An analysis of the service-side architecture of a mobile social application

Original http://blog.csdn.net/lvjin110/article/details/12958463

TA is a geo-location-based social app that helps you communicate with people you don't know but who are nearby. Ta is a stranger dating app that allows instant communication, sharing photos, dating and making friends with nearby and interesting strangers wherever you are in line, bus, café or park walk.

Blink of an eye, leave the research and development team nearly half a year, during which many netizens asked the backend architecture, and technical details. For the purpose of technology sharing, we now share the service-side architecture and design ideas.

Such as:

As the total present structure diagram of the service end, the following sections are described below.

The service side is mainly divided into 3 layers:

Persistent Layer : The data is mainly made of persistent storage of data, including the database and file form (Pictures, audio and video, etc.).

Cache Layer : Provides data caching services for the application tier, and data routing relays.

Application Layer : This layer provides direct application services and interface access for clients.

Specific role:

Authentication Gateway : As a portal for client application access, provides services such as user registration, authentication, and so on. When the user opens the app, enters the account password and submits it to the authentication server, when it passes the authentication, assigns the session server to the client, writes the login authentication information to the Redis, and then accesses the interface that requires authentication, the other service obtains the authentication information from Redis.

Session KeepAlive Service : The service uses TCP/IP protocol, mainly for the client to maintain a long connection, responsible for the delivery and acquisition of instant messages.

Group/Room service : This service is mainly used for "group" functions, and users in the same group are connected to the same server.

Functional Business Services : Mainly provide non-instant service access, such as sharing photos, viewing other people's information.

Multimedia File Service : Provides file read and write services to clients. such as uploading photos, sharing audio and video.

message routing : Mainly used for cross-session service of Instant message routing relay, such as a user in the 1th session, B user in the 2nd session, the two sides of the instant communication will be "message routing" relay.

Cache layer : Mainly used for storing hot data, such as user session, authentication information, application server resources, etc., to reduce the access pressure on the persistent layer.

data Access middleware cluster : As a core component, all access to the database is provided by it uniformly, because the database server consists of multiple units, each with read and write separation of multiple machines, resulting in a relatively large database service, is to reduce the use of application layer complexity.

Persistence layer : Mainly database and file storage, do not do too much introduction.

Security Guarantee:

1. Communication data security, all data requests based on HTTP communication are digitally signed, and the sensitive data in communication is encrypted by "symmetric encryption" algorithm. Some netizens asked the specific implementation details, and now the principle of a brief description.

The digital signature certificate has two parts, "identity fingerprint" + "key", when the client sends the data, it uses the signing certificate to sign the data sent, then sends the signature and the data to the server simultaneously, the server uses the same method to sign the data, then compares the signature consistency.

1. Server-side security, based on the TCP/IP protocol of the session Service and room service, the user connected to the servers port, the need for authentication, in 2 minutes without a verified connection will be actively disconnected.