Production-oriented microservices platform written in Go, designed to practice real-world backend architecture, networking and reliability patterns.
The system is built around an API Gateway and multiple gRPC services, implementing user management and order processing with hybrid authentication, observability and fault tolerance in mind.
The platform follows a classic microservice architecture:
- API Gateway
- Single entry point for HTTP clients
- Handles authentication, rate limiting and request routing
- User Service (gRPC)
- User registration, authentication and session management
- Order Service (gRPC)
- Order creation, retrieval and lifecycle management
- Hybrid authentication: JWT + cookie-based sessions
- JWT validation with automatic refresh via session key
- Redis-based rate limiting
- Circuit breaker for downstream gRPC services
- Prometheus metrics
- Graceful shutdown
- CORS configuration
- Gzip response compression
- Request throttling
- Incoming request is authenticated using JWT
- If JWT is expired, session key (cookie) is validated via gRPC
- Session and JWT are reissued transparently
- User registration and login
- Secure password hashing (bcrypt)
- JWT issuance and validation
- Session storage in Redis
- User deletion with access checks
- Order creation
- Order lookup
- Order deletion
- Order status management (processing / done / cancelled)
- Language: Go
- Protocols: HTTP, gRPC
- Databases: PostgreSQL, Redis
- Auth: JWT + server-side sessions (cookies)
- Observability: Prometheus, Grafana
- Logging: Uber Zap
- Routing: Chi
- Circuit Breaker: Sony gobreaker
- Containerization: Docker, Docker Compose
- API Gateway: http://localhost:8080
- Prometheus: http://localhost:9090
- Grafana: http://localhost:3000
- pprof: http://localhost:6060/debug/pprof
POST /api/users/reg — register
POST /api/users/log — login
POST /api/users/ext — extract data from token
DELETE /api/users/del — delete user
POST /api/orders/add — create order
GET /api/orders/info — get order info
DELETE /api/orders/del — delete order
- gRPC is used for internal service communication
- API Gateway acts as a boundary for auth, rate limiting and observability
- Redis is used for both rate limiting and session storage
- Emphasis is placed on clean shutdowns and failure isolation
This project was built to practice:
- Microservice architecture
- Authentication strategies (stateless + stateful)
- gRPC communication
- Reliability patterns
- Observability and monitoring
- Backend system design in Go