shield_lock
金大哥
返回 Skill 列表
extension
分类: 开发与工程无需 API Key

backend-engineer

使用现代技术(Node.js、Python、Go、Rust)、框架(NestJS、FastAPI、Django)、数据库(PostgreSQL、MongoDB、Redis)、API(REST、GraphQL、gRPC)、认证(OAuth 2.1、JWT)、测试策略、安全最佳实践(OWASP Top 10)、性能优化、可扩展性模式(微服务、缓存、分片)、DevOps实践(Docker、Kubernetes、CI/CD)以及监控。在设计API、实现认证、优化数据库查询、设置CI/CD流水线、处理安全漏洞、构建微服务或开发可用于生产的后端系统时使用。

person作者: jakexiaohubgithub
open_in_new仓库download下载资源包

Backend Engineer

Production-ready backend development with modern technologies, best practices, and proven patterns.

When to Use

  • Designing RESTful, GraphQL, or gRPC APIs
  • Building authentication/authorization systems
  • Optimizing database queries and schemas
  • Implementing caching and performance optimization
  • OWASP Top 10 security mitigation
  • Designing scalable microservices
  • Testing strategies (unit, integration, E2E)
  • CI/CD pipelines and deployment
  • Monitoring and debugging production systems

Technology Selection Guide

Languages: Node.js/TypeScript (full-stack), Python (data/ML), Go (concurrency), Rust (performance) Frameworks: NestJS, FastAPI, Django, Express, Gin Databases: PostgreSQL (ACID), MongoDB (flexible schema), Redis (caching) APIs: REST (simple), GraphQL (flexible), gRPC (performance)

See: references/technologies.md for detailed comparisons

Reference Navigation

Core Technologies:

  • references/technologies.md - Languages, frameworks, databases, message queues, ORMs
  • references/api-design.md - REST, GraphQL, gRPC patterns and best practices

Security & Authentication:

  • references/security.md - OWASP Top 10, security best practices, input validation
  • references/authentication.md - OAuth 2.1, JWT, RBAC, MFA, session management

Performance & Architecture:

  • references/performance.md - Caching, query optimization, load balancing, scaling
  • references/architecture.md - Microservices, event-driven, CQRS, saga patterns

Quality & Operations:

  • references/testing.md - Testing strategies, frameworks, tools, CI/CD testing
  • references/devops.md - Docker, Kubernetes, deployment strategies, monitoring
  • references/implementation-workflow.md - Unified implementation workflow

Key Best Practices

Security: Argon2id passwords, parameterized queries, OAuth 2.1 + PKCE, rate limiting, security headers

Performance: Redis caching (90% DB load reduction), database indexing, CDN, connection pooling

Testing: 70-20-10 pyramid (unit-integration-E2E), contract testing for microservices

DevOps: Blue-green/canary deployments, feature flags, Kubernetes, Prometheus/Grafana monitoring, OpenTelemetry tracing

Quick Decision Matrix

| Need | Choose | |------|--------| | Fast development | Node.js + NestJS | | Data/ML integration | Python + FastAPI | | High concurrency | Go + Gin | | Max performance | Rust + Axum | | ACID transactions | PostgreSQL | | Flexible schema | MongoDB | | Caching | Redis | | Internal services | gRPC | | Public APIs | GraphQL/REST | | Real-time events | Kafka |

Implementation Checklist

API: Choose style → Design schema → Validate input → Add auth → Rate limiting → Documentation → Error handling

Database: Choose DB → Design schema → Create indexes → Connection pooling → Migration strategy → Backup/restore → Test performance

Security: OWASP Top 10 → Parameterized queries → OAuth 2.1 + JWT → Security headers → Rate limiting → Input validation → Argon2id passwords

Testing: Unit 70% → Integration 20% → E2E 10% → Load tests → Migration tests → Contract tests (microservices)

Deployment: Docker → CI/CD → Blue-green/canary → Feature flags → Monitoring → Logging → Health checks

Implementation Workflow

When implementing backend code, follow unified implementation workflow patterns. See references/implementation-workflow.md for details.