implement QR session chaching using remote directory server(Redis)

[amritbej]

PR_DESCRIPTION.md

Summary

Implements Redis-backed public profile caching and offline QR session tokens for Offline QR Mode. Public profile responses are cached for 5 minutes to reduce PostgreSQL reads on repeat views, profile updates invalidate the cache, and a new QR session endpoint returns a short-lived signed profile snapshot token for offline/native QR flows. Closes #46

---

Type of Change

• Bug fix
• New feature
• Refactor (no functional change)
• UI / Design change
• Tests only
• Documentation
• Infrastructure / DevOps
• Security

---

What Changed

• Added Redis-backed public profile caching in apps/backend/src/routes/public.ts, storing successful profile fetches under profile:<username> with a 5-minute TTL.
• Added X-Cache response headers for public profile responses, returning MISS on DB-backed responses and HIT on Redis-backed responses.
• Added Cache-Control: public, max-age=300, stale-while-revalidate=60 to public profile and QR session responses.
• Added GET /api/public/:username/qr-session, returning a signed 10-minute JWT containing the public profile snapshot for offline QR use cases.
• Added cache invalidation in PUT /api/profiles/me, deleting cached profile keys when a user updates their profile or changes username.
• Registered public routes under /api/public while preserving the existing /api/u route prefix.
• Added tests for cache HIT/MISS behavior, reduced DB calls on repeat requests, cache invalidation, and QR session token contents.
• Added backend TypeScript fixes for Fastify decorator typing and logger call typing so the backend build passes.

---

How to Test

1. Run backend tests:

pnpm --filter @devcard/backend test

2. Run backend TypeScript build:

pnpm --filter @devcard/backend build

3. Manually verify Redis cache behavior with seeded data:

curl -i http://localhost:3000/api/public/devcard-demo
curl -i http://localhost:3000/api/public/devcard-demo

Expected:

• First request returns X-Cache: MISS
• Second request returns X-Cache: HIT

4. Verify QR session token response:

curl http://localhost:3000/api/public/devcard-demo/qr-session

Expected:

• Response includes token, tokenType: JWT, expiresIn: 600, and expiresAt.

---

Checklist

• My code follows the project's coding style (pnpm -r run lint passes).
• TypeScript compiles without errors (pnpm --filter @devcard/backend build passes).
• I have added or updated tests for the changes I made.
• Backend tests pass locally (pnpm --filter @devcard/backend test).
• I have updated documentation where necessary.
• No new console.log or debug statements left in the code.
• Breaking changes are documented in this PR description.

---

Screenshots / Recordings

Not applicable. This is a backend API change.

---

Additional Context

The Redis plugin was already present and registered in the Fastify app. This PR builds on that plugin and adds the caching, invalidation, headers, QR session token endpoint, and tests required for Offline QR Mode.

[Harxhit]

Hey, @amritbej

Join our discord community -> https://discord.gg/E29mKkQt8

so you can score points for your contribution.

[amritbej]

Hi @Harxhit , my PR has been gssoc: approved.
Could you please add the "level:", "quality:", and "type:" labels for GSSoC points? Thanks!

[Harxhit]

Hi @Harxhit , my PR has been gssoc: approved. Could you please add the "level:", "quality:", and "type:" labels for GSSoC points? Thanks!

Please join the Discord channel and check the announcements.

[ShantKhatri]

Hi @amritbej , this PR is big, so will take some time, also we have some internal discussion on this feature, so I'll let you update once we have been finalised on this.

CC: @Harxhit

[amritbej]

Hi @amritbej , this PR is big, so will take some time, also we have some internal discussion on this feature, so I'll let you update once we have been finalised on this.

CC: @Harxhit

ok thanks