I want to create a system for project management with task/issue/chat. This isn't anything commercial just for learning purposes. It is simplified description containing only things that are neccessary to present the problem.
First problem I had was how to add task using task service without asking project service everytime if user is a member of given project. I know that more beetwen services communications == more problems, more latency and generally AvoidBadTM. So I decided to use JWT for each microservice. User that want to add task with task service need to first ask Auth service: give me jwt for Task, projectX and include permissions. Auth would call Project service to verify if user is a member and generate proper JWT token. We still have communication beetwen services but it is a single call for a span of token lifetime instead of doing it every call to task service. Here comes the problem.
What if user is removed/banned from the project or project was deleted? If task service doesn't care about projects - it only cares if JWT is valid so user can create task X for project id Y then how to prevent banned(from project) user from accessing this service? Also if project is deleted and project service emit an event to event bus "I deleted project X" then task service read this event and removes all tasks assigned to project X. But what to do when some user still has valid access token and he creates another task after the event was processed? Task service doesn't check if project still exists and in the result we have dangling task in a database.
My solution to this problem would be to store in task service database info about existing projects. Only ids, so memory/storage footprint is minimal. So when project service emits "Project deleted event", task service would not only clear all task with given projectId but also removes stored projectId so task creation is not possible. Is this a good approach? What about banned users? Another entry in database and event to subscribe to?
Aucun commentaire:
Enregistrer un commentaire