backend-development

Compare original and translation side by side

🇺🇸

Original

English

🇨🇳

Translation

Chinese

Backend Development Skill

后端开发技能

Production-ready backend development with modern technologies, best practices, and proven patterns.

基于现代技术、最佳实践和成熟模式的生产级后端开发。

When to Use

适用场景

Designing RESTful, GraphQL, or gRPC APIs
Building authentication/authorization systems
Optimizing database queries and schemas
Implementing caching and performance optimization
OWASP Top 10 security mitigation
Designing scalable microservices
Testing strategies (unit, integration, E2E)
CI/CD pipelines and deployment
Monitoring and debugging production systems

设计RESTful、GraphQL或gRPC API
构建身份认证/授权系统
优化数据库查询与Schema
实现缓存与性能优化
缓解OWASP Top 10安全风险
设计可扩展的微服务
测试策略（单元测试、集成测试、端到端测试）
CI/CD流水线与部署
生产系统的监控与调试

Technology Selection Guide

技术选型指南

Languages: Node.js/TypeScript (full-stack), Python (data/ML), Go (concurrency), Rust (performance) Frameworks: NestJS, FastAPI, Django, Express, Gin Databases: PostgreSQL (ACID), MongoDB (flexible schema), Redis (caching) APIs: REST (simple), GraphQL (flexible), gRPC (performance)

See:

references/backend-technologies.md

for detailed comparisons

编程语言： Node.js/TypeScript（全栈）、Python（数据/机器学习）、Go（高并发）、Rust（高性能） 框架： NestJS、FastAPI、Django、Express、Gin 数据库： PostgreSQL（ACID事务）、MongoDB（灵活Schema）、Redis（缓存） API风格： REST（简单易用）、GraphQL（灵活）、gRPC（高性能）

详情请查看：

references/backend-technologies.md

中的详细对比

Reference Navigation

参考文档导航

Core Technologies:

```
backend-technologies.md
```
- Languages, frameworks, databases, message queues, ORMs
```
backend-api-design.md
```
- REST, GraphQL, gRPC patterns and best practices

Security & Authentication:

```
backend-security.md
```
- OWASP Top 10 2025, security best practices, input validation
```
backend-authentication.md
```
- OAuth 2.1, JWT, RBAC, MFA, session management

Performance & Architecture:

```
backend-performance.md
```
- Caching, query optimization, load balancing, scaling
```
backend-architecture.md
```
- Microservices, event-driven, CQRS, saga patterns

Quality & Operations:

```
backend-testing.md
```
- Testing strategies, frameworks, tools, CI/CD testing
```
backend-code-quality.md
```
- SOLID principles, design patterns, clean code
```
backend-devops.md
```
- Docker, Kubernetes, deployment strategies, monitoring
```
backend-debugging.md
```
- Debugging strategies, profiling, logging, production debugging
```
backend-mindset.md
```
- Problem-solving, architectural thinking, collaboration

核心技术：

```
backend-technologies.md
```
- 编程语言、框架、数据库、消息队列、ORM
```
backend-api-design.md
```
- REST、GraphQL、gRPC的模式与最佳实践

安全与认证：

```
backend-security.md
```
- OWASP Top 10 2025、安全最佳实践、输入验证
```
backend-authentication.md
```
- OAuth 2.1、JWT、RBAC、多因素认证、会话管理

性能与架构：

```
backend-performance.md
```
- 缓存、查询优化、负载均衡、扩容
```
backend-architecture.md
```
- 微服务、事件驱动、CQRS、Saga模式

质量与运维：

```
backend-testing.md
```
- 测试策略、框架、工具、CI/CD测试
```
backend-code-quality.md
```
- SOLID原则、设计模式、整洁代码
```
backend-devops.md
```
- Docker、Kubernetes、部署策略、监控
```
backend-debugging.md
```
- 调试策略、性能分析、日志、生产环境调试
```
backend-mindset.md
```
- 问题解决、架构思维、协作

Key Best Practices (2025)

核心最佳实践（2025年）

Security: Argon2id passwords, parameterized queries (98% SQL injection reduction), OAuth 2.1 + PKCE, rate limiting, security headers

Performance: Redis caching (90% DB load reduction), database indexing (30% I/O reduction), CDN (50%+ latency cut), connection pooling

Testing: 70-20-10 pyramid (unit-integration-E2E), Vitest 50% faster than Jest, contract testing for microservices, 83% migrations fail without tests

DevOps: Blue-green/canary deployments, feature flags (90% fewer failures), Kubernetes 84% adoption, Prometheus/Grafana monitoring, OpenTelemetry tracing

安全： 使用Argon2id存储密码、参数化查询（减少98%的SQL注入风险）、OAuth 2.1 + PKCE、速率限制、安全头

性能： Redis缓存（减少90%的数据库负载）、数据库索引（减少30%的I/O操作）、CDN（降低50%以上的延迟）、连接池

测试： 70-20-10测试金字塔（单元-集成-端到端）、Vitest比Jest快50%、微服务契约测试、83%的迁移在无测试情况下失败

DevOps： 蓝绿/金丝雀部署、功能开关（减少90%的故障）、Kubernetes采用率达84%、Prometheus/Grafana监控、OpenTelemetry链路追踪

Quick Decision Matrix

快速决策矩阵

Need	Choose
Fast development	Node.js + NestJS
Data/ML integration	Python + FastAPI
High concurrency	Go + Gin
Max performance	Rust + Axum
ACID transactions	PostgreSQL
Flexible schema	MongoDB
Caching	Redis
Internal services	gRPC
Public APIs	GraphQL/REST
Real-time events	Kafka

需求	选择方案
快速开发	Node.js + NestJS
数据/机器学习集成	Python + FastAPI
高并发	Go + Gin
极致性能	Rust + Axum
ACID事务	PostgreSQL
灵活Schema	MongoDB
缓存	Redis
内部服务	gRPC
公共API	GraphQL/REST
实时事件	Kafka

Implementation Checklist

实施检查清单

API: Choose style → Design schema → Validate input → Add auth → Rate limiting → Documentation → Error handling

Database: Choose DB → Design schema → Create indexes → Connection pooling → Migration strategy → Backup/restore → Test performance

Security: OWASP Top 10 → Parameterized queries → OAuth 2.1 + JWT → Security headers → Rate limiting → Input validation → Argon2id passwords

Testing: Unit 70% → Integration 20% → E2E 10% → Load tests → Migration tests → Contract tests (microservices)

Deployment: Docker → CI/CD → Blue-green/canary → Feature flags → Monitoring → Logging → Health checks

API： 选择风格 → 设计Schema → 输入验证 → 添加认证 → 速率限制 → 文档 → 错误处理

数据库： 选择数据库 → 设计Schema → 创建索引 → 连接池 → 迁移策略 → 备份/恢复 → 性能测试

安全： 覆盖OWASP Top 10 → 参数化查询 → OAuth 2.1 + JWT → 安全头 → 速率限制 → 输入验证 → Argon2id密码存储

测试： 单元测试70% → 集成测试20% → 端到端测试10% → 负载测试 → 迁移测试 → 微服务契约测试

部署： Docker容器化 → CI/CD流水线 → 蓝绿/金丝雀部署 → 功能开关 → 监控 → 日志 → 健康检查

Resources

资源

OWASP Top 10: https://owasp.org/www-project-top-ten/
OAuth 2.1: https://oauth.net/2.1/
OpenTelemetry: https://opentelemetry.io/

OWASP Top 10: https://owasp.org/www-project-top-ten/
OAuth 2.1: https://oauth.net/2.1/
OpenTelemetry: https://opentelemetry.io/