网关设计规划
Architecture upgrade:
1. Segregate codes into three different module:
a. logic codes : which could be changed rapidly by requirement changed. e.g. API composite、API error handlers、business validation
b. control codes: which could be complicated and more abstract but less rarely changed. e.g. sync、async、concurrent orchestration、networking flow
c. operation codes: which could be tedious but can offer important info about service. e.g. logging,、metrics、healthy checks
2. Split codes vertically into three layer:
a. access layer:provide edge functionality such as : version control、black/white list、authentication/authorization、flow control、traffic shaping、fuzing and degradation、caching、encryption/decryption
Can be implemented to pluggable pipeline filter.
b. API layer:providing features like: API composite、API error handlers
c. base common layer:providing common functionality
Codes upgrade:
1. define a unified code naming and package
2. pluggable interceptor mechanism
3. domain self-contained logic and data,not coupled with dependency(API was stable but backend was variable)
4. simple and expressive payload
5. general invoking
Security upgrade:
1. common networking security check: implement check to protect such as xss、ddos、xsrf、relay attack
2. authentication and authorization check(4A): integration with Authentication/Authorization service to auth/auth request.(Spring security/Shiro/Oauth2)
3. data desensitization and data encryption
4. invalid request attack
5. black/white list
6. tenant resource validation:validate resource operation is only to specified tenant (can use unified resource_id to match with tenant_id)
7. other customized process:implement customized process
Performance upgrade:
1. remove db sore:
a. query by cache: multilayer cache: local cache(query frequently、small size) → middleware cache(redis data cache)
b. persist directly in cache( cache provider as persistent store( redis AOF) ): request → middleware store(redis persistent data)
c. async transmit data to db: middleware store(redis) → message service → DB
d. other cache data flow: db → message service → middleware cache