單車節結束一段時間ㄌ
但我剛好有把一些開發過程記錄下來
想說這些東西都我一個人看的話有點可惜

後端其實需求沒很難, 反而是我看前端刻板刻的很辛苦

• 使用者登入 - line Login API
• 心理測驗統計
• 使用者訂閱活動
• 活動開始前會發給有訂閱的使用者一則賴訊息
  

原文

NCKU BikeFest 2024 Backend

用到的東西

• Golang
• Redis
• Postgres
• Asynq (Redis Baked Distributed Queue)
• Line Login API
• Line Messaging API
• Nginx
• Docker Container
• K6 (我當初以為會很多人用XD)

bike-festival-2024-backend (github.com)

DB Schema

User Table

User-Event Table

Event Table

心理測驗統計

• 結果種類儲存
• 統計趴數

API

• Add type
• Retrieve statistic result

Line

Official Document

• line messaging github

• integrate line login

Tutorial

Line Login Integration Tutorial

• [Golang][LINE][教學] 將你的 chatbot 透過 account link 連接你的服務

• [Golang][LINE][教學] 導入 LINE Login 到你的商業網站之中，並且加入官方帳號為好友

• github

• Official Document for Linking a LINE Official Account when Login

Push Line Flex Message

• bike-festival-2024-backend/pkg/worker/event.go at main · gdsc-ncku/bike-festival-2024-backend (github.com)
• bike-festival-2024-backend/pkg/line_utils/flex.go at main · gdsc-ncku/bike-festival-2024-backend (github.com)

Asynq

• hibiken/asynq: Simple, reliable, and efficient distributed task queue in Go (github.com)
• hibiken/asynqmon: Web UI for Asynq task queue (github.com)

Add Scheduled Task

• bike-festival-2024-backend/pkg/service/notify.go at main · gdsc-ncku/bike-festival-2024-backend (github.com)

Cancel Scheduled Task

• asynq/inspector.go at master · hibiken/asynq (github.com)
• bike-festival-2024-backend/pkg/service/notify.go at main · gdsc-ncku/bike-festival-2024-backend (github.com)

Optimization

Get Event By EventID

DB only

(2000 virtual users, for 1 mins)

Redis Cache + DB

(2000 virtual users, for 1 mins)

type EventCache struct {
 ID             string    `json:"id" redis:"id"`
 EventTimeStart time.Time `json:"event_time_start" redis:"event_time_start"`
 EventTimeEnd   time.Time `json:"event_time_end" redis:"event_time_end"`
 EventDetail    string    `json:"event_detail" redis:"event_detail"`
 CreatedAt      time.Time `json:"created_at" redis:"created_at"`
 UpdatedAt      time.Time `json:"updated_at" redis:"updated_at"`
}

部署

Nginx Setup

Nginx Reverse Proxy

[!info]

要把 ssl_certificate & ssl_certificate_key 那邊的 domain 改成你自己的 （for Certbot)

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;

    server_name nckubikefestival.ncku.edu.tw;

    ssl_certificate /etc/letsencrypt/live/nckubikefestival.ncku.edu.tw/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/nckubikefestival.ncku.edu.tw/privkey.pem; # managed by Certbot
    ssl_ecdh_curve X25519:secp384r1;
    ssl_session_cache shared:SSL:50m;
    ssl_session_timeout 1440m;
    ssl_session_tickets off;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+ECDSA+AES128:EECDH+aRSA+AES128:RSA+AES128:EECDH+ECDSA+AES256:EECDH+aRSA+AES256:RSA+AES256:EECDH+ECDSA+3DES:EECDH+aRSA+3DES:RSA+3DES:!MD5;
    ssl_prefer_server_ciphers on;
    ssl_stapling on;
    ssl_stapling_verify on;
    ssl_trusted_certificate /etc/letsencrypt/live/nckubikefestival.ncku.edu.tw/chain.pem;
    add_header Strict-Transport-Security "max-age=31536000; preload";


    # Forward https://nckubikefestival.ncku.edu.tw/api/<path> to http://localhost:8000/<path>
    # For Golang Backend

    location /api/ {

        proxy_pass http://localhost:8000/;

        proxy_set_header Host $host;

        proxy_set_header X-Real-IP $remote_addr;

        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

        proxy_set_header X-Forwarded-Proto $scheme;

    }

    # Forward https://nckubikefestival.ncku.edu.tw/* to http://localhost:5173/*
    # For Vue Frontend

    location / {

        proxy_pass http://localhost:5173/;

        proxy_set_header Host $host;

        proxy_set_header X-Real-IP $remote_addr;

        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

        proxy_set_header X-Forwarded-Proto $scheme;

    }
}

CertBot

sudo apt  install certbot
sudo apt-get install python3-certbot-nginx

# 申請憑證
sudo certbot --nginx --email peterxcli@gmail.com --agree-tos -d nckubikefestival.ncku.edu.tw

# 安裝憑證 ( cert-name 要跟 nginx的 config 檔的 server_name 一樣)
sudo certbot install --cert-name nckubikefestival.ncku.edu.tw

Bug

Line login redirect

[!warning]
the bug is due to the referer-policy
the default policy is strict-origin-when-cross-origin

In my case, I use the additional redirect_path(which is set in query string ``) to compose the frontend redirect path:

It works fine when I am developing at my local computer, but in the production environment, it always redirect user to the page with duplicate path, like: /bikefest/main-stagebikefest/main-stage/

Then I discover that in my local development environment, the request referer only contain the domain name(localhost:5173), but the production send its full path and query string to the backend server.

And that the reason is: in dev env, the frontend is at localhost:5173 and the backend is at localhost:8000, the trigger the default referer policy strict-origin-when-cross-origin only send the localhost:8000 as the referer value. In prod env, the frontend and backend have the same domain but only differ at the path, so the refer default policy send origin, path, query as the referer value, and frontend also send its windows.location.path as redirected_path query string, then backend compose the referer, redirect_path, and the result would be like `https:///windows.location.path/windows.location.path. And that is the main reason why the production appear the page with duplicate path.

To resolve this problem, we only needs to set the referer policy in the nginx configuration, and let the referer only include origin to prevent the above issue:

server {
  ...

  # Set the Referrer-Policy header
  add_header Referrer-Policy "origin";
 
  ...
}

• 【Chrome 85 更新】淺談 Referer-Policy 和更新影響 - Max行銷誌 (maxlist.xyz)
• Referrer-Policy - HTTP | MDN (mozilla.org)

Reference

• Debian/Ubuntu 環境申請和套用 Let's Encrypt 免費​ SSL ​​憑證教學 | KJie Notes (kjnotes.com)