- User Authentication
- User Authorization
- MFA
- User management
- Logging And Auditing
- Password Policies
- Security
- High Availability
- Scalability
- Reliability
- Logging and Monitoring
-
Assume we have:
- 50 million total users
- 5 million daily active user (DAU)
- Each user 3 write time(login or register) a day
- Each user read info 1 time a day
This give 15 million users login per day
Requests Per Second (RPS) for our system?
Read per second: 57 requests/second
Write per Second: 173 requests/seconds
Write = 3 x Read => This is write-heavy system
Account
- int_account_id : BIGINT => 8 bytes
- str_email: VARCHAR(10) = > 10 bytes
- str_hashed_password: VARCHAR(128) => 128 bytes
- str_password_salt: VARCHAR(128) => 128 bytes
- str_last_login_ip: VARCHAR(128) => 128 bytes
- dt_created_date: DATETIME => 8 bytes
- dt_modified_date: DATETIME, => 8 bytes
- dt_password_changed: DATETIME => 8 bytes
- dt_last_login: DATETIME => 8 bytes
=> 8+10+128+128+128+8+8+8+8= 552 bytes
Total: 552 bytes per user
Total Storage = Number of Users * Storage per User
Assuming an average request size of 552 bytes (as calculated for storage per user), the read bandwidth can be estimated as follows:
Read Bandwidth: = Read Requests/second * Average Request Size
Convert KB:
Convert KB:
Metric | Value |
---|---|
Total Users | 50 million |
Daily Active Users (DAU) | 5 million |
Login/Registration RPS | 173 (write-heavy) |
Read RPS | 57 |
Data Element | Size (bytes) |
---|---|
int_account_id (BIGINT) | 8 |
str_email (VARCHAR(10)) | 10 |
str_hashed_password | 128 |
str_password_salt | 128 |
str_last_login_ip | 128 |
dt_created_date (DATETIME) | 8 |
dt_modified_date (DATETIME) | 8 |
dt_password_changed | 8 |
dt_last_login (DATETIME) | 8 |
Total per User | 552 |
Total Storage Estimate: 27.6 GB
Operation | Requests/second | Average Request Size | Bandwidth (KB/second) |
---|---|---|---|
Read | 57 | 552 bytes | ~30.72 |
Write | 173 | 552 bytes | ~93.3 |
- Endpoint:
/register
- Method:
POST
- Description: Registers a new user in the system.
- Request Body:
{
"account": {
"email": "[email protected]",
"password": "123456"
},
"info_user": {
"name": "Ngoc Phu",
"phone_number": "1234567890",
"date_of_birth": "2023-11-12T08:00:23.719000",
"gender": true,
"address": "Ha Noi"
}
}
-
Response:
-
Success Response:
- Status Code: 201 Created
- Description: Registration is successful.
-
Bad Request Response:
- Status Code: 400 Bad Request
- Description: The request is malformed or missing required fields.
-
Conflict Response:
- Status Code: 409 Conflict
- Description: The email is already registered.
-
Internal Server Error Response:
- Status Code: 500 Internal Server Error
- Description: Other server-side errors.
-
-
Endpoint:
/login
-
Method:
POST
-
Description: Authenticates a user and generates a session token.
-
Request Body:
{ "email": "[email protected]", "password": "user_password", "mfa_code": "optional_mfa_code" }
-
Response:
-
Success Response:
- Status Code: 201 Created
- Description: Registration is successful.
-
Unauthorized Response:
- Status Code: 401 Unauthorized
- Description: Authentication fails due to incorrect credentials or MFA code.
-
Not Found Response:
- Status Code: 404 Not Found
- Description: The user account does not exist.
-
Internal Server Error Response:
- Status Code: 500 Internal Server Error
- Description: Other server-side errors.
-
-
Endpoint:
/logout
-
Method:
POST
-
Description: Logs out the currently authenticated user, invalidating the session token.
-
Request Cookie:
access_token: <session_token>
-
Response:
-
Success Response:
- Status Code: 204 No Content
- Description: Logout is successful.
-
Unauthorized Response:
- Status Code: 401 Unauthorized
- Description: The session token is invalid or expired.
-
Internal Server Error Response:
- Status Code: 500 Internal Server Error
- Description: Other server-side errors.
-
- Endpoint:
/user/profile
- Method:
PUT
- Description: Updates the user's profile information.
- Request Cookie:
access_token: <session_token>
- Request Body:
{ "email": "[email protected]", "password": "new_password", "additional_fields": "..." }
- Response:
-
Success Response:
- Status Code: 200 OK
- Description: The update is successful.
-
Bad Request Response:
- Status Code: 400 Bad Request
- Description: The request is malformed or contains invalid data.
-
Unauthorized Response:
- Status Code: 401 Unauthorized
- Description: The session token is invalid or expired.
-
Internal Server Error Response:
- Status Code: 500 Internal Server Error
- Description: Other server-side errors.
-
-
Endpoint:
/user/password
-
Method:
PUT
-
Description: Changes the user's password.
-
Request Cookie:
access_token: <session_token>
-
Request Body:
{ "old_password": "current_password", "new_password": "new_password" }
-
Response:
-
Success Response:
- Status Code: 200 OK
- Description: The password change is successful.
-
Bad Request Response:
- Status Code: 400 Bad Request
- Description: The request is malformed or contains invalid data.
-
Unauthorized Response:
- Status Code: 401 Unauthorized
- Description: The session token is invalid or expired.
-
Internal Server Error Response:
- Status Code: 500 Internal Server Error
- Description: Other server-side errors.
-