How To Dev

Introduction In the previous article, I provided instructions on using NextJS Proxy to check API rate limits simply. However, that application method has the following scalability flaws: Using lru-cache only stores data in memory, so when scaling to multiple pods, the rate limit check will be incorrect because pods do not share data with each other. In actual deployment, you rarely let the NextJS server receive requests directly like that, but instead use additional CDNs (Cloudfront, Nginx) to take advantage of edge locations and their data caching capabilities. Therefore, in this article, I will provide a more comprehensive implementation from CDN, NextJS and NestJS servers to handle request spamming, including: Blacklist: automatically block IPs marked as attacking the system. Whitelist: add static IPs and only allow these IPs to use important services, such as allowing partner IPs to use services or deploying internal services accessible only via company VPN. Rate Limit: limit the n...

Introduction In the previous article, I provided instructions on using NestJS with JWT, and you may also realize that if you use JWT, once a token is issued, it cannot be revoked. This means that if you have a token that hasn't expired yet, you can continue to use the service. For small systems that do not prioritize security, this might not be a major issue and can be simply resolved by deleting the token from the frontend when the user logs out. However, if you need to build a system with extremely high security, where the token must be invalidated upon logout so that no one can use it to access the service, this article will guide you through how to achieve that. To do this, we will use Redis (which I have already guided you on in this article) to store tokens that have not expired but are requested to be deleted. The storage duration for these tokens will be exactly the time remaining until they expire. Thus, after applying Redis, the operation of tokens will be as follows: If ...