• Tech

  https://www.youtube.com/@naver_d2

  https://www.youtube.com/@woowatech

  https://www.youtube.com/@kakaotech

• Restfui API naming convention

• 백엔드 플로우
  • App/Web -> Auth -> API -> Webserver -> logging(elasticsearch), queue(kafka, rabbitMQ), file storage(S3)
• HTTP sequence flows from a request to a response
  • Network level: URL -> DNS -> 3-way handshakes -> TLS
  • Application level: HTTP Request -> Server Processing(AWS - Node - DB) -> HTTP Response

• Typical Web Architecture: 3 Tier(Web Server - WAS - DB); 서버 부하 분산, 보안 강화, 무중단 배포

  • Web Server: Static Content, Reverse Proxy(Priv Network), Load Balancing(AWS ALB) (Public Network)
  • Web Application Server(WAS): Dynamic Content, Business Logic, DB Connection (Private Network)

  Proxy: VPN, 특정 사이트 차단

  Legacy: client - webtob - jeus(war) - DB

  Modern: Client - ALB(Pub/Priv Network) - EC2(SG+Nest.js) - DB

  Access Control List(ACL): Firewall

  VPC: Network(Public: IGW, Private: NAT)

  Multi-EC2 - Docker - Multi-WAS

  Client Side Call: Security Group(ALB)

  Server Side Rendering: SG(ALB, EC2) → pros: security, performance, CORS X

• invariant: a condition that holds true(e.g., x > y).

• graceful(return) vs ungraceful(return exception)

• HTTP method: Put: 전체변경, Patch: 부분변경

• Get - recommended: SHOULD NOT use body (RFC7231, RFC9110.-Although%20request%20message%20framing%20is%20independent%20of%20the%20method%20used%2C%20contentHTTP%20communication%20are%20often%20unaware%20of%20intermediaries%20along%20the%20request%20chain.-%C2%B6))

• Authentication and authorisation

  • Open Authorisation(OAuth2.0): It is a way for users to grant websites or applications access to their information without giving away their passwords.
    • Flow: authorisation code → credentials → access token
      1. Client ↔ Authorisation Server: authorisation code
      2. Resource Owner ↔ Authorisation Server: credentials
      3. Client ↔ Authorisation Server: access token

• Atomicity

  • two-phase commit (Coordinator), Saga pattern, (if shared DB) queryRunner, Message Queue

• Brower cache
  • predictable causes: cache-control or expires -> persist 404 response for a while.
  • Speed-up loading for static content
  • Stores copie of these resources in cache
• Server Errors
  • 504: Client - Gateway(CDN, routes traffic) - Web server (Too long)

Problem: Special character(/, :) in URL, Solution: URL encoding Problem: Many values in a request body are used to map function’s params, Solution: DTO + Pipes(filtering or validation + type check)

Problem: deleted the file but can be accessed it. Cause: Inode.

• File system - file descriptor - inode + data block
• How to remove inode
  1. link count is 0
  2. Any processes never open the file