Skip to content

backend.md

Latest commit

 

History

History
45 lines (36 loc) · 2.66 KB

backend.md

File metadata and controls

45 lines (36 loc) · 2.66 KB

Backend Expertise

1. Server-Side Programming

  • Proficient in Node.js with Express.js for building REST APIs.
  • Skilled in TypeScript for type-safe backend logic.

2. Databases

  • Designed and optimized schemas for PostgreSQL and MongoDB.
  • Proficient in ORM tools like Prisma and Sequelize.

3. APIs

  • Built REST APIs for CRUD operations and complex workflows.
  • Designed GraphQL schemas with optimized resolvers.

4. Authentication and Authorization Expertise

Sessions

  • Designed session-based authentication systems using secure, server-stored session data.
  • Used session cookies for maintaining user state across requests.
  • Managed session expiration, invalidation, and storage using:
    • SQL Caching: Optimized session-related database queries for faster lookups.
    • Database-backed sessions: Stored session data in PostgreSQL or MongoDB for persistence and scalability.

JSON Web Token (JWT)

  • Implemented JWTs for stateless, token-based authentication in REST APIs.
  • Compared and selected JWTs for lightweight systems versus session-based systems for security-critical apps.

OAuth

  • Integrated OAuth 2.0 for third-party authentication (e.g., Google, Facebook, GitHub).

Role-Based Access Control (RBAC)

  • Developed RBAC systems to restrict resources based on user roles.
  • Example: Admins accessing management features while standard users access customer-facing features.

Security Best Practices

  • Used secure cookie flags like HttpOnly and SameSite for session cookies to prevent XSS and CSRF attacks.
  • Implemented rate limiting and IP-based session validation to reduce the risk of brute-force and DoS attacks.
  • Protected applications from SQL injection by using parameterized queries and ORM tools like Prisma to prevent direct query manipulation.
  • Prevented Cross-Site Scripting (XSS) attacks by validating and sanitizing user input, ensuring only safe content is rendered in the application.
  • Utilized CORS (Cross-Origin Resource Sharing) to control which domains can interact with the API, preventing unauthorized access.

5. Scalability

  • Implemented SQL caching to optimize database query performance and reduce load by caching frequently requested data at the database level.
  • Utilized Apollo caching to optimize GraphQL query responses, reducing network calls and enhancing the client-side performance.
  • Applied Next.js caching techniques, including static generation (SSG) and server-side caching (ISR), to improve page load speeds and scalability of the application.
  • Helped with a scalable microservices architecture using Docker, enabling horizontal scaling and efficient resource management.