Go-based Web Server with Session Caching, API Rate Limiting and API Tracking with REDIS
Components
Gin (Go): Serves as the HTTP web server, handling requests and responses.
Redis: Session caching, api rate limiting, and API call tracking with HyperLogLog for counting approximate the number of user calling api.
Relational Database: Stores user data and session information.
Design Highlights
Session Management: Sessions are initially stored in both the database and Redis. Upon user login, sessions are checked/created, ensuring a single active session per user.
Rate Limiting: For API calls to prevent abuse, using Redis to track the number of requests per user per time (5s).
API Tracking: Utilizes Redis' HyperLogLog to efficiently estimate the number of users calling the API.
Caching Strategy: Prioritizes Redis for session validation to enhance performance, with database lookups as a fallback mechanism.
Session Handling
Session Validation: Prioritizes Redis for faster session validation. If a session is not found or expired in Redis, it falls back to the database check. Valid sessions found in the database but not in Redis are re-cached.
New Session Creation: On login, any existing session for the user is removed from both Redis and the database to ensure a single active session before creating a new one with expiration time in Database and TTL in Redis.
API Design
/signup: Sign up user with username and password which hashed in database.
/login: Authenticates users, creates a new session in DB & Redis (removing the old session if exist), and returns a session token.
/ping: A rate-limited API that simulates processing delay, tracks calling api.
/top: Returns the top 10 users based on the frequency of API calls.
/count: Provides an approximate count of users who have called the /ping API, leveraging HyperLogLog.
/signup
Method: POST
Description: Sign up user with username and password which hashed in database.
Request Body:
{
"username": "user1",
"password": "pass123"
}
Response 200 OK:
{}
Responses 400:
{
"error": "Username already exists!"
}
/login
Method: POST
Description: Authenticates users, creates a new session in the DB & Redis (removing the old session if it exists), and returns a session token.
Request Body:
{
"username": "user1",
"password": "pass123"
}
Response 200 OK:
{
"sessionToken": "<session_token>"
}
Responses 401 Unauthorized:
{
"error": "Username or password was wrong!"
}
/ping
Method: GET
Description: A rate-limited API that simulates a processing delay and tracks API calls.
Headers:
Authorization: Bearer <session_token>
Response 200 OK:
{}
Response 429 Too Many Requests at a time:
{
"error": "Rate limit exceeded in 5s period 1 time calling ping API!"
}
Response 429 Too Many Requests in 1 minute:
{
"error": "Rate limit exceeded in 1 minute period 2 time calling ping API!"
}
/top
Method: GET
Description: Returns the top 10 users based on the frequency of API calls.
Responses 200 OK:
{
"topUsersCallingAPIAllTime": [
"CallingPingAPI userID:1 called 1 times",
"CallingPingAPI userID:3 called 4 times"
]
}
/count
Method: GET
Description: Provides an approximate count of users who have called the /ping API, leveraging HyperLogLog.