Krupal Kothadiya

So, hi. My name is Kupil. I'm currently working with Tagmango, where I serve as a web lead. I have been working with this company for more than 3 years. I have over 5 years of experience in the IT industry. Currently, I am primarily handling the front-end portion in my current company, but I also work with back-end technologies. In my previous company, IDfy, I worked with back-end technology. My tech stack includes JavaScript, React, Elixir, and Node.js.

Okay, so in the memory application, there are many places where when you open such a memory usage process and it doesn't close, we check that the heavy operation process we do in our platform and check if any particular API is hitting that pattern. And in that API, due to the memory spike, we can check that also and add some logs about it. From the dashboard, we can also check that key after a certain API or after a certain pattern. If the memory leak has happened, we approach the RAM. So, basically, the memory leak happens due to some heavy memory use process we opened and forgot to close, like file read and capture of imaging and recording or something similar.

Refactoring re-encoding is mainly featured by MATLAB and has less impact on the existing features. The enhancement of which we needed is key code splitting. So with the use of code splitting, we can for mono repos, split the mono component into micro components. What happened due to that? Due to this, whenever components need to render at that point of time, only that component will be rendered and the state requirement. Suppose any component requires a state only on a child, then we move that state to the child so that at the time of updating the state, the whole parent won't be updated. Only the child component will be updated. That's why the feature is the same, but we can reduce the rerendering and refactor the code base.

During this, we can add some authentication application. There are many authentication applications that use JWT tokens and API keys, like API tokens. So what we can do is, at every API, we can use some middleware to check that the token or JWT token or API token is authenticated. We mostly use JWT tokens in our platform. There are two kinds of APIs in our platform: authenticated APIs and non-authenticated APIs. Non-authenticated APIs are like open APIs that we use for open pages, like the checkout page. At the payment page, we don't require user authentication when opening that page or service. However, after logging in, all APIs need authentication. The authentication API has some middleware between the function call. This middleware decrypts the token and checks if it's authenticated. The token is centered in the header, as a bare token, and based on its authentication, we give a response to the client. If the token is authenticated, we give a 200 response with the required answer. If not, we give a 401 unauthorized response. Many APIs are unauthenticated, and for authenticated APIs, we can put IP restrictions. If there's suspicious activity on our platform, we can use IP restrictions to block an API if it receives more than a certain amount of hits.

Okay, so in the AWS, for the back end, we use the EC2 instance. And from the EC2 instance, we can use the Kubernetes cluster. So based on the Kubernetes cluster, whenever the MATLAB is running, we keep the Docker in use on that. And for the Docker, we split it in the MATLAB. We create a Dockerfile and create one instance. Okay? And in the Dockerfile, we mention the minimum capacity inside of that. And for the minimum instance, we can create that. I suppose we use a small CPU, and we use two instances, I suppose. Okay? And as soon as the load is increasing, we create a Python script there that as soon as the load increases more than that, we can create a new instance. So as soon as that instance is created, the load is increasing from two to three instances will be created. And as soon as the load is decreasing, the third instance will be slowly closed. To manage that API, so we can use a load balancer on that. So the load balancer handles the API, and it will route the APIs in such a way that no single instance is loaded with more than its capacity. And due to this, like, as soon as possible, suppose due to some load or something, if one instance crashes, the new instance will be automatically created using Kubernetes. So we can use this to generate a whole dynamic scale is erratic. And even though based on that flow, we can use this shutdown time also. Suppose in our platform, there is no one between 2 AM to 4 AM. So at that point in time, we can use the shutdown also, and our server will be in a rest mode. If even though that time, we can make our server in such a way that it's kind of in a sleep mode. There is a setting in the CPU also, like a kind of a sleep mode. There is a very low CPU and memory usage at that time.

I'm not familiar with this.

I'm not exactly sure with that, but I think the lines should not be split equally, it should be a colon. I'm not exactly sure, but I think the mistake would happen there.

Okay. Okay. So for the microservice architecture, we can create small, separate instances for each and every part of that. And for the communication between them, there are a few communication microservice management tools available. It looks like there is an AWS tool that each instance can use to communicate with each other. And other than that, like, we can use RabbitMQ. So on RabbitMQ, as soon as one server completes a process, we can create the logic in such a way that server can assign the next process to another server. Okay. So, what we can do is, like, first of all, we create a reverse proxy server or something similar. And after that, we can put a load balancer to measure our security. And for any further routing requirements, we can handle those things. Okay? So after that, there is one main server, which is like a request handler. Okay? So the request handler is like what you have to do. Based on that request, it connects with the multiple small microservices. Okay? So, as soon as we require something, the process only requires it, then the request handler will send that request to the process, get the response, and give it to the answer. Okay? And if any API is hit, then it requires processing by both process A and process B. Okay? So, what happens is that the request handler gets the request, gives it to server A, which does not return the request to the handler. Instead, it directly gives that request to server B. Server B completes the thing and gives it back to the request handler. So, how does this manage life? As soon as the request handler looks at the request, it creates a process and saves the data in the database. And with that, a small ID is created. So, based on that ID, we can track the server processes that are doing that and the status of that request handler. And every server updates its status on the database. And if it is a sync process, suppose that microservice is a sync process, then we can give you the answer based on that. so, we hold that request and prioritize it, then give it back to the end and answer it. And if it's an async response, as soon as the request handler creates the request, it returns the ID. So, and the process is complete. So, as soon as the user wants to see the result, they can use that request ID, and fetch the data from our server. We can create one microservice that only fetches the data, so that the authentication and all other parts will be taken care of by that. And as soon as someone hits with the proper request ID, that server gets back to the request with the proper response. That's how we can do with microservice architecture.

Okay, so for securing to the API, we can use the authentication authorization kind of the implementation in that. So, what happened in the server side, we can implement the JWT token. Okay? So, JWT token is generated, and we can generate the access token and the refresh token. So, the access token is like a small-lived token, and the refresh token is like a long-lived token. So, the access token is the token with which every API is accessed. As soon as the user logs in for every API, and that API key is added to that, and it's given back to the response, Okay? And given back to the server node. Yes, sir. Okay, so as soon as any user logs in with the platform, the access token and the refresh token is saved in our platform. Some access tokens are saved in the data in a global component, like Redux or context, somewhere. And the refresh token, we can save it in our local storage. And as soon as the user closes the tab or a user logs out, when the user comes back, we can use the refresh token to fetch a new token and get back to the user. And as soon as the user logs out, we can wipe out the local storage so that the token and all this thing will be wiped out from that. And for every request, the access token is sent with that API, and on the Node.js side, the token will be authenticated. And if it is authenticated, then and only then it performs the request. If it is not authenticated, it will throw back a 401. On the front-end side, if the access token is expired, we use the refresh token. And to check if we can generate a new access token using the refresh token, if it is within the time permit, we can generate a new access token, give it back to the client side. The client will again use that new access token and start their journey smoothly. And if the refresh token is also expired, we log out the user from that process and make sure the user will have to land on a landing page and again log in. So, plus, you can use the rate limiter on that. So, suppose any server hits the certain amount of requests more than a certain amount of time from the same IP, then we can ensure that we can assume that they are trying to do data scraping on our platform, and might be possible it harms our platform. So, we can restrict the user to hit a certain amount of requests only, within a certain amount of time, with such a request. So, yeah, that's where we can generate a secure API communication.

It's not good to have a question. It looks only good, underscore to, underscore how I don't think.

I'm excited to be here today. We've been working on a new project and I think it's going to be a game changer. Like, it's going to make a huge impact on our company. So, our team has been working on this project for about six months now. We've had our ups and downs, but we're finally starting to see some real progress. One of the biggest challenges we faced was getting everyone on the same page. We have a lot of different departments involved, so it was tough to get everyone to agree on the same thing. But, we've been working hard to communicate better and it's really paying off. I think one of the things that's going to make this project so successful is the fact that we're not just thinking about the short-term gains. We're thinking about how this project is going to impact our company in the long-term. We're not just looking at the numbers, we're looking at how this project is going to change the way we do things. It's going to be a real paradigm shift. I'm really proud of our team and the work they've been doing. They're dedicated, hardworking, and passionate about what they do. I think this project is going to be a huge success and I'm excited to see where it takes us. So, that's my update on the project. I'm happy to answer any questions you may have.