NestJSframework~8 mins

Local strategy (username/password) in NestJS - Performance & Optimization

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Perf

Performance: Local strategy (username/password)

MEDIUM IMPACT

This affects the server-side authentication process speed and the responsiveness of login interactions.

Authenticating users with username and password

NestJS

async validate(username: string, password: string) {
  const user = await this.userService.findByUsername(username);
  if (!user) return null;
  const isValid = await bcrypt.compare(password, user.password);
  if (!isValid) return null;
  return user;
}
// Additionally, use caching or rate limiting to reduce repeated DB calls

Using async bcrypt.compare prevents blocking; caching user data reduces DB calls, improving responsiveness.

📈 Performance GainNon-blocking password check and fewer DB queries reduce login delay by up to 70ms

Authenticating users with username and password

NestJS

async validate(username: string, password: string) {
  const user = await this.userService.findByUsername(username);
  if (!user) return null;
  const isValid = bcrypt.compareSync(password, user.password);
  if (!isValid) return null;
  return user;
}

This pattern performs password hashing comparison synchronously inside the request cycle, blocking event loop and delaying response.

📉 Performance CostBlocks event loop for password hash comparison, increasing login latency by 50-100ms per request

Performance Comparison

Pattern	Server CPU Usage	Response Delay	Blocking Behavior	Verdict
Synchronous password hash check	High CPU blocking	Increases by 50-100ms	Blocks event loop	[X] Bad
Asynchronous bcrypt.compare with caching	Lower CPU blocking	Minimal delay added	Non-blocking	[OK] Good

Rendering Pipeline

The local strategy runs on the server before the page renders. It affects how fast the server responds to login requests, impacting the time until the user sees the authenticated page.

→Server Processing

→Network Response

→Client Rendering

⚠️ BottleneckServer Processing during password hash comparison

Core Web Vital Affected

INP

This affects the server-side authentication process speed and the responsiveness of login interactions.

Optimization Tips

1Always use asynchronous password hashing to avoid blocking the server.

2Cache user data when possible to reduce database calls during login.

3Monitor server response times for login requests to catch performance issues early.

Performance Quiz - 3 Questions

Test your performance knowledge

What is the main performance issue with synchronous password hashing in local strategy?

AIt causes layout shifts on the page

BIt blocks the server event loop, increasing login delay

CIt increases client-side rendering time

DIt reduces network bandwidth

DevTools: Network

How to check: Open DevTools, go to Network tab, filter login request, and check the time taken for the request to complete.

What to look for: Look for long server response times during login indicating slow authentication processing.