Peter Lee's Blog

0%

BikeFest 2024 Backend (單車節後端)

Posted on Edited on

bike-festival-2024-backend (github.com)

DB Schema

User Table

FieldTypeGORM OptionsJSON KeyDescription
IDstringtype:varchar(36);primary_keyidThe unique identifier for the user. (from line account)
Namestringtype:varchar(255);indexnameThe name of the user. (from line account)

User-Event Table

FieldTypeDescription
user_idvarchar(36)The ID of the user, linking to User.ID.
event_idvarchar(36)The ID of the event, linking to Event.ID.

Event Table

FieldTypeGORM OptionsJSON KeyRedis KeyDescription
ID*stringtype:varchar(36);primary_keyididThe event ID defined at the frontend. If not provided, it is calculated by the hash of event detail and event time.
EventTimeStart*time.Timetype:timestampevent_time_startevent_time_startThe start time of the event.
EventTimeEnd*time.Timetype:timestampevent_time_endevent_time_endThe end time of the event.
EventDetail*stringtype:varchar(1024)event_detailevent_detailThe details of the event, stored in JSON format. This is parsed when sending to the line message API.

心理測驗統計

  • 結果種類儲存
  • 統計趴數
FieldTypeGORM OptionsDescription
Typestringtype:varchar(255);uniqueThe unique type of the psycho test.
Countinttype:intThe count associated with the test.

API

  • Add type
  • Retrieve statistic result

Line

Official Document

Tutorial

Line Login Integration Tutorial

Push Line Flex Message

Asynq

Add Scheduled Task

Cancel Scheduled Task

Optimization

Get Event By EventID

DB only

(2000 virtual users, for 1 mins)

2024-02-18T205350

Redis Cache + DB

(2000 virtual users, for 1 mins)

2024-02-18T205401
1
2
3
4
5
6
7
8
type EventCache struct {
    ID             string    `json:"id" redis:"id"`
    EventTimeStart time.Time `json:"event_time_start" redis:"event_time_start"`
    EventTimeEnd   time.Time `json:"event_time_end" redis:"event_time_end"`
    EventDetail    string    `json:"event_detail" redis:"event_detail"`
    CreatedAt      time.Time `json:"created_at" redis:"created_at"`
    UpdatedAt      time.Time `json:"updated_at" redis:"updated_at"`
}

部署

Nginx Setup

Nginx Reverse Proxy

[!info]

要把 ssl_certificate & ssl_certificate_key 那邊的 domain 改成你自己的 (for Certbot)

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;

    server_name nckubikefestival.ncku.edu.tw;

    ssl_certificate /etc/letsencrypt/live/nckubikefestival.ncku.edu.tw/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/nckubikefestival.ncku.edu.tw/privkey.pem; # managed by Certbot
    ssl_ecdh_curve X25519:secp384r1;
    ssl_session_cache shared:SSL:50m;
    ssl_session_timeout 1440m;
    ssl_session_tickets off;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+ECDSA+AES128:EECDH+aRSA+AES128:RSA+AES128:EECDH+ECDSA+AES256:EECDH+aRSA+AES256:RSA+AES256:EECDH+ECDSA+3DES:EECDH+aRSA+3DES:RSA+3DES:!MD5;
    ssl_prefer_server_ciphers on;
    ssl_stapling on;
    ssl_stapling_verify on;
    ssl_trusted_certificate /etc/letsencrypt/live/nckubikefestival.ncku.edu.tw/chain.pem;
    add_header Strict-Transport-Security "max-age=31536000; preload";


    # Forward https://nckubikefestival.ncku.edu.tw/api/<path> to http://localhost:8000/<path>
    # For Golang Backend

    location /api/ {

        proxy_pass http://localhost:8000/;

        proxy_set_header Host $host;

        proxy_set_header X-Real-IP $remote_addr;

        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

        proxy_set_header X-Forwarded-Proto $scheme;

    }

    # Forward https://nckubikefestival.ncku.edu.tw/* to http://localhost:5173/*
    # For Vue Frontend

    location / {

        proxy_pass http://localhost:5173/;

        proxy_set_header Host $host;

        proxy_set_header X-Real-IP $remote_addr;

        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

        proxy_set_header X-Forwarded-Proto $scheme;

    }
}

CertBot

1
2
3
4
5
6
7
8
sudo apt  install certbot
sudo apt-get install python3-certbot-nginx

# 申請憑證
sudo certbot --nginx --email peterxcli@gmail.com --agree-tos -d nckubikefestival.ncku.edu.tw

# 安裝憑證 ( cert-name 要跟 nginx的 config 檔的 server_name 一樣)
sudo certbot install --cert-name nckubikefestival.ncku.edu.tw

Bug

Line login redirect

[!warning] the bug is due to the referer-policy the default policy is strict-origin-when-cross-origin

In my case, I use the additional redirect_path(which is set in query string ``) to compose the frontend redirect path: 2024-02-21T155843

It works fine when I am developing at my local computer, but in the production environment, it always redirect user to the page with duplicate path, like: /bikefest/main-stagebikefest/main-stage/

Then I discover that in my local development environment, the request referer only contain the domain name(localhost:5173), but the production send its full path and query string to the backend server.

And that the reason is: in dev env, the frontend is at localhost:5173 and the backend is at localhost:8000, the trigger the default referer policy strict-origin-when-cross-origin only send the localhost:8000 as the referer value. In prod env, the frontend and backend have the same domain but only differ at the path, so the refer default policy send origin, path, query as the referer value, and frontend also send its windows.location.path as redirected_path query string, then backend compose the referer, redirect_path, and the result would be like `https:///windows.location.path/windows.location.path. And that is the main reason why the production appear the page with duplicate path.

To resolve this problem, we only needs to set the referer policy in the nginx configuration, and let the referer only include origin to prevent the above issue:

1
2
3
4
5
6
7
8
server {
  ...

 # Set the Referrer-Policy header
 add_header Referrer-Policy "origin";

  ...
}

Reference