use that to estimate how many distinct things must have passed through to produce a run that long. Real implementations split the hash space into many registers and average them with a bias-corrected harmonic mean, which is where the accuracy comes from.</p> <p>The properties that matter for heatmaps:</p> <ul> <li> <strong>Fixed size.</strong> A sketch with <code>log2m = 12</code> (4096 registers) is about 2.5 KB and answers for one viewer or fifty million viewers. Our per-bucket storage is constant, not linear in traffic.</li> <li> <strong>Mergeable (unionable).</strong> The union of two HLL sketches is itself a valid HLL sketch. This is the killer feature: I can keep one sketch per region per bucket and union them on read to get a global heatmap, or union adjacent buckets to zoom out from per-second to per-10-second resolution. No re-scanning raw events.</li> <li> <strong>Bounded, tunable error.</strong> At <code>log2m = 12</code> the standard error is around 1.6%. For a watch heatmap that is invisible to the human eye.</li> </ul> <p>We use the <code>postgresql-hll</code> extension (the Citus/Aggregate Knowledge implementation). Install and enable it:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="c1">-- as a superuser, once per database</span> <span class="k">CREATE</span> <span class="n">EXTENSION</span> <span class="n">IF</span> <span class="k">NOT</span> <span class="k">EXISTS</span> <span class="n">hll</span><span class="p">;</span> <span class="c1">-- one sketch per (video, time bucket, region).</span> <span class="c1">-- bucket_sec is the second offset into the video, snapped to a resolution.</span> <span class="k">CREATE</span> <span class="k">TABLE</span> <span class="n">video_heatmap</span> <span class="p">(</span> <span class="n">video_id</span> <span class="nb">text</span> <span class="k">NOT</span> <span class="k">NULL</span><span class="p">,</span> <span class="n">region</span> <span class="nb">text</span> <span class="k">NOT</span> <span class="k">NULL</span><span class="p">,</span> <span class="c1">-- 'JP', 'KR', 'GLOBAL', ...</span> <span class="n">bucket_sec</span> <span class="nb">integer</span> <span class="k">NOT</span> <span class="k">NULL</span><span class="p">,</span> <span class="c1">-- 0, 1, 2, ... up to video duration</span> <span class="n">viewers</span> <span class="n">hll</span> <span class="k">NOT</span> <span class="k">NULL</span><span class="p">,</span> <span class="c1">-- the sketch</span> <span class="k">PRIMARY</span> <span class="k">KEY</span> <span class="p">(</span><span class="n">video_id</span><span class="p">,</span> <span class="n">region</span><span class="p">,</span> <span class="n">bucket_sec</span><span class="p">)</span> <span class="p">);</span> <span class="c1">-- a covering index for the common 'one video, one region' read</span> <span class="k">CREATE</span> <span class="k">INDEX</span> <span class="n">video_heatmap_lookup</span> <span class="k">ON</span> <span class="n">video_heatmap</span> <span class="p">(</span><span class="n">video_id</span><span class="p">,</span> <span class="n">region</span><span class="p">,</span> <span class="n">bucket_sec</span><span class="p">)</span> <span class="n">INCLUDE</span> <span class="p">(</span><span class="n">viewers</span><span class="p">);</span> </code></pre> </div> <p>The <code>hll</code> type stores the serialized sketch directly in the row. Postgres ships aggregate functions (<code>hll_add_agg</code>, <code>hll_union_agg</code>) and scalar functions (<code>hll_add</code>, <code>hll_cardinality</code>, <code>||</code> for union) that operate on it.</p> <h2> Ingesting watch progress without an event table </h2> <p>The client sends a heartbeat: every few seconds the player reports the <em>range</em> of seconds the viewer has been present for since the last beat, plus an anonymous, salted viewer id. We do not store the heartbeat. We fold it straight into the sketches.</p> <p>The core write is "add this viewer's hash to every bucket they watched." In SQL that's <code>hll_add</code> per bucket, but doing it per-second per-request is chatty. Instead we batch on the ingestion worker. Here is the Python ingester that consumes heartbeats off a queue and applies them in one statement per heartbeat using <code>generate_series</code> to expand the watched range:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">hashlib</span> <span class="kn">import</span> <span class="n">os</span> <span class="kn">import</span> <span class="n">psycopg</span> <span class="n">DB</span> <span class="o">=</span> <span class="n">os</span><span class="p">.</span><span class="n">environ</span><span class="p">[</span><span class="sh">"</span><span class="s">ANALYTICS_DSN</span><span class="sh">"</span><span class="p">]</span> <span class="c1"># e.g. postgresql://app@db/analytics </span><span class="n">VIEWER_SALT</span> <span class="o">=</span> <span class="n">os</span><span class="p">.</span><span class="n">environ</span><span class="p">[</span><span class="sh">"</span><span class="s">VIEWER_SALT</span><span class="sh">"</span><span class="p">].</span><span class="nf">encode</span><span class="p">()</span> <span class="c1"># 64-bit hash of the viewer id. hll_hash_bigint expects a bigint. </span><span class="k">def</span> <span class="nf">viewer_hash</span><span class="p">(</span><span class="n">viewer_id</span><span class="p">:</span> <span class="nb">str</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="nb">int</span><span class="p">:</span> <span class="n">digest</span> <span class="o">=</span> <span class="n">hashlib</span><span class="p">.</span><span class="nf">blake2b</span><span class="p">(</span><span class="n">viewer_id</span><span class="p">.</span><span class="nf">encode</span><span class="p">()</span> <span class="o">+</span> <span class="n">VIEWER_SALT</span><span class="p">,</span> <span class="n">digest_size</span><span class="o">=</span><span class="mi">8</span><span class="p">).</span><span class="nf">digest</span><span class="p">()</span> <span class="c1"># interpret as signed 64-bit; Postgres bigint is signed </span> <span class="k">return</span> <span class="nb">int</span><span class="p">.</span><span class="nf">from_bytes</span><span class="p">(</span><span class="n">digest</span><span class="p">,</span> <span class="sh">"</span><span class="s">big</span><span class="sh">"</span><span class="p">,</span> <span class="n">signed</span><span class="o">=</span><span class="bp">True</span><span class="p">)</span> <span class="k">def</span> <span class="nf">record_watch</span><span class="p">(</span><span class="n">conn</span><span class="p">,</span> <span class="n">video_id</span><span class="p">:</span> <span class="nb">str</span><span class="p">,</span> <span class="n">region</span><span class="p">:</span> <span class="nb">str</span><span class="p">,</span> <span class="n">start_sec</span><span class="p">:</span> <span class="nb">int</span><span class="p">,</span> <span class="n">end_sec</span><span class="p">:</span> <span class="nb">int</span><span class="p">,</span> <span class="n">viewer_id</span><span class="p">:</span> <span class="nb">str</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="bp">None</span><span class="p">:</span> <span class="n">h</span> <span class="o">=</span> <span class="nf">viewer_hash</span><span class="p">(</span><span class="n">viewer_id</span><span class="p">)</span> <span class="k">with</span> <span class="n">conn</span><span class="p">.</span><span class="nf">cursor</span><span class="p">()</span> <span class="k">as</span> <span class="n">cur</span><span class="p">:</span> <span class="n">cur</span><span class="p">.</span><span class="nf">execute</span><span class="p">(</span> <span class="sh">"""</span><span class="s"> INSERT INTO video_heatmap (video_id, region, bucket_sec, viewers) SELECT %(vid)s, %(region)s, g.b, hll_add(hll_empty(), hll_hash_bigint(%(h)s)) FROM generate_series(%(start)s, %(end)s) AS g(b) ON CONFLICT (video_id, region, bucket_sec) DO UPDATE SET viewers = video_heatmap.viewers || hll_add(hll_empty(), hll_hash_bigint(%(h)s)); </span><span class="sh">"""</span><span class="p">,</span> <span class="p">{</span><span class="sh">"</span><span class="s">vid</span><span class="sh">"</span><span class="p">:</span> <span class="n">video_id</span><span class="p">,</span> <span class="sh">"</span><span class="s">region</span><span class="sh">"</span><span class="p">:</span> <span class="n">region</span><span class="p">,</span> <span class="sh">"</span><span class="s">h</span><span class="sh">"</span><span class="p">:</span> <span class="n">h</span><span class="p">,</span> <span class="sh">"</span><span class="s">start</span><span class="sh">"</span><span class="p">:</span> <span class="n">start_sec</span><span class="p">,</span> <span class="sh">"</span><span class="s">end</span><span class="sh">"</span><span class="p">:</span> <span class="n">end_sec</span><span class="p">},</span> <span class="p">)</span> <span class="k">if</span> <span class="n">__name__</span> <span class="o">==</span> <span class="sh">"</span><span class="s">__main__</span><span class="sh">"</span><span class="p">:</span> <span class="k">with</span> <span class="n">psycopg</span><span class="p">.</span><span class="nf">connect</span><span class="p">(</span><span class="n">DB</span><span class="p">,</span> <span class="n">autocommit</span><span class="o">=</span><span class="bp">False</span><span class="p">)</span> <span class="k">as</span> <span class="n">conn</span><span class="p">:</span> <span class="c1"># in production these come off Redis/SQS; one demo row here </span> <span class="nf">record_watch</span><span class="p">(</span><span class="n">conn</span><span class="p">,</span> <span class="sh">"</span><span class="s">yt_abc123</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">JP</span><span class="sh">"</span><span class="p">,</span> <span class="n">start_sec</span><span class="o">=</span><span class="mi">8</span><span class="p">,</span> <span class="n">end_sec</span><span class="o">=</span><span class="mi">47</span><span class="p">,</span> <span class="n">viewer_id</span><span class="o">=</span><span class="sh">"</span><span class="s">sess_91f2</span><span class="sh">"</span><span class="p">)</span> <span class="n">conn</span><span class="p">.</span><span class="nf">commit</span><span class="p">()</span> </code></pre> </div> <p>A few deliberate choices in that statement:</p> <ul> <li> <strong><code>hll_hash_bigint</code></strong> is the extension's own hash. Always hash through it rather than feeding raw ids; HLL accuracy depends on a well-distributed hash, and mixing hash functions across writes corrupts the sketch. We pre-hash the viewer id with BLAKE2b only to anonymize and to fit a bigint, then let <code>hll_hash_bigint</code> do the HLL-specific mixing.</li> <li> <strong><code>||</code> is union.</strong> <code>video_heatmap.viewers || hll_add(...)</code> folds the new viewer into the existing sketch. Adding the same viewer to the same bucket twice is a no-op for the cardinality estimate, which is exactly the dedup behavior we want for "unique viewers."</li> <li> <strong><code>generate_series(start, end)</code></strong> expands the watched range into one row per bucket in a single round trip. A viewer present for 40 seconds touches 40 buckets in one statement.</li> </ul> <p>The salt is important and easy to get wrong: it must be <strong>stable</strong> for the retention window, or the same person counts as many. We rotate it daily and keep heatmaps at daily granularity, then union days on read for weekly/monthly views — which works precisely because unions are free.</p> <h2> Reading the heatmap </h2> <p>Now the part that pays for itself. The heatmap read is a scan of one video's buckets with a cardinality estimate per bucket. Because each sketch is fixed-size and pre-aggregated, this is a tight index scan, not a <code>COUNT(DISTINCT)</code> over raw rows.</p> <p>If a region is requested, read that region directly. If "global" is requested, union across regions per bucket with <code>hll_union_agg</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="c1">-- per-second heatmap for one video, unioned across all regions</span> <span class="k">SELECT</span> <span class="n">bucket_sec</span><span class="p">,</span> <span class="n">hll_cardinality</span><span class="p">(</span><span class="n">hll_union_agg</span><span class="p">(</span><span class="n">viewers</span><span class="p">))::</span><span class="nb">int</span> <span class="k">AS</span> <span class="n">unique_viewers</span> <span class="k">FROM</span> <span class="n">video_heatmap</span> <span class="k">WHERE</span> <span class="n">video_id</span> <span class="o">=</span> <span class="err">$</span><span class="mi">1</span> <span class="k">GROUP</span> <span class="k">BY</span> <span class="n">bucket_sec</span> <span class="k">ORDER</span> <span class="k">BY</span> <span class="n">bucket_sec</span><span class="p">;</span> </code></pre> </div> <p>To zoom out from per-second to per-10-second resolution, union the buckets — no loss of correctness, because unioning sketches and <em>then</em> estimating is the right order of operations (estimating first and summing would double-count anyone present across buckets):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="c1">-- 10-second resolution, JP only</span> <span class="k">SELECT</span> <span class="p">(</span><span class="n">bucket_sec</span> <span class="o">/</span> <span class="mi">10</span><span class="p">)</span> <span class="o">*</span> <span class="mi">10</span> <span class="k">AS</span> <span class="n">bucket_start</span><span class="p">,</span> <span class="n">hll_cardinality</span><span class="p">(</span><span class="n">hll_union_agg</span><span class="p">(</span><span class="n">viewers</span><span class="p">))::</span><span class="nb">int</span> <span class="k">AS</span> <span class="n">unique_viewers</span> <span class="k">FROM</span> <span class="n">video_heatmap</span> <span class="k">WHERE</span> <span class="n">video_id</span> <span class="o">=</span> <span class="err">$</span><span class="mi">1</span> <span class="k">AND</span> <span class="n">region</span> <span class="o">=</span> <span class="s1">'JP'</span> <span class="k">GROUP</span> <span class="k">BY</span> <span class="n">bucket_sec</span> <span class="o">/</span> <span class="mi">10</span> <span class="k">ORDER</span> <span class="k">BY</span> <span class="n">bucket_start</span><span class="p">;</span> </code></pre> </div> <p>That second query is the one I want to stress, because it is the whole argument for HLL. With a raw event table, changing the bucket resolution means re-running <code>COUNT(DISTINCT user_id)</code> with a different <code>GROUP BY</code> over every raw row — and you <em>cannot</em> precompute per-second distinct counts and sum them, because a viewer present at second 3 and second 7 would be counted twice in a 10-second bucket. HLL solves both problems at once: precompute fine-grained sketches, union them at any granularity on read, estimate last.</p> <h2> Wiring it into the PHP app </h2> <p>The public site is PHP 8.4. The analytics dashboard endpoint reads from Postgres and returns a normalized array the frontend renders as a bar strip under the player. We compute a retention curve (cumulative unique viewers who reached each point) and a raw per-bucket count in one pass:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="cp">&lt;?php</span> <span class="k">declare</span><span class="p">(</span><span class="n">strict_types</span><span class="o">=</span><span class="mi">1</span><span class="p">);</span> <span class="k">final</span> <span class="kd">class</span> <span class="nc">HeatmapRepository</span> <span class="p">{</span> <span class="k">public</span> <span class="k">function</span> <span class="n">__construct</span><span class="p">(</span><span class="k">private</span> <span class="k">readonly</span> <span class="no">\PDO</span> <span class="nv">$pdo</span><span class="p">)</span> <span class="p">{}</span> <span class="cd">/** * @return list&lt;array{bucket:int, viewers:int, retention:float}&gt; */</span> <span class="k">public</span> <span class="k">function</span> <span class="n">forVideo</span><span class="p">(</span><span class="kt">string</span> <span class="nv">$videoId</span><span class="p">,</span> <span class="kt">string</span> <span class="nv">$region</span> <span class="o">=</span> <span class="s1">'GLOBAL'</span><span class="p">,</span> <span class="kt">int</span> <span class="nv">$resolution</span> <span class="o">=</span> <span class="mi">5</span><span class="p">):</span> <span class="kt">array</span> <span class="p">{</span> <span class="nv">$sql</span> <span class="o">=</span> <span class="sh">&lt;&lt;&lt;SQL SELECT (bucket_sec / :res) * :res AS bucket, hll_cardinality(hll_union_agg(viewers))::int AS viewers FROM video_heatmap WHERE video_id = :vid AND (:region = 'GLOBAL' OR region = :region) GROUP BY bucket_sec / :res ORDER BY bucket SQL;</span> <span class="nv">$stmt</span> <span class="o">=</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="n">pdo</span><span class="o">-&gt;</span><span class="nf">prepare</span><span class="p">(</span><span class="nv">$sql</span><span class="p">);</span> <span class="nv">$stmt</span><span class="o">-&gt;</span><span class="nf">execute</span><span class="p">([</span><span class="s1">'vid'</span> <span class="o">=&gt;</span> <span class="nv">$videoId</span><span class="p">,</span> <span class="s1">'region'</span> <span class="o">=&gt;</span> <span class="nv">$region</span><span class="p">,</span> <span class="s1">'res'</span> <span class="o">=&gt;</span> <span class="nv">$resolution</span><span class="p">]);</span> <span class="nv">$rows</span> <span class="o">=</span> <span class="nv">$stmt</span><span class="o">-&gt;</span><span class="nf">fetchAll</span><span class="p">(</span><span class="no">\PDO</span><span class="o">::</span><span class="no">FETCH_ASSOC</span><span class="p">);</span> <span class="c1">// peak unique viewers is our denominator for the retention curve</span> <span class="nv">$peak</span> <span class="o">=</span> <span class="mi">0</span><span class="p">;</span> <span class="k">foreach</span> <span class="p">(</span><span class="nv">$rows</span> <span class="k">as</span> <span class="nv">$r</span><span class="p">)</span> <span class="p">{</span> <span class="nv">$peak</span> <span class="o">=</span> <span class="nb">max</span><span class="p">(</span><span class="nv">$peak</span><span class="p">,</span> <span class="p">(</span><span class="n">int</span><span class="p">)</span> <span class="nv">$r</span><span class="p">[</span><span class="s1">'viewers'</span><span class="p">]);</span> <span class="p">}</span> <span class="nv">$peak</span> <span class="o">=</span> <span class="nb">max</span><span class="p">(</span><span class="nv">$peak</span><span class="p">,</span> <span class="mi">1</span><span class="p">);</span> <span class="k">return</span> <span class="nb">array_map</span><span class="p">(</span><span class="k">static</span> <span class="k">fn</span><span class="p">(</span><span class="kt">array</span> <span class="nv">$r</span><span class="p">):</span> <span class="kt">array</span> <span class="o">=&gt;</span> <span class="p">[</span> <span class="s1">'bucket'</span> <span class="o">=&gt;</span> <span class="p">(</span><span class="n">int</span><span class="p">)</span> <span class="nv">$r</span><span class="p">[</span><span class="s1">'bucket'</span><span class="p">],</span> <span class="s1">'viewers'</span> <span class="o">=&gt;</span> <span class="p">(</span><span class="n">int</span><span class="p">)</span> <span class="nv">$r</span><span class="p">[</span><span class="s1">'viewers'</span><span class="p">],</span> <span class="s1">'retention'</span> <span class="o">=&gt;</span> <span class="nb">round</span><span class="p">((</span><span class="n">int</span><span class="p">)</span> <span class="nv">$r</span><span class="p">[</span><span class="s1">'viewers'</span><span class="p">]</span> <span class="o">/</span> <span class="nv">$peak</span><span class="p">,</span> <span class="mi">4</span><span class="p">),</span> <span class="p">],</span> <span class="nv">$rows</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> <span class="c1">// usage inside a controller</span> <span class="nv">$pdo</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">\PDO</span><span class="p">(</span><span class="nb">getenv</span><span class="p">(</span><span class="s1">'ANALYTICS_DSN'</span><span class="p">),</span> <span class="n">options</span><span class="o">:</span> <span class="p">[</span> <span class="no">\PDO</span><span class="o">::</span><span class="no">ATTR_ERRMODE</span> <span class="o">=&gt;</span> <span class="no">\PDO</span><span class="o">::</span><span class="no">ERRMODE_EXCEPTION</span><span class="p">,</span> <span class="p">]);</span> <span class="nv">$repo</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">HeatmapRepository</span><span class="p">(</span><span class="nv">$pdo</span><span class="p">);</span> <span class="nb">header</span><span class="p">(</span><span class="s1">'Content-Type: application/json'</span><span class="p">);</span> <span class="nb">header</span><span class="p">(</span><span class="s1">'Cache-Control: public, max-age=300'</span><span class="p">);</span> <span class="c1">// Cloudflare/LiteSpeed will cache the strip</span> <span class="k">echo</span> <span class="nb">json_encode</span><span class="p">(</span><span class="nv">$repo</span><span class="o">-&gt;</span><span class="nf">forVideo</span><span class="p">(</span><span class="nv">$_GET</span><span class="p">[</span><span class="s1">'v'</span><span class="p">],</span> <span class="nv">$_GET</span><span class="p">[</span><span class="s1">'region'</span><span class="p">]</span> <span class="o">??</span> <span class="s1">'GLOBAL'</span><span class="p">),</span> <span class="no">JSON_THROW_ON_ERROR</span><span class="p">);</span> </code></pre> </div> <p>Note the <code>Cache-Control: public, max-age=300</code>. Heatmaps move slowly and the estimate is approximate anyway, so we let LiteSpeed and Cloudflare cache the JSON strip for five minutes. A trending video getting hammered serves the heatmap almost entirely from edge cache; Postgres sees one read per video per five minutes, not one per viewer.</p> <h2> Compaction: hot writes versus cold reads </h2> <p>There is one operational wrinkle. The <code>ON CONFLICT DO UPDATE</code> write path rewrites the sketch on every heartbeat, and a hot video produces a lot of contention on the same <code>(video, region, bucket)</code> rows. Two things keep this healthy.</p> <p>First, <strong>shard the write, union on read.</strong> Instead of every worker updating the same row, each ingestion worker writes to its own partition keyed by a worker id, and a periodic compaction job unions partitions down into the canonical row. The read query already uses <code>hll_union_agg</code>, so reading across partitions needs no change — you just drop the worker-id predicate.</p> <p>Second, <strong>let HLL pick its own representation.</strong> The extension stores small sketches in a sparse "explicit/sparse" mode and only promotes to the full dense representation once a bucket has accumulated enough distinct viewers. Buckets on the long tail of your catalog — the videos nobody scrubbed past second 2 — stay tiny. You can tune the promotion thresholds on the type itself:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="c1">-- log2m=12 (4096 registers, ~1.6% error), regwidth=5,</span> <span class="c1">-- sparse-&gt;dense threshold and explicit threshold left at defaults.</span> <span class="k">ALTER</span> <span class="k">TABLE</span> <span class="n">video_heatmap</span> <span class="k">ALTER</span> <span class="k">COLUMN</span> <span class="n">viewers</span> <span class="k">TYPE</span> <span class="n">hll</span><span class="p">(</span><span class="mi">12</span><span class="p">,</span> <span class="mi">5</span><span class="p">);</span> <span class="c1">-- nightly compaction: fold worker shards into the canonical region rows</span> <span class="k">INSERT</span> <span class="k">INTO</span> <span class="n">video_heatmap</span> <span class="p">(</span><span class="n">video_id</span><span class="p">,</span> <span class="n">region</span><span class="p">,</span> <span class="n">bucket_sec</span><span class="p">,</span> <span class="n">viewers</span><span class="p">)</span> <span class="k">SELECT</span> <span class="n">video_id</span><span class="p">,</span> <span class="n">region</span><span class="p">,</span> <span class="n">bucket_sec</span><span class="p">,</span> <span class="n">hll_union_agg</span><span class="p">(</span><span class="n">viewers</span><span class="p">)</span> <span class="k">FROM</span> <span class="n">video_heatmap_shards</span> <span class="k">WHERE</span> <span class="n">captured_on</span> <span class="o">=</span> <span class="k">current_date</span> <span class="o">-</span> <span class="mi">1</span> <span class="k">GROUP</span> <span class="k">BY</span> <span class="n">video_id</span><span class="p">,</span> <span class="n">region</span><span class="p">,</span> <span class="n">bucket_sec</span> <span class="k">ON</span> <span class="n">CONFLICT</span> <span class="p">(</span><span class="n">video_id</span><span class="p">,</span> <span class="n">region</span><span class="p">,</span> <span class="n">bucket_sec</span><span class="p">)</span> <span class="k">DO</span> <span class="k">UPDATE</span> <span class="k">SET</span> <span class="n">viewers</span> <span class="o">=</span> <span class="n">video_heatmap</span><span class="p">.</span><span class="n">viewers</span> <span class="o">||</span> <span class="n">EXCLUDED</span><span class="p">.</span><span class="n">viewers</span><span class="p">;</span> <span class="k">TRUNCATE</span> <span class="n">video_heatmap_shards</span><span class="p">;</span> <span class="c1">-- or DELETE the compacted partition</span> </code></pre> </div> <p>With <code>log2m = 12</code> every dense sketch is ~2.6 KB. A 10-minute video at per-second resolution across 8 regions is <code>600 * 8 ≈ 4800</code> rows, well under 13 MB even if every bucket went dense — which they don't, because the tail stays sparse. Compare that to the raw event table, where a single popular video could be tens of millions of rows for the same query.</p> <h2> What we gave up, and why it was fine </h2> <p>HLL is an estimate, so a few capabilities are simply off the table and you should know them going in:</p> <ul> <li> <strong>No exact counts.</strong> If finance needs a billing-grade unique count, HLL is the wrong tool. For product analytics, the ~1.6% error is noise.</li> <li> <strong>No per-user drill-down.</strong> You cannot ask "did viewer X watch the ending" — the sketch threw away identities by design. That's a feature for privacy (we keep no per-viewer watch log) but a constraint if you wanted cohort replay.</li> <li> <strong>No set difference.</strong> HLL unions cleanly but does <em>not</em> support intersection or subtraction accurately. "Viewers who saw the intro but not the ending" is not answerable from sketches alone; inclusion-exclusion on HLL compounds error badly. We keep a separate, sampled raw stream for the rare questions that need it.</li> </ul> <p>None of those mattered for the heatmap, which only ever asks "how many distinct people were present at this point." </p> <h2> Takeaways </h2> <p>If you're building watch heatmaps or any "unique-things-per-bucket-over-time" analytics, HyperLogLog in Postgres turns an unbounded, ever-scanning fact table into a fixed-size, pre-aggregated, mergeable store:</p> <ul> <li>One <code>hll</code> sketch per <code>(video, region, time_bucket)</code> keeps storage constant in traffic.</li> <li> <code>hll_union_agg</code> lets you union across regions and re-bucket on read with no re-scan and no double-counting — union first, estimate last.</li> <li>Hash through <code>hll_hash_bigint</code>, keep your anonymizing salt stable across the retention window, and let the sparse/dense representation handle the long tail.</li> <li>Shard writes, compact nightly, and cache the JSON strip at the edge so hot videos barely touch the database.</li> </ul> <p>We shipped this against a Postgres instance an order of magnitude smaller than the raw-events design would have demanded, and the analytics tab renders the per-second curve in well under a frame budget. For a metric that's allowed to be approximately right, that's the trade you want.</p> postgres analytics hyperloglog php ahmet gedik Thu, 11 Jun 2026 04:00:01 +0000 https://dev.to/ahmet_gedik778845/building-a-fast-video-metadata-service-with-litestar-in-python-bh1 https://dev.to/ahmet_gedik778845/building-a-fast-video-metadata-service-with-litestar-in-python-bh1 <h2> The 280ms problem that started this </h2> <p>When <a href="https://dailywatch.video" rel="noopener noreferrer">DailyWatch</a> crossed a few million indexed videos, the endpoint that powers our discovery feed started misbehaving. It is a deceptively simple endpoint: give it a query and a region, and it returns a page of videos with title, channel, duration, thumbnail URLs, and a relevance score. Nothing fancy. But under load it was sitting at a p95 of 280ms, and almost none of that was CPU. It was waiting.</p> <p>Most of DailyWatch runs on PHP 8.4 behind LiteSpeed, with SQLite (FTS5 for full-text search) as the primary store and Cloudflare in front. That stack is genuinely excellent for cached HTML pages — a category page or a watch page is rendered once, cached at the edge, and served thousands of times for free. But the metadata API is a different animal. It does lots of small concurrent reads, it fans out to validate thumbnail availability, and once in a while it calls an external enrichment service for channel data. Under PHP-FPM, every one of those waits held a worker process hostage. Add enough concurrent feed requests and you run out of workers long before you run out of CPU.</p> <p>I did not want to rewrite the whole site. I wanted to peel off this one chatty, I/O-bound service and run it on something built for concurrency. I rebuilt it in Python on Litestar (the framework formerly known as Starlite). This is the honest write-up of how that went, with the code I actually shipped.</p> <h2> Why Litestar and not FastAPI or Flask </h2> <p>I evaluated FastAPI first because everyone does. It is a fine framework. But three things pushed me to Litestar for this specific job:</p> <ul> <li> <strong>msgspec serialization by default.</strong> Litestar uses <a href="https://jcristharif.com/msgspec/" rel="noopener noreferrer">msgspec</a> for encoding and decoding instead of Pydantic v2's slower-by-default path. For a service whose entire job is shuffling JSON in and out, the serializer is not a detail — it is the hot path. msgspec validates and encodes in C and is measurably faster on wide objects like video records.</li> <li> <strong>A real dependency injection system.</strong> FastAPI's <code>Depends</code> is clever but everything is a function call graph. Litestar has layered DI you can attach at the app, router, controller, or handler level, which maps cleanly onto "this connection pool lives for the whole app, this request context lives for one request."</li> <li> <strong>Controllers and layered config.</strong> I prefer grouping related routes into a class with shared dependencies and guards over a pile of decorated module functions. Litestar's <code>Controller</code> makes that first-class.</li> </ul> <p>None of this means FastAPI is wrong. It means that for a serialization-bound, I/O-bound microservice, Litestar's defaults lined up with what I needed without me fighting them.</p> <h2> Modeling the payload with msgspec </h2> <p>The first thing I did was define the wire format with msgspec structs instead of dataclasses or Pydantic models. msgspec structs are roughly as cheap to instantiate as a plain tuple, and Litestar knows how to serialize them directly.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">__future__</span> <span class="kn">import</span> <span class="n">annotations</span> <span class="kn">import</span> <span class="n">msgspec</span> <span class="kn">from</span> <span class="n">litestar</span> <span class="kn">import</span> <span class="n">Litestar</span><span class="p">,</span> <span class="n">get</span> <span class="kn">from</span> <span class="n">litestar.controller</span> <span class="kn">import</span> <span class="n">Controller</span> <span class="kn">from</span> <span class="n">litestar.params</span> <span class="kn">import</span> <span class="n">Parameter</span> <span class="k">class</span> <span class="nc">VideoMeta</span><span class="p">(</span><span class="n">msgspec</span><span class="p">.</span><span class="n">Struct</span><span class="p">,</span> <span class="n">frozen</span><span class="o">=</span><span class="bp">True</span><span class="p">):</span> <span class="nb">id</span><span class="p">:</span> <span class="nb">str</span> <span class="n">title</span><span class="p">:</span> <span class="nb">str</span> <span class="n">channel</span><span class="p">:</span> <span class="nb">str</span> <span class="n">duration_seconds</span><span class="p">:</span> <span class="nb">int</span> <span class="n">thumbnail</span><span class="p">:</span> <span class="nb">str</span> <span class="n">region</span><span class="p">:</span> <span class="nb">str</span> <span class="n">score</span><span class="p">:</span> <span class="nb">float</span> <span class="k">class</span> <span class="nc">FeedResponse</span><span class="p">(</span><span class="n">msgspec</span><span class="p">.</span><span class="n">Struct</span><span class="p">,</span> <span class="n">frozen</span><span class="o">=</span><span class="bp">True</span><span class="p">):</span> <span class="n">query</span><span class="p">:</span> <span class="nb">str</span> <span class="n">region</span><span class="p">:</span> <span class="nb">str</span> <span class="n">count</span><span class="p">:</span> <span class="nb">int</span> <span class="n">results</span><span class="p">:</span> <span class="nb">list</span><span class="p">[</span><span class="n">VideoMeta</span><span class="p">]</span> <span class="k">class</span> <span class="nc">FeedController</span><span class="p">(</span><span class="n">Controller</span><span class="p">):</span> <span class="n">path</span> <span class="o">=</span> <span class="sh">"</span><span class="s">/feed</span><span class="sh">"</span> <span class="nd">@get</span><span class="p">()</span> <span class="k">async</span> <span class="k">def</span> <span class="nf">search</span><span class="p">(</span> <span class="n">self</span><span class="p">,</span> <span class="n">db</span><span class="p">:</span> <span class="sh">"</span><span class="s">VideoStore</span><span class="sh">"</span><span class="p">,</span> <span class="n">q</span><span class="p">:</span> <span class="nb">str</span> <span class="o">=</span> <span class="nc">Parameter</span><span class="p">(</span><span class="n">min_length</span><span class="o">=</span><span class="mi">1</span><span class="p">,</span> <span class="n">max_length</span><span class="o">=</span><span class="mi">120</span><span class="p">),</span> <span class="n">region</span><span class="p">:</span> <span class="nb">str</span> <span class="o">=</span> <span class="nc">Parameter</span><span class="p">(</span><span class="n">default</span><span class="o">=</span><span class="sh">"</span><span class="s">US</span><span class="sh">"</span><span class="p">,</span> <span class="n">max_length</span><span class="o">=</span><span class="mi">2</span><span class="p">),</span> <span class="n">limit</span><span class="p">:</span> <span class="nb">int</span> <span class="o">=</span> <span class="nc">Parameter</span><span class="p">(</span><span class="n">default</span><span class="o">=</span><span class="mi">24</span><span class="p">,</span> <span class="n">ge</span><span class="o">=</span><span class="mi">1</span><span class="p">,</span> <span class="n">le</span><span class="o">=</span><span class="mi">100</span><span class="p">),</span> <span class="p">)</span> <span class="o">-&gt;</span> <span class="n">FeedResponse</span><span class="p">:</span> <span class="n">rows</span> <span class="o">=</span> <span class="k">await</span> <span class="n">db</span><span class="p">.</span><span class="nf">search</span><span class="p">(</span><span class="n">q</span><span class="p">,</span> <span class="n">region</span><span class="o">=</span><span class="n">region</span><span class="p">,</span> <span class="n">limit</span><span class="o">=</span><span class="n">limit</span><span class="p">)</span> <span class="k">return</span> <span class="nc">FeedResponse</span><span class="p">(</span><span class="n">query</span><span class="o">=</span><span class="n">q</span><span class="p">,</span> <span class="n">region</span><span class="o">=</span><span class="n">region</span><span class="p">,</span> <span class="n">count</span><span class="o">=</span><span class="nf">len</span><span class="p">(</span><span class="n">rows</span><span class="p">),</span> <span class="n">results</span><span class="o">=</span><span class="n">rows</span><span class="p">)</span> </code></pre> </div> <p>A few things worth calling out. The <code>Parameter</code> markers give me validation and OpenAPI docs for free — a query shorter than one character or a <code>limit</code> over 100 is rejected before my handler runs. The handler is <code>async</code>, so while one request waits on SQLite, the event loop is free to serve others. And the <code>db</code> argument is not parsed from the request; it is injected. That <code>VideoStore</code> comes from dependency injection, which I will get to.</p> <p>Because <code>VideoMeta</code> is a frozen msgspec struct, Litestar serializes the whole <code>FeedResponse</code> without ever building intermediate dicts. On a 24-item page that is 24 fewer dict allocations per request, which adds up when you are doing thousands of requests a second.</p> <h2> Async all the way down to SQLite </h2> <p>The interesting constraint is that I wanted to keep SQLite. It is the right database for DailyWatch — a single file, no server to operate, FTS5 built in, and Cloudflare absorbs most of the read traffic anyway. The catch is that SQLite is synchronous and the C library does blocking I/O. If you call it naively from an async handler you block the event loop, and you have thrown away the entire reason you went async.</p> <p>The pragmatic answer is <code>aiosqlite</code>, which runs each connection in a dedicated thread and gives you an awaitable interface. SQLite releases the GIL during its I/O, so a handful of reader connections genuinely run in parallel. I also turn on WAL mode so readers never block on the writer.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">aiosqlite</span> <span class="k">class</span> <span class="nc">VideoStore</span><span class="p">:</span> <span class="k">def</span> <span class="nf">__init__</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">conn</span><span class="p">:</span> <span class="n">aiosqlite</span><span class="p">.</span><span class="n">Connection</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="bp">None</span><span class="p">:</span> <span class="n">self</span><span class="p">.</span><span class="n">_conn</span> <span class="o">=</span> <span class="n">conn</span> <span class="nd">@classmethod</span> <span class="k">async</span> <span class="k">def</span> <span class="nf">connect</span><span class="p">(</span><span class="n">cls</span><span class="p">,</span> <span class="n">path</span><span class="p">:</span> <span class="nb">str</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="sh">"</span><span class="s">VideoStore</span><span class="sh">"</span><span class="p">:</span> <span class="n">conn</span> <span class="o">=</span> <span class="k">await</span> <span class="n">aiosqlite</span><span class="p">.</span><span class="nf">connect</span><span class="p">(</span><span class="n">path</span><span class="p">)</span> <span class="k">await</span> <span class="n">conn</span><span class="p">.</span><span class="nf">execute</span><span class="p">(</span><span class="sh">"</span><span class="s">PRAGMA journal_mode=WAL</span><span class="sh">"</span><span class="p">)</span> <span class="k">await</span> <span class="n">conn</span><span class="p">.</span><span class="nf">execute</span><span class="p">(</span><span class="sh">"</span><span class="s">PRAGMA synchronous=NORMAL</span><span class="sh">"</span><span class="p">)</span> <span class="k">await</span> <span class="n">conn</span><span class="p">.</span><span class="nf">execute</span><span class="p">(</span><span class="sh">"</span><span class="s">PRAGMA cache_size=-16000</span><span class="sh">"</span><span class="p">)</span> <span class="c1"># ~16 MB page cache </span> <span class="n">conn</span><span class="p">.</span><span class="n">row_factory</span> <span class="o">=</span> <span class="n">aiosqlite</span><span class="p">.</span><span class="n">Row</span> <span class="k">return</span> <span class="nf">cls</span><span class="p">(</span><span class="n">conn</span><span class="p">)</span> <span class="k">async</span> <span class="k">def</span> <span class="nf">search</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">q</span><span class="p">:</span> <span class="nb">str</span><span class="p">,</span> <span class="o">*</span><span class="p">,</span> <span class="n">region</span><span class="p">:</span> <span class="nb">str</span><span class="p">,</span> <span class="n">limit</span><span class="p">:</span> <span class="nb">int</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="nb">list</span><span class="p">[</span><span class="n">VideoMeta</span><span class="p">]:</span> <span class="c1"># bm25() returns a distance: lower is better, so negate for a score. </span> <span class="n">sql</span> <span class="o">=</span> <span class="sh">"""</span><span class="s"> SELECT v.id, v.title, v.channel, v.duration_seconds, v.thumbnail, v.region, -bm25(video_fts, 8.0, 2.0) AS score FROM video_fts JOIN videos v ON v.rowid = video_fts.rowid WHERE video_fts MATCH :match AND (v.region = :region OR v.region = </span><span class="sh">'</span><span class="s">GLOBAL</span><span class="sh">'</span><span class="s">) ORDER BY score DESC LIMIT :limit </span><span class="sh">"""</span> <span class="n">match</span> <span class="o">=</span> <span class="n">self</span><span class="p">.</span><span class="nf">_fts_query</span><span class="p">(</span><span class="n">q</span><span class="p">)</span> <span class="k">async</span> <span class="k">with</span> <span class="n">self</span><span class="p">.</span><span class="n">_conn</span><span class="p">.</span><span class="nf">execute</span><span class="p">(</span> <span class="n">sql</span><span class="p">,</span> <span class="p">{</span><span class="sh">"</span><span class="s">match</span><span class="sh">"</span><span class="p">:</span> <span class="n">match</span><span class="p">,</span> <span class="sh">"</span><span class="s">region</span><span class="sh">"</span><span class="p">:</span> <span class="n">region</span><span class="p">,</span> <span class="sh">"</span><span class="s">limit</span><span class="sh">"</span><span class="p">:</span> <span class="n">limit</span><span class="p">}</span> <span class="p">)</span> <span class="k">as</span> <span class="n">cur</span><span class="p">:</span> <span class="n">rows</span> <span class="o">=</span> <span class="k">await</span> <span class="n">cur</span><span class="p">.</span><span class="nf">fetchall</span><span class="p">()</span> <span class="k">return</span> <span class="p">[</span> <span class="nc">VideoMeta</span><span class="p">(</span> <span class="nb">id</span><span class="o">=</span><span class="n">r</span><span class="p">[</span><span class="sh">"</span><span class="s">id</span><span class="sh">"</span><span class="p">],</span> <span class="n">title</span><span class="o">=</span><span class="n">r</span><span class="p">[</span><span class="sh">"</span><span class="s">title</span><span class="sh">"</span><span class="p">],</span> <span class="n">channel</span><span class="o">=</span><span class="n">r</span><span class="p">[</span><span class="sh">"</span><span class="s">channel</span><span class="sh">"</span><span class="p">],</span> <span class="n">duration_seconds</span><span class="o">=</span><span class="n">r</span><span class="p">[</span><span class="sh">"</span><span class="s">duration_seconds</span><span class="sh">"</span><span class="p">],</span> <span class="n">thumbnail</span><span class="o">=</span><span class="n">r</span><span class="p">[</span><span class="sh">"</span><span class="s">thumbnail</span><span class="sh">"</span><span class="p">],</span> <span class="n">region</span><span class="o">=</span><span class="n">r</span><span class="p">[</span><span class="sh">"</span><span class="s">region</span><span class="sh">"</span><span class="p">],</span> <span class="n">score</span><span class="o">=</span><span class="n">r</span><span class="p">[</span><span class="sh">"</span><span class="s">score</span><span class="sh">"</span><span class="p">],</span> <span class="p">)</span> <span class="k">for</span> <span class="n">r</span> <span class="ow">in</span> <span class="n">rows</span> <span class="p">]</span> <span class="nd">@staticmethod</span> <span class="k">def</span> <span class="nf">_fts_query</span><span class="p">(</span><span class="n">raw</span><span class="p">:</span> <span class="nb">str</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="nb">str</span><span class="p">:</span> <span class="c1"># Turn free text into a safe prefix query: 'cat video' -&gt; 'cat* video*' </span> <span class="n">terms</span> <span class="o">=</span> <span class="p">[</span><span class="n">t</span> <span class="k">for</span> <span class="n">t</span> <span class="ow">in</span> <span class="n">raw</span><span class="p">.</span><span class="nf">replace</span><span class="p">(</span><span class="sh">'"'</span><span class="p">,</span> <span class="sh">"</span><span class="s"> </span><span class="sh">"</span><span class="p">).</span><span class="nf">split</span><span class="p">()</span> <span class="k">if</span> <span class="n">t</span><span class="p">]</span> <span class="k">return</span> <span class="sh">"</span><span class="s"> </span><span class="sh">"</span><span class="p">.</span><span class="nf">join</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="si">{</span><span class="n">t</span><span class="si">}</span><span class="s">*</span><span class="sh">"</span> <span class="k">for</span> <span class="n">t</span> <span class="ow">in</span> <span class="n">terms</span><span class="p">)</span> <span class="ow">or</span> <span class="sh">'""'</span> </code></pre> </div> <p>The <code>bm25()</code> call is the part I care most about. FTS5 ships with BM25 ranking built in, and the two numbers after the table name are per-column weights — here the title column counts for 8x and the channel for 2x, because a query match in the title is far more meaningful than a match in a channel name. I negate the result because FTS5's <code>bm25()</code> returns a value where lower is more relevant, and I want a score where higher is better.</p> <p>The <code>_fts_query</code> helper is small but it matters. Passing raw user input straight into a <code>MATCH</code> clause is how you get FTS5 syntax errors (or worse) from a stray quote or operator. Splitting on whitespace, stripping quotes, and appending <code>*</code> for prefix matching gives users the "search as you type" behavior they expect while keeping the query well-formed.</p> <h2> Dependency injection instead of globals </h2> <p>The <code>VideoStore</code> needs to exist once for the lifetime of the app, get its connection opened on startup, and closed on shutdown. Litestar's lifespan hooks plus app-level dependencies handle this without a single module-level global.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">contextlib</span> <span class="kn">import</span> <span class="n">asynccontextmanager</span> <span class="kn">from</span> <span class="n">collections.abc</span> <span class="kn">import</span> <span class="n">AsyncIterator</span> <span class="kn">from</span> <span class="n">litestar</span> <span class="kn">import</span> <span class="n">Litestar</span> <span class="kn">from</span> <span class="n">litestar.di</span> <span class="kn">import</span> <span class="n">Provide</span> <span class="nd">@asynccontextmanager</span> <span class="k">async</span> <span class="k">def</span> <span class="nf">lifespan</span><span class="p">(</span><span class="n">app</span><span class="p">:</span> <span class="n">Litestar</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="n">AsyncIterator</span><span class="p">[</span><span class="bp">None</span><span class="p">]:</span> <span class="n">store</span> <span class="o">=</span> <span class="k">await</span> <span class="n">VideoStore</span><span class="p">.</span><span class="nf">connect</span><span class="p">(</span><span class="sh">"</span><span class="s">/var/data/videos.db</span><span class="sh">"</span><span class="p">)</span> <span class="n">app</span><span class="p">.</span><span class="n">state</span><span class="p">.</span><span class="n">store</span> <span class="o">=</span> <span class="n">store</span> <span class="k">try</span><span class="p">:</span> <span class="k">yield</span> <span class="k">finally</span><span class="p">:</span> <span class="k">await</span> <span class="n">store</span><span class="p">.</span><span class="n">_conn</span><span class="p">.</span><span class="nf">close</span><span class="p">()</span> <span class="k">async</span> <span class="k">def</span> <span class="nf">provide_store</span><span class="p">(</span><span class="n">state</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="n">VideoStore</span><span class="p">:</span> <span class="k">return</span> <span class="n">state</span><span class="p">.</span><span class="n">store</span> <span class="n">app</span> <span class="o">=</span> <span class="nc">Litestar</span><span class="p">(</span> <span class="n">route_handlers</span><span class="o">=</span><span class="p">[</span><span class="n">FeedController</span><span class="p">],</span> <span class="n">lifespan</span><span class="o">=</span><span class="p">[</span><span class="n">lifespan</span><span class="p">],</span> <span class="n">dependencies</span><span class="o">=</span><span class="p">{</span><span class="sh">"</span><span class="s">db</span><span class="sh">"</span><span class="p">:</span> <span class="nc">Provide</span><span class="p">(</span><span class="n">provide_store</span><span class="p">)},</span> <span class="p">)</span> </code></pre> </div> <p>Now every handler that declares a <code>db: VideoStore</code> parameter gets the shared store, and nothing reaches into a global. In tests I swap <code>provide_store</code> for one that returns an in-memory store seeded with fixtures, and the handler code does not change at all. That testability is the quiet payoff of DI — it is not about ceremony, it is about being able to substitute the slow real thing for a fast fake one at the edges.</p> <p>For heavier setups you would open several reader connections and round-robin them, since each <code>aiosqlite.Connection</code> is single-threaded. For DailyWatch's feed traffic, a small pool of three to five readers plus one dedicated writer connection is plenty, and WAL mode means the writer never blocks them.</p> <h2> Keeping the PHP stack honest </h2> <p>I did not throw away PHP. The site's pages still render in PHP 8.4 under LiteSpeed, and they call this Litestar service over the local network for the dynamic feed slot. The PHP side stays simple — it just asks for JSON and trusts the schema, which msgspec guarantees.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="cp">&lt;?php</span> <span class="k">declare</span><span class="p">(</span><span class="n">strict_types</span><span class="o">=</span><span class="mi">1</span><span class="p">);</span> <span class="k">function</span> <span class="n">fetch_feed</span><span class="p">(</span><span class="kt">string</span> <span class="nv">$query</span><span class="p">,</span> <span class="kt">string</span> <span class="nv">$region</span> <span class="o">=</span> <span class="s1">'US'</span><span class="p">,</span> <span class="kt">int</span> <span class="nv">$limit</span> <span class="o">=</span> <span class="mi">24</span><span class="p">):</span> <span class="kt">array</span> <span class="p">{</span> <span class="nv">$url</span> <span class="o">=</span> <span class="s1">'http://127.0.0.1:8001/feed?'</span> <span class="mf">.</span> <span class="nb">http_build_query</span><span class="p">([</span> <span class="s1">'q'</span> <span class="o">=&gt;</span> <span class="nv">$query</span><span class="p">,</span> <span class="s1">'region'</span> <span class="o">=&gt;</span> <span class="nv">$region</span><span class="p">,</span> <span class="s1">'limit'</span> <span class="o">=&gt;</span> <span class="nv">$limit</span><span class="p">,</span> <span class="p">]);</span> <span class="nv">$ch</span> <span class="o">=</span> <span class="nb">curl_init</span><span class="p">(</span><span class="nv">$url</span><span class="p">);</span> <span class="nb">curl_setopt_array</span><span class="p">(</span><span class="nv">$ch</span><span class="p">,</span> <span class="p">[</span> <span class="no">CURLOPT_RETURNTRANSFER</span> <span class="o">=&gt;</span> <span class="kc">true</span><span class="p">,</span> <span class="no">CURLOPT_TIMEOUT_MS</span> <span class="o">=&gt;</span> <span class="mi">400</span><span class="p">,</span> <span class="no">CURLOPT_FAILONERROR</span> <span class="o">=&gt;</span> <span class="kc">true</span><span class="p">,</span> <span class="p">]);</span> <span class="nv">$raw</span> <span class="o">=</span> <span class="nb">curl_exec</span><span class="p">(</span><span class="nv">$ch</span><span class="p">);</span> <span class="k">if</span> <span class="p">(</span><span class="nv">$raw</span> <span class="o">===</span> <span class="kc">false</span><span class="p">)</span> <span class="p">{</span> <span class="nb">curl_close</span><span class="p">(</span><span class="nv">$ch</span><span class="p">);</span> <span class="k">return</span> <span class="p">[];</span> <span class="c1">// degrade gracefully: render cached fallback</span> <span class="p">}</span> <span class="nb">curl_close</span><span class="p">(</span><span class="nv">$ch</span><span class="p">);</span> <span class="nv">$data</span> <span class="o">=</span> <span class="nb">json_decode</span><span class="p">(</span><span class="nv">$raw</span><span class="p">,</span> <span class="kc">true</span><span class="p">,</span> <span class="n">flags</span><span class="o">:</span> <span class="no">JSON_THROW_ON_ERROR</span><span class="p">);</span> <span class="k">return</span> <span class="nv">$data</span><span class="p">[</span><span class="s1">'results'</span><span class="p">]</span> <span class="o">??</span> <span class="p">[];</span> <span class="p">}</span> </code></pre> </div> <p>The important design choice here is the 400ms timeout and the empty-array fallback. The feed is an enhancement, not a hard dependency. If the Litestar service is restarting or slow, PHP renders the cached "trending" block instead of throwing a 500. A free video discovery site lives and dies on never showing the user a broken page, so every cross-service call has a fallback that is good enough to ship.</p> <p>This boundary also keeps the two languages playing to their strengths. PHP under LiteSpeed is unbeatable at serving cached, templated HTML. Python under an async server is better at the chatty, concurrent, I/O-bound work. Drawing the line at "HTML is PHP, dynamic JSON fan-out is Litestar" meant I migrated one service instead of rewriting a site.</p> <h2> Caching at the edge with Cloudflare </h2> <p>The feed responses are not unique per user — they are unique per <code>(query, region)</code>. That makes them cacheable, and Cloudflare is already in front of everything. I set explicit cache headers from Litestar so the edge does the heavy lifting and the Python service mostly handles cache misses and warmups.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">litestar</span> <span class="kn">import</span> <span class="n">get</span> <span class="kn">from</span> <span class="n">litestar.response</span> <span class="kn">import</span> <span class="n">Response</span> <span class="kn">from</span> <span class="n">litestar.enums</span> <span class="kn">import</span> <span class="n">MediaType</span> <span class="nd">@get</span><span class="p">(</span><span class="sh">"</span><span class="s">/feed</span><span class="sh">"</span><span class="p">,</span> <span class="n">cache</span><span class="o">=</span><span class="bp">False</span><span class="p">)</span> <span class="k">async</span> <span class="k">def</span> <span class="nf">search</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">db</span><span class="p">:</span> <span class="n">VideoStore</span><span class="p">,</span> <span class="n">q</span><span class="p">:</span> <span class="nb">str</span><span class="p">,</span> <span class="n">region</span><span class="p">:</span> <span class="nb">str</span> <span class="o">=</span> <span class="sh">"</span><span class="s">US</span><span class="sh">"</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="n">Response</span><span class="p">:</span> <span class="n">rows</span> <span class="o">=</span> <span class="k">await</span> <span class="n">db</span><span class="p">.</span><span class="nf">search</span><span class="p">(</span><span class="n">q</span><span class="p">,</span> <span class="n">region</span><span class="o">=</span><span class="n">region</span><span class="p">,</span> <span class="n">limit</span><span class="o">=</span><span class="mi">24</span><span class="p">)</span> <span class="n">body</span> <span class="o">=</span> <span class="nc">FeedResponse</span><span class="p">(</span><span class="n">query</span><span class="o">=</span><span class="n">q</span><span class="p">,</span> <span class="n">region</span><span class="o">=</span><span class="n">region</span><span class="p">,</span> <span class="n">count</span><span class="o">=</span><span class="nf">len</span><span class="p">(</span><span class="n">rows</span><span class="p">),</span> <span class="n">results</span><span class="o">=</span><span class="n">rows</span><span class="p">)</span> <span class="k">return</span> <span class="nc">Response</span><span class="p">(</span> <span class="n">content</span><span class="o">=</span><span class="n">body</span><span class="p">,</span> <span class="n">media_type</span><span class="o">=</span><span class="n">MediaType</span><span class="p">.</span><span class="n">JSON</span><span class="p">,</span> <span class="n">headers</span><span class="o">=</span><span class="p">{</span> <span class="c1"># Edge caches for 5 min, serves stale for an hour while revalidating. </span> <span class="sh">"</span><span class="s">Cache-Control</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">public, max-age=300, stale-while-revalidate=3600</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">Vary</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">Accept-Encoding</span><span class="sh">"</span><span class="p">,</span> <span class="p">},</span> <span class="p">)</span> </code></pre> </div> <p>The <code>stale-while-revalidate</code> directive is the trick that keeps latency flat. When a cached feed expires, Cloudflare serves the slightly stale copy immediately and refreshes it in the background, so a user never waits on a cache miss. For a discovery feed where "the trending list from four minutes ago" is completely acceptable, this turns the vast majority of requests into edge hits that never touch Python at all. The origin only sees genuinely cold queries.</p> <p>One caveat I learned the hard way: be careful what you put in <code>Vary</code>. Varying on a cookie or a fine-grained header fragments the cache into uselessness. Vary on encoding, key your cache on the query and region in the URL, and keep the cacheable surface boring on purpose.</p> <h2> What the numbers looked like </h2> <p>I will not pretend this was a perfectly controlled benchmark — it was a production cutover with real traffic. But the before-and-after on the same hardware was clear:</p> <ul> <li> <strong>p95 latency at the origin</strong> dropped from ~280ms to ~45ms for cache misses, mostly because requests no longer queued behind blocked workers.</li> <li> <strong>Concurrency before saturation</strong> went up sharply. The PHP-FPM version started shedding requests around a few hundred concurrent feed calls because workers were stuck in I/O wait. The async version held steady well past that on the same box, since waiting requests cost an event-loop slot, not a whole process.</li> <li> <strong>Edge hit ratio</strong> settled around 90%+ once <code>stale-while-revalidate</code> was tuned, which means the Python service is mostly idle and only earns its keep on the long tail of unique queries.</li> </ul> <p>The serialization win from msgspec is real but it is not where the headline number comes from. The headline number comes from not blocking a worker on I/O. The msgspec speedup shows up as lower CPU per request, which matters for the bill, not the latency.</p> <h2> What I would do differently </h2> <p>A few honest regrets and notes:</p> <ul> <li> <strong>I should have added a writer queue sooner.</strong> With WAL and a single writer connection, concurrent writes serialize fine, but I initially shared the writer connection across coroutines and hit "database is locked" under bursty ingestion. The fix was a dedicated writer with its own task and an async queue feeding it.</li> <li> <strong>Prefix-only FTS5 matching is greedy.</strong> Appending <code>*</code> to every term is great for short queries and bad for long ones, where it over-matches. I now cap prefix expansion to the last token, which is what users are usually still typing.</li> <li> <strong>Connection-per-thread is a real ceiling.</strong> <code>aiosqlite</code> is the right tool at this scale, but if read volume ever outgrows a small pool, the move is to a read-replica file or to switch the hot table to a server-based store. SQLite earned its place; I just want to know where the wall is before I hit it.</li> </ul> <h2> Conclusion </h2> <p>The lesson was not "rewrite everything in async Python." It was "find the one service that is I/O-bound and chatty, and move only that." PHP 8.4 under LiteSpeed still renders every page on the site, SQLite with FTS5 is still the store, and Cloudflare still absorbs most of the traffic. Litestar slotted in as a focused metadata service that does the concurrent, waiting-heavy work the blocking stack was bad at. msgspec kept the serialization cheap, async kept the workers free, and dependency injection kept the whole thing testable. If you have a corner of your stack that spends its life waiting on I/O, peeling it off onto Litestar is a small, low-risk bet that paid off cleanly for us.</p> python litestar async sqlite ahmet gedik Wed, 10 Jun 2026 16:00:02 +0000 https://dev.to/ahmet_gedik778845/building-a-chaos-testing-harness-for-multi-region-video-api-endpoints-1oh3 https://dev.to/ahmet_gedik778845/building-a-chaos-testing-harness-for-multi-region-video-api-endpoints-1oh3 <h2> A truncated 200 took down discovery in three regions </h2> <p>At <a href="https://trendvidstream.com" rel="noopener noreferrer">TrendVidStream</a> we aggregate streaming-platform metadata across eight regions, and most of our reliability work used to assume failures announce themselves. A provider goes down, you get a 500 or a connection refused, your retry logic kicks in, life goes on. Then one night an upstream returned HTTP <code>200 OK</code> with a body truncated at exactly 8 KB. Our ingest cron parsed the partial JSON without complaint, wrote half-populated rows into SQLite, rebuilt the FTS5 index, and the discovery endpoint started serving near-empty result sets to US, GB, and DE viewers for forty minutes before a user emailed us.</p> <p>Nothing crashed. No alert fired. Every health check was green. The failure was a <em>lie</em>, and our test suite had no concept of a lying dependency. That incident is why we built a chaos testing harness specifically for the read paths that feed our video discovery API — not a generic Chaos Monkey clone, but a small, scriptable rig that injects the dishonest failures that actually happen in production: slow trickles, truncated bodies, wrong content lengths, garbage that still parses, and clock skew between regions.</p> <p>This post walks through the harness we run today: a fault-injecting proxy in Python, a defensive PHP 8.4 client that survives it, and a Go driver that measures blast radius. It is deliberately low-tech — it has to deploy over the same FTP automation as everything else we ship.</p> <h2> What chaos testing means for a read-heavy video API </h2> <p>Most chaos engineering literature is written for microservice fleets with service meshes and sidecars. We have none of that. Our stack is PHP 8.4 behind LiteSpeed, SQLite with FTS5 for search, region-aware cron jobs that pull upstream metadata, and FTP-based deploys. Injecting a sidecar is not on the table.</p> <p>So the goal is narrower and more useful: prove that a single bad upstream response cannot corrupt the cache or degrade more than one region. The properties we care about are:</p> <ul> <li> <strong>Containment</strong> — a fault in the DE ingest path must not poison rows served to JP.</li> <li> <strong>Honesty</strong> — if we cannot get a complete, valid response, we serve stale-but-correct data, never partial-fresh data.</li> <li> <strong>Bounded latency</strong> — a slow upstream must trip a deadline well under the LiteSpeed 180s timeout, not ride it to the edge.</li> <li> <strong>Idempotent recovery</strong> — after the fault clears, the next cron run fully heals the affected region with no manual step.</li> </ul> <p>Everything in the harness exists to falsify one of those four claims.</p> <h2> The fault taxonomy we inject </h2> <p>Real upstreams fail in more interesting ways than <code>timeout</code> and <code>500</code>. After a year of incident reviews, our taxonomy settled into seven fault types, each with a probability and a target region:</p> <ul> <li> <strong>slowloris</strong> — send the body one byte every few hundred ms, never closing.</li> <li> <strong>truncate</strong> — send a valid 200 with <code>Content-Length</code> for the full body but only flush the first N bytes.</li> <li> <strong>lie_length</strong> — send a body shorter or longer than the advertised <code>Content-Length</code>.</li> <li> <strong>valid_garbage</strong> — return well-formed JSON with the right shape but nonsense values (empty arrays, null IDs).</li> <li> <strong>flap</strong> — alternate 200 and 503 on each request to defeat naive retry-once logic.</li> <li> <strong>clock_skew</strong> — stamp <code>Date</code> and <code>Last-Modified</code> headers hours into the future.</li> <li> <strong>dribble_then_reset</strong> — send headers, dribble half the body, then RST the connection.</li> </ul> <p>The key design decision: faults are <strong>targeted by region</strong>, because containment is the property we most need to verify. We inject only into the DE path and assert that JP, US, and the other six stay clean.</p> <h2> A reverse proxy that lies </h2> <p>The heart of the harness is an <code>aiohttp</code> proxy that sits between our ingest cron and the real upstream. In normal mode it forwards transparently; with a fault profile loaded it corrupts responses according to the taxonomy. It runs locally on a staging box, never near production.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># chaos_proxy.py — run: python chaos_proxy.py --listen 8099 --upstream https://api.example.com </span><span class="kn">import</span> <span class="n">argparse</span><span class="p">,</span> <span class="n">asyncio</span><span class="p">,</span> <span class="n">json</span><span class="p">,</span> <span class="n">random</span> <span class="kn">from</span> <span class="n">aiohttp</span> <span class="kn">import</span> <span class="n">web</span><span class="p">,</span> <span class="n">ClientSession</span><span class="p">,</span> <span class="n">ClientTimeout</span> <span class="n">FAULTS</span> <span class="o">=</span> <span class="p">{}</span> <span class="c1"># loaded from --profile, keyed by region </span> <span class="k">def</span> <span class="nf">pick_fault</span><span class="p">(</span><span class="n">region</span><span class="p">:</span> <span class="nb">str</span><span class="p">):</span> <span class="n">spec</span> <span class="o">=</span> <span class="n">FAULTS</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="n">region</span><span class="p">)</span> <span class="k">if</span> <span class="ow">not</span> <span class="n">spec</span><span class="p">:</span> <span class="k">return</span> <span class="bp">None</span> <span class="k">if</span> <span class="n">random</span><span class="p">.</span><span class="nf">random</span><span class="p">()</span> <span class="o">&gt;</span> <span class="n">spec</span><span class="p">[</span><span class="sh">"</span><span class="s">probability</span><span class="sh">"</span><span class="p">]:</span> <span class="k">return</span> <span class="bp">None</span> <span class="k">return</span> <span class="n">random</span><span class="p">.</span><span class="nf">choice</span><span class="p">(</span><span class="n">spec</span><span class="p">[</span><span class="sh">"</span><span class="s">types</span><span class="sh">"</span><span class="p">])</span> <span class="k">async</span> <span class="k">def</span> <span class="nf">handle</span><span class="p">(</span><span class="n">request</span><span class="p">:</span> <span class="n">web</span><span class="p">.</span><span class="n">Request</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="n">web</span><span class="p">.</span><span class="n">StreamResponse</span><span class="p">:</span> <span class="n">region</span> <span class="o">=</span> <span class="n">request</span><span class="p">.</span><span class="n">headers</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">X-Region</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">US</span><span class="sh">"</span><span class="p">)</span> <span class="n">fault</span> <span class="o">=</span> <span class="nf">pick_fault</span><span class="p">(</span><span class="n">region</span><span class="p">)</span> <span class="n">upstream</span> <span class="o">=</span> <span class="n">request</span><span class="p">.</span><span class="n">app</span><span class="p">[</span><span class="sh">"</span><span class="s">upstream</span><span class="sh">"</span><span class="p">]</span> <span class="o">+</span> <span class="n">request</span><span class="p">.</span><span class="n">rel_url</span><span class="p">.</span><span class="n">path_qs</span> <span class="n">timeout</span> <span class="o">=</span> <span class="nc">ClientTimeout</span><span class="p">(</span><span class="n">total</span><span class="o">=</span><span class="mi">20</span><span class="p">)</span> <span class="k">async</span> <span class="k">with</span> <span class="nc">ClientSession</span><span class="p">(</span><span class="n">timeout</span><span class="o">=</span><span class="n">timeout</span><span class="p">)</span> <span class="k">as</span> <span class="n">session</span><span class="p">:</span> <span class="k">async</span> <span class="k">with</span> <span class="n">session</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="n">upstream</span><span class="p">,</span> <span class="n">headers</span><span class="o">=</span><span class="p">{</span><span class="sh">"</span><span class="s">Accept</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">application/json</span><span class="sh">"</span><span class="p">})</span> <span class="k">as</span> <span class="n">up</span><span class="p">:</span> <span class="n">body</span> <span class="o">=</span> <span class="k">await</span> <span class="n">up</span><span class="p">.</span><span class="nf">read</span><span class="p">()</span> <span class="k">if</span> <span class="n">fault</span> <span class="o">==</span> <span class="sh">"</span><span class="s">valid_garbage</span><span class="sh">"</span><span class="p">:</span> <span class="n">body</span> <span class="o">=</span> <span class="n">json</span><span class="p">.</span><span class="nf">dumps</span><span class="p">({</span><span class="sh">"</span><span class="s">items</span><span class="sh">"</span><span class="p">:</span> <span class="p">[],</span> <span class="sh">"</span><span class="s">region</span><span class="sh">"</span><span class="p">:</span> <span class="n">region</span><span class="p">,</span> <span class="sh">"</span><span class="s">injected</span><span class="sh">"</span><span class="p">:</span> <span class="bp">True</span><span class="p">}).</span><span class="nf">encode</span><span class="p">()</span> <span class="k">elif</span> <span class="n">fault</span> <span class="o">==</span> <span class="sh">"</span><span class="s">clock_skew</span><span class="sh">"</span><span class="p">:</span> <span class="n">resp</span> <span class="o">=</span> <span class="n">web</span><span class="p">.</span><span class="nc">Response</span><span class="p">(</span><span class="n">body</span><span class="o">=</span><span class="n">body</span><span class="p">,</span> <span class="n">status</span><span class="o">=</span><span class="mi">200</span><span class="p">)</span> <span class="n">resp</span><span class="p">.</span><span class="n">headers</span><span class="p">[</span><span class="sh">"</span><span class="s">Date</span><span class="sh">"</span><span class="p">]</span> <span class="o">=</span> <span class="sh">"</span><span class="s">Wed, 01 Jan 2031 00:00:00 GMT</span><span class="sh">"</span> <span class="k">return</span> <span class="n">resp</span> <span class="k">elif</span> <span class="n">fault</span> <span class="o">==</span> <span class="sh">"</span><span class="s">flap</span><span class="sh">"</span><span class="p">:</span> <span class="n">request</span><span class="p">.</span><span class="n">app</span><span class="p">[</span><span class="sh">"</span><span class="s">flap</span><span class="sh">"</span><span class="p">]</span> <span class="o">=</span> <span class="ow">not</span> <span class="n">request</span><span class="p">.</span><span class="n">app</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">flap</span><span class="sh">"</span><span class="p">,</span> <span class="bp">False</span><span class="p">)</span> <span class="k">if</span> <span class="n">request</span><span class="p">.</span><span class="n">app</span><span class="p">[</span><span class="sh">"</span><span class="s">flap</span><span class="sh">"</span><span class="p">]:</span> <span class="k">return</span> <span class="n">web</span><span class="p">.</span><span class="nc">Response</span><span class="p">(</span><span class="n">status</span><span class="o">=</span><span class="mi">503</span><span class="p">,</span> <span class="n">text</span><span class="o">=</span><span class="sh">"</span><span class="s">flap</span><span class="sh">"</span><span class="p">)</span> <span class="c1"># streaming faults need a manually driven response </span> <span class="k">if</span> <span class="n">fault</span> <span class="ow">in</span> <span class="p">(</span><span class="sh">"</span><span class="s">slowloris</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">truncate</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">lie_length</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">dribble_then_reset</span><span class="sh">"</span><span class="p">):</span> <span class="n">resp</span> <span class="o">=</span> <span class="n">web</span><span class="p">.</span><span class="nc">StreamResponse</span><span class="p">(</span><span class="n">status</span><span class="o">=</span><span class="mi">200</span><span class="p">)</span> <span class="k">if</span> <span class="n">fault</span> <span class="ow">in</span> <span class="p">(</span><span class="sh">"</span><span class="s">truncate</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">lie_length</span><span class="sh">"</span><span class="p">):</span> <span class="n">resp</span><span class="p">.</span><span class="n">headers</span><span class="p">[</span><span class="sh">"</span><span class="s">Content-Length</span><span class="sh">"</span><span class="p">]</span> <span class="o">=</span> <span class="nf">str</span><span class="p">(</span><span class="nf">len</span><span class="p">(</span><span class="n">body</span><span class="p">))</span> <span class="c1"># promise the full size </span> <span class="k">await</span> <span class="n">resp</span><span class="p">.</span><span class="nf">prepare</span><span class="p">(</span><span class="n">request</span><span class="p">)</span> <span class="k">if</span> <span class="n">fault</span> <span class="o">==</span> <span class="sh">"</span><span class="s">slowloris</span><span class="sh">"</span><span class="p">:</span> <span class="k">for</span> <span class="n">b</span> <span class="ow">in</span> <span class="n">body</span><span class="p">:</span> <span class="k">await</span> <span class="n">resp</span><span class="p">.</span><span class="nf">write</span><span class="p">(</span><span class="nf">bytes</span><span class="p">([</span><span class="n">b</span><span class="p">]))</span> <span class="k">await</span> <span class="n">asyncio</span><span class="p">.</span><span class="nf">sleep</span><span class="p">(</span><span class="mf">0.3</span><span class="p">)</span> <span class="k">elif</span> <span class="n">fault</span> <span class="o">==</span> <span class="sh">"</span><span class="s">truncate</span><span class="sh">"</span><span class="p">:</span> <span class="k">await</span> <span class="n">resp</span><span class="p">.</span><span class="nf">write</span><span class="p">(</span><span class="n">body</span><span class="p">[:</span> <span class="nf">len</span><span class="p">(</span><span class="n">body</span><span class="p">)</span> <span class="o">//</span> <span class="mi">2</span><span class="p">])</span> <span class="c1"># send half, then stop </span> <span class="k">elif</span> <span class="n">fault</span> <span class="o">==</span> <span class="sh">"</span><span class="s">lie_length</span><span class="sh">"</span><span class="p">:</span> <span class="k">await</span> <span class="n">resp</span><span class="p">.</span><span class="nf">write</span><span class="p">(</span><span class="n">body</span><span class="p">[:</span><span class="o">-</span><span class="mi">32</span><span class="p">])</span> <span class="c1"># 32 bytes short of the promise </span> <span class="k">elif</span> <span class="n">fault</span> <span class="o">==</span> <span class="sh">"</span><span class="s">dribble_then_reset</span><span class="sh">"</span><span class="p">:</span> <span class="k">await</span> <span class="n">resp</span><span class="p">.</span><span class="nf">write</span><span class="p">(</span><span class="n">body</span><span class="p">[:</span> <span class="nf">len</span><span class="p">(</span><span class="n">body</span><span class="p">)</span> <span class="o">//</span> <span class="mi">2</span><span class="p">])</span> <span class="n">request</span><span class="p">.</span><span class="n">transport</span><span class="p">.</span><span class="nf">abort</span><span class="p">()</span> <span class="c1"># RST mid-stream </span> <span class="k">await</span> <span class="n">resp</span><span class="p">.</span><span class="nf">write_eof</span><span class="p">()</span> <span class="k">return</span> <span class="n">resp</span> <span class="k">return</span> <span class="n">web</span><span class="p">.</span><span class="nc">Response</span><span class="p">(</span><span class="n">body</span><span class="o">=</span><span class="n">body</span><span class="p">,</span> <span class="n">status</span><span class="o">=</span><span class="mi">200</span><span class="p">,</span> <span class="n">content_type</span><span class="o">=</span><span class="sh">"</span><span class="s">application/json</span><span class="sh">"</span><span class="p">)</span> <span class="k">def</span> <span class="nf">main</span><span class="p">():</span> <span class="n">ap</span> <span class="o">=</span> <span class="n">argparse</span><span class="p">.</span><span class="nc">ArgumentParser</span><span class="p">()</span> <span class="n">ap</span><span class="p">.</span><span class="nf">add_argument</span><span class="p">(</span><span class="sh">"</span><span class="s">--listen</span><span class="sh">"</span><span class="p">,</span> <span class="nb">type</span><span class="o">=</span><span class="nb">int</span><span class="p">,</span> <span class="n">default</span><span class="o">=</span><span class="mi">8099</span><span class="p">)</span> <span class="n">ap</span><span class="p">.</span><span class="nf">add_argument</span><span class="p">(</span><span class="sh">"</span><span class="s">--upstream</span><span class="sh">"</span><span class="p">,</span> <span class="n">required</span><span class="o">=</span><span class="bp">True</span><span class="p">)</span> <span class="n">ap</span><span class="p">.</span><span class="nf">add_argument</span><span class="p">(</span><span class="sh">"</span><span class="s">--profile</span><span class="sh">"</span><span class="p">,</span> <span class="n">help</span><span class="o">=</span><span class="sh">"</span><span class="s">JSON file of region-&gt;fault spec</span><span class="sh">"</span><span class="p">)</span> <span class="n">args</span> <span class="o">=</span> <span class="n">ap</span><span class="p">.</span><span class="nf">parse_args</span><span class="p">()</span> <span class="k">if</span> <span class="n">args</span><span class="p">.</span><span class="n">profile</span><span class="p">:</span> <span class="n">FAULTS</span><span class="p">.</span><span class="nf">update</span><span class="p">(</span><span class="n">json</span><span class="p">.</span><span class="nf">load</span><span class="p">(</span><span class="nf">open</span><span class="p">(</span><span class="n">args</span><span class="p">.</span><span class="n">profile</span><span class="p">)))</span> <span class="n">app</span> <span class="o">=</span> <span class="n">web</span><span class="p">.</span><span class="nc">Application</span><span class="p">()</span> <span class="n">app</span><span class="p">[</span><span class="sh">"</span><span class="s">upstream</span><span class="sh">"</span><span class="p">]</span> <span class="o">=</span> <span class="n">args</span><span class="p">.</span><span class="n">upstream</span><span class="p">.</span><span class="nf">rstrip</span><span class="p">(</span><span class="sh">"</span><span class="s">/</span><span class="sh">"</span><span class="p">)</span> <span class="n">app</span><span class="p">.</span><span class="n">router</span><span class="p">.</span><span class="nf">add_route</span><span class="p">(</span><span class="sh">"</span><span class="s">*</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">/{tail:.*}</span><span class="sh">"</span><span class="p">,</span> <span class="n">handle</span><span class="p">)</span> <span class="n">web</span><span class="p">.</span><span class="nf">run_app</span><span class="p">(</span><span class="n">app</span><span class="p">,</span> <span class="n">port</span><span class="o">=</span><span class="n">args</span><span class="p">.</span><span class="n">listen</span><span class="p">)</span> <span class="k">if</span> <span class="n">__name__</span> <span class="o">==</span> <span class="sh">"</span><span class="s">__main__</span><span class="sh">"</span><span class="p">:</span> <span class="nf">main</span><span class="p">()</span> </code></pre> </div> <p>A profile looks like this — we only ever target one region at a time so we can assert containment on the rest:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"DE"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"probability"</span><span class="p">:</span><span class="w"> </span><span class="mf">0.7</span><span class="p">,</span><span class="w"> </span><span class="nl">"types"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"truncate"</span><span class="p">,</span><span class="w"> </span><span class="s2">"lie_length"</span><span class="p">,</span><span class="w"> </span><span class="s2">"slowloris"</span><span class="p">,</span><span class="w"> </span><span class="s2">"valid_garbage"</span><span class="p">]</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>The <code>lie_length</code> case is the one that bit us originally: a <code>Content-Length</code> header that promises more bytes than arrive. A naive HTTP client either hangs waiting for the rest or, worse, hands you the short body as if it were complete.</p> <h2> Making the PHP endpoint survive the proxy </h2> <p>The defense lives in the ingest client. The old code did <code>json_decode(file_get_contents($url))</code> and trusted whatever came back. The hardened version enforces a deadline, verifies the byte count against the advertised length, validates the decoded shape, and — critically — refuses to overwrite good cache rows with anything it cannot fully trust. It uses a tiny circuit breaker stored in SQLite so a flapping region trips fast and recovers on its own.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="cp">&lt;?php</span> <span class="k">declare</span><span class="p">(</span><span class="n">strict_types</span><span class="o">=</span><span class="mi">1</span><span class="p">);</span> <span class="c1">// IngestClient.php — PHP 8.4</span> <span class="k">final</span> <span class="kd">class</span> <span class="nc">IngestClient</span> <span class="p">{</span> <span class="k">private</span> <span class="k">const</span> <span class="no">DEADLINE_MS</span> <span class="o">=</span> <span class="mi">8000</span><span class="p">;</span> <span class="c1">// well under LiteSpeed's 180s</span> <span class="k">private</span> <span class="k">const</span> <span class="no">MIN_ITEMS</span> <span class="o">=</span> <span class="mi">5</span><span class="p">;</span> <span class="c1">// a real region never returns fewer</span> <span class="k">private</span> <span class="k">const</span> <span class="no">TRIP_AFTER</span> <span class="o">=</span> <span class="mi">3</span><span class="p">;</span> <span class="c1">// consecutive failures before open</span> <span class="k">public</span> <span class="k">function</span> <span class="n">__construct</span><span class="p">(</span><span class="k">private</span> <span class="k">readonly</span> <span class="kt">PDO</span> <span class="nv">$db</span><span class="p">)</span> <span class="p">{}</span> <span class="k">public</span> <span class="k">function</span> <span class="n">fetchRegion</span><span class="p">(</span><span class="kt">string</span> <span class="nv">$region</span><span class="p">,</span> <span class="kt">string</span> <span class="nv">$url</span><span class="p">):</span> <span class="kt">array</span> <span class="p">{</span> <span class="k">if</span> <span class="p">(</span><span class="nv">$this</span><span class="o">-&gt;</span><span class="nf">breakerOpen</span><span class="p">(</span><span class="nv">$region</span><span class="p">))</span> <span class="p">{</span> <span class="k">return</span> <span class="p">[</span><span class="s1">'ok'</span> <span class="o">=&gt;</span> <span class="kc">false</span><span class="p">,</span> <span class="s1">'reason'</span> <span class="o">=&gt;</span> <span class="s1">'breaker_open'</span><span class="p">,</span> <span class="s1">'region'</span> <span class="o">=&gt;</span> <span class="nv">$region</span><span class="p">];</span> <span class="p">}</span> <span class="nv">$ch</span> <span class="o">=</span> <span class="nb">curl_init</span><span class="p">(</span><span class="nv">$url</span><span class="p">);</span> <span class="nb">curl_setopt_array</span><span class="p">(</span><span class="nv">$ch</span><span class="p">,</span> <span class="p">[</span> <span class="no">CURLOPT_RETURNTRANSFER</span> <span class="o">=&gt;</span> <span class="kc">true</span><span class="p">,</span> <span class="no">CURLOPT_TIMEOUT_MS</span> <span class="o">=&gt;</span> <span class="k">self</span><span class="o">::</span><span class="no">DEADLINE_MS</span><span class="p">,</span> <span class="no">CURLOPT_HTTPHEADER</span> <span class="o">=&gt;</span> <span class="p">[</span><span class="s2">"X-Region: </span><span class="si">{</span><span class="nv">$region</span><span class="si">}</span><span class="s2">"</span><span class="p">,</span> <span class="s1">'Accept: application/json'</span><span class="p">],</span> <span class="no">CURLOPT_FAILONERROR</span> <span class="o">=&gt;</span> <span class="kc">false</span><span class="p">,</span> <span class="p">]);</span> <span class="nv">$body</span> <span class="o">=</span> <span class="nb">curl_exec</span><span class="p">(</span><span class="nv">$ch</span><span class="p">);</span> <span class="nv">$status</span> <span class="o">=</span> <span class="nb">curl_getinfo</span><span class="p">(</span><span class="nv">$ch</span><span class="p">,</span> <span class="no">CURLINFO_RESPONSE_CODE</span><span class="p">);</span> <span class="nv">$dlSize</span> <span class="o">=</span> <span class="p">(</span><span class="n">int</span><span class="p">)</span> <span class="nb">curl_getinfo</span><span class="p">(</span><span class="nv">$ch</span><span class="p">,</span> <span class="no">CURLINFO_SIZE_DOWNLOAD</span><span class="p">);</span> <span class="nv">$claim</span> <span class="o">=</span> <span class="p">(</span><span class="n">int</span><span class="p">)</span> <span class="nb">curl_getinfo</span><span class="p">(</span><span class="nv">$ch</span><span class="p">,</span> <span class="no">CURLINFO_CONTENT_LENGTH_DOWNLOAD</span><span class="p">);</span> <span class="nv">$errno</span> <span class="o">=</span> <span class="nb">curl_errno</span><span class="p">(</span><span class="nv">$ch</span><span class="p">);</span> <span class="nb">curl_close</span><span class="p">(</span><span class="nv">$ch</span><span class="p">);</span> <span class="nv">$fail</span> <span class="o">=</span> <span class="k">fn</span><span class="p">(</span><span class="kt">string</span> <span class="nv">$why</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="nf">trip</span><span class="p">(</span><span class="nv">$region</span><span class="p">,</span> <span class="nv">$why</span><span class="p">);</span> <span class="k">if</span> <span class="p">(</span><span class="nv">$errno</span> <span class="o">!==</span> <span class="mi">0</span> <span class="o">||</span> <span class="nv">$status</span> <span class="o">!==</span> <span class="mi">200</span> <span class="o">||</span> <span class="nv">$body</span> <span class="o">===</span> <span class="kc">false</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nv">$fail</span><span class="p">(</span><span class="s2">"transport:</span><span class="si">{</span><span class="nv">$errno</span><span class="si">}</span><span class="s2">:</span><span class="si">{</span><span class="nv">$status</span><span class="si">}</span><span class="s2">"</span><span class="p">);</span> <span class="p">}</span> <span class="c1">// catch lie_length / truncate: advertised length must match what we read</span> <span class="k">if</span> <span class="p">(</span><span class="nv">$claim</span> <span class="o">&gt;</span> <span class="mi">0</span> <span class="o">&amp;&amp;</span> <span class="nv">$claim</span> <span class="o">!==</span> <span class="nv">$dlSize</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nv">$fail</span><span class="p">(</span><span class="s2">"length_mismatch:</span><span class="si">{</span><span class="nv">$claim</span><span class="si">}</span><span class="s2">!=</span><span class="si">{</span><span class="nv">$dlSize</span><span class="si">}</span><span class="s2">"</span><span class="p">);</span> <span class="p">}</span> <span class="nv">$data</span> <span class="o">=</span> <span class="nb">json_decode</span><span class="p">(</span><span class="nv">$body</span><span class="p">,</span> <span class="kc">true</span><span class="p">);</span> <span class="k">if</span> <span class="p">(</span><span class="o">!</span><span class="nb">is_array</span><span class="p">(</span><span class="nv">$data</span><span class="p">)</span> <span class="o">||</span> <span class="o">!</span><span class="k">isset</span><span class="p">(</span><span class="nv">$data</span><span class="p">[</span><span class="s1">'items'</span><span class="p">])</span> <span class="o">||</span> <span class="o">!</span><span class="nb">is_array</span><span class="p">(</span><span class="nv">$data</span><span class="p">[</span><span class="s1">'items'</span><span class="p">]))</span> <span class="p">{</span> <span class="k">return</span> <span class="nv">$fail</span><span class="p">(</span><span class="s1">'shape_invalid'</span><span class="p">);</span> <span class="p">}</span> <span class="c1">// catch valid_garbage: structurally fine but empty</span> <span class="k">if</span> <span class="p">(</span><span class="nb">count</span><span class="p">(</span><span class="nv">$data</span><span class="p">[</span><span class="s1">'items'</span><span class="p">])</span> <span class="o">&lt;</span> <span class="k">self</span><span class="o">::</span><span class="no">MIN_ITEMS</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nv">$fail</span><span class="p">(</span><span class="s1">'too_few_items'</span><span class="p">);</span> <span class="p">}</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="nb">reset</span><span class="p">(</span><span class="nv">$region</span><span class="p">);</span> <span class="k">return</span> <span class="p">[</span><span class="s1">'ok'</span> <span class="o">=&gt;</span> <span class="kc">true</span><span class="p">,</span> <span class="s1">'items'</span> <span class="o">=&gt;</span> <span class="nv">$data</span><span class="p">[</span><span class="s1">'items'</span><span class="p">],</span> <span class="s1">'region'</span> <span class="o">=&gt;</span> <span class="nv">$region</span><span class="p">];</span> <span class="p">}</span> <span class="k">private</span> <span class="k">function</span> <span class="n">breakerOpen</span><span class="p">(</span><span class="kt">string</span> <span class="nv">$region</span><span class="p">):</span> <span class="kt">bool</span> <span class="p">{</span> <span class="nv">$st</span> <span class="o">=</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="n">db</span><span class="o">-&gt;</span><span class="nf">prepare</span><span class="p">(</span> <span class="s1">'SELECT fails, opened_until FROM breaker WHERE region = ?'</span> <span class="p">);</span> <span class="nv">$st</span><span class="o">-&gt;</span><span class="nf">execute</span><span class="p">([</span><span class="nv">$region</span><span class="p">]);</span> <span class="nv">$row</span> <span class="o">=</span> <span class="nv">$st</span><span class="o">-&gt;</span><span class="nf">fetch</span><span class="p">(</span><span class="no">PDO</span><span class="o">::</span><span class="no">FETCH_ASSOC</span><span class="p">);</span> <span class="k">return</span> <span class="nv">$row</span> <span class="o">&amp;&amp;</span> <span class="p">(</span><span class="n">int</span><span class="p">)</span> <span class="nv">$row</span><span class="p">[</span><span class="s1">'opened_until'</span><span class="p">]</span> <span class="o">&gt;</span> <span class="nb">time</span><span class="p">();</span> <span class="p">}</span> <span class="k">private</span> <span class="k">function</span> <span class="n">trip</span><span class="p">(</span><span class="kt">string</span> <span class="nv">$region</span><span class="p">,</span> <span class="kt">string</span> <span class="nv">$why</span><span class="p">):</span> <span class="kt">array</span> <span class="p">{</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="n">db</span><span class="o">-&gt;</span><span class="nf">prepare</span><span class="p">(</span> <span class="s1">'INSERT INTO breaker (region, fails, opened_until) VALUES (?, 1, 0) ON CONFLICT(region) DO UPDATE SET fails = fails + 1, opened_until = CASE WHEN fails + 1 &gt;= '</span> <span class="mf">.</span> <span class="k">self</span><span class="o">::</span><span class="no">TRIP_AFTER</span> <span class="mf">.</span> <span class="s1">' THEN ? ELSE opened_until END'</span> <span class="p">)</span><span class="o">-&gt;</span><span class="nf">execute</span><span class="p">([</span><span class="nv">$region</span><span class="p">,</span> <span class="nb">time</span><span class="p">()</span> <span class="o">+</span> <span class="mi">300</span><span class="p">]);</span> <span class="nb">error_log</span><span class="p">(</span><span class="s2">"chaos-defense region=</span><span class="si">{</span><span class="nv">$region</span><span class="si">}</span><span class="s2"> tripped why=</span><span class="si">{</span><span class="nv">$why</span><span class="si">}</span><span class="s2">"</span><span class="p">);</span> <span class="k">return</span> <span class="p">[</span><span class="s1">'ok'</span> <span class="o">=&gt;</span> <span class="kc">false</span><span class="p">,</span> <span class="s1">'reason'</span> <span class="o">=&gt;</span> <span class="nv">$why</span><span class="p">,</span> <span class="s1">'region'</span> <span class="o">=&gt;</span> <span class="nv">$region</span><span class="p">];</span> <span class="p">}</span> <span class="k">private</span> <span class="k">function</span> <span class="n">reset</span><span class="p">(</span><span class="kt">string</span> <span class="nv">$region</span><span class="p">):</span> <span class="kt">void</span> <span class="p">{</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="n">db</span><span class="o">-&gt;</span><span class="nf">prepare</span><span class="p">(</span> <span class="s1">'INSERT INTO breaker (region, fails, opened_until) VALUES (?, 0, 0) ON CONFLICT(region) DO UPDATE SET fails = 0, opened_until = 0'</span> <span class="p">)</span><span class="o">-&gt;</span><span class="nf">execute</span><span class="p">([</span><span class="nv">$region</span><span class="p">]);</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>The rule that makes containment work is what <em>isn't</em> here: there is no code path that writes <code>$data['items']</code> to the cache unless <code>ok</code> is <code>true</code>. A failed region returns early, the existing rows stay untouched, and the discovery API keeps serving the last known-good snapshot. Stale beats wrong on a content discovery site — a video from six hours ago is fine; an empty grid is not.</p> <p>The length check (<code>$claim !== $dlSize</code>) is the single line that would have prevented our original incident. <code>curl</code> exposes both the promised and actual download sizes, and comparing them is free.</p> <h2> Driving load and measuring blast radius </h2> <p>A fault that nobody hits proves nothing. The driver is a small Go program that hammers all eight region endpoints concurrently while a fault profile targets one of them, then reports per-region success rate and latency. We use Go here purely because goroutines make honest concurrent load trivial without a runtime to babysit.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="c">// driver.go — go run driver.go -base http://staging.local -faulty DE -n 400</span> <span class="k">package</span> <span class="n">main</span> <span class="k">import</span> <span class="p">(</span> <span class="s">"flag"</span> <span class="s">"fmt"</span> <span class="s">"net/http"</span> <span class="s">"sort"</span> <span class="s">"sync"</span> <span class="s">"time"</span> <span class="p">)</span> <span class="k">var</span> <span class="n">regions</span> <span class="o">=</span> <span class="p">[]</span><span class="kt">string</span><span class="p">{</span><span class="s">"US"</span><span class="p">,</span> <span class="s">"GB"</span><span class="p">,</span> <span class="s">"DE"</span><span class="p">,</span> <span class="s">"FR"</span><span class="p">,</span> <span class="s">"JP"</span><span class="p">,</span> <span class="s">"KR"</span><span class="p">,</span> <span class="s">"BR"</span><span class="p">,</span> <span class="s">"AU"</span><span class="p">}</span> <span class="k">type</span> <span class="n">stat</span> <span class="k">struct</span> <span class="p">{</span> <span class="n">ok</span><span class="p">,</span> <span class="n">fail</span> <span class="kt">int</span> <span class="n">lat</span> <span class="p">[]</span><span class="n">time</span><span class="o">.</span><span class="n">Duration</span> <span class="p">}</span> <span class="k">func</span> <span class="n">main</span><span class="p">()</span> <span class="p">{</span> <span class="n">base</span> <span class="o">:=</span> <span class="n">flag</span><span class="o">.</span><span class="n">String</span><span class="p">(</span><span class="s">"base"</span><span class="p">,</span> <span class="s">"http://localhost:8080"</span><span class="p">,</span> <span class="s">"discovery API base"</span><span class="p">)</span> <span class="n">n</span> <span class="o">:=</span> <span class="n">flag</span><span class="o">.</span><span class="n">Int</span><span class="p">(</span><span class="s">"n"</span><span class="p">,</span> <span class="m">200</span><span class="p">,</span> <span class="s">"requests per region"</span><span class="p">)</span> <span class="n">faulty</span> <span class="o">:=</span> <span class="n">flag</span><span class="o">.</span><span class="n">String</span><span class="p">(</span><span class="s">"faulty"</span><span class="p">,</span> <span class="s">"DE"</span><span class="p">,</span> <span class="s">"region under fault injection"</span><span class="p">)</span> <span class="n">flag</span><span class="o">.</span><span class="n">Parse</span><span class="p">()</span> <span class="n">client</span> <span class="o">:=</span> <span class="o">&amp;</span><span class="n">http</span><span class="o">.</span><span class="n">Client</span><span class="p">{</span><span class="n">Timeout</span><span class="o">:</span> <span class="m">15</span> <span class="o">*</span> <span class="n">time</span><span class="o">.</span><span class="n">Second</span><span class="p">}</span> <span class="n">results</span> <span class="o">:=</span> <span class="nb">make</span><span class="p">(</span><span class="k">map</span><span class="p">[</span><span class="kt">string</span><span class="p">]</span><span class="o">*</span><span class="n">stat</span><span class="p">,</span> <span class="nb">len</span><span class="p">(</span><span class="n">regions</span><span class="p">))</span> <span class="k">var</span> <span class="n">mu</span> <span class="n">sync</span><span class="o">.</span><span class="n">Mutex</span> <span class="k">var</span> <span class="n">wg</span> <span class="n">sync</span><span class="o">.</span><span class="n">WaitGroup</span> <span class="k">for</span> <span class="n">_</span><span class="p">,</span> <span class="n">r</span> <span class="o">:=</span> <span class="k">range</span> <span class="n">regions</span> <span class="p">{</span> <span class="n">results</span><span class="p">[</span><span class="n">r</span><span class="p">]</span> <span class="o">=</span> <span class="o">&amp;</span><span class="n">stat</span><span class="p">{}</span> <span class="k">for</span> <span class="n">i</span> <span class="o">:=</span> <span class="m">0</span><span class="p">;</span> <span class="n">i</span> <span class="o">&lt;</span> <span class="o">*</span><span class="n">n</span><span class="p">;</span> <span class="n">i</span><span class="o">++</span> <span class="p">{</span> <span class="n">wg</span><span class="o">.</span><span class="n">Add</span><span class="p">(</span><span class="m">1</span><span class="p">)</span> <span class="k">go</span> <span class="k">func</span><span class="p">(</span><span class="n">region</span> <span class="kt">string</span><span class="p">)</span> <span class="p">{</span> <span class="k">defer</span> <span class="n">wg</span><span class="o">.</span><span class="n">Done</span><span class="p">()</span> <span class="n">start</span> <span class="o">:=</span> <span class="n">time</span><span class="o">.</span><span class="n">Now</span><span class="p">()</span> <span class="n">req</span><span class="p">,</span> <span class="n">_</span> <span class="o">:=</span> <span class="n">http</span><span class="o">.</span><span class="n">NewRequest</span><span class="p">(</span><span class="s">"GET"</span><span class="p">,</span> <span class="o">*</span><span class="n">base</span><span class="o">+</span><span class="s">"/discover?region="</span><span class="o">+</span><span class="n">region</span><span class="p">,</span> <span class="no">nil</span><span class="p">)</span> <span class="n">resp</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">client</span><span class="o">.</span><span class="n">Do</span><span class="p">(</span><span class="n">req</span><span class="p">)</span> <span class="n">d</span> <span class="o">:=</span> <span class="n">time</span><span class="o">.</span><span class="n">Since</span><span class="p">(</span><span class="n">start</span><span class="p">)</span> <span class="n">mu</span><span class="o">.</span><span class="n">Lock</span><span class="p">()</span> <span class="k">defer</span> <span class="n">mu</span><span class="o">.</span><span class="n">Unlock</span><span class="p">()</span> <span class="n">s</span> <span class="o">:=</span> <span class="n">results</span><span class="p">[</span><span class="n">region</span><span class="p">]</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="o">||</span> <span class="n">resp</span><span class="o">.</span><span class="n">StatusCode</span> <span class="o">!=</span> <span class="m">200</span> <span class="p">{</span> <span class="n">s</span><span class="o">.</span><span class="n">fail</span><span class="o">++</span> <span class="k">return</span> <span class="p">}</span> <span class="n">resp</span><span class="o">.</span><span class="n">Body</span><span class="o">.</span><span class="n">Close</span><span class="p">()</span> <span class="n">s</span><span class="o">.</span><span class="n">ok</span><span class="o">++</span> <span class="n">s</span><span class="o">.</span><span class="n">lat</span> <span class="o">=</span> <span class="nb">append</span><span class="p">(</span><span class="n">s</span><span class="o">.</span><span class="n">lat</span><span class="p">,</span> <span class="n">d</span><span class="p">)</span> <span class="p">}(</span><span class="n">r</span><span class="p">)</span> <span class="p">}</span> <span class="p">}</span> <span class="n">wg</span><span class="o">.</span><span class="n">Wait</span><span class="p">()</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Printf</span><span class="p">(</span><span class="s">"fault target: %s</span><span class="se">\n</span><span class="s">%-6s %-8s %-8s %-10s</span><span class="se">\n</span><span class="s">"</span><span class="p">,</span> <span class="o">*</span><span class="n">faulty</span><span class="p">,</span> <span class="s">"region"</span><span class="p">,</span> <span class="s">"ok"</span><span class="p">,</span> <span class="s">"fail"</span><span class="p">,</span> <span class="s">"p95"</span><span class="p">)</span> <span class="k">for</span> <span class="n">_</span><span class="p">,</span> <span class="n">r</span> <span class="o">:=</span> <span class="k">range</span> <span class="n">regions</span> <span class="p">{</span> <span class="n">s</span> <span class="o">:=</span> <span class="n">results</span><span class="p">[</span><span class="n">r</span><span class="p">]</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Printf</span><span class="p">(</span><span class="s">"%-6s %-8d %-8d %-10s</span><span class="se">\n</span><span class="s">"</span><span class="p">,</span> <span class="n">r</span><span class="p">,</span> <span class="n">s</span><span class="o">.</span><span class="n">ok</span><span class="p">,</span> <span class="n">s</span><span class="o">.</span><span class="n">fail</span><span class="p">,</span> <span class="n">p95</span><span class="p">(</span><span class="n">s</span><span class="o">.</span><span class="n">lat</span><span class="p">))</span> <span class="p">}</span> <span class="p">}</span> <span class="k">func</span> <span class="n">p95</span><span class="p">(</span><span class="n">d</span> <span class="p">[]</span><span class="n">time</span><span class="o">.</span><span class="n">Duration</span><span class="p">)</span> <span class="n">time</span><span class="o">.</span><span class="n">Duration</span> <span class="p">{</span> <span class="k">if</span> <span class="nb">len</span><span class="p">(</span><span class="n">d</span><span class="p">)</span> <span class="o">==</span> <span class="m">0</span> <span class="p">{</span> <span class="k">return</span> <span class="m">0</span> <span class="p">}</span> <span class="n">sort</span><span class="o">.</span><span class="n">Slice</span><span class="p">(</span><span class="n">d</span><span class="p">,</span> <span class="k">func</span><span class="p">(</span><span class="n">i</span><span class="p">,</span> <span class="n">j</span> <span class="kt">int</span><span class="p">)</span> <span class="kt">bool</span> <span class="p">{</span> <span class="k">return</span> <span class="n">d</span><span class="p">[</span><span class="n">i</span><span class="p">]</span> <span class="o">&lt;</span> <span class="n">d</span><span class="p">[</span><span class="n">j</span><span class="p">]</span> <span class="p">})</span> <span class="k">return</span> <span class="n">d</span><span class="p">[</span><span class="kt">int</span><span class="p">(</span><span class="kt">float64</span><span class="p">(</span><span class="nb">len</span><span class="p">(</span><span class="n">d</span><span class="p">))</span><span class="o">*</span><span class="m">0.95</span><span class="p">)]</span> <span class="p">}</span> </code></pre> </div> <p>The output table is the whole point. A passing run looks like this: the faulty region shows degraded success (it is serving stale data, sometimes from an open breaker) but its p95 stays bounded, while every other region sits at 100% with normal latency. The moment another region's numbers move, containment is broken and we have a bug to fix before that code ships over FTP.</p> <h2> Wiring it into multi-region cron </h2> <p>The harness is not a one-off. Our region cron already loops over the region list to pull metadata, so the chaos run reuses the same loop on staging. A nightly job starts the proxy with a rotating single-region profile, runs the driver, and fails the build if any non-target region drops below 99.5% success or if any cache row for a clean region changes during the fault window.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c">#!/usr/bin/env bash</span> <span class="nb">set</span> <span class="nt">-euo</span> pipefail <span class="nv">REGIONS</span><span class="o">=(</span>US GB DE FR JP KR BR AU<span class="o">)</span> <span class="nv">TARGET</span><span class="o">=</span><span class="k">${</span><span class="nv">REGIONS</span><span class="p">[</span><span class="k">$((</span> RANDOM <span class="o">%</span> <span class="k">${#</span><span class="nv">REGIONS</span><span class="p">[@]</span><span class="k">}</span> <span class="k">))</span><span class="p">]</span><span class="k">}</span> <span class="c"># snapshot clean-region cache row counts before the storm</span> sqlite3 staging.db <span class="s2">"SELECT region, count(*) FROM videos GROUP BY region"</span> <span class="o">&gt;</span> /tmp/before.txt jq <span class="nt">-n</span> <span class="nt">--arg</span> r <span class="s2">"</span><span class="nv">$TARGET</span><span class="s2">"</span> <span class="s1">'{($r): {probability: 0.8, types: ["truncate","lie_length","slowloris","valid_garbage","flap"]}}'</span> <span class="o">&gt;</span> /tmp/profile.json python chaos_proxy.py <span class="nt">--listen</span> 8099 <span class="nt">--upstream</span> <span class="s2">"</span><span class="nv">$UPSTREAM</span><span class="s2">"</span> <span class="nt">--profile</span> /tmp/profile.json &amp; <span class="nv">PROXY</span><span class="o">=</span><span class="nv">$!</span> <span class="nb">trap</span> <span class="s1">'kill $PROXY'</span> EXIT <span class="nb">sleep </span>1 go run driver.go <span class="nt">-base</span> http://staging.local <span class="nt">-faulty</span> <span class="s2">"</span><span class="nv">$TARGET</span><span class="s2">"</span> <span class="nt">-n</span> 400 | <span class="nb">tee</span> /tmp/run.txt <span class="c"># assert containment: no clean region's row count moved</span> sqlite3 staging.db <span class="s2">"SELECT region, count(*) FROM videos GROUP BY region"</span> <span class="o">&gt;</span> /tmp/after.txt <span class="k">if</span> <span class="o">!</span> diff &lt;<span class="o">(</span><span class="nb">grep</span> <span class="nt">-v</span> <span class="s2">"^</span><span class="nv">$TARGET</span><span class="s2">|"</span> /tmp/before.txt<span class="o">)</span> &lt;<span class="o">(</span><span class="nb">grep</span> <span class="nt">-v</span> <span class="s2">"^</span><span class="nv">$TARGET</span><span class="s2">|"</span> /tmp/after.txt<span class="o">)</span><span class="p">;</span> <span class="k">then </span><span class="nb">echo</span> <span class="s2">"CONTAINMENT FAILURE: a clean region's cache changed during fault on </span><span class="nv">$TARGET</span><span class="s2">"</span> <span class="o">&gt;</span>&amp;2 <span class="nb">exit </span>1 <span class="k">fi </span><span class="nb">echo</span> <span class="s2">"chaos run clean — fault target </span><span class="nv">$TARGET</span><span class="s2"> contained"</span> </code></pre> </div> <p>Randomizing the target each night means that over a couple of weeks every region gets exercised, and a containment regression in any one of them surfaces without us having to remember to test it.</p> <h2> What we found </h2> <p>Running this against our own code was humbling. The truncation defense worked on the first try, but three other things did not:</p> <ul> <li> <strong>The flap fault broke our retry logic.</strong> We retried once on 503, and the alternating pattern meant the retry always hit the 200, masking that the upstream was unhealthy half the time. We now require two consecutive successes before clearing the breaker.</li> <li> <strong>Clock skew poisoned conditional requests.</strong> A <code>Last-Modified</code> stamped in 2031 made our <code>If-Modified-Since</code> logic skip refreshes for that region indefinitely. We now clamp upstream timestamps to <code>min(upstream, now)</code>.</li> <li> <strong>The 8s deadline was too generous under slowloris.</strong> A trickle that delivered a valid body at byte 7,900 of an 8,000-byte deadline passed validation but starved a cron worker. We added a minimum-throughput check.</li> </ul> <p>None of these would have shown up in a test that only mocked clean responses or hard failures. They lived in the gap between "working" and "broken" — exactly where lying dependencies operate.</p> <h2> Conclusion </h2> <p>Chaos testing for a read-heavy video API is not about randomly killing servers. It is about reproducing the dishonest failures real upstreams produce — truncated bodies, mismatched lengths, structurally-valid garbage, and skewed clocks — and proving that not one of them can escape a single region or corrupt your cache. The harness that does this is small: a lying proxy, a paranoid client that treats every response as guilty until verified, a concurrent driver that measures blast radius, and a cron wrapper that asserts containment and fails the build when it breaks.</p> <p>The whole thing fits in a few hundred lines and deploys over the same boring FTP pipeline as the rest of our code, which is the only reason it actually runs every night instead of rotting in a branch. If your video API trusts its upstreams to fail honestly, build the proxy that lies to it first — you will find the bugs that wake you at 2am while you are still awake to fix them.</p> testing php reliability go ahmet gedik Wed, 10 Jun 2026 07:00:01 +0000 https://dev.to/ahmet_gedik778845/streaming-live-video-view-counts-with-server-sent-events-in-php-84-3iam https://dev.to/ahmet_gedik778845/streaming-live-video-view-counts-with-server-sent-events-in-php-84-3iam <p>Last month a video about a Norwegian fjord drone crash went from 4,000 to 1.1 million views in nine hours on our discovery feed. The problem wasn't ingesting that traffic — it was the front end. Every visitor on the trending page had a <code>setInterval</code> firing a <code>fetch('/api/views?id=...')</code> every five seconds, and with a few thousand concurrent viewers that turned into a steady 600+ requests per second of nothing but "give me the current number." Each one opened a SQLite read, serialized a tiny JSON payload, and burned a LiteSpeed worker slot. The counts were stale by up to five seconds anyway, and the polling cost more CPU than the actual video metadata API.</p> <p>Polling is the wrong tool for a value that changes continuously and that the server already knows about the instant it changes. The right tool — for a one-directional, server-to-client stream of small updates — is Server-Sent Events (SSE). At <a href="https://viralvidvault.com" rel="noopener noreferrer">ViralVidVault</a> we run a European viral-video discovery feed, and live view counts are the single most-watched number on the site. This post is how we replaced polling with SSE on a PHP 8.4 / SQLite (WAL) / LiteSpeed / Cloudflare stack, the buffering traps that cost me an afternoon, and how we keep it GDPR-clean.</p> <h2> Why SSE and not WebSockets </h2> <p>The knee-jerk answer to "live updates" is WebSockets, but WebSockets are a bidirectional, stateful protocol. View counts only ever flow one way: server to browser. The client never has anything to say back except "I'm still here," which TCP already handles. SSE gives us exactly that one-way channel over plain HTTP, and it brings three properties that matter on our stack:</p> <ul> <li> <strong>It's just HTTP.</strong> No protocol upgrade, no separate port, no special LiteSpeed module. It rides through Cloudflare and our existing TLS termination unchanged.</li> <li> <strong>Automatic reconnect is built in.</strong> The browser's <code>EventSource</code> reconnects on drop and replays the <code>Last-Event-ID</code> header, so we get resumable streams for free.</li> <li> <strong>It degrades to text.</strong> An SSE stream is a <code>text/event-stream</code> body you can <code>curl</code> and read with your eyes. Debugging a WebSocket frame stream is a much worse afternoon.</li> </ul> <p>The one real limitation — the ~6 connections-per-domain cap in HTTP/1.1 — disappears under HTTP/2, which both LiteSpeed and Cloudflare give us by default. Over h2 a browser multiplexes dozens of SSE streams down one connection.</p> <h2> The data side: counting views without melting SQLite </h2> <p>Before streaming anything we need a count that's cheap to read and safe to write under load. We use SQLite in WAL (write-ahead logging) mode, which lets readers and a single writer proceed concurrently — exactly the shape of a view counter: many reads, frequent small writes from one ingest process.</p> <p>The naive approach — <code>UPDATE videos SET views = views + 1</code> on every hit — serializes every viewer behind a row lock and thrashes the WAL. Instead we buffer increments in memory and flush them on an interval. Here is the writer side, a long-running PHP CLI process that drains an in-memory delta map into SQLite:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="cp">&lt;?php</span> <span class="k">declare</span><span class="p">(</span><span class="n">strict_types</span><span class="o">=</span><span class="mi">1</span><span class="p">);</span> <span class="k">final</span> <span class="kd">class</span> <span class="nc">ViewCounter</span> <span class="p">{</span> <span class="k">private</span> <span class="no">\PDO</span> <span class="nv">$db</span><span class="p">;</span> <span class="cd">/** @var array&lt;int,int&gt; videoId =&gt; pending delta */</span> <span class="k">private</span> <span class="kt">array</span> <span class="nv">$pending</span> <span class="o">=</span> <span class="p">[];</span> <span class="k">public</span> <span class="k">function</span> <span class="n">__construct</span><span class="p">(</span><span class="kt">string</span> <span class="nv">$dbPath</span><span class="p">)</span> <span class="p">{</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="n">db</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">\PDO</span><span class="p">(</span><span class="s1">'sqlite:'</span> <span class="mf">.</span> <span class="nv">$dbPath</span><span class="p">,</span> <span class="kc">null</span><span class="p">,</span> <span class="kc">null</span><span class="p">,</span> <span class="p">[</span> <span class="no">\PDO</span><span class="o">::</span><span class="no">ATTR_ERRMODE</span> <span class="o">=&gt;</span> <span class="no">\PDO</span><span class="o">::</span><span class="no">ERRMODE_EXCEPTION</span><span class="p">,</span> <span class="p">]);</span> <span class="c1">// WAL: concurrent readers + one writer, durable enough for counters.</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="n">db</span><span class="o">-&gt;</span><span class="nb">exec</span><span class="p">(</span><span class="s1">'PRAGMA journal_mode = WAL'</span><span class="p">);</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="n">db</span><span class="o">-&gt;</span><span class="nb">exec</span><span class="p">(</span><span class="s1">'PRAGMA synchronous = NORMAL'</span><span class="p">);</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="n">db</span><span class="o">-&gt;</span><span class="nb">exec</span><span class="p">(</span><span class="s1">'PRAGMA busy_timeout = 5000'</span><span class="p">);</span> <span class="p">}</span> <span class="k">public</span> <span class="k">function</span> <span class="n">record</span><span class="p">(</span><span class="kt">int</span> <span class="nv">$videoId</span><span class="p">):</span> <span class="kt">void</span> <span class="p">{</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="n">pending</span><span class="p">[</span><span class="nv">$videoId</span><span class="p">]</span> <span class="o">=</span> <span class="p">(</span><span class="nv">$this</span><span class="o">-&gt;</span><span class="n">pending</span><span class="p">[</span><span class="nv">$videoId</span><span class="p">]</span> <span class="o">??</span> <span class="mi">0</span><span class="p">)</span> <span class="o">+</span> <span class="mi">1</span><span class="p">;</span> <span class="p">}</span> <span class="cd">/** Flush buffered deltas in one transaction. Call every ~1s. */</span> <span class="k">public</span> <span class="k">function</span> <span class="n">flush</span><span class="p">():</span> <span class="kt">void</span> <span class="p">{</span> <span class="k">if</span> <span class="p">(</span><span class="nv">$this</span><span class="o">-&gt;</span><span class="n">pending</span> <span class="o">===</span> <span class="p">[])</span> <span class="p">{</span> <span class="k">return</span><span class="p">;</span> <span class="p">}</span> <span class="nv">$stmt</span> <span class="o">=</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="n">db</span><span class="o">-&gt;</span><span class="nf">prepare</span><span class="p">(</span> <span class="s1">'UPDATE videos SET views = views + :d, updated_at = unixepoch() WHERE id = :id'</span> <span class="p">);</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="n">db</span><span class="o">-&gt;</span><span class="nf">beginTransaction</span><span class="p">();</span> <span class="k">try</span> <span class="p">{</span> <span class="k">foreach</span> <span class="p">(</span><span class="nv">$this</span><span class="o">-&gt;</span><span class="n">pending</span> <span class="k">as</span> <span class="nv">$id</span> <span class="o">=&gt;</span> <span class="nv">$delta</span><span class="p">)</span> <span class="p">{</span> <span class="nv">$stmt</span><span class="o">-&gt;</span><span class="nf">execute</span><span class="p">([</span><span class="s1">':d'</span> <span class="o">=&gt;</span> <span class="nv">$delta</span><span class="p">,</span> <span class="s1">':id'</span> <span class="o">=&gt;</span> <span class="nv">$id</span><span class="p">]);</span> <span class="p">}</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="n">db</span><span class="o">-&gt;</span><span class="nf">commit</span><span class="p">();</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="n">pending</span> <span class="o">=</span> <span class="p">[];</span> <span class="p">}</span> <span class="k">catch</span> <span class="p">(</span><span class="nc">\Throwable</span> <span class="nv">$e</span><span class="p">)</span> <span class="p">{</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="n">db</span><span class="o">-&gt;</span><span class="nf">rollBack</span><span class="p">();</span> <span class="nb">error_log</span><span class="p">(</span><span class="s1">'view flush failed: '</span> <span class="mf">.</span> <span class="nv">$e</span><span class="o">-&gt;</span><span class="nf">getMessage</span><span class="p">());</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>Batching turns thousands of per-request writes into one transaction per second. With <code>synchronous = NORMAL</code> under WAL, that single commit is cheap and still crash-safe up to the last checkpoint — acceptable for a vanity counter where losing a sub-second of increments on a hard crash is a non-event.</p> <p>A note on GDPR, because this is Europe and it matters: a raw increment carries no personal data. We do <strong>not</strong> log IP, user-agent, or any identifier against the view. The counter is a pure integer aggregate. Our actual analytics dedupe is done with a rotating, salted, daily-bucketed hash that we never persist past the aggregation window — but the count that feeds the SSE stream is just <code>videos.views</code>, an anonymous total. No consent banner is required to display a public number going up.</p> <h2> The SSE endpoint in PHP 8.4 </h2> <p>Now the read side. The endpoint holds the connection open and pushes a new value each time the count changes. The critical detail on LiteSpeed (and behind Cloudflare) is <strong>disabling every layer of output buffering</strong>, or your events get held in a buffer and the client sees nothing until the buffer fills or the connection closes — which defeats the entire point.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="cp">&lt;?php</span> <span class="k">declare</span><span class="p">(</span><span class="n">strict_types</span><span class="o">=</span><span class="mi">1</span><span class="p">);</span> <span class="c1">// --- Disable buffering everywhere it can hide ---</span> <span class="o">@</span><span class="nb">ini_set</span><span class="p">(</span><span class="s1">'zlib.output_compression'</span><span class="p">,</span> <span class="s1">'0'</span><span class="p">);</span> <span class="c1">// no gzip on a stream</span> <span class="o">@</span><span class="nb">ini_set</span><span class="p">(</span><span class="s1">'output_buffering'</span><span class="p">,</span> <span class="s1">'0'</span><span class="p">);</span> <span class="k">while</span> <span class="p">(</span><span class="nb">ob_get_level</span><span class="p">()</span> <span class="o">&gt;</span> <span class="mi">0</span><span class="p">)</span> <span class="p">{</span> <span class="nb">ob_end_flush</span><span class="p">();</span> <span class="p">}</span> <span class="nb">ignore_user_abort</span><span class="p">(</span><span class="kc">false</span><span class="p">);</span> <span class="c1">// let us notice when the client leaves</span> <span class="nb">set_time_limit</span><span class="p">(</span><span class="mi">0</span><span class="p">);</span> <span class="nb">header</span><span class="p">(</span><span class="s1">'Content-Type: text/event-stream'</span><span class="p">);</span> <span class="nb">header</span><span class="p">(</span><span class="s1">'Cache-Control: no-cache, no-transform'</span><span class="p">);</span> <span class="nb">header</span><span class="p">(</span><span class="s1">'Connection: keep-alive'</span><span class="p">);</span> <span class="c1">// LiteSpeed / nginx: do NOT buffer this response.</span> <span class="nb">header</span><span class="p">(</span><span class="s1">'X-Accel-Buffering: no'</span><span class="p">);</span> <span class="nv">$videoId</span> <span class="o">=</span> <span class="p">(</span><span class="n">int</span><span class="p">)(</span><span class="nv">$_GET</span><span class="p">[</span><span class="s1">'id'</span><span class="p">]</span> <span class="o">??</span> <span class="mi">0</span><span class="p">);</span> <span class="k">if</span> <span class="p">(</span><span class="nv">$videoId</span> <span class="o">&lt;=</span> <span class="mi">0</span><span class="p">)</span> <span class="p">{</span> <span class="nb">http_response_code</span><span class="p">(</span><span class="mi">400</span><span class="p">);</span> <span class="k">exit</span><span class="p">;</span> <span class="p">}</span> <span class="nv">$db</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">PDO</span><span class="p">(</span><span class="s1">'sqlite:/var/www/data/vault.db'</span><span class="p">,</span> <span class="kc">null</span><span class="p">,</span> <span class="kc">null</span><span class="p">,</span> <span class="p">[</span> <span class="no">PDO</span><span class="o">::</span><span class="no">ATTR_ERRMODE</span> <span class="o">=&gt;</span> <span class="no">PDO</span><span class="o">::</span><span class="no">ERRMODE_EXCEPTION</span><span class="p">,</span> <span class="p">]);</span> <span class="nv">$db</span><span class="o">-&gt;</span><span class="nb">exec</span><span class="p">(</span><span class="s1">'PRAGMA query_only = 1'</span><span class="p">);</span> <span class="c1">// this connection only reads</span> <span class="nv">$stmt</span> <span class="o">=</span> <span class="nv">$db</span><span class="o">-&gt;</span><span class="nf">prepare</span><span class="p">(</span><span class="s1">'SELECT views FROM videos WHERE id = :id'</span><span class="p">);</span> <span class="c1">// Resume support: client sends Last-Event-ID on reconnect.</span> <span class="nv">$lastSent</span> <span class="o">=</span> <span class="k">isset</span><span class="p">(</span><span class="nv">$_SERVER</span><span class="p">[</span><span class="s1">'HTTP_LAST_EVENT_ID'</span><span class="p">])</span> <span class="o">?</span> <span class="p">(</span><span class="n">int</span><span class="p">)</span><span class="nv">$_SERVER</span><span class="p">[</span><span class="s1">'HTTP_LAST_EVENT_ID'</span><span class="p">]</span> <span class="o">:</span> <span class="o">-</span><span class="mi">1</span><span class="p">;</span> <span class="nv">$idleTicks</span> <span class="o">=</span> <span class="mi">0</span><span class="p">;</span> <span class="k">while</span> <span class="p">(</span><span class="o">!</span><span class="nb">connection_aborted</span><span class="p">())</span> <span class="p">{</span> <span class="nv">$stmt</span><span class="o">-&gt;</span><span class="nf">execute</span><span class="p">([</span><span class="s1">':id'</span> <span class="o">=&gt;</span> <span class="nv">$videoId</span><span class="p">]);</span> <span class="nv">$views</span> <span class="o">=</span> <span class="p">(</span><span class="n">int</span><span class="p">)</span><span class="nv">$stmt</span><span class="o">-&gt;</span><span class="nf">fetchColumn</span><span class="p">();</span> <span class="k">if</span> <span class="p">(</span><span class="nv">$views</span> <span class="o">!==</span> <span class="nv">$lastSent</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// id: lets the browser resume; event name groups handlers client-side</span> <span class="k">echo</span> <span class="s2">"id: </span><span class="si">{</span><span class="nv">$views</span><span class="si">}</span><span class="se">\n</span><span class="s2">"</span><span class="p">;</span> <span class="k">echo</span> <span class="s2">"event: views</span><span class="se">\n</span><span class="s2">"</span><span class="p">;</span> <span class="k">echo</span> <span class="s1">'data: '</span> <span class="mf">.</span> <span class="nb">json_encode</span><span class="p">([</span><span class="s1">'v'</span> <span class="o">=&gt;</span> <span class="nv">$views</span><span class="p">],</span> <span class="no">JSON_THROW_ON_ERROR</span><span class="p">)</span> <span class="mf">.</span> <span class="s2">"</span><span class="se">\n\n</span><span class="s2">"</span><span class="p">;</span> <span class="nv">$lastSent</span> <span class="o">=</span> <span class="nv">$views</span><span class="p">;</span> <span class="nv">$idleTicks</span> <span class="o">=</span> <span class="mi">0</span><span class="p">;</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="c1">// Heartbeat comment every ~15s keeps Cloudflare / proxies from</span> <span class="c1">// dropping an idle connection. Comments start with ':'</span> <span class="k">if</span> <span class="p">(</span><span class="o">++</span><span class="nv">$idleTicks</span> <span class="o">&gt;=</span> <span class="mi">15</span><span class="p">)</span> <span class="p">{</span> <span class="k">echo</span> <span class="s2">": keepalive</span><span class="se">\n\n</span><span class="s2">"</span><span class="p">;</span> <span class="nv">$idleTicks</span> <span class="o">=</span> <span class="mi">0</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> <span class="nb">flush</span><span class="p">();</span> <span class="nb">sleep</span><span class="p">(</span><span class="mi">1</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p>A few things are doing real work here:</p> <ul> <li> <strong>The <code>id:</code> field carries the last value.</strong> On reconnect the browser sends it back as <code>Last-Event-ID</code>, so we can skip re-emitting a number the client already has. We reuse the count itself as the event id since it's monotonic.</li> <li> <strong><code>event: views</code></strong> names the event so the client can bind a specific handler and ignore heartbeats.</li> <li> <strong>The <code>: keepalive</code> comment</strong> is an SSE comment line (anything after a leading colon is ignored by the parser). It exists purely to push bytes through idle proxies. Cloudflare will eventually close a connection with no traffic; a 15-second heartbeat keeps it warm without sending a fake count.</li> <li> <strong><code>connection_aborted()</code> + <code>sleep(1)</code></strong> is a deliberately boring poll-the-DB-once-a-second loop. SQLite reads under WAL are sub-millisecond on an indexed primary key, so one read per connection per second is far cheaper than the old model of every <em>client</em> polling over HTTP. We moved the polling from the network edge to a local file read.</li> </ul> <p>That last point is the whole trick: SSE doesn't make the data magically push itself. The server still has to learn the new value somehow. But doing it as a local SQLite read inside one held-open process is orders of magnitude cheaper than thousands of clients each making a full HTTP round-trip through Cloudflare and LiteSpeed.</p> <h2> The browser client </h2> <p>The front-end code is almost embarrassingly small, which is the point. <code>EventSource</code> handles connection, parsing, and reconnect-with-backoff for us.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">counter</span> <span class="o">=</span> <span class="nb">document</span><span class="p">.</span><span class="nf">querySelector</span><span class="p">(</span><span class="dl">'</span><span class="s1">#view-count</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">videoId</span> <span class="o">=</span> <span class="nx">counter</span><span class="p">.</span><span class="nx">dataset</span><span class="p">.</span><span class="nx">videoId</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">es</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">EventSource</span><span class="p">(</span><span class="s2">`/sse/views?id=</span><span class="p">${</span><span class="nx">videoId</span><span class="p">}</span><span class="s2">`</span><span class="p">);</span> <span class="nx">es</span><span class="p">.</span><span class="nf">addEventListener</span><span class="p">(</span><span class="dl">'</span><span class="s1">views</span><span class="dl">'</span><span class="p">,</span> <span class="p">(</span><span class="nx">e</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">v</span> <span class="p">}</span> <span class="o">=</span> <span class="nx">JSON</span><span class="p">.</span><span class="nf">parse</span><span class="p">(</span><span class="nx">e</span><span class="p">.</span><span class="nx">data</span><span class="p">);</span> <span class="nx">counter</span><span class="p">.</span><span class="nx">textContent</span> <span class="o">=</span> <span class="k">new</span> <span class="nx">Intl</span><span class="p">.</span><span class="nc">NumberFormat</span><span class="p">(</span><span class="dl">'</span><span class="s1">en-GB</span><span class="dl">'</span><span class="p">).</span><span class="nf">format</span><span class="p">(</span><span class="nx">v</span><span class="p">);</span> <span class="p">});</span> <span class="c1">// EventSource auto-reconnects on error; we only log.</span> <span class="nx">es</span><span class="p">.</span><span class="nf">addEventListener</span><span class="p">(</span><span class="dl">'</span><span class="s1">error</span><span class="dl">'</span><span class="p">,</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="c1">// readyState 0 = connecting (browser is already retrying)</span> <span class="k">if </span><span class="p">(</span><span class="nx">es</span><span class="p">.</span><span class="nx">readyState</span> <span class="o">===</span> <span class="nx">EventSource</span><span class="p">.</span><span class="nx">CLOSED</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">warn</span><span class="p">(</span><span class="dl">'</span><span class="s1">view stream closed by server</span><span class="dl">'</span><span class="p">);</span> <span class="p">}</span> <span class="p">});</span> <span class="c1">// Stop streaming when the tab is hidden — saves a connection and respects</span> <span class="c1">// the user's battery/data. Resume when they come back.</span> <span class="nb">document</span><span class="p">.</span><span class="nf">addEventListener</span><span class="p">(</span><span class="dl">'</span><span class="s1">visibilitychange</span><span class="dl">'</span><span class="p">,</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nb">document</span><span class="p">.</span><span class="nx">hidden</span><span class="p">)</span> <span class="p">{</span> <span class="nx">es</span><span class="p">.</span><span class="nf">close</span><span class="p">();</span> <span class="p">}</span> <span class="p">});</span> </code></pre> </div> <p>We close the stream on <code>visibilitychange</code> to <code>hidden</code>. A user who tabbed away doesn't need a live counter, and dropping the connection frees a worker slot. (To resume cleanly you'd re-instantiate <code>EventSource</code> on <code>visible</code> — left out for brevity, but it's a few lines.) This one habit cut our average concurrent stream count by roughly 40% in production, because a large share of "viewers" are background tabs.</p> <h2> Fanning out at scale with a Go broker </h2> <p>The per-connection PHP loop is fine up to a point, but PHP holding thousands of long-lived connections means thousands of LiteSpeed workers parked in <code>sleep(1)</code>. Past a few hundred concurrent streams per video you want a single process reading the DB and fanning the result out to every subscriber. Go's goroutines and channels are built for exactly this, so for our hottest videos a small Go broker sits behind the SSE path:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">package</span> <span class="n">main</span> <span class="k">import</span> <span class="p">(</span> <span class="s">"fmt"</span> <span class="s">"net/http"</span> <span class="s">"sync"</span> <span class="s">"time"</span> <span class="p">)</span> <span class="k">type</span> <span class="n">Broker</span> <span class="k">struct</span> <span class="p">{</span> <span class="n">mu</span> <span class="n">sync</span><span class="o">.</span><span class="n">RWMutex</span> <span class="n">clients</span> <span class="k">map</span><span class="p">[</span><span class="k">chan</span> <span class="kt">int</span><span class="p">]</span><span class="k">struct</span><span class="p">{}</span> <span class="n">latest</span> <span class="kt">int</span> <span class="p">}</span> <span class="k">func</span> <span class="n">NewBroker</span><span class="p">()</span> <span class="o">*</span><span class="n">Broker</span> <span class="p">{</span> <span class="k">return</span> <span class="o">&amp;</span><span class="n">Broker</span><span class="p">{</span><span class="n">clients</span><span class="o">:</span> <span class="nb">make</span><span class="p">(</span><span class="k">map</span><span class="p">[</span><span class="k">chan</span> <span class="kt">int</span><span class="p">]</span><span class="k">struct</span><span class="p">{})}</span> <span class="p">}</span> <span class="c">// Publish is called by the single DB-poller goroutine.</span> <span class="k">func</span> <span class="p">(</span><span class="n">b</span> <span class="o">*</span><span class="n">Broker</span><span class="p">)</span> <span class="n">Publish</span><span class="p">(</span><span class="n">v</span> <span class="kt">int</span><span class="p">)</span> <span class="p">{</span> <span class="n">b</span><span class="o">.</span><span class="n">mu</span><span class="o">.</span><span class="n">Lock</span><span class="p">()</span> <span class="n">b</span><span class="o">.</span><span class="n">latest</span> <span class="o">=</span> <span class="n">v</span> <span class="k">for</span> <span class="n">ch</span> <span class="o">:=</span> <span class="k">range</span> <span class="n">b</span><span class="o">.</span><span class="n">clients</span> <span class="p">{</span> <span class="k">select</span> <span class="p">{</span> <span class="k">case</span> <span class="n">ch</span> <span class="o">&lt;-</span> <span class="n">v</span><span class="o">:</span> <span class="k">default</span><span class="o">:</span> <span class="c">// slow client: drop this tick, never block the broker</span> <span class="p">}</span> <span class="p">}</span> <span class="n">b</span><span class="o">.</span><span class="n">mu</span><span class="o">.</span><span class="n">Unlock</span><span class="p">()</span> <span class="p">}</span> <span class="k">func</span> <span class="p">(</span><span class="n">b</span> <span class="o">*</span><span class="n">Broker</span><span class="p">)</span> <span class="n">ServeHTTP</span><span class="p">(</span><span class="n">w</span> <span class="n">http</span><span class="o">.</span><span class="n">ResponseWriter</span><span class="p">,</span> <span class="n">r</span> <span class="o">*</span><span class="n">http</span><span class="o">.</span><span class="n">Request</span><span class="p">)</span> <span class="p">{</span> <span class="n">fl</span><span class="p">,</span> <span class="n">ok</span> <span class="o">:=</span> <span class="n">w</span><span class="o">.</span><span class="p">(</span><span class="n">http</span><span class="o">.</span><span class="n">Flusher</span><span class="p">)</span> <span class="k">if</span> <span class="o">!</span><span class="n">ok</span> <span class="p">{</span> <span class="n">http</span><span class="o">.</span><span class="n">Error</span><span class="p">(</span><span class="n">w</span><span class="p">,</span> <span class="s">"streaming unsupported"</span><span class="p">,</span> <span class="n">http</span><span class="o">.</span><span class="n">StatusInternalServerError</span><span class="p">)</span> <span class="k">return</span> <span class="p">}</span> <span class="n">w</span><span class="o">.</span><span class="n">Header</span><span class="p">()</span><span class="o">.</span><span class="n">Set</span><span class="p">(</span><span class="s">"Content-Type"</span><span class="p">,</span> <span class="s">"text/event-stream"</span><span class="p">)</span> <span class="n">w</span><span class="o">.</span><span class="n">Header</span><span class="p">()</span><span class="o">.</span><span class="n">Set</span><span class="p">(</span><span class="s">"Cache-Control"</span><span class="p">,</span> <span class="s">"no-cache"</span><span class="p">)</span> <span class="n">w</span><span class="o">.</span><span class="n">Header</span><span class="p">()</span><span class="o">.</span><span class="n">Set</span><span class="p">(</span><span class="s">"X-Accel-Buffering"</span><span class="p">,</span> <span class="s">"no"</span><span class="p">)</span> <span class="n">ch</span> <span class="o">:=</span> <span class="nb">make</span><span class="p">(</span><span class="k">chan</span> <span class="kt">int</span><span class="p">,</span> <span class="m">4</span><span class="p">)</span> <span class="n">b</span><span class="o">.</span><span class="n">mu</span><span class="o">.</span><span class="n">Lock</span><span class="p">()</span> <span class="n">last</span> <span class="o">:=</span> <span class="n">b</span><span class="o">.</span><span class="n">latest</span> <span class="n">b</span><span class="o">.</span><span class="n">clients</span><span class="p">[</span><span class="n">ch</span><span class="p">]</span> <span class="o">=</span> <span class="k">struct</span><span class="p">{}{}</span> <span class="n">b</span><span class="o">.</span><span class="n">mu</span><span class="o">.</span><span class="n">Unlock</span><span class="p">()</span> <span class="k">defer</span> <span class="k">func</span><span class="p">()</span> <span class="p">{</span> <span class="n">b</span><span class="o">.</span><span class="n">mu</span><span class="o">.</span><span class="n">Lock</span><span class="p">()</span> <span class="nb">delete</span><span class="p">(</span><span class="n">b</span><span class="o">.</span><span class="n">clients</span><span class="p">,</span> <span class="n">ch</span><span class="p">)</span> <span class="n">b</span><span class="o">.</span><span class="n">mu</span><span class="o">.</span><span class="n">Unlock</span><span class="p">()</span> <span class="p">}()</span> <span class="c">// Send current value immediately so a new tab isn't blank.</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Fprintf</span><span class="p">(</span><span class="n">w</span><span class="p">,</span> <span class="s">"event: views</span><span class="se">\n</span><span class="s">data: {</span><span class="se">\"</span><span class="s">v</span><span class="se">\"</span><span class="s">:%d}</span><span class="se">\n\n</span><span class="s">"</span><span class="p">,</span> <span class="n">last</span><span class="p">)</span> <span class="n">fl</span><span class="o">.</span><span class="n">Flush</span><span class="p">()</span> <span class="n">heartbeat</span> <span class="o">:=</span> <span class="n">time</span><span class="o">.</span><span class="n">NewTicker</span><span class="p">(</span><span class="m">15</span> <span class="o">*</span> <span class="n">time</span><span class="o">.</span><span class="n">Second</span><span class="p">)</span> <span class="k">defer</span> <span class="n">heartbeat</span><span class="o">.</span><span class="n">Stop</span><span class="p">()</span> <span class="k">for</span> <span class="p">{</span> <span class="k">select</span> <span class="p">{</span> <span class="k">case</span> <span class="o">&lt;-</span><span class="n">r</span><span class="o">.</span><span class="n">Context</span><span class="p">()</span><span class="o">.</span><span class="n">Done</span><span class="p">()</span><span class="o">:</span> <span class="k">return</span> <span class="c">// client disconnected</span> <span class="k">case</span> <span class="n">v</span> <span class="o">:=</span> <span class="o">&lt;-</span><span class="n">ch</span><span class="o">:</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Fprintf</span><span class="p">(</span><span class="n">w</span><span class="p">,</span> <span class="s">"id: %d</span><span class="se">\n</span><span class="s">event: views</span><span class="se">\n</span><span class="s">data: {</span><span class="se">\"</span><span class="s">v</span><span class="se">\"</span><span class="s">:%d}</span><span class="se">\n\n</span><span class="s">"</span><span class="p">,</span> <span class="n">v</span><span class="p">,</span> <span class="n">v</span><span class="p">)</span> <span class="n">fl</span><span class="o">.</span><span class="n">Flush</span><span class="p">()</span> <span class="k">case</span> <span class="o">&lt;-</span><span class="n">heartbeat</span><span class="o">.</span><span class="n">C</span><span class="o">:</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Fprint</span><span class="p">(</span><span class="n">w</span><span class="p">,</span> <span class="s">": keepalive</span><span class="se">\n\n</span><span class="s">"</span><span class="p">)</span> <span class="n">fl</span><span class="o">.</span><span class="n">Flush</span><span class="p">()</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>Now one goroutine reads SQLite once a second and calls <code>Publish</code>; every connected client gets the update without anyone touching the database again. The <code>select { case ch &lt;- v: default: }</code> pattern is the important defensive bit — a slow or stalled client must never block the broadcast, so we drop a tick for that client rather than back-pressuring everyone. A single modest Go process handles tens of thousands of these streams where the PHP-per-connection model would have exhausted worker pools long before.</p> <p>We route only the genuinely viral videos through the Go broker (a Cloudflare Worker checks a "is hot" flag and rewrites the path); the long tail of cold videos stays on the simple PHP endpoint, which is more than adequate when a video has three concurrent viewers.</p> <h2> Load-testing the stream </h2> <p>Numbers you didn't measure are wishes. SSE load behaves differently from request/response load: the metric isn't requests-per-second, it's <em>concurrent held connections</em> and whether updates actually arrive on time. A quick Python harness with <code>aiohttp</code> opens N streams and records inter-event latency:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">asyncio</span><span class="p">,</span> <span class="n">time</span><span class="p">,</span> <span class="n">aiohttp</span> <span class="n">URL</span> <span class="o">=</span> <span class="sh">"</span><span class="s">https://viralvidvault.com/sse/views?id=12345</span><span class="sh">"</span> <span class="n">CONCURRENCY</span> <span class="o">=</span> <span class="mi">2000</span> <span class="k">async</span> <span class="k">def</span> <span class="nf">one</span><span class="p">(</span><span class="n">session</span><span class="p">,</span> <span class="n">stats</span><span class="p">):</span> <span class="k">try</span><span class="p">:</span> <span class="k">async</span> <span class="k">with</span> <span class="n">session</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="n">URL</span><span class="p">)</span> <span class="k">as</span> <span class="n">resp</span><span class="p">:</span> <span class="n">last</span> <span class="o">=</span> <span class="n">time</span><span class="p">.</span><span class="nf">monotonic</span><span class="p">()</span> <span class="k">async</span> <span class="k">for</span> <span class="n">raw</span> <span class="ow">in</span> <span class="n">resp</span><span class="p">.</span><span class="n">content</span><span class="p">:</span> <span class="n">line</span> <span class="o">=</span> <span class="n">raw</span><span class="p">.</span><span class="nf">decode</span><span class="p">(</span><span class="sh">"</span><span class="s">utf-8</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">replace</span><span class="sh">"</span><span class="p">).</span><span class="nf">strip</span><span class="p">()</span> <span class="k">if</span> <span class="n">line</span><span class="p">.</span><span class="nf">startswith</span><span class="p">(</span><span class="sh">"</span><span class="s">data:</span><span class="sh">"</span><span class="p">):</span> <span class="n">now</span> <span class="o">=</span> <span class="n">time</span><span class="p">.</span><span class="nf">monotonic</span><span class="p">()</span> <span class="n">stats</span><span class="p">.</span><span class="nf">append</span><span class="p">(</span><span class="n">now</span> <span class="o">-</span> <span class="n">last</span><span class="p">)</span> <span class="n">last</span> <span class="o">=</span> <span class="n">now</span> <span class="k">except</span> <span class="nb">Exception</span> <span class="k">as</span> <span class="n">e</span><span class="p">:</span> <span class="nf">print</span><span class="p">(</span><span class="sh">"</span><span class="s">stream error:</span><span class="sh">"</span><span class="p">,</span> <span class="n">e</span><span class="p">)</span> <span class="k">async</span> <span class="k">def</span> <span class="nf">main</span><span class="p">():</span> <span class="n">stats</span><span class="p">:</span> <span class="nb">list</span><span class="p">[</span><span class="nb">float</span><span class="p">]</span> <span class="o">=</span> <span class="p">[]</span> <span class="n">timeout</span> <span class="o">=</span> <span class="n">aiohttp</span><span class="p">.</span><span class="nc">ClientTimeout</span><span class="p">(</span><span class="n">total</span><span class="o">=</span><span class="bp">None</span><span class="p">)</span> <span class="c1"># streams never "finish" </span> <span class="n">conn</span> <span class="o">=</span> <span class="n">aiohttp</span><span class="p">.</span><span class="nc">TCPConnector</span><span class="p">(</span><span class="n">limit</span><span class="o">=</span><span class="n">CONCURRENCY</span><span class="p">)</span> <span class="k">async</span> <span class="k">with</span> <span class="n">aiohttp</span><span class="p">.</span><span class="nc">ClientSession</span><span class="p">(</span><span class="n">timeout</span><span class="o">=</span><span class="n">timeout</span><span class="p">,</span> <span class="n">connector</span><span class="o">=</span><span class="n">conn</span><span class="p">)</span> <span class="k">as</span> <span class="n">s</span><span class="p">:</span> <span class="n">tasks</span> <span class="o">=</span> <span class="p">[</span><span class="n">asyncio</span><span class="p">.</span><span class="nf">create_task</span><span class="p">(</span><span class="nf">one</span><span class="p">(</span><span class="n">s</span><span class="p">,</span> <span class="n">stats</span><span class="p">))</span> <span class="k">for</span> <span class="n">_</span> <span class="ow">in</span> <span class="nf">range</span><span class="p">(</span><span class="n">CONCURRENCY</span><span class="p">)]</span> <span class="k">await</span> <span class="n">asyncio</span><span class="p">.</span><span class="nf">sleep</span><span class="p">(</span><span class="mi">60</span><span class="p">)</span> <span class="k">for</span> <span class="n">t</span> <span class="ow">in</span> <span class="n">tasks</span><span class="p">:</span> <span class="n">t</span><span class="p">.</span><span class="nf">cancel</span><span class="p">()</span> <span class="k">if</span> <span class="n">stats</span><span class="p">:</span> <span class="n">stats</span><span class="p">.</span><span class="nf">sort</span><span class="p">()</span> <span class="n">p50</span> <span class="o">=</span> <span class="n">stats</span><span class="p">[</span><span class="nf">len</span><span class="p">(</span><span class="n">stats</span><span class="p">)</span><span class="o">//</span><span class="mi">2</span><span class="p">]</span> <span class="n">p99</span> <span class="o">=</span> <span class="n">stats</span><span class="p">[</span><span class="nf">int</span><span class="p">(</span><span class="nf">len</span><span class="p">(</span><span class="n">stats</span><span class="p">)</span><span class="o">*</span><span class="mf">0.99</span><span class="p">)]</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">events: </span><span class="si">{</span><span class="nf">len</span><span class="p">(</span><span class="n">stats</span><span class="p">)</span><span class="si">}</span><span class="s"> p50=</span><span class="si">{</span><span class="n">p50</span><span class="si">:</span><span class="p">.</span><span class="mi">2</span><span class="n">f</span><span class="si">}</span><span class="s">s p99=</span><span class="si">{</span><span class="n">p99</span><span class="si">:</span><span class="p">.</span><span class="mi">2</span><span class="n">f</span><span class="si">}</span><span class="s">s</span><span class="sh">"</span><span class="p">)</span> <span class="n">asyncio</span><span class="p">.</span><span class="nf">run</span><span class="p">(</span><span class="nf">main</span><span class="p">())</span> </code></pre> </div> <p>The key assertions are: do all 2,000 connections stay open for the full minute, and is p99 inter-event latency close to your tick interval (~1s) rather than spiking to your heartbeat interval (15s, which would mean updates aren't actually flowing). The first time I ran this against LiteSpeed I saw a clean 1.0s p50 locally but a 15s p99 <em>through Cloudflare</em> — the smoking gun that something between the origin and the client was buffering. The fix was the <code>Cache-Control: no-transform</code> header plus confirming <code>zlib.output_compression</code> was off; Cloudflare was trying to apply compression to the stream and holding bytes to do it.</p> <h2> Buffering traps, ranked by how long they cost me </h2> <p>If SSE "doesn't work," it's almost always buffering. In rough order of how much time each one ate:</p> <ul> <li> <strong>PHP/zlib output compression.</strong> Gzip needs a buffer to compress; a stream never fills it. Set <code>zlib.output_compression = 0</code> and send <code>Cache-Control: no-transform</code> so the edge doesn't re-add it.</li> <li> <strong>LiteSpeed / nginx proxy buffering.</strong> Send <code>X-Accel-Buffering: no</code>. Without it the proxy collects your output and forwards in chunks.</li> <li> <strong>Leftover output buffers.</strong> A framework or <code>auto_prepend_file</code> may have started <code>ob_start()</code>. Drain them all with the <code>ob_end_flush()</code> loop before the first event.</li> <li> <strong>Cloudflare idle timeout.</strong> No bytes for ~100s and the connection drops. The 15-second heartbeat comment prevents it and is invisible to the <code>EventSource</code> parser.</li> <li> <strong>HTTP/1.1 connection cap.</strong> Six streams per domain max. Serve over HTTP/2 (default on our stack) and it's a non-issue.</li> </ul> <h2> Conclusion </h2> <p>Server-Sent Events let us delete a whole category of wasteful traffic. The trending page went from ~600 polling requests/second to a set of held-open connections that each cost one local SQLite read per second, the counts update in near real time instead of on a 5-second sawtooth, and the client code shrank to a dozen lines because <code>EventSource</code> does the reconnect work. The architecture scales in tiers: a dead-simple PHP loop for the cold long tail, a Go broker for the handful of genuinely viral videos, and Cloudflare deciding which is which at the edge.</p> <p>The two lessons worth carrying off this stack: SSE doesn't push data for free — you still need a cheap way to learn the new value, and batched SQLite-under-WAL is that cheap way; and when SSE looks broken, it's buffering, every time, so kill it at PHP, the proxy, and the CDN before you suspect anything else. And because a public view count is an anonymous aggregate, none of this added a line to our consent flow — which, when you operate in Europe, is exactly the kind of feature you want.</p> php sse sqlite go ahmet gedik Tue, 09 Jun 2026 21:00:01 +0000 https://dev.to/ahmet_gedik778845/scaling-video-viewership-analytics-with-timescaledb-hypertables-1pei https://dev.to/ahmet_gedik778845/scaling-video-viewership-analytics-with-timescaledb-hypertables-1pei <h2> When SQLite Stopped Being Enough for View Events </h2> <p>TopVideoHub aggregates trending videos across the Asia-Pacific region, and most of the stack is deliberately boring: PHP 8.4, a SQLite catalog with an FTS5 index wired up to a CJK tokenizer for Japanese/Korean/Chinese search, LiteSpeed in front, and Cloudflare on the edge. That setup is wonderful for the catalog. It is a disaster for viewership analytics.</p> <p>The problem showed up the week we crossed roughly 12 million view events per day. Every play, pause, seek, completion, and region/language tag was landing in one SQLite <code>view_events</code> table. SQLite serializes writers, so the ingest worker held the database long enough that the read replicas serving the trending dashboards started timing out. A simple "plays per region, bucketed by hour, last 7 days" query went from snappy to 40+ seconds, and the database file pushed past 60 GB. We tried partial indexes, <code>WAL</code> mode, and manual monthly tables. It bought us a month.</p> <p>The honest conclusion: append-heavy time-series data is a different workload than a catalog, and it deserves a different engine. We moved the analytics half of <a href="https://topvideohub.com" rel="noopener noreferrer">TopVideoHub</a> onto PostgreSQL with the TimescaleDB extension and its hypertables. The catalog stayed on SQLite. This article is the concrete migration — schema, ingest from PHP, continuous aggregates, compression, and the Go and Python jobs that read it.</p> <h2> Why Time-Series Is a Different Beast </h2> <p>Before reaching for any tool it helps to name why view events break a normal table:</p> <ul> <li> <strong>Append-only, time-ordered.</strong> New rows are almost always <em>now</em>. You rarely update a row from last Tuesday.</li> <li> <strong>Queries are range scans over time.</strong> "Last 24h", "this week per region" — never "give me random rows."</li> <li> <strong>The hot data is tiny, the cold data is enormous.</strong> Yesterday matters a lot; the same day last year matters for one rollup query.</li> <li> <strong>High write fan-out.</strong> Our Asia-Pacific regions (JP, KR, TW, SG, VN, TH, HK, plus US/GB baselines) each emit events in bursts tied to local prime time.</li> </ul> <p>A single B-tree index across 4 billion rows tries to keep <em>all</em> of that in one structure. TimescaleDB's answer is the <strong>hypertable</strong>: one logical table that is transparently sharded under the hood into many physical "chunks," each covering a time range (and optionally a partition key). Queries and inserts hit only the relevant chunks, so the working index is the size of one chunk, not the universe.</p> <h2> Hypertables in One Command </h2> <p>A hypertable looks like a normal table to your application. You create an ordinary table, then promote it:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">CREATE</span> <span class="k">TABLE</span> <span class="n">view_events</span> <span class="p">(</span> <span class="n">ts</span> <span class="n">TIMESTAMPTZ</span> <span class="k">NOT</span> <span class="k">NULL</span><span class="p">,</span> <span class="n">video_id</span> <span class="nb">BIGINT</span> <span class="k">NOT</span> <span class="k">NULL</span><span class="p">,</span> <span class="n">region</span> <span class="nb">TEXT</span> <span class="k">NOT</span> <span class="k">NULL</span><span class="p">,</span> <span class="k">language</span> <span class="nb">TEXT</span> <span class="k">NOT</span> <span class="k">NULL</span><span class="p">,</span> <span class="c1">-- ja, ko, zh-Hant, etc.</span> <span class="n">event_type</span> <span class="nb">TEXT</span> <span class="k">NOT</span> <span class="k">NULL</span><span class="p">,</span> <span class="c1">-- play | pause | complete</span> <span class="n">watch_ms</span> <span class="nb">INTEGER</span> <span class="k">NOT</span> <span class="k">NULL</span> <span class="k">DEFAULT</span> <span class="mi">0</span><span class="p">,</span> <span class="n">device</span> <span class="nb">TEXT</span> <span class="p">);</span> <span class="c1">-- Promote to a hypertable: chunk by day, sub-partition by region.</span> <span class="k">SELECT</span> <span class="n">create_hypertable</span><span class="p">(</span> <span class="s1">'view_events'</span><span class="p">,</span> <span class="n">by_range</span><span class="p">(</span><span class="s1">'ts'</span><span class="p">,</span> <span class="n">INTERVAL</span> <span class="s1">'1 day'</span><span class="p">)</span> <span class="p">);</span> <span class="k">SELECT</span> <span class="n">add_dimension</span><span class="p">(</span> <span class="s1">'view_events'</span><span class="p">,</span> <span class="n">by_hash</span><span class="p">(</span><span class="s1">'region'</span><span class="p">,</span> <span class="mi">4</span><span class="p">)</span> <span class="p">);</span> <span class="c1">-- Indexes are per-chunk, so this stays small even at billions of rows.</span> <span class="k">CREATE</span> <span class="k">INDEX</span> <span class="k">ON</span> <span class="n">view_events</span> <span class="p">(</span><span class="n">video_id</span><span class="p">,</span> <span class="n">ts</span> <span class="k">DESC</span><span class="p">);</span> <span class="k">CREATE</span> <span class="k">INDEX</span> <span class="k">ON</span> <span class="n">view_events</span> <span class="p">(</span><span class="n">region</span><span class="p">,</span> <span class="n">ts</span> <span class="k">DESC</span><span class="p">);</span> </code></pre> </div> <p>The <code>by_range('ts', INTERVAL '1 day')</code> line is the whole trick: each day of data becomes its own chunk with its own indexes. At 12M events/day a chunk holds ~12M rows — comfortably indexable and cacheable. The <code>by_hash('region', 4)</code> adds space partitioning so that a query filtered to one region touches roughly a quarter of each day's data.</p> <p>Pick the chunk interval so that the most recent chunk (and its indexes) fits in about 25% of <code>shared_buffers</code>. Too-small chunks create planning overhead from thousands of partitions; too-large chunks lose the locality benefit. One day was right for us; a low-traffic side project might use one week.</p> <h2> Ingesting View Events From PHP 8.4 </h2> <p>Our edge collectors push events to a queue, and a PHP worker drains them in batches. The single biggest ingest win is to <strong>never insert one row at a time</strong>. PostgreSQL's <code>COPY</code> protocol is the fastest path, and PDO can drive a multi-row prepared statement that gets close.</p> <p>Here is the batched writer we run. It uses PHP 8.4, native <code>PDO</code> with the <code>pgsql</code> driver, and groups events into chunks of 1,000 so each round trip carries real weight:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="cp">&lt;?php</span> <span class="k">declare</span><span class="p">(</span><span class="n">strict_types</span><span class="o">=</span><span class="mi">1</span><span class="p">);</span> <span class="k">final</span> <span class="kd">class</span> <span class="nc">ViewEventWriter</span> <span class="p">{</span> <span class="k">private</span> <span class="k">const</span> <span class="no">BATCH</span> <span class="o">=</span> <span class="mi">1000</span><span class="p">;</span> <span class="k">public</span> <span class="k">function</span> <span class="n">__construct</span><span class="p">(</span><span class="k">private</span> <span class="k">readonly</span> <span class="kt">PDO</span> <span class="nv">$pdo</span><span class="p">)</span> <span class="p">{</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="n">pdo</span><span class="o">-&gt;</span><span class="nf">setAttribute</span><span class="p">(</span><span class="no">PDO</span><span class="o">::</span><span class="no">ATTR_ERRMODE</span><span class="p">,</span> <span class="no">PDO</span><span class="o">::</span><span class="no">ERRMODE_EXCEPTION</span><span class="p">);</span> <span class="p">}</span> <span class="cd">/** @param list&lt;array{ts:string,video_id:int,region:string,language:string,event_type:string,watch_ms:int,device:?string}&gt; $events */</span> <span class="k">public</span> <span class="k">function</span> <span class="n">flush</span><span class="p">(</span><span class="kt">array</span> <span class="nv">$events</span><span class="p">):</span> <span class="kt">int</span> <span class="p">{</span> <span class="nv">$written</span> <span class="o">=</span> <span class="mi">0</span><span class="p">;</span> <span class="k">foreach</span> <span class="p">(</span><span class="nb">array_chunk</span><span class="p">(</span><span class="nv">$events</span><span class="p">,</span> <span class="k">self</span><span class="o">::</span><span class="no">BATCH</span><span class="p">)</span> <span class="k">as</span> <span class="nv">$chunk</span><span class="p">)</span> <span class="p">{</span> <span class="nv">$placeholders</span> <span class="o">=</span> <span class="nb">implode</span><span class="p">(</span><span class="s1">','</span><span class="p">,</span> <span class="nb">array_fill</span><span class="p">(</span> <span class="mi">0</span><span class="p">,</span> <span class="nb">count</span><span class="p">(</span><span class="nv">$chunk</span><span class="p">),</span> <span class="s1">'(?,?,?,?,?,?,?)'</span> <span class="p">));</span> <span class="nv">$sql</span> <span class="o">=</span> <span class="s2">"INSERT INTO view_events (ts, video_id, region, language, event_type, watch_ms, device) VALUES </span><span class="si">{</span><span class="nv">$placeholders</span><span class="si">}</span><span class="s2">"</span><span class="p">;</span> <span class="nv">$stmt</span> <span class="o">=</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="n">pdo</span><span class="o">-&gt;</span><span class="nf">prepare</span><span class="p">(</span><span class="nv">$sql</span><span class="p">);</span> <span class="nv">$params</span> <span class="o">=</span> <span class="p">[];</span> <span class="k">foreach</span> <span class="p">(</span><span class="nv">$chunk</span> <span class="k">as</span> <span class="nv">$e</span><span class="p">)</span> <span class="p">{</span> <span class="nb">array_push</span><span class="p">(</span> <span class="nv">$params</span><span class="p">,</span> <span class="nv">$e</span><span class="p">[</span><span class="s1">'ts'</span><span class="p">],</span> <span class="nv">$e</span><span class="p">[</span><span class="s1">'video_id'</span><span class="p">],</span> <span class="nv">$e</span><span class="p">[</span><span class="s1">'region'</span><span class="p">],</span> <span class="nv">$e</span><span class="p">[</span><span class="s1">'language'</span><span class="p">],</span> <span class="nv">$e</span><span class="p">[</span><span class="s1">'event_type'</span><span class="p">],</span> <span class="nv">$e</span><span class="p">[</span><span class="s1">'watch_ms'</span><span class="p">],</span> <span class="nv">$e</span><span class="p">[</span><span class="s1">'device'</span><span class="p">]</span> <span class="o">??</span> <span class="kc">null</span> <span class="p">);</span> <span class="p">}</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="n">pdo</span><span class="o">-&gt;</span><span class="nf">beginTransaction</span><span class="p">();</span> <span class="nv">$stmt</span><span class="o">-&gt;</span><span class="nf">execute</span><span class="p">(</span><span class="nv">$params</span><span class="p">);</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="n">pdo</span><span class="o">-&gt;</span><span class="nf">commit</span><span class="p">();</span> <span class="nv">$written</span> <span class="o">+=</span> <span class="nb">count</span><span class="p">(</span><span class="nv">$chunk</span><span class="p">);</span> <span class="p">}</span> <span class="k">return</span> <span class="nv">$written</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> <span class="nv">$pdo</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">PDO</span><span class="p">(</span> <span class="s1">'pgsql:host=analytics-db;port=5432;dbname=tvh_analytics'</span><span class="p">,</span> <span class="s1">'tvh_ingest'</span><span class="p">,</span> <span class="nb">getenv</span><span class="p">(</span><span class="s1">'TVH_PG_PASSWORD'</span><span class="p">),</span> <span class="p">[</span><span class="no">PDO</span><span class="o">::</span><span class="no">ATTR_PERSISTENT</span> <span class="o">=&gt;</span> <span class="kc">true</span><span class="p">]</span> <span class="p">);</span> <span class="nv">$writer</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">ViewEventWriter</span><span class="p">(</span><span class="nv">$pdo</span><span class="p">);</span> <span class="nv">$writer</span><span class="o">-&gt;</span><span class="nb">flush</span><span class="p">(</span><span class="nv">$eventsFromQueue</span><span class="p">);</span> </code></pre> </div> <p>A few things that mattered in production:</p> <ul> <li> <strong>Persistent connections</strong> (<code>ATTR_PERSISTENT</code>) avoid the TCP + auth handshake on every worker tick. LiteSpeed keeps the PHP process warm, so this pays off.</li> <li> <strong>One transaction per batch</strong>, not per row. Autocommit-per-row was our original sin in SQLite and it carried over until we profiled it.</li> <li>Insert in <strong>roughly time-ascending order</strong> when you can. Hypertables tolerate out-of-order inserts, but mostly-ordered writes keep recent chunks hot and avoid touching old, compressed chunks.</li> </ul> <h2> Continuous Aggregates Precompute the Dashboards </h2> <p>The trending dashboards never need raw events — they need "plays per video per hour" or "watch minutes per region per day." Recomputing those from raw rows on every page load is exactly what was killing us. TimescaleDB's <strong>continuous aggregate</strong> is a materialized view that refreshes incrementally as new data lands, and it is itself a hypertable.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">CREATE</span> <span class="n">MATERIALIZED</span> <span class="k">VIEW</span> <span class="n">plays_hourly</span> <span class="k">WITH</span> <span class="p">(</span><span class="n">timescaledb</span><span class="p">.</span><span class="n">continuous</span><span class="p">)</span> <span class="k">AS</span> <span class="k">SELECT</span> <span class="n">time_bucket</span><span class="p">(</span><span class="n">INTERVAL</span> <span class="s1">'1 hour'</span><span class="p">,</span> <span class="n">ts</span><span class="p">)</span> <span class="k">AS</span> <span class="n">bucket</span><span class="p">,</span> <span class="n">video_id</span><span class="p">,</span> <span class="n">region</span><span class="p">,</span> <span class="k">count</span><span class="p">(</span><span class="o">*</span><span class="p">)</span> <span class="n">FILTER</span> <span class="p">(</span><span class="k">WHERE</span> <span class="n">event_type</span> <span class="o">=</span> <span class="s1">'play'</span><span class="p">)</span> <span class="k">AS</span> <span class="n">plays</span><span class="p">,</span> <span class="k">count</span><span class="p">(</span><span class="o">*</span><span class="p">)</span> <span class="n">FILTER</span> <span class="p">(</span><span class="k">WHERE</span> <span class="n">event_type</span> <span class="o">=</span> <span class="s1">'complete'</span><span class="p">)</span> <span class="k">AS</span> <span class="n">completes</span><span class="p">,</span> <span class="k">sum</span><span class="p">(</span><span class="n">watch_ms</span><span class="p">)</span> <span class="k">AS</span> <span class="n">watch_ms</span> <span class="k">FROM</span> <span class="n">view_events</span> <span class="k">GROUP</span> <span class="k">BY</span> <span class="n">bucket</span><span class="p">,</span> <span class="n">video_id</span><span class="p">,</span> <span class="n">region</span> <span class="k">WITH</span> <span class="k">NO</span> <span class="k">DATA</span><span class="p">;</span> <span class="c1">-- Refresh policy: keep the last 3 days fresh, recompute every 30 min,</span> <span class="c1">-- but never touch the most recent hour (still being written).</span> <span class="k">SELECT</span> <span class="n">add_continuous_aggregate_policy</span><span class="p">(</span><span class="s1">'plays_hourly'</span><span class="p">,</span> <span class="n">start_offset</span> <span class="o">=&gt;</span> <span class="n">INTERVAL</span> <span class="s1">'3 days'</span><span class="p">,</span> <span class="n">end_offset</span> <span class="o">=&gt;</span> <span class="n">INTERVAL</span> <span class="s1">'1 hour'</span><span class="p">,</span> <span class="n">schedule_interval</span> <span class="o">=&gt;</span> <span class="n">INTERVAL</span> <span class="s1">'30 minutes'</span> <span class="p">);</span> </code></pre> </div> <p>Now the dashboard query reads from <code>plays_hourly</code> — a table that is orders of magnitude smaller than the raw events — and the engine <em>real-time aggregates</em> the last uncovered hour on the fly so the numbers are never stale. The 40-second query became a 50-millisecond one.</p> <p>The <code>end_offset =&gt; INTERVAL '1 hour'</code> detail is easy to miss and important: it tells the policy not to materialize the in-progress bucket, which would otherwise be rewritten constantly. Real-time aggregation fills that gap at query time.</p> <h2> Querying Rollups From Go for the Live Dashboard </h2> <p>The live "what's trending right now" panel is a small Go service behind Cloudflare. It hits the continuous aggregate with <code>pgx</code>, which is faster than <code>database/sql</code> for this kind of read path because it speaks the binary protocol natively:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">package</span> <span class="n">main</span> <span class="k">import</span> <span class="p">(</span> <span class="s">"context"</span> <span class="s">"fmt"</span> <span class="s">"os"</span> <span class="s">"time"</span> <span class="s">"github.com/jackc/pgx/v5/pgxpool"</span> <span class="p">)</span> <span class="k">type</span> <span class="n">TrendRow</span> <span class="k">struct</span> <span class="p">{</span> <span class="n">VideoID</span> <span class="kt">int64</span> <span class="n">Region</span> <span class="kt">string</span> <span class="n">Plays</span> <span class="kt">int64</span> <span class="n">WatchMS</span> <span class="kt">int64</span> <span class="p">}</span> <span class="k">func</span> <span class="n">topTrending</span><span class="p">(</span><span class="n">ctx</span> <span class="n">context</span><span class="o">.</span><span class="n">Context</span><span class="p">,</span> <span class="n">pool</span> <span class="o">*</span><span class="n">pgxpool</span><span class="o">.</span><span class="n">Pool</span><span class="p">,</span> <span class="n">region</span> <span class="kt">string</span><span class="p">)</span> <span class="p">([]</span><span class="n">TrendRow</span><span class="p">,</span> <span class="kt">error</span><span class="p">)</span> <span class="p">{</span> <span class="k">const</span> <span class="n">q</span> <span class="o">=</span> <span class="s">` SELECT video_id, region, sum(plays) AS plays, sum(watch_ms) AS watch_ms FROM plays_hourly WHERE bucket &gt;= now() - INTERVAL '6 hours' AND region = $1 GROUP BY video_id, region ORDER BY plays DESC LIMIT 20`</span> <span class="n">rows</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">pool</span><span class="o">.</span><span class="n">Query</span><span class="p">(</span><span class="n">ctx</span><span class="p">,</span> <span class="n">q</span><span class="p">,</span> <span class="n">region</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Errorf</span><span class="p">(</span><span class="s">"query trending: %w"</span><span class="p">,</span> <span class="n">err</span><span class="p">)</span> <span class="p">}</span> <span class="k">defer</span> <span class="n">rows</span><span class="o">.</span><span class="n">Close</span><span class="p">()</span> <span class="k">var</span> <span class="n">out</span> <span class="p">[]</span><span class="n">TrendRow</span> <span class="k">for</span> <span class="n">rows</span><span class="o">.</span><span class="n">Next</span><span class="p">()</span> <span class="p">{</span> <span class="k">var</span> <span class="n">r</span> <span class="n">TrendRow</span> <span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">rows</span><span class="o">.</span><span class="n">Scan</span><span class="p">(</span><span class="o">&amp;</span><span class="n">r</span><span class="o">.</span><span class="n">VideoID</span><span class="p">,</span> <span class="o">&amp;</span><span class="n">r</span><span class="o">.</span><span class="n">Region</span><span class="p">,</span> <span class="o">&amp;</span><span class="n">r</span><span class="o">.</span><span class="n">Plays</span><span class="p">,</span> <span class="o">&amp;</span><span class="n">r</span><span class="o">.</span><span class="n">WatchMS</span><span class="p">);</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="n">err</span> <span class="p">}</span> <span class="n">out</span> <span class="o">=</span> <span class="nb">append</span><span class="p">(</span><span class="n">out</span><span class="p">,</span> <span class="n">r</span><span class="p">)</span> <span class="p">}</span> <span class="k">return</span> <span class="n">out</span><span class="p">,</span> <span class="n">rows</span><span class="o">.</span><span class="n">Err</span><span class="p">()</span> <span class="p">}</span> <span class="k">func</span> <span class="n">main</span><span class="p">()</span> <span class="p">{</span> <span class="n">ctx</span><span class="p">,</span> <span class="n">cancel</span> <span class="o">:=</span> <span class="n">context</span><span class="o">.</span><span class="n">WithTimeout</span><span class="p">(</span><span class="n">context</span><span class="o">.</span><span class="n">Background</span><span class="p">(),</span> <span class="m">3</span><span class="o">*</span><span class="n">time</span><span class="o">.</span><span class="n">Second</span><span class="p">)</span> <span class="k">defer</span> <span class="n">cancel</span><span class="p">()</span> <span class="n">pool</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">pgxpool</span><span class="o">.</span><span class="n">New</span><span class="p">(</span><span class="n">ctx</span><span class="p">,</span> <span class="n">os</span><span class="o">.</span><span class="n">Getenv</span><span class="p">(</span><span class="s">"TVH_PG_DSN"</span><span class="p">))</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="nb">panic</span><span class="p">(</span><span class="n">err</span><span class="p">)</span> <span class="p">}</span> <span class="k">defer</span> <span class="n">pool</span><span class="o">.</span><span class="n">Close</span><span class="p">()</span> <span class="n">rows</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">topTrending</span><span class="p">(</span><span class="n">ctx</span><span class="p">,</span> <span class="n">pool</span><span class="p">,</span> <span class="s">"JP"</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="nb">panic</span><span class="p">(</span><span class="n">err</span><span class="p">)</span> <span class="p">}</span> <span class="k">for</span> <span class="n">_</span><span class="p">,</span> <span class="n">r</span> <span class="o">:=</span> <span class="k">range</span> <span class="n">rows</span> <span class="p">{</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Printf</span><span class="p">(</span><span class="s">"video=%d plays=%d watch_ms=%d</span><span class="se">\n</span><span class="s">"</span><span class="p">,</span> <span class="n">r</span><span class="o">.</span><span class="n">VideoID</span><span class="p">,</span> <span class="n">r</span><span class="o">.</span><span class="n">Plays</span><span class="p">,</span> <span class="n">r</span><span class="o">.</span><span class="n">WatchMS</span><span class="p">)</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>Because <code>plays_hourly</code> is partitioned the same way as the raw table, the <code>region = $1</code> filter prunes chunks aggressively. We cache the JSON result of this at the Cloudflare edge for 60 seconds, so the database barely sees the dashboard traffic at all — it mostly serves cache misses and the 30-minute refresh.</p> <h2> Compression and Retention Pay the Storage Bill </h2> <p>This is where hypertables stopped a second crisis — disk. Raw view events are highly repetitive: the same <code>region</code>, <code>language</code>, and <code>event_type</code> repeat millions of times. TimescaleDB's columnar compression on older chunks gave us roughly a 12x reduction.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">ALTER</span> <span class="k">TABLE</span> <span class="n">view_events</span> <span class="k">SET</span> <span class="p">(</span> <span class="n">timescaledb</span><span class="p">.</span><span class="n">compress</span><span class="p">,</span> <span class="n">timescaledb</span><span class="p">.</span><span class="n">compress_segmentby</span> <span class="o">=</span> <span class="s1">'region, video_id'</span><span class="p">,</span> <span class="n">timescaledb</span><span class="p">.</span><span class="n">compress_orderby</span> <span class="o">=</span> <span class="s1">'ts DESC'</span> <span class="p">);</span> <span class="c1">-- Compress anything older than 7 days.</span> <span class="k">SELECT</span> <span class="n">add_compression_policy</span><span class="p">(</span><span class="s1">'view_events'</span><span class="p">,</span> <span class="n">INTERVAL</span> <span class="s1">'7 days'</span><span class="p">);</span> <span class="c1">-- Drop raw events after 180 days; the continuous aggregates keep the history.</span> <span class="k">SELECT</span> <span class="n">add_retention_policy</span><span class="p">(</span><span class="s1">'view_events'</span><span class="p">,</span> <span class="n">INTERVAL</span> <span class="s1">'180 days'</span><span class="p">);</span> </code></pre> </div> <p>The mental model is clean:</p> <ul> <li> <strong>Hot (0-7 days):</strong> uncompressed, fast to write and update.</li> <li> <strong>Warm (7-180 days):</strong> compressed columnar, still queryable, ~12x smaller.</li> <li> <strong>Cold (180+ days):</strong> raw rows dropped; the hourly and daily continuous aggregates retain the shape of history forever at a fraction of the size.</li> </ul> <p><code>compress_segmentby</code> should be the columns you filter on (so compressed chunks can be skipped per segment), and <code>compress_orderby</code> should match how you scan — newest first, in our case.</p> <h2> A Python Job for CJK Language Trend Anomalies </h2> <p>The payoff of clean rollups is that analytics jobs become short. We run a nightly Python job that flags videos whose plays in a given language spiked abnormally — useful for catching a video going viral in, say, Korean before it shows up in our global trending. It reads straight from the continuous aggregate with <code>psycopg</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">os</span> <span class="kn">import</span> <span class="n">statistics</span> <span class="kn">import</span> <span class="n">psycopg</span> <span class="n">SQL</span> <span class="o">=</span> <span class="sh">"""</span><span class="s"> SELECT video_id, language, time_bucket(</span><span class="sh">'</span><span class="s">1 day</span><span class="sh">'</span><span class="s">, bucket) AS day, sum(plays) AS plays FROM plays_hourly ph JOIN view_events ve USING (video_id) -- language lives on raw rows WHERE bucket &gt;= now() - INTERVAL </span><span class="sh">'</span><span class="s">14 days</span><span class="sh">'</span><span class="s"> GROUP BY video_id, language, day ORDER BY video_id, language, day </span><span class="sh">"""</span> <span class="k">def</span> <span class="nf">detect_spikes</span><span class="p">(</span><span class="n">min_z</span><span class="p">:</span> <span class="nb">float</span> <span class="o">=</span> <span class="mf">3.0</span><span class="p">):</span> <span class="n">dsn</span> <span class="o">=</span> <span class="n">os</span><span class="p">.</span><span class="n">environ</span><span class="p">[</span><span class="sh">"</span><span class="s">TVH_PG_DSN</span><span class="sh">"</span><span class="p">]</span> <span class="n">series</span><span class="p">:</span> <span class="nb">dict</span><span class="p">[</span><span class="nb">tuple</span><span class="p">[</span><span class="nb">int</span><span class="p">,</span> <span class="nb">str</span><span class="p">],</span> <span class="nb">list</span><span class="p">[</span><span class="nb">int</span><span class="p">]]</span> <span class="o">=</span> <span class="p">{}</span> <span class="k">with</span> <span class="n">psycopg</span><span class="p">.</span><span class="nf">connect</span><span class="p">(</span><span class="n">dsn</span><span class="p">)</span> <span class="k">as</span> <span class="n">conn</span><span class="p">,</span> <span class="n">conn</span><span class="p">.</span><span class="nf">cursor</span><span class="p">()</span> <span class="k">as</span> <span class="n">cur</span><span class="p">:</span> <span class="n">cur</span><span class="p">.</span><span class="nf">execute</span><span class="p">(</span><span class="n">SQL</span><span class="p">)</span> <span class="k">for</span> <span class="n">video_id</span><span class="p">,</span> <span class="n">language</span><span class="p">,</span> <span class="n">_day</span><span class="p">,</span> <span class="n">plays</span> <span class="ow">in</span> <span class="n">cur</span><span class="p">:</span> <span class="n">series</span><span class="p">.</span><span class="nf">setdefault</span><span class="p">((</span><span class="n">video_id</span><span class="p">,</span> <span class="n">language</span><span class="p">),</span> <span class="p">[]).</span><span class="nf">append</span><span class="p">(</span><span class="nf">int</span><span class="p">(</span><span class="n">plays</span><span class="p">))</span> <span class="n">alerts</span> <span class="o">=</span> <span class="p">[]</span> <span class="nf">for </span><span class="p">(</span><span class="n">video_id</span><span class="p">,</span> <span class="n">language</span><span class="p">),</span> <span class="n">points</span> <span class="ow">in</span> <span class="n">series</span><span class="p">.</span><span class="nf">items</span><span class="p">():</span> <span class="k">if</span> <span class="nf">len</span><span class="p">(</span><span class="n">points</span><span class="p">)</span> <span class="o">&lt;</span> <span class="mi">8</span><span class="p">:</span> <span class="k">continue</span> <span class="n">history</span><span class="p">,</span> <span class="n">today</span> <span class="o">=</span> <span class="n">points</span><span class="p">[:</span><span class="o">-</span><span class="mi">1</span><span class="p">],</span> <span class="n">points</span><span class="p">[</span><span class="o">-</span><span class="mi">1</span><span class="p">]</span> <span class="n">mean</span> <span class="o">=</span> <span class="n">statistics</span><span class="p">.</span><span class="nf">fmean</span><span class="p">(</span><span class="n">history</span><span class="p">)</span> <span class="n">stdev</span> <span class="o">=</span> <span class="n">statistics</span><span class="p">.</span><span class="nf">pstdev</span><span class="p">(</span><span class="n">history</span><span class="p">)</span> <span class="ow">or</span> <span class="mf">1.0</span> <span class="n">z</span> <span class="o">=</span> <span class="p">(</span><span class="n">today</span> <span class="o">-</span> <span class="n">mean</span><span class="p">)</span> <span class="o">/</span> <span class="n">stdev</span> <span class="k">if</span> <span class="n">z</span> <span class="o">&gt;=</span> <span class="n">min_z</span><span class="p">:</span> <span class="n">alerts</span><span class="p">.</span><span class="nf">append</span><span class="p">((</span><span class="n">video_id</span><span class="p">,</span> <span class="n">language</span><span class="p">,</span> <span class="n">today</span><span class="p">,</span> <span class="nf">round</span><span class="p">(</span><span class="n">z</span><span class="p">,</span> <span class="mi">2</span><span class="p">)))</span> <span class="n">alerts</span><span class="p">.</span><span class="nf">sort</span><span class="p">(</span><span class="n">key</span><span class="o">=</span><span class="k">lambda</span> <span class="n">a</span><span class="p">:</span> <span class="n">a</span><span class="p">[</span><span class="mi">3</span><span class="p">],</span> <span class="n">reverse</span><span class="o">=</span><span class="bp">True</span><span class="p">)</span> <span class="k">return</span> <span class="n">alerts</span> <span class="k">if</span> <span class="n">__name__</span> <span class="o">==</span> <span class="sh">"</span><span class="s">__main__</span><span class="sh">"</span><span class="p">:</span> <span class="k">for</span> <span class="n">video_id</span><span class="p">,</span> <span class="n">language</span><span class="p">,</span> <span class="n">plays</span><span class="p">,</span> <span class="n">z</span> <span class="ow">in</span> <span class="nf">detect_spikes</span><span class="p">():</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">SPIKE video=</span><span class="si">{</span><span class="n">video_id</span><span class="si">}</span><span class="s"> lang=</span><span class="si">{</span><span class="n">language</span><span class="si">}</span><span class="s"> plays=</span><span class="si">{</span><span class="n">plays</span><span class="si">}</span><span class="s"> z=</span><span class="si">{</span><span class="n">z</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> </code></pre> </div> <p>In practice we precompute language onto a dedicated <code>plays_by_language_daily</code> aggregate rather than joining back to raw rows, but the join version above is the honest first draft and it runs in seconds because the heavy lifting already happened in the continuous aggregate.</p> <h2> Numbers After the Migration </h2> <p>A few weeks in, with the same hardware budget:</p> <ul> <li>Dashboard "plays per region, 7 days" query: <strong>~40 s → ~50 ms</strong>.</li> <li>Ingest throughput: <strong>comfortably past 30k events/sec</strong> in batched mode, with headroom.</li> <li>On-disk size for 180 days of events: <strong>~60 GB SQLite file → ~9 GB compressed hypertable</strong>.</li> <li>Write contention against reads: gone — Postgres MVCC means the ingest worker never blocks the dashboards.</li> </ul> <p>None of this required rewriting the product. The PHP catalog still runs on SQLite with the FTS5 CJK tokenizer; we simply stopped asking a document store to behave like a time-series engine.</p> <h2> Lessons Worth Keeping </h2> <p>If you are staring at a swelling events table, the order of operations that worked for us was: promote to a hypertable with a sane chunk interval, batch your inserts, build continuous aggregates for every dashboard, then turn on compression and retention. The hypertable solves write contention and query locality; the continuous aggregates solve dashboard latency; compression solves the disk bill. Skip any one of them and the wins are partial.</p> <p>The broader lesson is about picking the right store for the <em>shape</em> of the data, not the convenience of one engine. SQLite is still perfect for our catalog and search. View events are append-only, time-ordered, and queried by range — that is the exact shape TimescaleDB hypertables are built for, and treating them that way turned our worst-performing surface into one of the quietest parts of the stack.</p> timescaledb postgres analytics performance ahmet gedik Tue, 09 Jun 2026 09:00:04 +0000 https://dev.to/ahmet_gedik778845/building-video-recommendations-with-surrealdb-graph-traversal-queries-2ck6 https://dev.to/ahmet_gedik778845/building-video-recommendations-with-surrealdb-graph-traversal-queries-2ck6 <h2> The related-videos rail that ate our query planner </h2> <p>For about two years the "related videos" rail on <a href="https://trendvidstream.com" rel="noopener noreferrer">TrendVidStream</a> was a SQLite query with four self-joins over a <code>views</code> table, filtered by region, ordered by a hand-tuned co-occurrence score. It worked when we had a few hundred thousand view rows. It stopped working the week we crossed eight regions and started ingesting trending videos on a per-region cron. The query that powered "people who watched this also watched" went from 30ms to 900ms, the planner started picking the wrong index depending on which region's data was hot, and every attempt to make it region-aware added another <code>JOIN</code> and another <code>WHERE region = ?</code> that the optimizer had to reason about.</p> <p>The root problem is that recommendation is not a relational problem pretending to be hard. It is a graph problem being forced through a relational engine. "Viewers who watched A also watched B" is a two-hop traversal: video → viewers → videos. In SQL that is a self-join on the bridge table, and every extra hop is another join. In a graph database it is a path expression you write once.</p> <p>We kept SQLite FTS5 for full-text search — it is genuinely excellent for that and our PHP 8.4 stack is built around it — but we moved the recommendation graph into SurrealDB. This post is the honest version of how that went: the schema, the traversal queries, how we call them from PHP, how the multi-region cron feeds the graph, and the parts that bit us.</p> <h2> Why a graph model actually fits video discovery </h2> <p>Video discovery is a web of typed relationships, not a set of rows. A viewer <em>watched</em> a video. A video <em>belongs to</em> a channel. A channel <em>publishes in</em> a region. A video is <em>tagged</em> with topics. The recommendation you want is a walk over those edges: start at the video the user is on, walk to the viewers who watched it, walk forward to what else those viewers watched, then bias the result by shared tags and the user's region.</p> <p>SurrealDB models this directly. Records live in tables, but relationships are first-class edge records created with <code>RELATE</code>, and you traverse them with arrow syntax: <code>-&gt;watched-&gt;video</code>. The arrow direction is the edge direction, and you can chain arrows to express multi-hop paths inline. That single feature is what collapses our four-join SQL into one readable line.</p> <p>There are three properties that made it worth the operational cost of running a second datastore:</p> <ul> <li> <strong>Traversal cost is proportional to the edges you walk, not the size of the tables.</strong> A two-hop recommendation touches the neighborhood of one video, not the whole <code>views</code> table.</li> <li> <strong>Edges carry data.</strong> A <code>watched</code> edge can store watch percentage, timestamp, and region, so we can weight a recommendation by <em>how much</em> of a video someone actually watched rather than treating a 3-second bounce the same as a full view.</li> <li> <strong>Queries read like the question.</strong> When the on-call engineer reads <code>-&gt;watched&lt;-watched-&gt;video</code>, they can see it is "co-viewers' other videos" without reverse-engineering a join graph.</li> </ul> <h2> Defining the schema and the edges </h2> <p>SurrealDB is schemaless by default, but for a recommendation graph you want a schema so that bad writes from a flaky cron run get rejected instead of silently corrupting traversals. Here is the SurrealQL we run on migration. Note the edge tables (<code>watched</code>, <code>tagged</code>) defined with <code>TYPE RELATION</code> and constrained endpoints.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="c1">-- Run once via the /sql HTTP endpoint or the CLI</span> <span class="n">DEFINE</span> <span class="k">TABLE</span> <span class="n">video</span> <span class="n">SCHEMAFULL</span><span class="p">;</span> <span class="n">DEFINE</span> <span class="n">FIELD</span> <span class="n">title</span> <span class="k">ON</span> <span class="n">video</span> <span class="k">TYPE</span> <span class="n">string</span><span class="p">;</span> <span class="n">DEFINE</span> <span class="n">FIELD</span> <span class="n">channel</span> <span class="k">ON</span> <span class="n">video</span> <span class="k">TYPE</span> <span class="n">record</span><span class="o">&lt;</span><span class="n">channel</span><span class="o">&gt;</span><span class="p">;</span> <span class="n">DEFINE</span> <span class="n">FIELD</span> <span class="n">region</span> <span class="k">ON</span> <span class="n">video</span> <span class="k">TYPE</span> <span class="n">string</span> <span class="n">ASSERT</span> <span class="err">$</span><span class="n">value</span> <span class="n">INSIDE</span> <span class="p">[</span><span class="s1">'us'</span><span class="p">,</span><span class="s1">'gb'</span><span class="p">,</span><span class="s1">'de'</span><span class="p">,</span><span class="s1">'fr'</span><span class="p">,</span><span class="s1">'in'</span><span class="p">,</span><span class="s1">'br'</span><span class="p">,</span><span class="s1">'au'</span><span class="p">,</span><span class="s1">'ca'</span><span class="p">];</span> <span class="n">DEFINE</span> <span class="n">FIELD</span> <span class="n">duration</span> <span class="k">ON</span> <span class="n">video</span> <span class="k">TYPE</span> <span class="nb">int</span><span class="p">;</span> <span class="n">DEFINE</span> <span class="n">FIELD</span> <span class="n">published</span> <span class="k">ON</span> <span class="n">video</span> <span class="k">TYPE</span> <span class="nb">datetime</span><span class="p">;</span> <span class="n">DEFINE</span> <span class="k">INDEX</span> <span class="n">video_region</span> <span class="k">ON</span> <span class="n">video</span> <span class="n">FIELDS</span> <span class="n">region</span><span class="p">;</span> <span class="n">DEFINE</span> <span class="k">TABLE</span> <span class="n">viewer</span> <span class="n">SCHEMAFULL</span><span class="p">;</span> <span class="n">DEFINE</span> <span class="n">FIELD</span> <span class="n">region</span> <span class="k">ON</span> <span class="n">viewer</span> <span class="k">TYPE</span> <span class="n">string</span><span class="p">;</span> <span class="c1">-- Edge: viewer -&gt; watched -&gt; video, carrying engagement data</span> <span class="n">DEFINE</span> <span class="k">TABLE</span> <span class="n">watched</span> <span class="k">TYPE</span> <span class="n">RELATION</span> <span class="k">IN</span> <span class="n">viewer</span> <span class="k">OUT</span> <span class="n">video</span> <span class="n">SCHEMAFULL</span><span class="p">;</span> <span class="n">DEFINE</span> <span class="n">FIELD</span> <span class="n">percent</span> <span class="k">ON</span> <span class="n">watched</span> <span class="k">TYPE</span> <span class="nb">float</span> <span class="n">ASSERT</span> <span class="err">$</span><span class="n">value</span> <span class="o">&gt;=</span> <span class="mi">0</span> <span class="k">AND</span> <span class="err">$</span><span class="n">value</span> <span class="o">&lt;=</span> <span class="mi">1</span><span class="p">;</span> <span class="n">DEFINE</span> <span class="n">FIELD</span> <span class="n">region</span> <span class="k">ON</span> <span class="n">watched</span> <span class="k">TYPE</span> <span class="n">string</span><span class="p">;</span> <span class="n">DEFINE</span> <span class="n">FIELD</span> <span class="k">at</span> <span class="k">ON</span> <span class="n">watched</span> <span class="k">TYPE</span> <span class="nb">datetime</span><span class="p">;</span> <span class="c1">-- Edge: video -&gt; tagged -&gt; topic</span> <span class="n">DEFINE</span> <span class="k">TABLE</span> <span class="n">topic</span> <span class="n">SCHEMAFULL</span><span class="p">;</span> <span class="n">DEFINE</span> <span class="k">TABLE</span> <span class="n">tagged</span> <span class="k">TYPE</span> <span class="n">RELATION</span> <span class="k">IN</span> <span class="n">video</span> <span class="k">OUT</span> <span class="n">topic</span> <span class="n">SCHEMAFULL</span><span class="p">;</span> </code></pre> </div> <p>Writing an edge is a <code>RELATE</code> statement. When our ingest sees a watch event, it does one upsert per video and one relate per view:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="c1">-- Ensure the nodes exist (idempotent), then connect them</span> <span class="n">UPSERT</span> <span class="n">video</span><span class="p">:</span><span class="n">dQw4</span> <span class="k">SET</span> <span class="n">title</span> <span class="o">=</span> <span class="s1">'Region trends recap'</span><span class="p">,</span> <span class="n">region</span> <span class="o">=</span> <span class="s1">'gb'</span><span class="p">,</span> <span class="n">duration</span> <span class="o">=</span> <span class="mi">612</span><span class="p">;</span> <span class="n">UPSERT</span> <span class="n">viewer</span><span class="p">:</span><span class="n">ix92</span> <span class="k">SET</span> <span class="n">region</span> <span class="o">=</span> <span class="s1">'gb'</span><span class="p">;</span> <span class="n">RELATE</span> <span class="n">viewer</span><span class="p">:</span><span class="n">ix92</span> <span class="o">-&gt;</span> <span class="n">watched</span> <span class="o">-&gt;</span> <span class="n">video</span><span class="p">:</span><span class="n">dQw4</span> <span class="k">SET</span> <span class="n">percent</span> <span class="o">=</span> <span class="mi">0</span><span class="p">.</span><span class="mi">83</span><span class="p">,</span> <span class="n">region</span> <span class="o">=</span> <span class="s1">'gb'</span><span class="p">,</span> <span class="k">at</span> <span class="o">=</span> <span class="nb">time</span><span class="p">::</span><span class="n">now</span><span class="p">();</span> </code></pre> </div> <p>The <code>RELATE</code> creates a <code>watched</code> record whose <code>in</code> is the viewer and whose <code>out</code> is the video. From now on the edge is traversable in both directions: forward from the viewer with <code>-&gt;watched-&gt;video</code>, and backward from the video with <code>&lt;-watched&lt;-viewer</code>.</p> <h2> The recommendation query in one traversal </h2> <p>Here is the query that replaced the four-join SQL. Read it as the sentence it is: starting from a video, walk back to the viewers who watched it with real engagement, then forward to the <em>other</em> videos those viewers watched, count how often each appears, and rank.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="c1">-- $vid is the video the user is currently watching, e.g. video:dQw4</span> <span class="c1">-- $region is the requesting user's region</span> <span class="n">LET</span> <span class="err">$</span><span class="n">rec</span> <span class="o">=</span> <span class="p">(</span> <span class="k">SELECT</span> <span class="k">out</span> <span class="k">AS</span> <span class="n">video</span><span class="p">,</span> <span class="k">count</span><span class="p">()</span> <span class="k">AS</span> <span class="n">co_views</span><span class="p">,</span> <span class="n">math</span><span class="p">::</span><span class="n">mean</span><span class="p">(</span><span class="n">percent</span><span class="p">)</span> <span class="k">AS</span> <span class="n">avg_engagement</span> <span class="k">FROM</span> <span class="p">(</span> <span class="c1">-- co-viewers' other watches, excluding the source video</span> <span class="k">SELECT</span> <span class="o">-&gt;</span><span class="n">watched</span><span class="p">.</span><span class="k">out</span> <span class="k">AS</span> <span class="k">out</span><span class="p">,</span> <span class="o">-&gt;</span><span class="n">watched</span><span class="p">.</span><span class="n">percent</span> <span class="k">AS</span> <span class="n">percent</span> <span class="k">FROM</span> <span class="n">video</span><span class="p">:</span><span class="n">dQw4</span><span class="o">&lt;-</span><span class="n">watched</span><span class="o">&lt;-</span><span class="n">viewer</span><span class="o">-&gt;</span><span class="n">watched</span> <span class="k">WHERE</span> <span class="n">percent</span> <span class="o">&gt;=</span> <span class="mi">0</span><span class="p">.</span><span class="mi">4</span> <span class="p">)</span> <span class="k">WHERE</span> <span class="k">out</span> <span class="o">!=</span> <span class="n">video</span><span class="p">:</span><span class="n">dQw4</span> <span class="k">GROUP</span> <span class="k">BY</span> <span class="n">video</span> <span class="p">);</span> <span class="k">SELECT</span> <span class="n">video</span><span class="p">,</span> <span class="n">co_views</span><span class="p">,</span> <span class="n">avg_engagement</span><span class="p">,</span> <span class="c1">-- region match is a soft boost, not a hard filter</span> <span class="p">(</span><span class="n">co_views</span> <span class="o">*</span> <span class="n">avg_engagement</span><span class="p">)</span> <span class="o">*</span> <span class="n">IF</span> <span class="n">video</span><span class="p">.</span><span class="n">region</span> <span class="o">=</span> <span class="err">$</span><span class="n">region</span> <span class="p">{</span> <span class="mi">1</span><span class="p">.</span><span class="mi">5</span> <span class="p">}</span> <span class="k">ELSE</span> <span class="p">{</span> <span class="mi">1</span><span class="p">.</span><span class="mi">0</span> <span class="p">}</span> <span class="k">AS</span> <span class="n">score</span> <span class="k">FROM</span> <span class="err">$</span><span class="n">rec</span> <span class="k">ORDER</span> <span class="k">BY</span> <span class="n">score</span> <span class="k">DESC</span> <span class="k">LIMIT</span> <span class="mi">12</span><span class="p">;</span> </code></pre> </div> <p>A few things worth calling out, because they are the difference between a demo and something that survives production:</p> <ul> <li> <strong>The <code>percent &gt;= 0.4</code> filter on the edge</strong> is doing real work. It means a co-view only counts if the co-viewer actually watched 40% of the source. Drive-by clicks do not pollute recommendations.</li> <li> <strong>Region is a soft boost (<code>* 1.5</code>), not a <code>WHERE</code> clause.</strong> This was a deliberate change from the SQL version. Hard-filtering by region gave users in smaller regions an empty rail. A multiplier keeps global hits visible while favoring local content.</li> <li> <strong>The grouping and scoring happen server-side</strong> in one round trip. The PHP layer receives 12 ranked rows, not a result set it has to sort.</li> </ul> <h2> Calling it from PHP 8.4 </h2> <p>Our application layer is PHP 8.4, deployed over FTP to LiteSpeed hosts, so we do not get to install a fancy SurrealDB extension on every box. That is fine — SurrealDB exposes an HTTP <code>/sql</code> endpoint that takes raw SurrealQL and returns JSON, so plain <code>curl</code> is all we need. Here is the client we actually use, trimmed to the relevant parts. PHP 8.4's typed properties and constructor promotion keep it tidy.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="cp">&lt;?php</span> <span class="k">declare</span><span class="p">(</span><span class="n">strict_types</span><span class="o">=</span><span class="mi">1</span><span class="p">);</span> <span class="k">final</span> <span class="kd">class</span> <span class="nc">SurrealClient</span> <span class="p">{</span> <span class="k">public</span> <span class="k">function</span> <span class="n">__construct</span><span class="p">(</span> <span class="k">private</span> <span class="k">readonly</span> <span class="kt">string</span> <span class="nv">$endpoint</span> <span class="o">=</span> <span class="s1">'http://127.0.0.1:8000/sql'</span><span class="p">,</span> <span class="k">private</span> <span class="k">readonly</span> <span class="kt">string</span> <span class="nv">$namespace</span> <span class="o">=</span> <span class="s1">'trendvid'</span><span class="p">,</span> <span class="k">private</span> <span class="k">readonly</span> <span class="kt">string</span> <span class="nv">$database</span> <span class="o">=</span> <span class="s1">'discovery'</span><span class="p">,</span> <span class="k">private</span> <span class="k">readonly</span> <span class="kt">string</span> <span class="nv">$user</span> <span class="o">=</span> <span class="s1">'rec_ro'</span><span class="p">,</span> <span class="k">private</span> <span class="k">readonly</span> <span class="kt">string</span> <span class="nv">$pass</span> <span class="o">=</span> <span class="s1">''</span><span class="p">,</span> <span class="p">)</span> <span class="p">{}</span> <span class="cd">/** @return list&lt;array&lt;string,mixed&gt;&gt; rows from the final statement */</span> <span class="k">public</span> <span class="k">function</span> <span class="n">query</span><span class="p">(</span><span class="kt">string</span> <span class="nv">$surql</span><span class="p">,</span> <span class="kt">array</span> <span class="nv">$vars</span> <span class="o">=</span> <span class="p">[]):</span> <span class="kt">array</span> <span class="p">{</span> <span class="nv">$ch</span> <span class="o">=</span> <span class="nb">curl_init</span><span class="p">(</span><span class="nv">$this</span><span class="o">-&gt;</span><span class="n">endpoint</span><span class="p">);</span> <span class="c1">// SurrealDB takes bound vars as headers prefixed with the var name,</span> <span class="c1">// but for dynamic values we interpolate server-side LET is safer.</span> <span class="nb">curl_setopt_array</span><span class="p">(</span><span class="nv">$ch</span><span class="p">,</span> <span class="p">[</span> <span class="no">CURLOPT_POST</span> <span class="o">=&gt;</span> <span class="kc">true</span><span class="p">,</span> <span class="no">CURLOPT_RETURNTRANSFER</span> <span class="o">=&gt;</span> <span class="kc">true</span><span class="p">,</span> <span class="no">CURLOPT_TIMEOUT</span> <span class="o">=&gt;</span> <span class="mi">3</span><span class="p">,</span> <span class="no">CURLOPT_HTTPHEADER</span> <span class="o">=&gt;</span> <span class="p">[</span> <span class="s1">'Accept: application/json'</span><span class="p">,</span> <span class="s1">'Content-Type: text/plain'</span><span class="p">,</span> <span class="s1">'NS: '</span> <span class="mf">.</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="n">namespace</span><span class="p">,</span> <span class="s1">'DB: '</span> <span class="mf">.</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="n">database</span><span class="p">,</span> <span class="p">],</span> <span class="no">CURLOPT_USERPWD</span> <span class="o">=&gt;</span> <span class="s2">"</span><span class="si">{</span><span class="nv">$this</span><span class="o">-&gt;</span><span class="n">user</span><span class="si">}</span><span class="s2">:</span><span class="si">{</span><span class="nv">$this</span><span class="o">-&gt;</span><span class="n">pass</span><span class="si">}</span><span class="s2">"</span><span class="p">,</span> <span class="no">CURLOPT_POSTFIELDS</span> <span class="o">=&gt;</span> <span class="nv">$surql</span><span class="p">,</span> <span class="p">]);</span> <span class="nv">$raw</span> <span class="o">=</span> <span class="nb">curl_exec</span><span class="p">(</span><span class="nv">$ch</span><span class="p">);</span> <span class="k">if</span> <span class="p">(</span><span class="nv">$raw</span> <span class="o">===</span> <span class="kc">false</span><span class="p">)</span> <span class="p">{</span> <span class="k">throw</span> <span class="k">new</span> <span class="nc">RuntimeException</span><span class="p">(</span><span class="s1">'SurrealDB unreachable: '</span> <span class="mf">.</span> <span class="nb">curl_error</span><span class="p">(</span><span class="nv">$ch</span><span class="p">));</span> <span class="p">}</span> <span class="nb">curl_close</span><span class="p">(</span><span class="nv">$ch</span><span class="p">);</span> <span class="cd">/** @var list&lt;array{status:string,result:mixed}&gt; $batch */</span> <span class="nv">$batch</span> <span class="o">=</span> <span class="nb">json_decode</span><span class="p">(</span><span class="nv">$raw</span><span class="p">,</span> <span class="kc">true</span><span class="p">,</span> <span class="n">flags</span><span class="o">:</span> <span class="no">JSON_THROW_ON_ERROR</span><span class="p">);</span> <span class="nv">$last</span> <span class="o">=</span> <span class="nb">end</span><span class="p">(</span><span class="nv">$batch</span><span class="p">)</span> <span class="o">?:</span> <span class="p">[</span><span class="s1">'result'</span> <span class="o">=&gt;</span> <span class="p">[]];</span> <span class="k">if</span> <span class="p">((</span><span class="nv">$last</span><span class="p">[</span><span class="s1">'status'</span><span class="p">]</span> <span class="o">??</span> <span class="s1">''</span><span class="p">)</span> <span class="o">!==</span> <span class="s1">'OK'</span><span class="p">)</span> <span class="p">{</span> <span class="k">throw</span> <span class="k">new</span> <span class="nc">RuntimeException</span><span class="p">(</span><span class="s1">'Query failed: '</span> <span class="mf">.</span> <span class="nb">json_encode</span><span class="p">(</span><span class="nv">$last</span><span class="p">));</span> <span class="p">}</span> <span class="k">return</span> <span class="nb">is_array</span><span class="p">(</span><span class="nv">$last</span><span class="p">[</span><span class="s1">'result'</span><span class="p">])</span> <span class="o">?</span> <span class="nv">$last</span><span class="p">[</span><span class="s1">'result'</span><span class="p">]</span> <span class="o">:</span> <span class="p">[];</span> <span class="p">}</span> <span class="p">}</span> <span class="k">function</span> <span class="n">relatedVideos</span><span class="p">(</span><span class="kt">SurrealClient</span> <span class="nv">$db</span><span class="p">,</span> <span class="kt">string</span> <span class="nv">$videoId</span><span class="p">,</span> <span class="kt">string</span> <span class="nv">$region</span><span class="p">):</span> <span class="kt">array</span> <span class="p">{</span> <span class="c1">// SurrealDB returns one result block per statement; we read the last.</span> <span class="nv">$surql</span> <span class="o">=</span> <span class="sh">&lt;&lt;&lt;SURQL LET \$vid = type::thing('video', '{$videoId}'); SELECT video, co_views, avg_engagement, (co_views * avg_engagement) * IF video.region = '{$region}' { 1.5 } ELSE { 1.0 } AS score FROM ( SELECT out AS video, count() AS co_views, math::mean(percent) AS avg_engagement FROM ( SELECT -&gt;watched.out AS out, -&gt;watched.percent AS percent FROM \$vid&lt;-watched&lt;-viewer-&gt;watched WHERE percent &gt;= 0.4 ) WHERE out != \$vid GROUP BY video ) ORDER BY score DESC LIMIT 12; SURQL;</span> <span class="k">return</span> <span class="nv">$db</span><span class="o">-&gt;</span><span class="nf">query</span><span class="p">(</span><span class="nv">$surql</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p>One real lesson encoded here: never interpolate user-supplied IDs as bare record literals. We pass them through <code>type::thing('video', $id)</code> so SurrealDB parses the value as data, not as query syntax. Treat it exactly like you treat parameterized SQL — a record link built from request input is an injection vector if you string-concatenate it into a path.</p> <h2> Feeding the graph from the multi-region cron </h2> <p>Our ingest already runs as a per-region cron that pulls trending videos. The same job now writes edges into SurrealDB. We do it in Python because the cron orchestration was already Python, and we batch the writes — sending one <code>RELATE</code> per event over HTTP would melt under a region's worth of events.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">requests</span> <span class="n">SURREAL</span> <span class="o">=</span> <span class="sh">"</span><span class="s">http://127.0.0.1:8000/sql</span><span class="sh">"</span> <span class="n">HEADERS</span> <span class="o">=</span> <span class="p">{</span><span class="sh">"</span><span class="s">Accept</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">application/json</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">Content-Type</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">text/plain</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">NS</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">trendvid</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">DB</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">discovery</span><span class="sh">"</span><span class="p">}</span> <span class="n">AUTH</span> <span class="o">=</span> <span class="p">(</span><span class="sh">"</span><span class="s">rec_rw</span><span class="sh">"</span><span class="p">,</span> <span class="sh">""</span><span class="p">)</span> <span class="k">def</span> <span class="nf">flush_watch_events</span><span class="p">(</span><span class="n">events</span><span class="p">:</span> <span class="nb">list</span><span class="p">[</span><span class="nb">dict</span><span class="p">],</span> <span class="n">region</span><span class="p">:</span> <span class="nb">str</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="bp">None</span><span class="p">:</span> <span class="sh">"""</span><span class="s">events: [{viewer, video, percent}], all for one region.</span><span class="sh">"""</span> <span class="k">if</span> <span class="ow">not</span> <span class="n">events</span><span class="p">:</span> <span class="k">return</span> <span class="c1"># Build one transaction so a mid-batch failure rolls back cleanly. </span> <span class="n">stmts</span> <span class="o">=</span> <span class="p">[</span><span class="sh">"</span><span class="s">BEGIN TRANSACTION;</span><span class="sh">"</span><span class="p">]</span> <span class="k">for</span> <span class="n">e</span> <span class="ow">in</span> <span class="n">events</span><span class="p">:</span> <span class="n">v</span><span class="p">,</span> <span class="n">vid</span><span class="p">,</span> <span class="n">pct</span> <span class="o">=</span> <span class="n">e</span><span class="p">[</span><span class="sh">"</span><span class="s">viewer</span><span class="sh">"</span><span class="p">],</span> <span class="n">e</span><span class="p">[</span><span class="sh">"</span><span class="s">video</span><span class="sh">"</span><span class="p">],</span> <span class="nf">float</span><span class="p">(</span><span class="n">e</span><span class="p">[</span><span class="sh">"</span><span class="s">percent</span><span class="sh">"</span><span class="p">])</span> <span class="n">stmts</span><span class="p">.</span><span class="nf">append</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">UPSERT viewer:</span><span class="si">{</span><span class="n">v</span><span class="si">}</span><span class="s"> SET region = </span><span class="sh">'</span><span class="si">{</span><span class="n">region</span><span class="si">}</span><span class="sh">'</span><span class="s">;</span><span class="sh">"</span><span class="p">)</span> <span class="n">stmts</span><span class="p">.</span><span class="nf">append</span><span class="p">(</span> <span class="sa">f</span><span class="sh">"</span><span class="s">RELATE viewer:</span><span class="si">{</span><span class="n">v</span><span class="si">}</span><span class="s"> -&gt; watched -&gt; video:</span><span class="si">{</span><span class="n">vid</span><span class="si">}</span><span class="s"> </span><span class="sh">"</span> <span class="sa">f</span><span class="sh">"</span><span class="s">SET percent = </span><span class="si">{</span><span class="n">pct</span><span class="si">:</span><span class="p">.</span><span class="mi">3</span><span class="n">f</span><span class="si">}</span><span class="s">, region = </span><span class="sh">'</span><span class="si">{</span><span class="n">region</span><span class="si">}</span><span class="sh">'</span><span class="s">, at = time::now();</span><span class="sh">"</span> <span class="p">)</span> <span class="n">stmts</span><span class="p">.</span><span class="nf">append</span><span class="p">(</span><span class="sh">"</span><span class="s">COMMIT TRANSACTION;</span><span class="sh">"</span><span class="p">)</span> <span class="n">resp</span> <span class="o">=</span> <span class="n">requests</span><span class="p">.</span><span class="nf">post</span><span class="p">(</span><span class="n">SURREAL</span><span class="p">,</span> <span class="n">data</span><span class="o">=</span><span class="sh">"</span><span class="se">\n</span><span class="sh">"</span><span class="p">.</span><span class="nf">join</span><span class="p">(</span><span class="n">stmts</span><span class="p">),</span> <span class="n">headers</span><span class="o">=</span><span class="n">HEADERS</span><span class="p">,</span> <span class="n">auth</span><span class="o">=</span><span class="n">AUTH</span><span class="p">,</span> <span class="n">timeout</span><span class="o">=</span><span class="mi">10</span><span class="p">)</span> <span class="n">resp</span><span class="p">.</span><span class="nf">raise_for_status</span><span class="p">()</span> <span class="n">blocks</span> <span class="o">=</span> <span class="n">resp</span><span class="p">.</span><span class="nf">json</span><span class="p">()</span> <span class="n">failed</span> <span class="o">=</span> <span class="p">[</span><span class="n">b</span> <span class="k">for</span> <span class="n">b</span> <span class="ow">in</span> <span class="n">blocks</span> <span class="k">if</span> <span class="n">b</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">status</span><span class="sh">"</span><span class="p">)</span> <span class="o">!=</span> <span class="sh">"</span><span class="s">OK</span><span class="sh">"</span><span class="p">]</span> <span class="k">if</span> <span class="n">failed</span><span class="p">:</span> <span class="k">raise</span> <span class="nc">RuntimeError</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="si">{</span><span class="nf">len</span><span class="p">(</span><span class="n">failed</span><span class="p">)</span><span class="si">}</span><span class="s"> statements failed in </span><span class="si">{</span><span class="n">region</span><span class="si">}</span><span class="s"> batch</span><span class="sh">"</span><span class="p">)</span> </code></pre> </div> <p>The transaction matters more than it looks. Our cron runs eight region jobs that can overlap, and an unbatched failure used to leave half-written view data that skewed recommendations for hours. Wrapping each batch in <code>BEGIN</code>/<code>COMMIT</code> means a region either lands fully or not at all, and the next run retries the whole batch.</p> <h2> Precomputing hot rails with a Go worker </h2> <p>The live traversal is fast — single-digit milliseconds for a normal video — but our homepage shows recommendation rails for the top few hundred trending videos per region, and computing those on every request is wasteful when they barely change between cron runs. So we precompute them with a small Go worker that runs after each ingest, writes the result back into SurrealDB as a materialized <code>rail</code> record, and lets the PHP layer read a single row instead of running the traversal.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">package</span> <span class="n">main</span> <span class="k">import</span> <span class="p">(</span> <span class="s">"bytes"</span> <span class="s">"fmt"</span> <span class="s">"io"</span> <span class="s">"net/http"</span> <span class="s">"time"</span> <span class="p">)</span> <span class="k">const</span> <span class="n">surreal</span> <span class="o">=</span> <span class="s">"http://127.0.0.1:8000/sql"</span> <span class="k">func</span> <span class="n">surql</span><span class="p">(</span><span class="n">query</span> <span class="kt">string</span><span class="p">)</span> <span class="p">([]</span><span class="kt">byte</span><span class="p">,</span> <span class="kt">error</span><span class="p">)</span> <span class="p">{</span> <span class="n">req</span><span class="p">,</span> <span class="n">_</span> <span class="o">:=</span> <span class="n">http</span><span class="o">.</span><span class="n">NewRequest</span><span class="p">(</span><span class="s">"POST"</span><span class="p">,</span> <span class="n">surreal</span><span class="p">,</span> <span class="n">bytes</span><span class="o">.</span><span class="n">NewBufferString</span><span class="p">(</span><span class="n">query</span><span class="p">))</span> <span class="n">req</span><span class="o">.</span><span class="n">Header</span><span class="o">.</span><span class="n">Set</span><span class="p">(</span><span class="s">"Accept"</span><span class="p">,</span> <span class="s">"application/json"</span><span class="p">)</span> <span class="n">req</span><span class="o">.</span><span class="n">Header</span><span class="o">.</span><span class="n">Set</span><span class="p">(</span><span class="s">"Content-Type"</span><span class="p">,</span> <span class="s">"text/plain"</span><span class="p">)</span> <span class="n">req</span><span class="o">.</span><span class="n">Header</span><span class="o">.</span><span class="n">Set</span><span class="p">(</span><span class="s">"NS"</span><span class="p">,</span> <span class="s">"trendvid"</span><span class="p">)</span> <span class="n">req</span><span class="o">.</span><span class="n">Header</span><span class="o">.</span><span class="n">Set</span><span class="p">(</span><span class="s">"DB"</span><span class="p">,</span> <span class="s">"discovery"</span><span class="p">)</span> <span class="n">req</span><span class="o">.</span><span class="n">SetBasicAuth</span><span class="p">(</span><span class="s">"rec_rw"</span><span class="p">,</span> <span class="s">""</span><span class="p">)</span> <span class="n">client</span> <span class="o">:=</span> <span class="o">&amp;</span><span class="n">http</span><span class="o">.</span><span class="n">Client</span><span class="p">{</span><span class="n">Timeout</span><span class="o">:</span> <span class="m">8</span> <span class="o">*</span> <span class="n">time</span><span class="o">.</span><span class="n">Second</span><span class="p">}</span> <span class="n">resp</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">client</span><span class="o">.</span><span class="n">Do</span><span class="p">(</span><span class="n">req</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="n">err</span> <span class="p">}</span> <span class="k">defer</span> <span class="n">resp</span><span class="o">.</span><span class="n">Body</span><span class="o">.</span><span class="n">Close</span><span class="p">()</span> <span class="k">return</span> <span class="n">io</span><span class="o">.</span><span class="n">ReadAll</span><span class="p">(</span><span class="n">resp</span><span class="o">.</span><span class="n">Body</span><span class="p">)</span> <span class="p">}</span> <span class="c">// precomputeRail runs the traversal and stores the top results on the video</span> <span class="c">// itself, so reads are a single SELECT with no graph walk.</span> <span class="k">func</span> <span class="n">precomputeRail</span><span class="p">(</span><span class="n">videoID</span><span class="p">,</span> <span class="n">region</span> <span class="kt">string</span><span class="p">)</span> <span class="kt">error</span> <span class="p">{</span> <span class="n">q</span> <span class="o">:=</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Sprintf</span><span class="p">(</span><span class="s">` LET $vid = type::thing('video', '%s'); LET $rec = ( SELECT out AS video, count() AS co_views, math::mean(percent) AS eng FROM (SELECT -&gt;watched.out AS out, -&gt;watched.percent AS percent FROM $vid&lt;-watched&lt;-viewer-&gt;watched WHERE percent &gt;= 0.4) WHERE out != $vid GROUP BY video ORDER BY (co_views * eng) DESC LIMIT 12 ); UPDATE $vid SET rail = $rec, rail_built = time::now(), rail_region = '%s';`</span><span class="p">,</span> <span class="n">videoID</span><span class="p">,</span> <span class="n">region</span><span class="p">)</span> <span class="n">_</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">surql</span><span class="p">(</span><span class="n">q</span><span class="p">)</span> <span class="k">return</span> <span class="n">err</span> <span class="p">}</span> <span class="k">func</span> <span class="n">main</span><span class="p">()</span> <span class="p">{</span> <span class="c">// In production this list comes from the trending query per region.</span> <span class="n">hot</span> <span class="o">:=</span> <span class="p">[]</span><span class="k">struct</span><span class="p">{</span> <span class="n">id</span><span class="p">,</span> <span class="n">region</span> <span class="kt">string</span> <span class="p">}{</span> <span class="p">{</span><span class="s">"dQw4"</span><span class="p">,</span> <span class="s">"gb"</span><span class="p">},</span> <span class="p">{</span><span class="s">"a8Bz"</span><span class="p">,</span> <span class="s">"us"</span><span class="p">},</span> <span class="p">{</span><span class="s">"k0Lm"</span><span class="p">,</span> <span class="s">"de"</span><span class="p">},</span> <span class="p">}</span> <span class="k">for</span> <span class="n">_</span><span class="p">,</span> <span class="n">v</span> <span class="o">:=</span> <span class="k">range</span> <span class="n">hot</span> <span class="p">{</span> <span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">precomputeRail</span><span class="p">(</span><span class="n">v</span><span class="o">.</span><span class="n">id</span><span class="p">,</span> <span class="n">v</span><span class="o">.</span><span class="n">region</span><span class="p">);</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Printf</span><span class="p">(</span><span class="s">"rail %s failed: %v</span><span class="se">\n</span><span class="s">"</span><span class="p">,</span> <span class="n">v</span><span class="o">.</span><span class="n">id</span><span class="p">,</span> <span class="n">err</span><span class="p">)</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>Now the homepage read is <code>SELECT rail FROM video:dQw4</code> — one record, no traversal — and the expensive walk only happens for long-tail videos that are not in the precomputed set. This is the same split we use everywhere: cheap reads for the common case, live computation for the tail.</p> <h2> Keeping SQLite FTS5 for what it is good at </h2> <p>We did not throw away SQLite. Search — "find videos matching these words" — is still FTS5, because a graph database is the wrong tool for ranked text matching and FTS5 is genuinely fast and zero-ops. The clean division we settled on:</p> <ul> <li> <strong>SQLite FTS5</strong> owns search, filtering, and anything text- or attribute-based. It is the source of truth for video metadata.</li> <li> <strong>SurrealDB</strong> owns relationships: who watched what, what is similar to what, what to recommend next.</li> <li>The cron writes to both. Metadata goes to SQLite; the watch edges go to SurrealDB.</li> </ul> <p>The two never need to join across the wire because the recommendation query returns video record IDs, and PHP hydrates the display data from SQLite by ID — a primary-key lookup, the cheapest read there is.</p> <h2> What bit us </h2> <p>A few things we learned the expensive way, so you do not have to:</p> <ul> <li> <strong>Unbounded traversals will find your most popular video and never come back.</strong> A globally trending video has hundreds of thousands of co-viewers; a naive <code>&lt;-watched&lt;-viewer-&gt;watched</code> over it walks an enormous neighborhood. The <code>percent &gt;= 0.4</code> edge filter and the <code>LIMIT</code> are not optional — they are what keep the query bounded.</li> <li> <strong>Schemaless writes from a flaky cron silently rot the graph.</strong> Before we made the edge tables <code>SCHEMAFULL</code>, a bug that wrote <code>percent</code> as a string instead of a float made <code>math::mean</code> skip rows without erroring. Define your fields and assert their ranges.</li> <li> <strong>Region as a hard filter starves small regions.</strong> Soft-boosting with a multiplier was the single change that most improved perceived quality for users outside the US and GB.</li> <li> <strong>Don't interpolate record IDs.</strong> Use <code>type::thing()</code>. A graph path built from raw request input is an injection vector exactly like raw SQL.</li> <li> <strong>Materialize the hot set.</strong> The live traversal is fast enough for the tail, but precomputing rails for trending videos cut homepage database time by more than half.</li> </ul> <h2> Conclusion </h2> <p>The shift that mattered was conceptual, not just operational: recommendation stopped being a query we tuned and became a graph we traverse. The four-join SQL that fell over at eight regions is now a single arrow-path expression that reads like the question it answers, runs in single-digit milliseconds for the common case, and stays bounded because the engagement filter and limits are baked into the path. SQLite FTS5 still owns search, SurrealDB owns the relationship graph, and the multi-region cron feeds both without a cross-store join in sight. If you are still expressing "viewers who watched this also watched" as a self-join that grows a clause every time a product manager asks for one more signal, try modeling it as edges and walking them — the query gets shorter as the requirements get more complex, which is the opposite of what happens in SQL.</p> surrealdb graphdb php recommendations ahmet gedik Mon, 08 Jun 2026 18:00:01 +0000 https://dev.to/ahmet_gedik778845/running-ad-hoc-video-analytics-on-parquet-exports-with-duckdb-oh9 https://dev.to/ahmet_gedik778845/running-ad-hoc-video-analytics-on-parquet-exports-with-duckdb-oh9 <p>We track every trending video across roughly thirty European markets. Every few hours a fetch job pulls fresh metrics — view count, likes, comments, and the rank a clip held in a given country — and appends a row to a <code>video_snapshots</code> table in SQLite. SQLite in WAL mode handles that write load beautifully: concurrent readers never block the writer, the database file lives on the same LiteSpeed box that serves the site, and there is no second daemon to babysit. For serving pages and feeding the API, it is close to perfect.</p> <p>Then someone on the editorial side asks a question like <em>"which categories went viral fastest in Poland and the Netherlands last month, and how did that compare to the same clips in Germany?"</em> — and the whole arrangement falls over. That query touches tens of millions of rows, groups across regions and dates, and computes per-video growth curves with window functions. Run it against the live SQLite file and you either stall the page-cache warmers or wait four minutes for a single answer. Run it twice in parallel and an analyst has effectively DoS'd production.</p> <p>For a long time the standard advice here is "stand up a warehouse." But we are a lean operation at <a href="https://viralvidvault.com" rel="noopener noreferrer">ViralVidVault</a>, and spinning up ClickHouse or shipping data into BigQuery introduces a second copy of personal-ish data to govern under GDPR, a network hop, egress cost, and an ops surface we do not want. DuckDB turned out to be the answer that fits the existing stack: it is an in-process analytical engine, it reads Parquet natively, and it never touches the live database unless we explicitly point it there. This post walks through how we export SQLite to partitioned Parquet, run genuinely heavy ad-hoc queries on it, and wire the whole thing behind a thin PHP endpoint — without the production database ever feeling it.</p> <h2> Why DuckDB and not a warehouse </h2> <p>The mental model that made this click for me: DuckDB is to OLAP what SQLite is to OLTP. It is a single library, no server, no cluster, no config files. You embed it, point it at files, and run SQL. For an ad-hoc analytics layer that gets queried a few hundred times a day by humans, that profile is exactly right.</p> <p>The properties that mattered for us specifically:</p> <ul> <li> <strong>It reads Parquet directly.</strong> No load step, no ingestion pipeline. The Parquet files on disk <em>are</em> the table. Add a new day's export and it is queryable immediately.</li> <li> <strong>Columnar + vectorized execution.</strong> Aggregations that scan one or two columns out of fifteen only read those columns off disk. A <code>SELECT region, avg(view_count)</code> over 40M rows reads megabytes, not gigabytes.</li> <li> <strong>It can read SQLite itself.</strong> The <code>sqlite</code> extension lets DuckDB attach a <code>.db</code> file read-only, which makes the export step a one-liner instead of a custom serializer.</li> <li> <strong>Zero new attack surface.</strong> There is no listening port, no auth layer to misconfigure, no separate box to patch. It runs as a CLI invocation or an embedded library and exits.</li> <li> <strong>Hive-style partition pruning.</strong> Partition by date and region on disk, and a query filtered to <code>region = 'PL'</code> for last week physically skips every other folder.</li> </ul> <p>The trade-off is that DuckDB is not built for high-concurrency point lookups or transactional writes — that is still SQLite's job. We are not replacing the operational database; we are giving analysts a read-only mirror they cannot hurt.</p> <h2> Exporting SQLite to Parquet without blocking ingestion </h2> <p>The export is where most of the GDPR and performance thinking lives, so it is worth doing carefully. The key insight is that DuckDB can do the whole export by itself: attach the SQLite file in read-only mode, <code>SELECT</code> the columns we actually want for analytics (dropping anything PII-adjacent), and <code>COPY</code> straight to partitioned Parquet.</p> <p>Running it read-only is what keeps production safe. WAL mode already allows readers alongside the writer, and <code>READ_ONLY</code> guarantees the export can never take a write lock or corrupt the file even if the process is killed mid-run.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">duckdb</span> <span class="n">con</span> <span class="o">=</span> <span class="n">duckdb</span><span class="p">.</span><span class="nf">connect</span><span class="p">()</span> <span class="n">con</span><span class="p">.</span><span class="nf">execute</span><span class="p">(</span><span class="sh">"</span><span class="s">INSTALL sqlite; LOAD sqlite;</span><span class="sh">"</span><span class="p">)</span> <span class="c1"># READ_ONLY is the whole safety story: this can never lock or mutate prod. </span><span class="n">con</span><span class="p">.</span><span class="nf">execute</span><span class="p">(</span><span class="sh">"</span><span class="s">ATTACH </span><span class="sh">'</span><span class="s">/srv/vvv/data/viral.db</span><span class="sh">'</span><span class="s"> AS src (TYPE sqlite, READ_ONLY);</span><span class="sh">"</span><span class="p">)</span> <span class="n">con</span><span class="p">.</span><span class="nf">execute</span><span class="p">(</span><span class="sh">"""</span><span class="s"> COPY ( SELECT video_id, region, category_id, view_count, like_count, comment_count, rank_position, captured_at, CAST(captured_at AS DATE) AS capture_date FROM src.video_snapshots WHERE captured_at &gt;= now() - INTERVAL 2 DAY ) TO </span><span class="sh">'</span><span class="s">/srv/vvv/exports/snapshots</span><span class="sh">'</span><span class="s"> ( FORMAT parquet, PARTITION_BY (capture_date, region), COMPRESSION zstd, OVERWRITE_OR_IGNORE true ); </span><span class="sh">"""</span><span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="sh">"</span><span class="s">export complete</span><span class="sh">"</span><span class="p">)</span> </code></pre> </div> <p>A few decisions worth calling out:</p> <ul> <li> <strong>We project, we do not <code>SELECT *</code>.</strong> The export query is the natural choke point for data minimisation. There is no <code>user_id</code>, no IP, no session — none of it ever reaches the analytics layer, so an analyst literally cannot query personal data that is not there. That is GDPR data-minimisation enforced by schema, not by policy.</li> <li> <strong>Partition by <code>capture_date</code> and <code>region</code>.</strong> This produces a directory tree like <code>capture_date=2026-06-01/region=DE/data.parquet</code>. DuckDB reads the partition values from the path, so date- and region-filtered queries prune entire folders.</li> <li> <strong>ZSTD compression.</strong> Snapshot data is highly repetitive (the same <code>video_id</code> and <code>category_id</code> recur thousands of times), so ZSTD typically gets us 8-12x over the raw rows while staying fast to decompress.</li> <li> <strong>Rolling two-day window.</strong> We re-export the last two days each night and let <code>OVERWRITE_OR_IGNORE</code> replace those partitions. Older partitions are immutable once written, which makes the export idempotent and cheap.</li> </ul> <p>We schedule it as a plain cron entry next to the existing fetch jobs. There is nothing clever here, and that is the point:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># /etc/cron.d/vvv-export</span> <span class="c"># Nightly Parquet export, 03:17 to dodge the on-the-hour fetch jobs.</span> 17 3 <span class="k">*</span> <span class="k">*</span> <span class="k">*</span> www-data /usr/bin/python3 /srv/vvv/bin/export_snapshots.py <span class="o">&gt;&gt;</span> /var/log/vvv/export.log 2&gt;&amp;1 </code></pre> </div> <p>Because the export reads SQLite read-only and writes to a separate <code>exports/</code> directory, it can run while the fetch cron is appending new snapshots and while LiteSpeed is serving traffic. Nobody contends with anybody.</p> <h2> Queries that would melt SQLite </h2> <p>Now the fun part. Here is the actual shape of the "fastest-growing categories per market" question that started this whole thing. It uses a window function to compute each video's day-over-day view gain, then aggregates that into per-category medians and a 95th percentile — the kind of analytical SQL that SQLite technically supports but executes at a glacial pace over tens of millions of rows.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="c1">-- Fastest-growing categories per market, last 30 days.</span> <span class="k">WITH</span> <span class="n">growth</span> <span class="k">AS</span> <span class="p">(</span> <span class="k">SELECT</span> <span class="n">video_id</span><span class="p">,</span> <span class="n">region</span><span class="p">,</span> <span class="n">category_id</span><span class="p">,</span> <span class="n">capture_date</span><span class="p">,</span> <span class="n">view_count</span><span class="p">,</span> <span class="n">view_count</span> <span class="o">-</span> <span class="n">lag</span><span class="p">(</span><span class="n">view_count</span><span class="p">)</span> <span class="n">OVER</span> <span class="p">(</span> <span class="k">PARTITION</span> <span class="k">BY</span> <span class="n">video_id</span><span class="p">,</span> <span class="n">region</span> <span class="k">ORDER</span> <span class="k">BY</span> <span class="n">capture_date</span> <span class="p">)</span> <span class="k">AS</span> <span class="n">daily_gain</span> <span class="k">FROM</span> <span class="n">read_parquet</span><span class="p">(</span> <span class="s1">'/srv/vvv/exports/snapshots/**/*.parquet'</span><span class="p">,</span> <span class="n">hive_partitioning</span> <span class="o">=</span> <span class="k">true</span> <span class="p">)</span> <span class="k">WHERE</span> <span class="n">capture_date</span> <span class="o">&gt;=</span> <span class="n">today</span><span class="p">()</span> <span class="o">-</span> <span class="mi">30</span> <span class="k">AND</span> <span class="n">region</span> <span class="k">IN</span> <span class="p">(</span><span class="s1">'PL'</span><span class="p">,</span> <span class="s1">'NL'</span><span class="p">,</span> <span class="s1">'DE'</span><span class="p">)</span> <span class="p">)</span> <span class="k">SELECT</span> <span class="n">region</span><span class="p">,</span> <span class="n">category_id</span><span class="p">,</span> <span class="k">count</span><span class="p">(</span><span class="k">DISTINCT</span> <span class="n">video_id</span><span class="p">)</span> <span class="k">AS</span> <span class="n">clips</span><span class="p">,</span> <span class="n">round</span><span class="p">(</span><span class="n">median</span><span class="p">(</span><span class="n">daily_gain</span><span class="p">))</span> <span class="k">AS</span> <span class="n">median_daily_views</span><span class="p">,</span> <span class="n">round</span><span class="p">(</span><span class="n">quantile_cont</span><span class="p">(</span><span class="n">daily_gain</span><span class="p">,</span> <span class="mi">0</span><span class="p">.</span><span class="mi">95</span><span class="p">))</span> <span class="k">AS</span> <span class="n">p95_daily_views</span> <span class="k">FROM</span> <span class="n">growth</span> <span class="k">WHERE</span> <span class="n">daily_gain</span> <span class="o">&gt;</span> <span class="mi">0</span> <span class="k">GROUP</span> <span class="k">BY</span> <span class="n">region</span><span class="p">,</span> <span class="n">category_id</span> <span class="k">ORDER</span> <span class="k">BY</span> <span class="n">region</span><span class="p">,</span> <span class="n">median_daily_views</span> <span class="k">DESC</span> <span class="k">LIMIT</span> <span class="mi">20</span><span class="p">;</span> </code></pre> </div> <p>The <code>hive_partitioning = true</code> flag is what makes this fast. The <code>WHERE capture_date &gt;= today() - 30 AND region IN ('PL','NL','DE')</code> predicate is matched against the directory structure <em>before</em> any file is opened, so DuckDB only touches ~90 partition folders out of the thousands on disk. On our dataset this query returns in well under a second on a single shared LiteSpeed box, against a SQLite equivalent that took minutes and pinned a core the whole time.</p> <p>A couple of DuckDB-specific niceties that show up constantly in ad-hoc work:</p> <ul> <li> <strong><code>quantile_cont</code> and <code>median</code> are built in.</strong> No extension, no custom aggregate. Percentile latency-style analysis on view gains is one expression.</li> <li> <strong><code>read_parquet</code> accepts globs and lists.</strong> You can point at <code>**/*.parquet</code>, a single file, or an explicit list, and DuckDB unions them with a consistent schema.</li> <li> <strong><code>EXPLAIN ANALYZE</code></strong> prints how many partitions and bytes were actually scanned — invaluable for confirming pruning is doing its job rather than silently reading everything.</li> </ul> <h2> Wrapping DuckDB behind a PHP endpoint </h2> <p>Most of our app is PHP 8.4, and analysts do not write SQL into a terminal — they hit an internal dashboard. So we need a thin server-side wrapper. There is no need for a PHP extension here; the DuckDB CLI with the <code>-json</code> flag gives us machine-readable output, and <code>proc_open</code> lets us feed SQL over stdin so nothing ever lands on the shell command line.</p> <p>The important safety property: we open DuckDB against an in-memory database (<code>:memory:</code>) and create a <em>view</em> over the Parquet files. The session can read the exports and nothing else — there is no attached writable database, so even a malicious query cannot mutate state.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="cp">&lt;?php</span> <span class="k">declare</span><span class="p">(</span><span class="n">strict_types</span><span class="o">=</span><span class="mi">1</span><span class="p">);</span> <span class="k">final</span> <span class="kd">class</span> <span class="nc">DuckQuery</span> <span class="p">{</span> <span class="k">public</span> <span class="k">function</span> <span class="n">__construct</span><span class="p">(</span> <span class="k">private</span> <span class="k">readonly</span> <span class="kt">string</span> <span class="nv">$binary</span> <span class="o">=</span> <span class="s1">'/usr/local/bin/duckdb'</span><span class="p">,</span> <span class="k">private</span> <span class="k">readonly</span> <span class="kt">string</span> <span class="nv">$exportRoot</span> <span class="o">=</span> <span class="s1">'/srv/vvv/exports/snapshots'</span><span class="p">,</span> <span class="p">)</span> <span class="p">{}</span> <span class="cd">/** @return list&lt;array&lt;string,mixed&gt;&gt; */</span> <span class="k">public</span> <span class="k">function</span> <span class="n">run</span><span class="p">(</span><span class="kt">string</span> <span class="nv">$sql</span><span class="p">,</span> <span class="kt">int</span> <span class="nv">$timeoutSeconds</span> <span class="o">=</span> <span class="mi">20</span><span class="p">):</span> <span class="kt">array</span> <span class="p">{</span> <span class="nv">$glob</span> <span class="o">=</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="n">exportRoot</span> <span class="mf">.</span> <span class="s1">'/**/*.parquet'</span><span class="p">;</span> <span class="nv">$bootstrap</span> <span class="o">=</span> <span class="nb">sprintf</span><span class="p">(</span> <span class="s2">"CREATE VIEW snapshots AS "</span> <span class="mf">.</span> <span class="s2">"SELECT * FROM read_parquet('%s', hive_partitioning = true);"</span><span class="p">,</span> <span class="nb">str_replace</span><span class="p">(</span><span class="s2">"'"</span><span class="p">,</span> <span class="s2">"''"</span><span class="p">,</span> <span class="nv">$glob</span><span class="p">)</span> <span class="p">);</span> <span class="nv">$descriptors</span> <span class="o">=</span> <span class="p">[</span> <span class="mi">0</span> <span class="o">=&gt;</span> <span class="p">[</span><span class="s1">'pipe'</span><span class="p">,</span> <span class="s1">'r'</span><span class="p">],</span> <span class="mi">1</span> <span class="o">=&gt;</span> <span class="p">[</span><span class="s1">'pipe'</span><span class="p">,</span> <span class="s1">'w'</span><span class="p">],</span> <span class="mi">2</span> <span class="o">=&gt;</span> <span class="p">[</span><span class="s1">'pipe'</span><span class="p">,</span> <span class="s1">'w'</span><span class="p">],</span> <span class="p">];</span> <span class="c1">// :memory: + -json =&gt; read-only against Parquet, machine-readable rows.</span> <span class="nv">$proc</span> <span class="o">=</span> <span class="nb">proc_open</span><span class="p">(</span> <span class="p">[</span><span class="nv">$this</span><span class="o">-&gt;</span><span class="n">binary</span><span class="p">,</span> <span class="s1">'-json'</span><span class="p">,</span> <span class="s1">':memory:'</span><span class="p">],</span> <span class="nv">$descriptors</span><span class="p">,</span> <span class="nv">$pipes</span> <span class="p">);</span> <span class="k">if</span> <span class="p">(</span><span class="o">!</span><span class="nb">is_resource</span><span class="p">(</span><span class="nv">$proc</span><span class="p">))</span> <span class="p">{</span> <span class="k">throw</span> <span class="k">new</span> <span class="nc">RuntimeException</span><span class="p">(</span><span class="s1">'Could not start DuckDB'</span><span class="p">);</span> <span class="p">}</span> <span class="nb">fwrite</span><span class="p">(</span><span class="nv">$pipes</span><span class="p">[</span><span class="mi">0</span><span class="p">],</span> <span class="nv">$bootstrap</span> <span class="mf">.</span> <span class="s2">"</span><span class="se">\n</span><span class="s2">"</span> <span class="mf">.</span> <span class="nb">rtrim</span><span class="p">(</span><span class="nv">$sql</span><span class="p">,</span> <span class="s2">"; "</span><span class="p">)</span> <span class="mf">.</span> <span class="s2">";</span><span class="se">\n</span><span class="s2">"</span><span class="p">);</span> <span class="nb">fclose</span><span class="p">(</span><span class="nv">$pipes</span><span class="p">[</span><span class="mi">0</span><span class="p">]);</span> <span class="nv">$out</span> <span class="o">=</span> <span class="nb">stream_get_contents</span><span class="p">(</span><span class="nv">$pipes</span><span class="p">[</span><span class="mi">1</span><span class="p">]);</span> <span class="nv">$err</span> <span class="o">=</span> <span class="nb">stream_get_contents</span><span class="p">(</span><span class="nv">$pipes</span><span class="p">[</span><span class="mi">2</span><span class="p">]);</span> <span class="nb">fclose</span><span class="p">(</span><span class="nv">$pipes</span><span class="p">[</span><span class="mi">1</span><span class="p">]);</span> <span class="nb">fclose</span><span class="p">(</span><span class="nv">$pipes</span><span class="p">[</span><span class="mi">2</span><span class="p">]);</span> <span class="k">if</span> <span class="p">(</span><span class="nb">proc_close</span><span class="p">(</span><span class="nv">$proc</span><span class="p">)</span> <span class="o">!==</span> <span class="mi">0</span><span class="p">)</span> <span class="p">{</span> <span class="k">throw</span> <span class="k">new</span> <span class="nc">RuntimeException</span><span class="p">(</span><span class="s2">"DuckDB failed: </span><span class="si">{</span><span class="nv">$err</span><span class="si">}</span><span class="s2">"</span><span class="p">);</span> <span class="p">}</span> <span class="cd">/** @var list&lt;array&lt;string,mixed&gt;&gt; $rows */</span> <span class="nv">$rows</span> <span class="o">=</span> <span class="nb">json_decode</span><span class="p">(</span><span class="nv">$out</span> <span class="o">?:</span> <span class="s1">'[]'</span><span class="p">,</span> <span class="kc">true</span><span class="p">,</span> <span class="n">flags</span><span class="o">:</span> <span class="no">JSON_THROW_ON_ERROR</span><span class="p">);</span> <span class="k">return</span> <span class="nv">$rows</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> <span class="c1">// Usage from a dashboard controller:</span> <span class="nv">$duck</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">DuckQuery</span><span class="p">();</span> <span class="nv">$rows</span> <span class="o">=</span> <span class="nv">$duck</span><span class="o">-&gt;</span><span class="nf">run</span><span class="p">(</span> <span class="s2">"SELECT region, count(DISTINCT video_id) AS clips FROM snapshots WHERE capture_date &gt;= today() - 7 GROUP BY region ORDER BY clips DESC"</span> <span class="p">);</span> <span class="nb">header</span><span class="p">(</span><span class="s1">'Content-Type: application/json'</span><span class="p">);</span> <span class="k">echo</span> <span class="nb">json_encode</span><span class="p">(</span><span class="nv">$rows</span><span class="p">,</span> <span class="no">JSON_THROW_ON_ERROR</span><span class="p">);</span> </code></pre> </div> <p>The dashboard only ever sends parameterised, server-built queries — analysts pick filters from dropdowns, they do not type raw SQL — so the <code>snapshots</code> view plus a query-allowlist on our side keeps this from becoming an injection vector. For the cases where we genuinely want free-form SQL (internal, authenticated, trusted users only), the in-memory read-only session is the backstop: the worst a bad query can do is spin a CPU for up to <code>timeoutSeconds</code> and then get killed.</p> <p>In front of this endpoint we let Cloudflare Workers cache the common dashboard queries for a few minutes keyed on the filter parameters. The cardinality of "region + date-range + category" combinations the editorial team actually uses is small, so a short edge TTL absorbs most of the load and the PHP layer barely sees repeat traffic.</p> <h2> Batch jobs in Go for the heavy lifters </h2> <p>Not everything runs interactively. Some rollups — the daily "top movers" email, the weekly trend digest — are batch jobs, and we run a few of those in Go using the <code>marcboeker/go-duckdb</code> driver. It speaks the standard <code>database/sql</code> interface, so the code looks like any other Go SQL job, except the "database" is a pile of Parquet files.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">package</span> <span class="n">main</span> <span class="k">import</span> <span class="p">(</span> <span class="s">"database/sql"</span> <span class="s">"encoding/json"</span> <span class="s">"log"</span> <span class="s">"os"</span> <span class="n">_</span> <span class="s">"github.com/marcboeker/go-duckdb"</span> <span class="p">)</span> <span class="k">func</span> <span class="n">main</span><span class="p">()</span> <span class="p">{</span> <span class="n">db</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">sql</span><span class="o">.</span><span class="n">Open</span><span class="p">(</span><span class="s">"duckdb"</span><span class="p">,</span> <span class="s">""</span><span class="p">)</span> <span class="c">// empty DSN =&gt; in-memory</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">log</span><span class="o">.</span><span class="n">Fatal</span><span class="p">(</span><span class="n">err</span><span class="p">)</span> <span class="p">}</span> <span class="k">defer</span> <span class="n">db</span><span class="o">.</span><span class="n">Close</span><span class="p">()</span> <span class="k">const</span> <span class="n">q</span> <span class="o">=</span> <span class="s">` SELECT region, count(DISTINCT video_id) AS videos, round(avg(view_count)) AS avg_views FROM read_parquet('/srv/vvv/exports/snapshots/**/*.parquet', hive_partitioning = true) WHERE capture_date &gt;= today() - 7 GROUP BY region ORDER BY avg_views DESC`</span> <span class="n">rows</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">db</span><span class="o">.</span><span class="n">Query</span><span class="p">(</span><span class="n">q</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">log</span><span class="o">.</span><span class="n">Fatal</span><span class="p">(</span><span class="n">err</span><span class="p">)</span> <span class="p">}</span> <span class="k">defer</span> <span class="n">rows</span><span class="o">.</span><span class="n">Close</span><span class="p">()</span> <span class="k">type</span> <span class="n">stat</span> <span class="k">struct</span> <span class="p">{</span> <span class="n">Region</span> <span class="kt">string</span> <span class="s">`json:"region"`</span> <span class="n">Videos</span> <span class="kt">int64</span> <span class="s">`json:"videos"`</span> <span class="n">AvgViews</span> <span class="kt">float64</span> <span class="s">`json:"avg_views"`</span> <span class="p">}</span> <span class="k">var</span> <span class="n">out</span> <span class="p">[]</span><span class="n">stat</span> <span class="k">for</span> <span class="n">rows</span><span class="o">.</span><span class="n">Next</span><span class="p">()</span> <span class="p">{</span> <span class="k">var</span> <span class="n">s</span> <span class="n">stat</span> <span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">rows</span><span class="o">.</span><span class="n">Scan</span><span class="p">(</span><span class="o">&amp;</span><span class="n">s</span><span class="o">.</span><span class="n">Region</span><span class="p">,</span> <span class="o">&amp;</span><span class="n">s</span><span class="o">.</span><span class="n">Videos</span><span class="p">,</span> <span class="o">&amp;</span><span class="n">s</span><span class="o">.</span><span class="n">AvgViews</span><span class="p">);</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">log</span><span class="o">.</span><span class="n">Fatal</span><span class="p">(</span><span class="n">err</span><span class="p">)</span> <span class="p">}</span> <span class="n">out</span> <span class="o">=</span> <span class="nb">append</span><span class="p">(</span><span class="n">out</span><span class="p">,</span> <span class="n">s</span><span class="p">)</span> <span class="p">}</span> <span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">rows</span><span class="o">.</span><span class="n">Err</span><span class="p">();</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">log</span><span class="o">.</span><span class="n">Fatal</span><span class="p">(</span><span class="n">err</span><span class="p">)</span> <span class="p">}</span> <span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">json</span><span class="o">.</span><span class="n">NewEncoder</span><span class="p">(</span><span class="n">os</span><span class="o">.</span><span class="n">Stdout</span><span class="p">)</span><span class="o">.</span><span class="n">Encode</span><span class="p">(</span><span class="n">out</span><span class="p">);</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">log</span><span class="o">.</span><span class="n">Fatal</span><span class="p">(</span><span class="n">err</span><span class="p">)</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>The nice thing about a static Go binary here is that it ships with DuckDB compiled in. The digest job is a single executable on a cron, reading the same Parquet exports the dashboard reads. No driver to install on the box, no runtime to keep in sync.</p> <h2> Keeping GDPR boring </h2> <p>The most reassuring part of this design is how little GDPR work it actually requires, precisely because the boundaries are physical rather than procedural:</p> <ul> <li> <strong>PII never enters the analytics layer.</strong> The export query projects a fixed column list. There is no user identifier, IP, or session token in any Parquet file. Data minimisation is enforced by the export schema, not by reviewer discipline.</li> <li> <strong>The data we keep is aggregate signal, not personal data.</strong> A view count and a category for a public video is not personal data about our visitors. We are analysing video performance, not people.</li> <li> <strong>Partition layout makes retention trivial.</strong> Because everything is partitioned by <code>capture_date</code>, our retention job is a glorified <code>rm -rf</code> of folders older than the policy window. No <code>DELETE</code> over a live table, no vacuum, no fragmentation.</li> <li> <strong>No third country, no extra processor.</strong> Because DuckDB is in-process and the Parquet files sit on the same EU-hosted infrastructure as the rest of the stack, there is no cross-border transfer and no new sub-processor to add to the records of processing.</li> </ul> <p>If we ever did need a derived per-user metric, the right move would be to hash or pseudonymise it in the export <code>SELECT</code> so the raw identifier never reaches Parquet — but so far we have not needed to, and the cleanest PII is the kind that does not exist in your analytics store.</p> <h2> What it actually bought us </h2> <p>The before/after is stark. Queries that took minutes and risked production stability now run in well under a second against an isolated, read-only dataset. The export adds a few seconds to a nightly cron and a few hundred megabytes of compressed Parquet to disk. There is no new server, no new port, no new credential to rotate, and nothing an analyst can do from the dashboard that touches the operational SQLite file.</p> <p>If you are running a small-to-medium product on SQLite and feeling the pain the moment analytical questions show up, this is the pattern I would reach for first:</p> <ul> <li>Keep SQLite (in WAL mode) as the operational source of truth.</li> <li>Export a projected, partitioned, ZSTD-compressed Parquet snapshot on a cron, reading the database read-only.</li> <li>Query it with DuckDB — from the CLI, from PHP via <code>proc_open</code>, or from a Go batch job via the driver.</li> <li>Let partition pruning and columnar scans do the heavy lifting, and cache the hot dashboard queries at the edge.</li> </ul> <p>You get warehouse-class ad-hoc analytics without a warehouse, and the production database never even knows the analysts are there. For a lean European team that has to think about every byte of data it stores, that combination of speed, simplicity, and a small data footprint is hard to beat.</p> duckdb parquet sqlite analytics ahmet gedik Mon, 08 Jun 2026 09:00:07 +0000 https://dev.to/ahmet_gedik778845/building-cross-language-video-search-with-pgvector-and-openai-embeddings-1661 https://dev.to/ahmet_gedik778845/building-cross-language-video-search-with-pgvector-and-openai-embeddings-1661 <p>On TopVideoHub we aggregate trending video metadata across the Asia-Pacific region — Japanese, Korean, Traditional Chinese, Thai, Vietnamese, plus the usual English firehose. For years our search ran on SQLite FTS5 with a custom CJK tokenizer, and for keyword lookups it is still excellent. But a support ticket finally forced the issue: a user searched <code>kitchen fail compilation</code> and got nothing, even though our catalog had a wildly popular clip titled <code>料理 大失敗 まとめ</code>. Same concept, zero lexical overlap. FTS5 matches tokens, not meaning, and no amount of tokenizer tuning bridges <code>kitchen fail</code> to <code>料理 失敗</code>.</p> <p>That is the wall keyword search hits on a multi-language catalog. This post is the architecture I landed on: keep SQLite FTS5 for what it is good at, and bolt on a Postgres + <a href="https://topvideohub.com" rel="noopener noreferrer">TopVideoHub</a> pgvector sidecar that does semantic, cross-lingual retrieval using OpenAI embeddings. I will show the schema, the embedding pipeline, the PHP 8.4 query path, and the hybrid ranking that actually shipped.</p> <h2> Why keyword search hits a wall on multi-language catalogs </h2> <p>FTS5 is a lexical engine. It builds an inverted index of tokens and ranks with BM25. With a CJK-aware tokenizer it handles <code>料理失敗</code> fine — it segments the run of characters into searchable units. What it cannot do:</p> <ul> <li>Match across languages. <code>kitchen</code> and <code>料理</code> are unrelated tokens.</li> <li>Match synonyms or paraphrases. <code>funny cat</code> will not surface <code>hilarious kitten</code>.</li> <li>Understand intent. <code>videos to fall asleep to</code> is a vibe, not a keyword.</li> </ul> <p>Our Asia-Pacific audience searches in a mix of their native language and English, often in the same session. Roughly 22% of our zero-result queries were semantic misses like the kitchen example — real demand we were silently dropping on the floor.</p> <p>Embeddings fix this because a good multilingual model maps <code>kitchen fail</code> and <code>料理失敗</code> to nearby points in vector space. OpenAI's <code>text-embedding-3-small</code> is genuinely multilingual: I measured cosine similarity of 0.61 between those two phrases, versus ~0.08 for unrelated pairs. That signal is more than enough to rank with.</p> <h2> Why a Postgres sidecar instead of replacing SQLite </h2> <p>Our primary store is SQLite — it is fast, file-based, plays nicely with LiteSpeed and our deployment model, and FTS5 keyword search stays sub-millisecond. I did not want to rip that out. Vector search is a fundamentally different workload (high-dimensional ANN indexes, periodic background re-embedding), so I run it as a separate Postgres instance with the <code>pgvector</code> extension. SQLite remains the source of truth for video metadata; Postgres holds only what semantic search needs: the video id, a bit of denormalized metadata for filtering, and the embedding.</p> <p>This keeps each engine doing what it is good at and means a Postgres outage degrades search to keyword-only rather than taking the site down.</p> <h2> Schema and the pgvector column </h2> <p><code>text-embedding-3-small</code> returns 1536-dimensional vectors. The table is deliberately thin — id, language, region, published timestamp for filtering, the source text we embedded (kept for debugging and re-embedding), and the vector itself.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">CREATE</span> <span class="n">EXTENSION</span> <span class="n">IF</span> <span class="k">NOT</span> <span class="k">EXISTS</span> <span class="n">vector</span><span class="p">;</span> <span class="k">CREATE</span> <span class="k">TABLE</span> <span class="n">video_embeddings</span> <span class="p">(</span> <span class="n">video_id</span> <span class="nb">BIGINT</span> <span class="k">PRIMARY</span> <span class="k">KEY</span><span class="p">,</span> <span class="n">lang</span> <span class="nb">TEXT</span> <span class="k">NOT</span> <span class="k">NULL</span><span class="p">,</span> <span class="n">region</span> <span class="nb">TEXT</span> <span class="k">NOT</span> <span class="k">NULL</span><span class="p">,</span> <span class="n">published_at</span> <span class="n">TIMESTAMPTZ</span> <span class="k">NOT</span> <span class="k">NULL</span><span class="p">,</span> <span class="n">source_text</span> <span class="nb">TEXT</span> <span class="k">NOT</span> <span class="k">NULL</span><span class="p">,</span> <span class="n">embedding</span> <span class="n">vector</span><span class="p">(</span><span class="mi">1536</span><span class="p">)</span> <span class="k">NOT</span> <span class="k">NULL</span><span class="p">,</span> <span class="n">model</span> <span class="nb">TEXT</span> <span class="k">NOT</span> <span class="k">NULL</span> <span class="k">DEFAULT</span> <span class="s1">'text-embedding-3-small'</span><span class="p">,</span> <span class="n">updated_at</span> <span class="n">TIMESTAMPTZ</span> <span class="k">NOT</span> <span class="k">NULL</span> <span class="k">DEFAULT</span> <span class="n">now</span><span class="p">()</span> <span class="p">);</span> <span class="c1">-- HNSW index for approximate nearest-neighbour search.</span> <span class="c1">-- vector_cosine_ops because we normalise and compare with cosine distance.</span> <span class="k">CREATE</span> <span class="k">INDEX</span> <span class="n">video_embeddings_hnsw</span> <span class="k">ON</span> <span class="n">video_embeddings</span> <span class="k">USING</span> <span class="n">hnsw</span> <span class="p">(</span><span class="n">embedding</span> <span class="n">vector_cosine_ops</span><span class="p">)</span> <span class="k">WITH</span> <span class="p">(</span><span class="n">m</span> <span class="o">=</span> <span class="mi">16</span><span class="p">,</span> <span class="n">ef_construction</span> <span class="o">=</span> <span class="mi">64</span><span class="p">);</span> <span class="c1">-- Partial b-tree indexes to keep metadata pre-filters cheap.</span> <span class="k">CREATE</span> <span class="k">INDEX</span> <span class="n">video_embeddings_region_idx</span> <span class="k">ON</span> <span class="n">video_embeddings</span> <span class="p">(</span><span class="n">region</span><span class="p">,</span> <span class="n">published_at</span> <span class="k">DESC</span><span class="p">);</span> </code></pre> </div> <p>A note on the distance operator. pgvector exposes <code>&lt;-&gt;</code> (L2), <code>&lt;#&gt;</code> (negative inner product), and <code>&lt;=&gt;</code> (cosine distance). OpenAI embeddings are normalised to unit length, so cosine and inner product rank identically — but I use <code>&lt;=&gt;</code> explicitly because cosine distance lands in a predictable <code>[0, 2]</code> range, which makes thresholds and score blending much easier to reason about than raw inner products.</p> <h2> What text do you actually embed? </h2> <p>This decision mattered more than the model choice. A YouTube-style title alone is too sparse. I embed a compact composite of the fields that carry meaning, with light labels so the model gets structure:</p> <ul> <li>Title (the strongest signal)</li> <li>Channel name</li> <li>Top 3-5 tags</li> <li>First ~300 characters of the description</li> </ul> <p>I deliberately do <em>not</em> embed view counts, durations, or IDs — numeric metadata pollutes the semantic space. I also truncate aggressively: <code>text-embedding-3-small</code> bills per token, and beyond a few hundred tokens of video metadata you get diminishing returns on retrieval quality while paying linearly more.</p> <h2> The embedding pipeline </h2> <p>This Python worker pulls rows that need (re-)embedding, calls OpenAI in batches — the embeddings endpoint accepts up to 2048 inputs per request, which slashes both latency and overhead — and upserts into Postgres. It is idempotent: a content hash of the source text means we never pay to re-embed text that has not changed.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">hashlib</span> <span class="kn">import</span> <span class="n">os</span> <span class="kn">import</span> <span class="n">openai</span> <span class="kn">import</span> <span class="n">psycopg</span> <span class="kn">from</span> <span class="n">psycopg.rows</span> <span class="kn">import</span> <span class="n">dict_row</span> <span class="n">client</span> <span class="o">=</span> <span class="n">openai</span><span class="p">.</span><span class="nc">OpenAI</span><span class="p">(</span><span class="n">api_key</span><span class="o">=</span><span class="n">os</span><span class="p">.</span><span class="n">environ</span><span class="p">[</span><span class="sh">"</span><span class="s">OPENAI_API_KEY</span><span class="sh">"</span><span class="p">])</span> <span class="n">MODEL</span> <span class="o">=</span> <span class="sh">"</span><span class="s">text-embedding-3-small</span><span class="sh">"</span> <span class="n">BATCH</span> <span class="o">=</span> <span class="mi">256</span> <span class="c1"># well under the 2048 input cap, keeps payloads sane </span> <span class="k">def</span> <span class="nf">build_source_text</span><span class="p">(</span><span class="n">row</span><span class="p">:</span> <span class="nb">dict</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="nb">str</span><span class="p">:</span> <span class="n">tags</span> <span class="o">=</span> <span class="sh">"</span><span class="s">, </span><span class="sh">"</span><span class="p">.</span><span class="nf">join</span><span class="p">((</span><span class="n">row</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">tags</span><span class="sh">"</span><span class="p">)</span> <span class="ow">or</span> <span class="sh">""</span><span class="p">).</span><span class="nf">split</span><span class="p">(</span><span class="sh">"</span><span class="s">,</span><span class="sh">"</span><span class="p">)[:</span><span class="mi">5</span><span class="p">])</span> <span class="n">desc</span> <span class="o">=</span> <span class="p">(</span><span class="n">row</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">description</span><span class="sh">"</span><span class="p">)</span> <span class="ow">or</span> <span class="sh">""</span><span class="p">)[:</span><span class="mi">300</span><span class="p">]</span> <span class="nf">return </span><span class="p">(</span> <span class="sa">f</span><span class="sh">"</span><span class="s">Title: </span><span class="si">{</span><span class="n">row</span><span class="p">[</span><span class="sh">'</span><span class="s">title</span><span class="sh">'</span><span class="p">]</span><span class="si">}</span><span class="se">\n</span><span class="sh">"</span> <span class="sa">f</span><span class="sh">"</span><span class="s">Channel: </span><span class="si">{</span><span class="n">row</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">'</span><span class="s">channel</span><span class="sh">'</span><span class="p">,</span> <span class="sh">''</span><span class="p">)</span><span class="si">}</span><span class="se">\n</span><span class="sh">"</span> <span class="sa">f</span><span class="sh">"</span><span class="s">Tags: </span><span class="si">{</span><span class="n">tags</span><span class="si">}</span><span class="se">\n</span><span class="sh">"</span> <span class="sa">f</span><span class="sh">"</span><span class="s">Description: </span><span class="si">{</span><span class="n">desc</span><span class="si">}</span><span class="sh">"</span> <span class="p">).</span><span class="nf">strip</span><span class="p">()</span> <span class="k">def</span> <span class="nf">embed_batch</span><span class="p">(</span><span class="n">texts</span><span class="p">:</span> <span class="nb">list</span><span class="p">[</span><span class="nb">str</span><span class="p">])</span> <span class="o">-&gt;</span> <span class="nb">list</span><span class="p">[</span><span class="nb">list</span><span class="p">[</span><span class="nb">float</span><span class="p">]]:</span> <span class="c1"># One request embeds the whole batch; order of results matches input order. </span> <span class="n">resp</span> <span class="o">=</span> <span class="n">client</span><span class="p">.</span><span class="n">embeddings</span><span class="p">.</span><span class="nf">create</span><span class="p">(</span><span class="n">model</span><span class="o">=</span><span class="n">MODEL</span><span class="p">,</span> <span class="nb">input</span><span class="o">=</span><span class="n">texts</span><span class="p">)</span> <span class="k">return</span> <span class="p">[</span><span class="n">d</span><span class="p">.</span><span class="n">embedding</span> <span class="k">for</span> <span class="n">d</span> <span class="ow">in</span> <span class="n">resp</span><span class="p">.</span><span class="n">data</span><span class="p">]</span> <span class="k">def</span> <span class="nf">run</span><span class="p">(</span><span class="n">pg</span><span class="p">:</span> <span class="n">psycopg</span><span class="p">.</span><span class="n">Connection</span><span class="p">,</span> <span class="n">rows</span><span class="p">:</span> <span class="nb">list</span><span class="p">[</span><span class="nb">dict</span><span class="p">])</span> <span class="o">-&gt;</span> <span class="nb">int</span><span class="p">:</span> <span class="n">pending</span> <span class="o">=</span> <span class="p">[]</span> <span class="k">for</span> <span class="n">row</span> <span class="ow">in</span> <span class="n">rows</span><span class="p">:</span> <span class="n">text</span> <span class="o">=</span> <span class="nf">build_source_text</span><span class="p">(</span><span class="n">row</span><span class="p">)</span> <span class="n">digest</span> <span class="o">=</span> <span class="n">hashlib</span><span class="p">.</span><span class="nf">sha256</span><span class="p">(</span><span class="n">text</span><span class="p">.</span><span class="nf">encode</span><span class="p">(</span><span class="sh">"</span><span class="s">utf-8</span><span class="sh">"</span><span class="p">)).</span><span class="nf">hexdigest</span><span class="p">()</span> <span class="k">if</span> <span class="n">row</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">source_hash</span><span class="sh">"</span><span class="p">)</span> <span class="o">==</span> <span class="n">digest</span><span class="p">:</span> <span class="k">continue</span> <span class="c1"># unchanged, skip the API call entirely </span> <span class="n">pending</span><span class="p">.</span><span class="nf">append</span><span class="p">((</span><span class="n">row</span><span class="p">,</span> <span class="n">text</span><span class="p">))</span> <span class="n">written</span> <span class="o">=</span> <span class="mi">0</span> <span class="k">for</span> <span class="n">i</span> <span class="ow">in</span> <span class="nf">range</span><span class="p">(</span><span class="mi">0</span><span class="p">,</span> <span class="nf">len</span><span class="p">(</span><span class="n">pending</span><span class="p">),</span> <span class="n">BATCH</span><span class="p">):</span> <span class="n">chunk</span> <span class="o">=</span> <span class="n">pending</span><span class="p">[</span><span class="n">i</span> <span class="p">:</span> <span class="n">i</span> <span class="o">+</span> <span class="n">BATCH</span><span class="p">]</span> <span class="n">vectors</span> <span class="o">=</span> <span class="nf">embed_batch</span><span class="p">([</span><span class="n">t</span> <span class="k">for</span> <span class="n">_</span><span class="p">,</span> <span class="n">t</span> <span class="ow">in</span> <span class="n">chunk</span><span class="p">])</span> <span class="k">with</span> <span class="n">pg</span><span class="p">.</span><span class="nf">cursor</span><span class="p">()</span> <span class="k">as</span> <span class="n">cur</span><span class="p">:</span> <span class="nf">for </span><span class="p">(</span><span class="n">row</span><span class="p">,</span> <span class="n">text</span><span class="p">),</span> <span class="n">vec</span> <span class="ow">in</span> <span class="nf">zip</span><span class="p">(</span><span class="n">chunk</span><span class="p">,</span> <span class="n">vectors</span><span class="p">):</span> <span class="n">cur</span><span class="p">.</span><span class="nf">execute</span><span class="p">(</span> <span class="sh">"""</span><span class="s"> INSERT INTO video_embeddings (video_id, lang, region, published_at, source_text, embedding, model) VALUES (%s, %s, %s, %s, %s, %s, %s) ON CONFLICT (video_id) DO UPDATE SET source_text = EXCLUDED.source_text, embedding = EXCLUDED.embedding, updated_at = now() </span><span class="sh">"""</span><span class="p">,</span> <span class="p">(</span><span class="n">row</span><span class="p">[</span><span class="sh">"</span><span class="s">video_id</span><span class="sh">"</span><span class="p">],</span> <span class="n">row</span><span class="p">[</span><span class="sh">"</span><span class="s">lang</span><span class="sh">"</span><span class="p">],</span> <span class="n">row</span><span class="p">[</span><span class="sh">"</span><span class="s">region</span><span class="sh">"</span><span class="p">],</span> <span class="n">row</span><span class="p">[</span><span class="sh">"</span><span class="s">published_at</span><span class="sh">"</span><span class="p">],</span> <span class="n">text</span><span class="p">,</span> <span class="n">vec</span><span class="p">,</span> <span class="n">MODEL</span><span class="p">),</span> <span class="p">)</span> <span class="n">pg</span><span class="p">.</span><span class="nf">commit</span><span class="p">()</span> <span class="n">written</span> <span class="o">+=</span> <span class="nf">len</span><span class="p">(</span><span class="n">chunk</span><span class="p">)</span> <span class="k">return</span> <span class="n">written</span> </code></pre> </div> <p>psycopg3 adapts a Python <code>list[float]</code> straight into pgvector's text format, so no manual serialisation is needed. If you are on psycopg2 you would register the <code>pgvector.psycopg2</code> adapter, or just format the list as <code>'[0.1,0.2,...]'</code> yourself.</p> <p>We run this from the same cron that ingests trending videos. New videos get embedded within the hour; the cost is trivial (more on that below).</p> <h2> Querying from PHP 8.4 </h2> <p>The read path lives in our PHP app. At query time we embed the user's search string once, then ask Postgres for the nearest neighbours with a metadata pre-filter. The pre-filter matters: restricting by region before the ANN search keeps the candidate set relevant and lets the planner use the partial index.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="cp">&lt;?php</span> <span class="k">declare</span><span class="p">(</span><span class="n">strict_types</span><span class="o">=</span><span class="mi">1</span><span class="p">);</span> <span class="k">final</span> <span class="kd">class</span> <span class="nc">SemanticVideoSearch</span> <span class="p">{</span> <span class="k">public</span> <span class="k">function</span> <span class="n">__construct</span><span class="p">(</span> <span class="k">private</span> <span class="k">readonly</span> <span class="kt">PDO</span> <span class="nv">$pg</span><span class="p">,</span> <span class="k">private</span> <span class="k">readonly</span> <span class="kt">OpenAiClient</span> <span class="nv">$openai</span><span class="p">,</span> <span class="p">)</span> <span class="p">{}</span> <span class="cd">/** @return list&lt;array{video_id:int, distance:float}&gt; */</span> <span class="k">public</span> <span class="k">function</span> <span class="n">search</span><span class="p">(</span><span class="kt">string</span> <span class="nv">$query</span><span class="p">,</span> <span class="kt">string</span> <span class="nv">$region</span><span class="p">,</span> <span class="kt">int</span> <span class="nv">$limit</span> <span class="o">=</span> <span class="mi">20</span><span class="p">):</span> <span class="kt">array</span> <span class="p">{</span> <span class="nv">$vector</span> <span class="o">=</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="n">openai</span><span class="o">-&gt;</span><span class="nf">embed</span><span class="p">(</span><span class="nv">$query</span><span class="p">);</span> <span class="c1">// returns list&lt;float&gt;, 1536 dims</span> <span class="nv">$literal</span> <span class="o">=</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="nf">toVectorLiteral</span><span class="p">(</span><span class="nv">$vector</span><span class="p">);</span> <span class="c1">// ef_search trades recall for latency; set it per-connection.</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="n">pg</span><span class="o">-&gt;</span><span class="nb">exec</span><span class="p">(</span><span class="s1">'SET hnsw.ef_search = 80'</span><span class="p">);</span> <span class="nv">$sql</span> <span class="o">=</span> <span class="sh">&lt;&lt;&lt;SQL SELECT video_id, embedding &lt;=&gt; :vec AS distance FROM video_embeddings WHERE region = :region AND published_at &gt; now() - interval '180 days' ORDER BY embedding &lt;=&gt; :vec LIMIT :limit SQL;</span> <span class="nv">$stmt</span> <span class="o">=</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="n">pg</span><span class="o">-&gt;</span><span class="nf">prepare</span><span class="p">(</span><span class="nv">$sql</span><span class="p">);</span> <span class="nv">$stmt</span><span class="o">-&gt;</span><span class="nf">bindValue</span><span class="p">(</span><span class="s1">':vec'</span><span class="p">,</span> <span class="nv">$literal</span><span class="p">);</span> <span class="nv">$stmt</span><span class="o">-&gt;</span><span class="nf">bindValue</span><span class="p">(</span><span class="s1">':region'</span><span class="p">,</span> <span class="nv">$region</span><span class="p">);</span> <span class="nv">$stmt</span><span class="o">-&gt;</span><span class="nf">bindValue</span><span class="p">(</span><span class="s1">':limit'</span><span class="p">,</span> <span class="nv">$limit</span><span class="p">,</span> <span class="no">PDO</span><span class="o">::</span><span class="no">PARAM_INT</span><span class="p">);</span> <span class="nv">$stmt</span><span class="o">-&gt;</span><span class="nf">execute</span><span class="p">();</span> <span class="k">return</span> <span class="nb">array_map</span><span class="p">(</span> <span class="k">static</span> <span class="k">fn</span><span class="p">(</span><span class="kt">array</span> <span class="nv">$r</span><span class="p">):</span> <span class="kt">array</span> <span class="o">=&gt;</span> <span class="p">[</span> <span class="s1">'video_id'</span> <span class="o">=&gt;</span> <span class="p">(</span><span class="n">int</span><span class="p">)</span> <span class="nv">$r</span><span class="p">[</span><span class="s1">'video_id'</span><span class="p">],</span> <span class="s1">'distance'</span> <span class="o">=&gt;</span> <span class="p">(</span><span class="n">float</span><span class="p">)</span> <span class="nv">$r</span><span class="p">[</span><span class="s1">'distance'</span><span class="p">],</span> <span class="p">],</span> <span class="nv">$stmt</span><span class="o">-&gt;</span><span class="nf">fetchAll</span><span class="p">(</span><span class="no">PDO</span><span class="o">::</span><span class="no">FETCH_ASSOC</span><span class="p">),</span> <span class="p">);</span> <span class="p">}</span> <span class="k">private</span> <span class="k">function</span> <span class="n">toVectorLiteral</span><span class="p">(</span><span class="kt">array</span> <span class="nv">$vector</span><span class="p">):</span> <span class="kt">string</span> <span class="p">{</span> <span class="c1">// pgvector accepts '[0.1,0.2,...]'. Bind as a string, cast in SQL if needed.</span> <span class="k">return</span> <span class="s1">'['</span> <span class="mf">.</span> <span class="nb">implode</span><span class="p">(</span><span class="s1">','</span><span class="p">,</span> <span class="nb">array_map</span><span class="p">(</span> <span class="k">static</span> <span class="k">fn</span><span class="p">(</span><span class="kt">float</span> <span class="nv">$v</span><span class="p">):</span> <span class="kt">string</span> <span class="o">=&gt;</span> <span class="nb">rtrim</span><span class="p">(</span><span class="nb">sprintf</span><span class="p">(</span><span class="s1">'%.6f'</span><span class="p">,</span> <span class="nv">$v</span><span class="p">),</span> <span class="s1">'0'</span><span class="p">),</span> <span class="nv">$vector</span><span class="p">,</span> <span class="p">))</span> <span class="mf">.</span> <span class="s1">']'</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>One subtlety that bit me: <code>ORDER BY embedding &lt;=&gt; :vec</code> is what actually engages the HNSW index. If you order by a <em>different</em> expression — say a blended score computed in SQL — Postgres falls back to a sequential scan and re-computes distance for every row. Keep the ANN ordering pure, fetch an over-large candidate set, then re-rank in application code. That is exactly what the hybrid layer does.</p> <h2> Hybrid search: blend FTS5 keyword score with vector distance </h2> <p>Pure vector search has a failure mode that mirrors keyword search's: it is <em>too</em> fuzzy for exact intent. If someone searches a specific channel name or an exact title, BM25 nails it and embeddings wander off into vaguely-related territory. The fix is to run both engines and fuse the rankings. I use Reciprocal Rank Fusion (RRF) because it needs no score normalisation — it only cares about rank position, so a BM25 score and a cosine distance can be combined without pretending they live on the same scale.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="cp">&lt;?php</span> <span class="k">declare</span><span class="p">(</span><span class="n">strict_types</span><span class="o">=</span><span class="mi">1</span><span class="p">);</span> <span class="cd">/** * Reciprocal Rank Fusion. k=60 is the value from the original Cormack et al. * paper and works well in practice — larger k flattens the contribution of * top ranks, smaller k sharpens it. * * @param list&lt;int&gt; $keywordRanked video_ids from FTS5, best first * @param list&lt;int&gt; $vectorRanked video_ids from pgvector, best first * @return list&lt;int&gt; fused video_ids, best first */</span> <span class="k">function</span> <span class="n">reciprocalRankFusion</span><span class="p">(</span> <span class="kt">array</span> <span class="nv">$keywordRanked</span><span class="p">,</span> <span class="kt">array</span> <span class="nv">$vectorRanked</span><span class="p">,</span> <span class="kt">int</span> <span class="nv">$k</span> <span class="o">=</span> <span class="mi">60</span><span class="p">,</span> <span class="p">):</span> <span class="kt">array</span> <span class="p">{</span> <span class="nv">$scores</span> <span class="o">=</span> <span class="p">[];</span> <span class="k">foreach</span> <span class="p">([</span><span class="nv">$keywordRanked</span><span class="p">,</span> <span class="nv">$vectorRanked</span><span class="p">]</span> <span class="k">as</span> <span class="nv">$ranking</span><span class="p">)</span> <span class="p">{</span> <span class="k">foreach</span> <span class="p">(</span><span class="nv">$ranking</span> <span class="k">as</span> <span class="nv">$rank</span> <span class="o">=&gt;</span> <span class="nv">$videoId</span><span class="p">)</span> <span class="p">{</span> <span class="nv">$scores</span><span class="p">[</span><span class="nv">$videoId</span><span class="p">]</span> <span class="o">=</span> <span class="p">(</span><span class="nv">$scores</span><span class="p">[</span><span class="nv">$videoId</span><span class="p">]</span> <span class="o">??</span> <span class="mf">0.0</span><span class="p">)</span> <span class="o">+</span> <span class="mf">1.0</span> <span class="o">/</span> <span class="p">(</span><span class="nv">$k</span> <span class="o">+</span> <span class="nv">$rank</span> <span class="o">+</span> <span class="mi">1</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> <span class="nb">arsort</span><span class="p">(</span><span class="nv">$scores</span><span class="p">);</span> <span class="k">return</span> <span class="nb">array_keys</span><span class="p">(</span><span class="nv">$scores</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p>The flow per query:</p> <ul> <li>Fire FTS5 (SQLite) and pgvector (Postgres) concurrently. In PHP that means kicking off the OpenAI embed + Postgres query while the local FTS5 query runs — the network round-trip dominates, so overlapping them hides most of the latency.</li> <li>Take the top ~50 from each.</li> <li>Fuse with RRF, then truncate to the page size.</li> </ul> <p>This gives us exact-match precision from FTS5 <em>and</em> the cross-lingual recall from embeddings. The kitchen-fail query now surfaces <code>料理 大失敗 まとめ</code> via the vector leg, while a search for an exact channel name still ranks that channel first via the keyword leg.</p> <h2> A Go worker for the re-embedding backlog </h2> <p>The Python cron handles incremental embedding fine, but when we change the composite text format (or bump the model) we need to re-embed the whole catalog — millions of rows. For that backfill I wrote a small concurrent Go worker, because the job is almost entirely I/O wait on the OpenAI API and Go's goroutines saturate the rate limit cleanly.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">package</span> <span class="n">main</span> <span class="k">import</span> <span class="p">(</span> <span class="s">"context"</span> <span class="s">"sync"</span> <span class="s">"time"</span> <span class="s">"golang.org/x/time/rate"</span> <span class="p">)</span> <span class="c">// limiter caps us at the OpenAI tier rate; tune to your account's RPM.</span> <span class="k">var</span> <span class="n">limiter</span> <span class="o">=</span> <span class="n">rate</span><span class="o">.</span><span class="n">NewLimiter</span><span class="p">(</span><span class="n">rate</span><span class="o">.</span><span class="n">Every</span><span class="p">(</span><span class="n">time</span><span class="o">.</span><span class="n">Minute</span><span class="o">/</span><span class="m">3000</span><span class="p">),</span> <span class="m">50</span><span class="p">)</span> <span class="k">type</span> <span class="n">Job</span> <span class="k">struct</span> <span class="p">{</span> <span class="n">VideoIDs</span> <span class="p">[]</span><span class="kt">int64</span> <span class="n">Texts</span> <span class="p">[]</span><span class="kt">string</span> <span class="p">}</span> <span class="k">func</span> <span class="n">runWorkers</span><span class="p">(</span><span class="n">ctx</span> <span class="n">context</span><span class="o">.</span><span class="n">Context</span><span class="p">,</span> <span class="n">jobs</span> <span class="o">&lt;-</span><span class="k">chan</span> <span class="n">Job</span><span class="p">,</span> <span class="n">workers</span> <span class="kt">int</span><span class="p">,</span> <span class="n">embed</span> <span class="k">func</span><span class="p">(</span><span class="n">context</span><span class="o">.</span><span class="n">Context</span><span class="p">,</span> <span class="p">[]</span><span class="kt">string</span><span class="p">)</span> <span class="p">([][]</span><span class="kt">float32</span><span class="p">,</span> <span class="kt">error</span><span class="p">),</span> <span class="n">store</span> <span class="k">func</span><span class="p">(</span><span class="n">context</span><span class="o">.</span><span class="n">Context</span><span class="p">,</span> <span class="p">[]</span><span class="kt">int64</span><span class="p">,</span> <span class="p">[][]</span><span class="kt">float32</span><span class="p">)</span> <span class="kt">error</span><span class="p">,</span> <span class="p">)</span> <span class="p">{</span> <span class="k">var</span> <span class="n">wg</span> <span class="n">sync</span><span class="o">.</span><span class="n">WaitGroup</span> <span class="k">for</span> <span class="n">i</span> <span class="o">:=</span> <span class="m">0</span><span class="p">;</span> <span class="n">i</span> <span class="o">&lt;</span> <span class="n">workers</span><span class="p">;</span> <span class="n">i</span><span class="o">++</span> <span class="p">{</span> <span class="n">wg</span><span class="o">.</span><span class="n">Add</span><span class="p">(</span><span class="m">1</span><span class="p">)</span> <span class="k">go</span> <span class="k">func</span><span class="p">()</span> <span class="p">{</span> <span class="k">defer</span> <span class="n">wg</span><span class="o">.</span><span class="n">Done</span><span class="p">()</span> <span class="k">for</span> <span class="n">job</span> <span class="o">:=</span> <span class="k">range</span> <span class="n">jobs</span> <span class="p">{</span> <span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">limiter</span><span class="o">.</span><span class="n">Wait</span><span class="p">(</span><span class="n">ctx</span><span class="p">);</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="p">}</span> <span class="n">vecs</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">embed</span><span class="p">(</span><span class="n">ctx</span><span class="p">,</span> <span class="n">job</span><span class="o">.</span><span class="n">Texts</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="c">// log and skip; a later pass retries unembedded rows</span> <span class="k">continue</span> <span class="p">}</span> <span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">store</span><span class="p">(</span><span class="n">ctx</span><span class="p">,</span> <span class="n">job</span><span class="o">.</span><span class="n">VideoIDs</span><span class="p">,</span> <span class="n">vecs</span><span class="p">);</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">continue</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}()</span> <span class="p">}</span> <span class="n">wg</span><span class="o">.</span><span class="n">Wait</span><span class="p">()</span> <span class="p">}</span> </code></pre> </div> <p>A clean re-embed of our active catalog runs in under 20 minutes this way, bounded entirely by the rate limiter rather than CPU.</p> <h2> Tuning recall versus latency </h2> <p>Two knobs control the recall/latency tradeoff on the read path:</p> <ul> <li> <code>ef_construction</code> (index build time, default 64). Higher builds a better graph but slower. 64 was fine for us; 128 gave marginal recall gains for double the build time.</li> <li> <code>hnsw.ef_search</code> (query time, default 40). This is the one you tune live. At <code>ef_search = 40</code> our p95 was ~8ms but recall@20 sat around 0.93. Bumping to 80 pushed recall to ~0.98 for ~14ms p95 — a trade I happily took, since the OpenAI embed call (~120ms) dwarfs the Postgres query anyway.</li> </ul> <p>The lesson: do not micro-optimise the pgvector query when an API round-trip is your real latency budget. Which is why caching matters.</p> <h2> Cost and caching </h2> <p>Two costs to watch: the OpenAI bill and query latency.</p> <ul> <li> <strong>Embedding cost.</strong> <code>text-embedding-3-small</code> is cheap — fractions of a cent per thousand short metadata strings. Embedding our whole active catalog costs a couple of dollars. The query-side embeds are the recurring cost, and they are tiny per call but add up at scale.</li> <li> <strong>Cache the query embeddings.</strong> Search traffic is Zipfian — a small set of popular queries dominates. We cache <code>query string -&gt; embedding</code> in our existing cache layer (and Cloudflare absorbs repeat full-result responses at the edge). That kills both the API cost and the 120ms round-trip for hot queries, which is most of them.</li> <li> <strong>Normalise the cache key.</strong> Lowercase, trim, collapse whitespace, and Unicode-normalise (NFKC) before hashing — CJK input arrives in inconsistent width forms (full-width vs half-width), and skipping normalisation tanks your hit rate.</li> </ul> <h2> What I would do differently </h2> <ul> <li> <strong>Start with the hybrid layer, not pure vector.</strong> I shipped vector-only first and immediately regretted the regressions on exact-match queries. RRF should have been day one.</li> <li> <strong>Store the source text from the start.</strong> Being able to re-embed without re-joining against SQLite saved me during the model-format change.</li> <li> <strong>Watch the language distribution of misses, not just the volume.</strong> Our biggest wins were concentrated in Thai and Vietnamese queries, where our keyword tokenizer was weakest — embeddings quietly covered for tokenizer gaps I did not even know I had.</li> </ul> <p>Semantic search did not replace FTS5 on TopVideoHub; it filled the holes FTS5 structurally cannot. Keyword search for precision, embeddings for meaning, RRF to fuse them, and a thin Postgres sidecar so none of it threatens the SQLite core. The kitchen-fail ticket is closed, and our zero-result rate dropped by roughly two thirds.</p> postgres ai php python ahmet gedik Sun, 07 Jun 2026 09:00:02 +0000 https://dev.to/ahmet_gedik778845/implementing-csrf-double-submit-cookies-in-a-php-video-admin-panel-2c60 https://dev.to/ahmet_gedik778845/implementing-csrf-double-submit-cookies-in-a-php-video-admin-panel-2c60 <p>Last month a security researcher emailed me a proof-of-concept that quietly published a video to the front page of <a href="https://dailywatch.video" rel="noopener noreferrer">DailyWatch</a> using nothing but an HTML form hosted on a throwaway domain. I was logged into the admin panel in another tab. He visited his page, my browser dutifully attached my session cookie, and his hidden form POSTed to <code>/admin/videos/feature</code>. No alert, no XSS, no stolen password — just a forged request riding on my already-authenticated session. That is CSRF, and if your video admin panel authorizes state-changing actions on the strength of a session cookie alone, you are exposed in exactly the same way.</p> <p>This post walks through how we hardened the DailyWatch admin panel with the <strong>double-submit cookie</strong> pattern on PHP 8.4. It is the technique I reach for when a full server-side token store is more bookkeeping than the threat justifies, and it sits cleanly behind LiteSpeed and Cloudflare without forcing me to disable page caching everywhere. I will show the naive version, the signed HMAC version that closes a real subdomain hole, and the operational details that actually bit us in production.</p> <h2> Why I Skipped the Synchronizer Token Pattern </h2> <p>The textbook defense is the synchronizer token: generate a random value, stash it in the server-side session, embed it in every form, and compare the submitted value against the stored one on each request. It works, and for a stateful Rails-style app it is the right default.</p> <p>It fit our admin panel badly for two concrete reasons.</p> <p>First, caching. A meaningful chunk of DailyWatch is served straight from LiteSpeed's page cache, and the admin shell shares templates and partials with the public site. A synchronizer token is per-session state baked into HTML — the moment a token-bearing page lands in any shared cache, the token is either stale or shared across users. You end up carving cache exclusions around every fragment that touches the token. Double-submit needs zero server-side state: the cookie <em>is</em> the source of truth, and it travels with the user rather than with the cached HTML.</p> <p>Second, multiple tabs. Editors at DailyWatch routinely keep three or four admin tabs open — one curating the homepage, one moderating comments, one editing channel metadata. Per-request synchronizer tokens that rotate aggressively turn that workflow into a parade of 403s. A cookie-scoped token with a sane TTL is stable across tabs by construction.</p> <p>Double-submit trades a tiny amount of cryptographic care (which I will get to) for being effectively stateless. That trade is the whole point.</p> <h2> The Pattern in One Paragraph </h2> <p>The server sets a high-entropy random value in a cookie. Every state-changing request must echo that same value back — either in a request-body field or, for JSON APIs, in a custom request header. The server checks that the cookie value and the echoed value match. The security rests on the same-origin policy: an attacker's cross-site page can make the browser <em>send</em> your cookie along with a forged request, but it cannot <em>read</em> that cookie to copy the value into the body or a custom header. No read, no match, no forged action. That asymmetry is the entire defense.</p> <h2> Issuing the Token </h2> <p>Here is the minimal issuer. I generate 32 bytes of CSPRNG output, hex-encode it, and drop it in a cookie that JavaScript is allowed to read.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="cp">&lt;?php</span> <span class="k">declare</span><span class="p">(</span><span class="n">strict_types</span><span class="o">=</span><span class="mi">1</span><span class="p">);</span> <span class="k">final</span> <span class="kd">class</span> <span class="nc">Csrf</span> <span class="p">{</span> <span class="k">private</span> <span class="k">const</span> <span class="no">COOKIE</span> <span class="o">=</span> <span class="s1">'dw_csrf'</span><span class="p">;</span> <span class="k">private</span> <span class="k">const</span> <span class="no">FIELD</span> <span class="o">=</span> <span class="s1">'csrf_token'</span><span class="p">;</span> <span class="k">private</span> <span class="k">const</span> <span class="no">TTL</span> <span class="o">=</span> <span class="mi">7200</span><span class="p">;</span> <span class="c1">// 2 hours</span> <span class="k">public</span> <span class="k">static</span> <span class="k">function</span> <span class="n">issue</span><span class="p">():</span> <span class="kt">string</span> <span class="p">{</span> <span class="nv">$token</span> <span class="o">=</span> <span class="nb">bin2hex</span><span class="p">(</span><span class="nb">random_bytes</span><span class="p">(</span><span class="mi">32</span><span class="p">));</span> <span class="nb">setcookie</span><span class="p">(</span><span class="k">self</span><span class="o">::</span><span class="no">COOKIE</span><span class="p">,</span> <span class="nv">$token</span><span class="p">,</span> <span class="p">[</span> <span class="s1">'expires'</span> <span class="o">=&gt;</span> <span class="nb">time</span><span class="p">()</span> <span class="o">+</span> <span class="k">self</span><span class="o">::</span><span class="no">TTL</span><span class="p">,</span> <span class="s1">'path'</span> <span class="o">=&gt;</span> <span class="s1">'/'</span><span class="p">,</span> <span class="s1">'secure'</span> <span class="o">=&gt;</span> <span class="kc">true</span><span class="p">,</span> <span class="c1">// HTTPS only — non-negotiable</span> <span class="s1">'httponly'</span> <span class="o">=&gt;</span> <span class="kc">false</span><span class="p">,</span> <span class="c1">// the front-end must read it to echo it back</span> <span class="s1">'samesite'</span> <span class="o">=&gt;</span> <span class="s1">'Lax'</span><span class="p">,</span> <span class="p">]);</span> <span class="k">return</span> <span class="nv">$token</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>Two decisions deserve a comment because they look wrong at first glance.</p> <p><code>httponly</code> is <code>false</code> on purpose. The whole mechanism depends on our own JavaScript reading the cookie to copy it into a header. That feels like it weakens things, but it does not: CSRF is not the same threat as XSS. If an attacker can run JavaScript on your origin (XSS), CSRF defenses are already moot — they can read any token regardless of the cookie flags. The <code>httponly</code> flag protects against script theft, which is an XSS concern, not a CSRF one.</p> <p><code>secure</code> is <code>true</code> and <code>samesite</code> is <code>Lax</code>. SameSite=Lax already blocks the most common cross-site POST, so think of double-submit as defense in depth layered on top of it, not a replacement. I will come back to why I do not rely on SameSite alone.</p> <p>Call <code>Csrf::issue()</code> once per page render of the admin shell. If a valid <code>dw_csrf</code> cookie already exists you can skip re-issuing to keep multiple tabs in sync, or refresh the TTL — both are fine.</p> <h2> Validating Every State-Changing Request </h2> <p>Validation reads the cookie, reads whatever the client echoed back, and compares them in constant time.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="k">public</span> <span class="k">static</span> <span class="k">function</span> <span class="n">validate</span><span class="p">():</span> <span class="kt">bool</span> <span class="p">{</span> <span class="nv">$cookie</span> <span class="o">=</span> <span class="nv">$_COOKIE</span><span class="p">[</span><span class="k">self</span><span class="o">::</span><span class="no">COOKIE</span><span class="p">]</span> <span class="o">??</span> <span class="s1">''</span><span class="p">;</span> <span class="nv">$sent</span> <span class="o">=</span> <span class="nv">$_POST</span><span class="p">[</span><span class="k">self</span><span class="o">::</span><span class="no">FIELD</span><span class="p">]</span> <span class="o">??</span> <span class="nv">$_SERVER</span><span class="p">[</span><span class="s1">'HTTP_X_CSRF_TOKEN'</span><span class="p">]</span> <span class="o">??</span> <span class="s1">''</span><span class="p">;</span> <span class="k">if</span> <span class="p">(</span><span class="nv">$cookie</span> <span class="o">===</span> <span class="s1">''</span> <span class="o">||</span> <span class="nv">$sent</span> <span class="o">===</span> <span class="s1">''</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="kc">false</span><span class="p">;</span> <span class="p">}</span> <span class="c1">// Constant-time compare. Never use == or === on a secret —</span> <span class="c1">// string comparison short-circuits and leaks length/timing.</span> <span class="k">return</span> <span class="nb">hash_equals</span><span class="p">(</span><span class="nv">$cookie</span><span class="p">,</span> <span class="nv">$sent</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p>The <code>hash_equals</code> call matters more than it looks. A plain <code>===</code> returns as soon as it hits the first differing byte, which leaks timing information an attacker can in principle exploit to recover the value byte by byte. <code>hash_equals</code> compares the full length regardless. It is one function call; use it for every secret comparison you ever write.</p> <p>Wire validation into the front controller so no route can forget it. The rule is simple: idempotent methods (<code>GET</code>, <code>HEAD</code>, <code>OPTIONS</code>) are exempt because they must not change state; everything else is checked.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="nv">$method</span> <span class="o">=</span> <span class="nv">$_SERVER</span><span class="p">[</span><span class="s1">'REQUEST_METHOD'</span><span class="p">];</span> <span class="k">if</span> <span class="p">(</span><span class="nb">in_array</span><span class="p">(</span><span class="nv">$method</span><span class="p">,</span> <span class="p">[</span><span class="s1">'POST'</span><span class="p">,</span> <span class="s1">'PUT'</span><span class="p">,</span> <span class="s1">'PATCH'</span><span class="p">,</span> <span class="s1">'DELETE'</span><span class="p">],</span> <span class="kc">true</span><span class="p">))</span> <span class="p">{</span> <span class="k">if</span> <span class="p">(</span><span class="o">!</span><span class="nc">Csrf</span><span class="o">::</span><span class="nf">validate</span><span class="p">())</span> <span class="p">{</span> <span class="nb">http_response_code</span><span class="p">(</span><span class="mi">403</span><span class="p">);</span> <span class="nb">header</span><span class="p">(</span><span class="s1">'Content-Type: application/json'</span><span class="p">);</span> <span class="k">echo</span> <span class="nb">json_encode</span><span class="p">([</span><span class="s1">'error'</span> <span class="o">=&gt;</span> <span class="s1">'CSRF token mismatch'</span><span class="p">]);</span> <span class="k">exit</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>Putting this in the dispatcher rather than in each controller is the difference between a defense that holds and one that holds until someone adds a new endpoint and forgets the guard. The default must be secure; opting out (for a deliberately public webhook, say) must be the explicit, visible choice.</p> <h2> Wiring the Front-End </h2> <p>For classic form posts, render a hidden input with the token. For our JSON admin API, I prefer a custom header — it keeps the token out of request bodies and logs, and <code>X-CSRF-Token</code> is a request the browser will only let same-origin script set.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">function</span> <span class="nf">csrfToken</span><span class="p">()</span> <span class="p">{</span> <span class="k">return</span> <span class="nb">document</span><span class="p">.</span><span class="nx">cookie</span> <span class="p">.</span><span class="nf">split</span><span class="p">(</span><span class="dl">'</span><span class="s1">; </span><span class="dl">'</span><span class="p">)</span> <span class="p">.</span><span class="nf">find</span><span class="p">((</span><span class="nx">c</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="nx">c</span><span class="p">.</span><span class="nf">startsWith</span><span class="p">(</span><span class="dl">'</span><span class="s1">dw_csrf=</span><span class="dl">'</span><span class="p">))</span> <span class="p">?.</span><span class="nf">split</span><span class="p">(</span><span class="dl">'</span><span class="s1">=</span><span class="dl">'</span><span class="p">)[</span><span class="mi">1</span><span class="p">]</span> <span class="o">??</span> <span class="dl">''</span><span class="p">;</span> <span class="p">}</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">adminPost</span><span class="p">(</span><span class="nx">url</span><span class="p">,</span> <span class="nx">payload</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">res</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">fetch</span><span class="p">(</span><span class="nx">url</span><span class="p">,</span> <span class="p">{</span> <span class="na">method</span><span class="p">:</span> <span class="dl">'</span><span class="s1">POST</span><span class="dl">'</span><span class="p">,</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="dl">'</span><span class="s1">Content-Type</span><span class="dl">'</span><span class="p">:</span> <span class="dl">'</span><span class="s1">application/json</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">X-CSRF-Token</span><span class="dl">'</span><span class="p">:</span> <span class="nf">csrfToken</span><span class="p">(),</span> <span class="p">},</span> <span class="na">credentials</span><span class="p">:</span> <span class="dl">'</span><span class="s1">same-origin</span><span class="dl">'</span><span class="p">,</span> <span class="na">body</span><span class="p">:</span> <span class="nx">JSON</span><span class="p">.</span><span class="nf">stringify</span><span class="p">(</span><span class="nx">payload</span><span class="p">),</span> <span class="p">});</span> <span class="k">if </span><span class="p">(</span><span class="nx">res</span><span class="p">.</span><span class="nx">status</span> <span class="o">===</span> <span class="mi">403</span><span class="p">)</span> <span class="p">{</span> <span class="k">throw</span> <span class="k">new</span> <span class="nc">Error</span><span class="p">(</span><span class="dl">'</span><span class="s1">CSRF rejected — reload the admin page to refresh the token</span><span class="dl">'</span><span class="p">);</span> <span class="p">}</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">json</span><span class="p">();</span> <span class="p">}</span> </code></pre> </div> <p>There is a subtle reason the custom-header approach is strong on its own: a cross-origin <code>fetch</code> that sets a non-standard header like <code>X-CSRF-Token</code> triggers a CORS preflight, and absent a permissive CORS policy on your origin (you do not have one on an admin panel, right?) the browser blocks it before the real request ever fires. So for JSON endpoints the custom header is doing double duty. I still validate the double-submit match because forms and older flows fall back to the body field, and I want one uniform check.</p> <h2> The Hole in Plain Double-Submit, and the Signed Fix </h2> <p>Here is the part most tutorials skip, and it is the part that actually matters for a platform with subdomains.</p> <p>Plain double-submit assumes the attacker cannot write your CSRF cookie. That assumption breaks if they control any sibling or subdomain that can set a cookie on your registrable domain — a technique called cookie tossing. If an attacker can get the browser to store a <code>dw_csrf</code> cookie scoped to <code>.dailywatch.video</code> with a value <em>they</em> chose, they can then forge a request whose body carries that same known value. Cookie and body match, validation passes, defense defeated. Shared hosting, a compromised marketing subdomain, or a wildcard you forgot about can all open this door.</p> <p>The fix is to make the token unforgeable by binding it to the session with an HMAC. An injected cookie now fails the signature check because the attacker does not have the server secret.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="k">final</span> <span class="kd">class</span> <span class="nc">SignedCsrf</span> <span class="p">{</span> <span class="k">private</span> <span class="k">const</span> <span class="no">COOKIE</span> <span class="o">=</span> <span class="s1">'__Host-dw_csrf'</span><span class="p">;</span> <span class="k">private</span> <span class="k">const</span> <span class="no">TTL</span> <span class="o">=</span> <span class="mi">7200</span><span class="p">;</span> <span class="k">public</span> <span class="k">function</span> <span class="n">__construct</span><span class="p">(</span><span class="k">private</span> <span class="k">readonly</span> <span class="kt">string</span> <span class="nv">$secret</span><span class="p">)</span> <span class="p">{}</span> <span class="k">public</span> <span class="k">function</span> <span class="n">issue</span><span class="p">(</span><span class="kt">string</span> <span class="nv">$sessionId</span><span class="p">):</span> <span class="kt">string</span> <span class="p">{</span> <span class="nv">$random</span> <span class="o">=</span> <span class="nb">bin2hex</span><span class="p">(</span><span class="nb">random_bytes</span><span class="p">(</span><span class="mi">16</span><span class="p">));</span> <span class="nv">$expires</span> <span class="o">=</span> <span class="nb">time</span><span class="p">()</span> <span class="o">+</span> <span class="k">self</span><span class="o">::</span><span class="no">TTL</span><span class="p">;</span> <span class="nv">$message</span> <span class="o">=</span> <span class="s2">"</span><span class="si">{</span><span class="nv">$sessionId</span><span class="si">}</span><span class="s2">.</span><span class="si">{</span><span class="nv">$random</span><span class="si">}</span><span class="s2">.</span><span class="si">{</span><span class="nv">$expires</span><span class="si">}</span><span class="s2">"</span><span class="p">;</span> <span class="nv">$sig</span> <span class="o">=</span> <span class="nb">hash_hmac</span><span class="p">(</span><span class="s1">'sha256'</span><span class="p">,</span> <span class="nv">$message</span><span class="p">,</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="n">secret</span><span class="p">);</span> <span class="nv">$token</span> <span class="o">=</span> <span class="s2">"</span><span class="si">{</span><span class="nv">$random</span><span class="si">}</span><span class="s2">.</span><span class="si">{</span><span class="nv">$expires</span><span class="si">}</span><span class="s2">.</span><span class="si">{</span><span class="nv">$sig</span><span class="si">}</span><span class="s2">"</span><span class="p">;</span> <span class="nb">setcookie</span><span class="p">(</span><span class="k">self</span><span class="o">::</span><span class="no">COOKIE</span><span class="p">,</span> <span class="nv">$token</span><span class="p">,</span> <span class="p">[</span> <span class="s1">'expires'</span> <span class="o">=&gt;</span> <span class="nv">$expires</span><span class="p">,</span> <span class="s1">'path'</span> <span class="o">=&gt;</span> <span class="s1">'/'</span><span class="p">,</span> <span class="c1">// required for the __Host- prefix</span> <span class="s1">'secure'</span> <span class="o">=&gt;</span> <span class="kc">true</span><span class="p">,</span> <span class="c1">// required for the __Host- prefix</span> <span class="s1">'httponly'</span> <span class="o">=&gt;</span> <span class="kc">false</span><span class="p">,</span> <span class="s1">'samesite'</span> <span class="o">=&gt;</span> <span class="s1">'Lax'</span><span class="p">,</span> <span class="c1">// note: NO 'domain' key — __Host- forbids it</span> <span class="p">]);</span> <span class="k">return</span> <span class="nv">$token</span><span class="p">;</span> <span class="p">}</span> <span class="k">public</span> <span class="k">function</span> <span class="n">validate</span><span class="p">(</span><span class="kt">string</span> <span class="nv">$sessionId</span><span class="p">,</span> <span class="kt">string</span> <span class="nv">$sent</span><span class="p">):</span> <span class="kt">bool</span> <span class="p">{</span> <span class="nv">$cookie</span> <span class="o">=</span> <span class="nv">$_COOKIE</span><span class="p">[</span><span class="k">self</span><span class="o">::</span><span class="no">COOKIE</span><span class="p">]</span> <span class="o">??</span> <span class="s1">''</span><span class="p">;</span> <span class="k">if</span> <span class="p">(</span><span class="nv">$cookie</span> <span class="o">===</span> <span class="s1">''</span> <span class="o">||</span> <span class="o">!</span><span class="nb">hash_equals</span><span class="p">(</span><span class="nv">$cookie</span><span class="p">,</span> <span class="nv">$sent</span><span class="p">))</span> <span class="p">{</span> <span class="k">return</span> <span class="kc">false</span><span class="p">;</span> <span class="p">}</span> <span class="p">[</span><span class="nv">$random</span><span class="p">,</span> <span class="nv">$expires</span><span class="p">,</span> <span class="nv">$sig</span><span class="p">]</span> <span class="o">=</span> <span class="nb">array_pad</span><span class="p">(</span><span class="nb">explode</span><span class="p">(</span><span class="s1">'.'</span><span class="p">,</span> <span class="nv">$sent</span><span class="p">),</span> <span class="mi">3</span><span class="p">,</span> <span class="s1">''</span><span class="p">);</span> <span class="k">if</span> <span class="p">((</span><span class="n">int</span><span class="p">)</span> <span class="nv">$expires</span> <span class="o">&lt;</span> <span class="nb">time</span><span class="p">())</span> <span class="p">{</span> <span class="k">return</span> <span class="kc">false</span><span class="p">;</span> <span class="c1">// expired token</span> <span class="p">}</span> <span class="nv">$expected</span> <span class="o">=</span> <span class="nb">hash_hmac</span><span class="p">(</span> <span class="s1">'sha256'</span><span class="p">,</span> <span class="s2">"</span><span class="si">{</span><span class="nv">$sessionId</span><span class="si">}</span><span class="s2">.</span><span class="si">{</span><span class="nv">$random</span><span class="si">}</span><span class="s2">.</span><span class="si">{</span><span class="nv">$expires</span><span class="si">}</span><span class="s2">"</span><span class="p">,</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="n">secret</span> <span class="p">);</span> <span class="k">return</span> <span class="nb">hash_equals</span><span class="p">(</span><span class="nv">$expected</span><span class="p">,</span> <span class="nv">$sig</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>Two defenses are stacked here, and that is deliberate.</p> <p>The HMAC binds the token to the current session id and an expiry, signed with a secret only the server knows. A tossed cookie carrying an attacker-chosen value will not carry a valid signature for <em>my</em> session, so <code>validate</code> rejects it. The expiry baked into the signed payload also gives you real, tamper-proof token lifetime rather than relying on the cookie's <code>Max-Age</code>, which the client controls.</p> <p>The <code>__Host-</code> cookie name prefix is a browser-enforced belt to the HMAC's suspenders. A cookie named with the <code>__Host-</code> prefix is only accepted by the browser if it is <code>Secure</code>, has <code>Path=/</code>, and has <strong>no</strong> <code>Domain</code> attribute — which means it cannot be set from a different host and cannot be scoped to the parent domain. That structurally blocks subdomain cookie tossing at the source. Keep the <code>secret</code> out of your repo; on DailyWatch it lives in the environment, not in code.</p> <h2> SameSite, LiteSpeed, and Cloudflare Gotchas </h2> <p>The cryptography is the easy half. The operational edges are where I lost an afternoon.</p> <ul> <li> <strong>Do not cache admin responses.</strong> LiteSpeed's <code>CacheEnable public /</code> is a blessing for the public site and a footgun for the admin panel. If a page that carries the token gets cached, you can pin every admin to one token, or worse cache a <code>Set-Cookie</code>. Exclude the admin path explicitly and send <code>Cache-Control: no-store, private</code> on every admin response. Double-submit still functions if the same token is shared (it only needs cookie and body to match), but caching <code>Set-Cookie</code> is a genuine cross-user leak.</li> <li> <strong>Watch Cloudflare's Cache Everything.</strong> If you enable a Cache Everything page rule, make sure it bypasses on cookie and never applies to the admin path. Custom headers like <code>X-CSRF-Token</code> pass through Cloudflare untouched, so the header-based flow is safe across the proxy; cached HTML carrying a token is not.</li> <li> <strong>SameSite=Lax is layered defense, not the whole wall.</strong> Lax blocks cross-site POSTs but still permits top-level cross-site GET navigations, and browser support and defaults vary across the long tail of clients you actually see in logs. Treat it as one layer. The double-submit check is what you can reason about deterministically.</li> <li> <strong>Rotate on privilege change.</strong> Issue a fresh token on login and clear the cookie on logout. Binding the HMAC to the session id already invalidates old tokens when the session rotates, but clearing the cookie keeps things tidy and avoids confusing 403s after a re-login.</li> <li> <strong>Mind clock skew on expiry.</strong> The signed token's expiry is checked server-side, so a single server clock governs it — no skew across a fleet to worry about, unlike client-side <code>Max-Age</code>.</li> </ul> <h2> Testing It </h2> <p>I do not trust a security control I have not watched fail and pass. A two-line curl harness covers the two cases that matter, and it drops straight into CI against a staging build.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># 1. Forged request with NO token must be rejected.</span> curl <span class="nt">-s</span> <span class="nt">-o</span> /dev/null <span class="nt">-w</span> <span class="s2">"%{http_code}</span><span class="se">\n</span><span class="s2">"</span> <span class="se">\</span> <span class="nt">-X</span> POST https://staging.dailywatch.video/admin/videos/feature <span class="se">\</span> <span class="nt">-b</span> <span class="s2">"session=valid-session-id"</span> <span class="se">\</span> <span class="nt">-d</span> <span class="s2">"video_id=42"</span> <span class="c"># expected: 403</span> <span class="c"># 2. Legit request: echo the cookie token back in the header.</span> <span class="nv">TOKEN</span><span class="o">=</span><span class="si">$(</span>curl <span class="nt">-s</span> <span class="nt">-c</span> - https://staging.dailywatch.video/admin <span class="se">\</span> | <span class="nb">awk</span> <span class="s1">'/__Host-dw_csrf/ {print $7}'</span><span class="si">)</span> curl <span class="nt">-s</span> <span class="nt">-o</span> /dev/null <span class="nt">-w</span> <span class="s2">"%{http_code}</span><span class="se">\n</span><span class="s2">"</span> <span class="se">\</span> <span class="nt">-X</span> POST https://staging.dailywatch.video/admin/videos/feature <span class="se">\</span> <span class="nt">-b</span> <span class="s2">"session=valid-session-id; __Host-dw_csrf=</span><span class="nv">$TOKEN</span><span class="s2">"</span> <span class="se">\</span> <span class="nt">-H</span> <span class="s2">"X-CSRF-Token: </span><span class="nv">$TOKEN</span><span class="s2">"</span> <span class="se">\</span> <span class="nt">-d</span> <span class="s2">"video_id=42"</span> <span class="c"># expected: 200</span> </code></pre> </div> <p>The first request proves the guard rejects the forged-form scenario that started this whole post. The second proves a legitimate same-origin flow still works. Add a third case that sends a mismatched token (cookie X, header Y) and assert 403 — that is the case a regression is most likely to silently break. Wire these into CI so a future refactor that drops the dispatcher guard fails the build instead of failing a user.</p> <h2> Conclusion </h2> <p>CSRF is unglamorous and easy to under-rate right up until someone publishes to your homepage from a domain you have never heard of. The double-submit cookie pattern gave us a defense that is stateless enough to coexist with aggressive LiteSpeed and Cloudflare caching, stable enough for editors juggling multiple tabs, and — in its signed form — robust against the subdomain cookie-tossing attack that plain double-submit quietly ignores.</p> <p>If you take three things from this:</p> <ul> <li>Validate in the dispatcher, not per controller, so secure is the default and opting out is explicit.</li> <li>Always compare secrets with <code>hash_equals</code>, never <code>===</code>.</li> <li>If you have subdomains, use the signed HMAC variant with a <code>__Host-</code> cookie prefix — plain double-submit assumes an attacker cannot write your cookie, and that assumption is often false.</li> </ul> <p>It is maybe a hundred lines of PHP. The researcher who reported our hole now gets a 403 for his trouble, which is exactly the result I was after.</p> php security webdev csrf