Problem
backend/src/middleware/auth.ts:24 — a new Supabase client is instantiated for every incoming request:
const admin = createClient(supabaseUrl, serviceKey, {
auth: { persistSession: false },
});
const { data } = await admin.auth.getUser(token);The Supabase JS client allocates internal state, event emitters, and an HTTP session on each createClient() call. Under load this adds unnecessary per-request overhead and prevents HTTP keep-alive reuse with the Supabase Auth API.
Fix
Create a module-level singleton client using the service role key and reuse it across requests. The service-role client is stateless by design (persistSession: false) so sharing it across requests is safe.
Problem
backend/src/middleware/auth.ts:24— a new Supabase client is instantiated for every incoming request:The Supabase JS client allocates internal state, event emitters, and an HTTP session on each
createClient()call. Under load this adds unnecessary per-request overhead and prevents HTTP keep-alive reuse with the Supabase Auth API.Fix
Create a module-level singleton client using the service role key and reuse it across requests. The service-role client is stateless by design (
persistSession: false) so sharing it across requests is safe.