Back to Details

backend-engineer

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

Backend Engineer

后端工程师

Production-ready backend development with modern technologies, best practices, and proven patterns.
使用现代技术、最佳实践和成熟模式进行生产级后端开发。

When to Use

适用场景

  • Designing RESTful, GraphQL, or gRPC APIs
  • Building authentication/authorization systems
  • Optimizing database queries and schemas
  • Implementing caching and performance optimization
  • OWASP Top 10 security mitigation
  • Designing scalable microservices
  • Testing strategies (unit, integration, E2E)
  • CI/CD pipelines and deployment
  • Monitoring and debugging production systems
  • 设计RESTful、GraphQL或gRPC API
  • 构建认证/授权系统
  • 优化数据库查询与架构
  • 实现缓存与性能优化
  • 缓解OWASP Top 10安全风险
  • 设计可扩展的微服务
  • 测试策略(单元测试、集成测试、端到端测试)
  • CI/CD流水线与部署
  • 生产系统的监控与调试

Technology Selection Guide

技术选型指南

Languages: Node.js/TypeScript (full-stack), Python (data/ML), Go (concurrency), Rust (performance) Frameworks: NestJS, FastAPI, Django, Express, Gin Databases: PostgreSQL (ACID), MongoDB (flexible schema), Redis (caching) APIs: REST (simple), GraphQL (flexible), gRPC (performance)
See: 
references/technologies.md
for detailed comparisons
编程语言: Node.js/TypeScript(全栈)、Python(数据/机器学习)、Go(高并发)、Rust(高性能) 框架: NestJS、FastAPI、Django、Express、Gin 数据库: PostgreSQL(ACID事务)、MongoDB(灵活架构)、Redis(缓存) API类型: REST(简单易用)、GraphQL(灵活)、gRPC(高性能)
详情请见:
references/technologies.md
中的详细对比

Reference Navigation

参考文档导航

Core Technologies:
  • references/technologies.md
    - Languages, frameworks, databases, message queues, ORMs
  • references/api-design.md
    - REST, GraphQL, gRPC patterns and best practices
Security & Authentication:
  • references/security.md
    - OWASP Top 10, security best practices, input validation
  • references/authentication.md
    - OAuth 2.1, JWT, RBAC, MFA, session management
Performance & Architecture:
  • references/performance.md
    - Caching, query optimization, load balancing, scaling
  • references/architecture.md
    - Microservices, event-driven, CQRS, saga patterns
Quality & Operations:
  • references/testing.md
    - Testing strategies, frameworks, tools, CI/CD testing
  • references/devops.md
    - Docker, Kubernetes, deployment strategies, monitoring
  • references/implementation-workflow.md
    - Unified implementation workflow
核心技术:
  • references/technologies.md
    - 编程语言、框架、数据库、消息队列、ORM
  • references/api-design.md
    - REST、GraphQL、gRPC的模式与最佳实践
安全与认证:
  • references/security.md
    - OWASP Top 10、安全最佳实践、输入验证
  • references/authentication.md
    - OAuth 2.1、JWT、RBAC、MFA、会话管理
性能与架构:
  • references/performance.md
    - 缓存、查询优化、负载均衡、扩容
  • references/architecture.md
    - 微服务、事件驱动、CQRS、Saga模式
质量与运维:
  • references/testing.md
    - 测试策略、框架、工具、CI/CD测试
  • references/devops.md
    - Docker、Kubernetes、部署策略、监控
  • references/implementation-workflow.md
    - 统一实施工作流

Key Best Practices

核心最佳实践

Security: Argon2id passwords, parameterized queries, OAuth 2.1 + PKCE, rate limiting, security headers
Performance: Redis caching (90% DB load reduction), database indexing, CDN, connection pooling
Testing: 70-20-10 pyramid (unit-integration-E2E), contract testing for microservices
DevOps: Blue-green/canary deployments, feature flags, Kubernetes, Prometheus/Grafana monitoring, OpenTelemetry tracing
安全: Argon2id密码哈希、参数化查询、OAuth 2.1 + PKCE、速率限制、安全头
性能: Redis缓存(降低90%数据库负载)、数据库索引、CDN、连接池
测试: 70-20-10测试金字塔(单元-集成-端到端)、微服务契约测试
DevOps: 蓝绿/金丝雀部署、功能开关、Kubernetes、Prometheus/Grafana监控、OpenTelemetry链路追踪

Quick Decision Matrix

快速决策矩阵

NeedChoose
Fast developmentNode.js + NestJS
Data/ML integrationPython + FastAPI
High concurrencyGo + Gin
Max performanceRust + Axum
ACID transactionsPostgreSQL
Flexible schemaMongoDB
CachingRedis
Internal servicesgRPC
Public APIsGraphQL/REST
Real-time eventsKafka
需求选择方案
快速开发Node.js + NestJS
数据/机器学习集成Python + FastAPI
高并发场景Go + Gin
极致性能Rust + Axum
ACID事务PostgreSQL
灵活架构MongoDB
缓存需求Redis
内部服务gRPC
公开APIGraphQL/REST
实时事件Kafka

Implementation Checklist

实施检查清单

API: Choose style → Design schema → Validate input → Add auth → Rate limiting → Documentation → Error handling
Database: Choose DB → Design schema → Create indexes → Connection pooling → Migration strategy → Backup/restore → Test performance
Security: OWASP Top 10 → Parameterized queries → OAuth 2.1 + JWT → Security headers → Rate limiting → Input validation → Argon2id passwords
Testing: Unit 70% → Integration 20% → E2E 10% → Load tests → Migration tests → Contract tests (microservices)
Deployment: Docker → CI/CD → Blue-green/canary → Feature flags → Monitoring → Logging → Health checks
API: 选择风格 → 设计架构 → 输入验证 → 添加认证 → 速率限制 → 文档编写 → 错误处理
数据库: 选择数据库 → 设计架构 → 创建索引 → 连接池配置 → 迁移策略 → 备份/恢复 → 性能测试
安全: OWASP Top 10防护 → 参数化查询 → OAuth 2.1 + JWT → 安全头配置 → 速率限制 → 输入验证 → Argon2id密码哈希
测试: 单元测试70% → 集成测试20% → 端到端测试10% → 负载测试 → 迁移测试 → 微服务契约测试
部署: Docker容器化 → CI/CD流水线 → 蓝绿/金丝雀部署 → 功能开关 → 监控配置 → 日志收集 → 健康检查

Implementation Workflow

实施工作流

When implementing backend code, follow unified implementation workflow patterns. See 
references/implementation-workflow.md
for details.
在实现后端代码时,请遵循统一的实施工作流模式。详情请见 
references/implementation-workflow.md