The latest articles on DEV Community by Jeremiah Anku Coblah (@jeremiah_ankucoblah_e1d5). https://dev.to/jeremiah_ankucoblah_e1d5 https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3542514%2F5acd0920-d66b-4688-961b-784fe61e7830.png https://dev.to/jeremiah_ankucoblah_e1d5 en Jeremiah Anku Coblah Tue, 14 Oct 2025 12:28:37 +0000 https://dev.to/jeremiah_ankucoblah_e1d5/building-a-production-ready-url-shortener-with-nestjs-supabase-and-redis-a-complete-journey-2ogb https://dev.to/jeremiah_ankucoblah_e1d5/building-a-production-ready-url-shortener-with-nestjs-supabase-and-redis-a-complete-journey-2ogb <p><em>TL;DR: I built a complete URL shortener using NestJS, Supabase, and Redis — packed with analytics, caching, auto-expiring links, and encrypted storage. In this post, I walk through the entire process, from the initial idea to the final build, sharing the challenges I ran into and what I learned along the way.</em></p> <h2> 🎯 Why Build Another URL Shortener? </h2> <p>URL shorteners may look like a solved problem — with tools like Bitly and TinyURL already around — but building one from scratch is an amazing way to learn and explore concepts like:</p> <ul> <li> <strong>Backend architecture</strong> (API design, database modeling)</li> <li> <strong>Performance optimization</strong> (caching strategies, query optimization)</li> <li> <strong>Security</strong> (encryption, authentication, authorization)</li> <li> <strong>DevOps</strong> (deployment, monitoring, scaling)</li> <li> <strong>Data engineering</strong> (analytics, time-series data)</li> </ul> <p>Plus, you gain complete control over your data and can customize features exactly how you want them.</p> <h2> 📋 What We're Building </h2> <p>Our URL shortener includes:</p> <p>✅ <strong>Core Features</strong>:</p> <ul> <li>URL shortening with custom aliases</li> <li>Fast redirects (&lt; 50ms with caching)</li> <li>Automatic URL expiration</li> <li>Password-protected URLs (ready for implementation)</li> <li>Collision-free short code generation</li> </ul> <p>✅ <strong>Analytics</strong>:</p> <ul> <li>Click tracking with geographic data (country, city)</li> <li>Device type detection (mobile, desktop, tablet)</li> <li>Browser and OS breakdown</li> <li>Referrer tracking</li> <li>Time-series data (daily, weekly, monthly trends)</li> </ul> <p>✅ <strong>Performance</strong>:</p> <ul> <li>Redis caching for lightning-fast redirects</li> <li>Non-blocking click recording</li> <li>Intelligent cache invalidation</li> <li>Connection pooling</li> </ul> <p>✅ <strong>Security &amp; Reliability</strong>:</p> <ul> <li>AES-256 URL encryption</li> <li>Supabase Row Level Security (RLS)</li> <li>JWT authentication</li> <li>Automated cleanup cron jobs</li> </ul> <h2> 🛠 The Tech Stack </h2> <p>After researching various options, I settled on this stack:</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Component</th> <th>Choice</th> <th>Why?</th> </tr> </thead> <tbody> <tr> <td><strong>Backend</strong></td> <td>NestJS</td> <td>Modular architecture, TypeScript support, excellent documentation</td> </tr> <tr> <td><strong>Database</strong></td> <td>Supabase (PostgreSQL)</td> <td>Managed database + auth + RLS out of the box</td> </tr> <tr> <td><strong>Cache</strong></td> <td>Redis</td> <td>Industry standard for fast in-memory caching</td> </tr> <tr> <td><strong>Language</strong></td> <td>TypeScript</td> <td>Type safety prevents bugs, better developer experience</td> </tr> <tr> <td><strong>Analytics</strong></td> <td>geoip-lite + ua-parser-js</td> <td>Lightweight, no external API dependencies</td> </tr> </tbody> </table></div> <h3> Why Supabase Over Traditional PostgreSQL? </h3> <p>Supabase was a game-changer. Instead of setting up:</p> <ul> <li>PostgreSQL server</li> <li>Authentication system</li> <li>Authorization logic</li> <li>API layer</li> <li>Real-time subscriptions</li> </ul> <p>I got <strong>all of this built-in</strong> with Supabase. The Row Level Security (RLS) feature alone saved me from writing hundreds of lines of permission-checking code.</p> <h2> 🏗 System Architecture </h2> <p>Here's the high-level architecture:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>┌─────────────┐ │ Client │ (Makes request to short URL) └──────┬──────┘ │ ▼ ┌─────────────┐ │ NestJS API │ (Checks cache, queries DB) └───┬─────┬───┘ │ │ ▼ ▼ ┌────────┐ ┌──────────┐ │ Redis │ │ Supabase │ │ Cache │ │ (Auth │ │ │ │ + DB) │ └────────┘ └──────────┘ </code></pre> </div> <p><strong>Request Flow</strong> for a redirect:</p> <ol> <li>User clicks <code>https://short.url/abc123</code> </li> <li>NestJS checks Redis cache</li> <li> <strong>Cache hit?</strong> → Redirect immediately (15-50ms)</li> <li> <strong>Cache miss?</strong> → Query Supabase → Cache result → Redirect</li> <li>Asynchronously record click with analytics data</li> </ol> <h2> 💾 Database Design </h2> <h3> Schema </h3> <p>I designed three main tables:</p> <h4> 1. <strong>profiles</strong> - User accounts </h4> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">CREATE</span> <span class="k">TABLE</span> <span class="n">profiles</span> <span class="p">(</span> <span class="n">id</span> <span class="n">UUID</span> <span class="k">PRIMARY</span> <span class="k">KEY</span> <span class="k">REFERENCES</span> <span class="n">auth</span><span class="p">.</span><span class="n">users</span><span class="p">(</span><span class="n">id</span><span class="p">),</span> <span class="n">email</span> <span class="nb">TEXT</span> <span class="k">NOT</span> <span class="k">NULL</span><span class="p">,</span> <span class="n">created_at</span> <span class="n">TIMESTAMPTZ</span> <span class="k">DEFAULT</span> <span class="n">NOW</span><span class="p">()</span> <span class="p">);</span> </code></pre> </div> <p>This links to Supabase's built-in <code>auth.users</code> table.</p> <h4> 2. <strong>urls</strong> - The shortened URLs </h4> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">CREATE</span> <span class="k">TABLE</span> <span class="n">urls</span> <span class="p">(</span> <span class="n">id</span> <span class="n">UUID</span> <span class="k">PRIMARY</span> <span class="k">KEY</span> <span class="k">DEFAULT</span> <span class="n">gen_random_uuid</span><span class="p">(),</span> <span class="n">short_code</span> <span class="nb">TEXT</span> <span class="k">UNIQUE</span> <span class="k">NOT</span> <span class="k">NULL</span><span class="p">,</span> <span class="c1">-- "abc123"</span> <span class="n">long_url</span> <span class="nb">TEXT</span> <span class="k">NOT</span> <span class="k">NULL</span><span class="p">,</span> <span class="c1">-- Encrypted!</span> <span class="n">user_id</span> <span class="n">UUID</span> <span class="k">REFERENCES</span> <span class="n">profiles</span><span class="p">(</span><span class="n">id</span><span class="p">),</span> <span class="n">custom_alias</span> <span class="nb">BOOLEAN</span> <span class="k">DEFAULT</span> <span class="k">FALSE</span><span class="p">,</span> <span class="n">password_hash</span> <span class="nb">TEXT</span><span class="p">,</span> <span class="c1">-- For password-protected URLs</span> <span class="n">expires_at</span> <span class="n">TIMESTAMPTZ</span><span class="p">,</span> <span class="c1">-- Auto-expiration</span> <span class="n">is_active</span> <span class="nb">BOOLEAN</span> <span class="k">DEFAULT</span> <span class="k">TRUE</span><span class="p">,</span> <span class="n">created_at</span> <span class="n">TIMESTAMPTZ</span> <span class="k">DEFAULT</span> <span class="n">NOW</span><span class="p">(),</span> <span class="n">updated_at</span> <span class="n">TIMESTAMPTZ</span> <span class="k">DEFAULT</span> <span class="n">NOW</span><span class="p">()</span> <span class="p">);</span> </code></pre> </div> <p><strong>Key Decision</strong>: I encrypt <code>long_url</code> using AES-256. Even if someone gains database access, they can't see the original URLs without the encryption key.</p> <h4> 3. <strong>clicks</strong> - Analytics data </h4> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">CREATE</span> <span class="k">TABLE</span> <span class="n">clicks</span> <span class="p">(</span> <span class="n">id</span> <span class="n">UUID</span> <span class="k">PRIMARY</span> <span class="k">KEY</span> <span class="k">DEFAULT</span> <span class="n">gen_random_uuid</span><span class="p">(),</span> <span class="n">short_code</span> <span class="nb">TEXT</span> <span class="k">NOT</span> <span class="k">NULL</span> <span class="k">REFERENCES</span> <span class="n">urls</span><span class="p">(</span><span class="n">short_code</span><span class="p">),</span> <span class="n">clicked_at</span> <span class="n">TIMESTAMPTZ</span> <span class="k">DEFAULT</span> <span class="n">NOW</span><span class="p">(),</span> <span class="n">ip_address</span> <span class="nb">TEXT</span><span class="p">,</span> <span class="n">country</span> <span class="nb">TEXT</span><span class="p">,</span> <span class="n">city</span> <span class="nb">TEXT</span><span class="p">,</span> <span class="n">referrer</span> <span class="nb">TEXT</span><span class="p">,</span> <span class="n">device_type</span> <span class="nb">TEXT</span><span class="p">,</span> <span class="c1">-- mobile/desktop/tablet</span> <span class="n">browser</span> <span class="nb">TEXT</span><span class="p">,</span> <span class="n">os</span> <span class="nb">TEXT</span> <span class="p">);</span> </code></pre> </div> <h3> Indexing Strategy </h3> <p>Performance optimization through strategic indexing:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="c1">-- Critical for fast lookups</span> <span class="k">CREATE</span> <span class="k">INDEX</span> <span class="n">idx_urls_short_code</span> <span class="k">ON</span> <span class="n">urls</span><span class="p">(</span><span class="n">short_code</span><span class="p">);</span> <span class="c1">-- Fast user URL queries</span> <span class="k">CREATE</span> <span class="k">INDEX</span> <span class="n">idx_urls_user_id</span> <span class="k">ON</span> <span class="n">urls</span><span class="p">(</span><span class="n">user_id</span><span class="p">);</span> <span class="c1">-- Analytics queries</span> <span class="k">CREATE</span> <span class="k">INDEX</span> <span class="n">idx_clicks_short_code</span> <span class="k">ON</span> <span class="n">clicks</span><span class="p">(</span><span class="n">short_code</span><span class="p">);</span> <span class="k">CREATE</span> <span class="k">INDEX</span> <span class="n">idx_clicks_clicked_at</span> <span class="k">ON</span> <span class="n">clicks</span><span class="p">(</span><span class="n">clicked_at</span><span class="p">);</span> </code></pre> </div> <p><strong>Result</strong>: Queries that took 200ms now take 5-10ms.</p> <h2> 🔐 Security: Row Level Security (RLS) </h2> <p>One of Supabase's killer features is Row Level Security. Instead of writing permission checks in my code, I define policies at the database level:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="c1">-- Users can only see their own URLs</span> <span class="k">CREATE</span> <span class="n">POLICY</span> <span class="nv">"Users can view own URLs"</span> <span class="k">ON</span> <span class="n">urls</span> <span class="k">FOR</span> <span class="k">SELECT</span> <span class="k">USING</span> <span class="p">(</span><span class="n">auth</span><span class="p">.</span><span class="n">uid</span><span class="p">()</span> <span class="o">=</span> <span class="n">user_id</span><span class="p">);</span> <span class="c1">-- Anyone can read URLs for redirects (but not see user_id)</span> <span class="k">CREATE</span> <span class="n">POLICY</span> <span class="nv">"Anyone can read URLs for redirects"</span> <span class="k">ON</span> <span class="n">urls</span> <span class="k">FOR</span> <span class="k">SELECT</span> <span class="k">USING</span> <span class="p">(</span><span class="k">TRUE</span><span class="p">);</span> <span class="c1">-- Users can only view clicks for their URLs</span> <span class="k">CREATE</span> <span class="n">POLICY</span> <span class="nv">"Users can view clicks for own URLs"</span> <span class="k">ON</span> <span class="n">clicks</span> <span class="k">FOR</span> <span class="k">SELECT</span> <span class="k">USING</span> <span class="p">(</span> <span class="n">short_code</span> <span class="k">IN</span> <span class="p">(</span> <span class="k">SELECT</span> <span class="n">short_code</span> <span class="k">FROM</span> <span class="n">urls</span> <span class="k">WHERE</span> <span class="n">user_id</span> <span class="o">=</span> <span class="n">auth</span><span class="p">.</span><span class="n">uid</span><span class="p">()</span> <span class="p">)</span> <span class="p">);</span> </code></pre> </div> <p><strong>Why This Is Powerful</strong>:</p> <ul> <li>Security enforced at database level</li> <li>Impossible to bypass with API manipulation</li> <li>Policies are centralized (not scattered across code)</li> <li>Performance: PostgreSQL optimizes RLS queries</li> </ul> <h2> ⚡ Performance: The Caching Strategy </h2> <h3> The Problem </h3> <p>Without caching, every redirect requires:</p> <ol> <li>Database query (~50-100ms)</li> <li>Decryption (~1-2ms)</li> <li>HTTP redirect</li> </ol> <p>For a popular short URL with 1000 clicks/second, that's <strong>1000 database queries per second</strong>. Not scalable.</p> <h3> The Solution: Redis </h3> <p>I implemented a two-tier caching strategy:</p> <h4> Tier 1: URL Data Cache </h4> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// Cache structure</span> <span class="p">{</span> <span class="dl">"</span><span class="s2">abc123</span><span class="dl">"</span><span class="p">:</span> <span class="p">{</span> <span class="dl">"</span><span class="s2">long_url</span><span class="dl">"</span><span class="p">:</span> <span class="dl">"</span><span class="s2">https://example.com/actual-url</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">expires_at</span><span class="dl">"</span><span class="p">:</span> <span class="dl">"</span><span class="s2">2025-10-20T10:00:00Z</span><span class="dl">"</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p><strong>TTL</strong>: 24 hours<br><br> <strong>Invalidation</strong>: On URL update/delete</p> <h4> Tier 2: Analytics Cache </h4> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// Cache key: stats:abc123</span> <span class="p">{</span> <span class="dl">"</span><span class="s2">total_clicks</span><span class="dl">"</span><span class="p">:</span> <span class="mi">1567</span><span class="p">,</span> <span class="dl">"</span><span class="s2">clicks_last_7_days</span><span class="dl">"</span><span class="p">:</span> <span class="mi">234</span><span class="p">,</span> <span class="dl">"</span><span class="s2">top_countries</span><span class="dl">"</span><span class="p">:</span> <span class="p">[...],</span> <span class="dl">"</span><span class="s2">device_breakdown</span><span class="dl">"</span><span class="p">:</span> <span class="p">[...]</span> <span class="p">}</span> </code></pre> </div> <p><strong>TTL</strong>: 5 minutes<br><br> <strong>Why shorter?</strong>: Analytics can be slightly stale, but not too much</p> <h3> The Results </h3> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Scenario</th> <th>Without Cache</th> <th>With Cache</th> </tr> </thead> <tbody> <tr> <td>Redirect time</td> <td>120-200ms</td> <td>15-50ms</td> </tr> <tr> <td>Database queries</td> <td>Every request</td> <td>Only cache misses</td> </tr> <tr> <td>Scalability</td> <td>~100 req/s</td> <td>~10,000 req/s</td> </tr> </tbody> </table></div> <h2> 🎯 Implementing Core Features </h2> <h3> 1. Short Code Generation </h3> <p>I use <strong>Base62 encoding</strong> (a-z, A-Z, 0-9) for short codes:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">export</span> <span class="kd">const</span> <span class="nx">CodeGenerator</span> <span class="o">=</span> <span class="p">():</span> <span class="kr">string</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">chars</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789</span><span class="dl">'</span><span class="p">;</span> <span class="kd">let</span> <span class="nx">code</span> <span class="o">=</span> <span class="dl">''</span><span class="p">;</span> <span class="k">for </span><span class="p">(</span><span class="kd">let</span> <span class="nx">i</span> <span class="o">=</span> <span class="mi">0</span><span class="p">;</span> <span class="nx">i</span> <span class="o">&lt;</span> <span class="mi">6</span><span class="p">;</span> <span class="nx">i</span><span class="o">++</span><span class="p">)</span> <span class="p">{</span> <span class="nx">code</span> <span class="o">+=</span> <span class="nx">chars</span><span class="p">.</span><span class="nf">charAt</span><span class="p">(</span><span class="nb">Math</span><span class="p">.</span><span class="nf">floor</span><span class="p">(</span><span class="nb">Math</span><span class="p">.</span><span class="nf">random</span><span class="p">()</span> <span class="o">*</span> <span class="nx">chars</span><span class="p">.</span><span class="nx">length</span><span class="p">));</span> <span class="p">}</span> <span class="k">return</span> <span class="nx">code</span><span class="p">;</span> <span class="p">};</span> </code></pre> </div> <p><strong>Why 6 characters?</strong></p> <ul> <li>62^6 = <strong>56.8 billion</strong> possible combinations</li> <li>Even at 1 million URLs, collision probability is ~0.002%</li> </ul> <h3> Collision Handling </h3> <p>What if we generate a code that already exists? Retry logic:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">let</span> <span class="nx">attempts</span> <span class="o">=</span> <span class="mi">0</span><span class="p">;</span> <span class="k">while </span><span class="p">(</span><span class="nx">attempts</span> <span class="o">&lt;</span> <span class="mi">5</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="p">{</span> <span class="na">data</span><span class="p">:</span> <span class="nx">existingCode</span> <span class="p">}</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">supabase</span> <span class="p">.</span><span class="k">from</span><span class="p">(</span><span class="dl">'</span><span class="s1">urls</span><span class="dl">'</span><span class="p">)</span> <span class="p">.</span><span class="nf">select</span><span class="p">(</span><span class="dl">'</span><span class="s1">short_code</span><span class="dl">'</span><span class="p">)</span> <span class="p">.</span><span class="nf">eq</span><span class="p">(</span><span class="dl">'</span><span class="s1">short_code</span><span class="dl">'</span><span class="p">,</span> <span class="nx">shortCode</span><span class="p">)</span> <span class="p">.</span><span class="nf">maybeSingle</span><span class="p">();</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">existingCode</span><span class="p">)</span> <span class="k">break</span><span class="p">;</span> <span class="c1">// Code is unique!</span> <span class="nx">shortCode</span> <span class="o">=</span> <span class="nc">CodeGenerator</span><span class="p">();</span> <span class="c1">// Try again</span> <span class="nx">attempts</span><span class="o">++</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <p><strong>Trade-off</strong>: Slight performance hit on collisions vs. guaranteed uniqueness.</p> <h3> 2. URL Encryption </h3> <p>I encrypt all URLs before storing them:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="o">*</span> <span class="k">as</span> <span class="nx">crypto</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">crypto</span><span class="dl">'</span><span class="p">;</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">encrypt</span> <span class="o">=</span> <span class="p">(</span><span class="nx">text</span><span class="p">:</span> <span class="kr">string</span><span class="p">):</span> <span class="kr">string</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">algorithm</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">aes-256-cbc</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">key</span> <span class="o">=</span> <span class="nx">Buffer</span><span class="p">.</span><span class="k">from</span><span class="p">(</span><span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">ENCRYPTION_KEY</span><span class="o">!</span><span class="p">,</span> <span class="dl">'</span><span class="s1">hex</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">iv</span> <span class="o">=</span> <span class="nx">crypto</span><span class="p">.</span><span class="nf">randomBytes</span><span class="p">(</span><span class="mi">16</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">cipher</span> <span class="o">=</span> <span class="nx">crypto</span><span class="p">.</span><span class="nf">createCipheriv</span><span class="p">(</span><span class="nx">algorithm</span><span class="p">,</span> <span class="nx">key</span><span class="p">,</span> <span class="nx">iv</span><span class="p">);</span> <span class="kd">let</span> <span class="nx">encrypted</span> <span class="o">=</span> <span class="nx">cipher</span><span class="p">.</span><span class="nf">update</span><span class="p">(</span><span class="nx">text</span><span class="p">,</span> <span class="dl">'</span><span class="s1">utf8</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">hex</span><span class="dl">'</span><span class="p">);</span> <span class="nx">encrypted</span> <span class="o">+=</span> <span class="nx">cipher</span><span class="p">.</span><span class="nf">final</span><span class="p">(</span><span class="dl">'</span><span class="s1">hex</span><span class="dl">'</span><span class="p">);</span> <span class="k">return</span> <span class="nx">iv</span><span class="p">.</span><span class="nf">toString</span><span class="p">(</span><span class="dl">'</span><span class="s1">hex</span><span class="dl">'</span><span class="p">)</span> <span class="o">+</span> <span class="dl">'</span><span class="s1">:</span><span class="dl">'</span> <span class="o">+</span> <span class="nx">encrypted</span><span class="p">;</span> <span class="p">};</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">decrypt</span> <span class="o">=</span> <span class="p">(</span><span class="nx">encrypted</span><span class="p">:</span> <span class="kr">string</span><span class="p">):</span> <span class="kr">string</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="p">[</span><span class="nx">ivHex</span><span class="p">,</span> <span class="nx">encryptedData</span><span class="p">]</span> <span class="o">=</span> <span class="nx">encrypted</span><span class="p">.</span><span class="nf">split</span><span class="p">(</span><span class="dl">'</span><span class="s1">:</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">iv</span> <span class="o">=</span> <span class="nx">Buffer</span><span class="p">.</span><span class="k">from</span><span class="p">(</span><span class="nx">ivHex</span><span class="p">,</span> <span class="dl">'</span><span class="s1">hex</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">key</span> <span class="o">=</span> <span class="nx">Buffer</span><span class="p">.</span><span class="k">from</span><span class="p">(</span><span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">ENCRYPTION_KEY</span><span class="o">!</span><span class="p">,</span> <span class="dl">'</span><span class="s1">hex</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">decipher</span> <span class="o">=</span> <span class="nx">crypto</span><span class="p">.</span><span class="nf">createDecipheriv</span><span class="p">(</span><span class="dl">'</span><span class="s1">aes-256-cbc</span><span class="dl">'</span><span class="p">,</span> <span class="nx">key</span><span class="p">,</span> <span class="nx">iv</span><span class="p">);</span> <span class="kd">let</span> <span class="nx">decrypted</span> <span class="o">=</span> <span class="nx">decipher</span><span class="p">.</span><span class="nf">update</span><span class="p">(</span><span class="nx">encryptedData</span><span class="p">,</span> <span class="dl">'</span><span class="s1">hex</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">utf8</span><span class="dl">'</span><span class="p">);</span> <span class="nx">decrypted</span> <span class="o">+=</span> <span class="nx">decipher</span><span class="p">.</span><span class="nf">final</span><span class="p">(</span><span class="dl">'</span><span class="s1">utf8</span><span class="dl">'</span><span class="p">);</span> <span class="k">return</span> <span class="nx">decrypted</span><span class="p">;</span> <span class="p">};</span> </code></pre> </div> <p><strong>Security Benefit</strong>: Even if someone dumps the database, they can't see original URLs without the encryption key (stored as environment variable, never committed to Git).</p> <h3> 3. The Redirect Endpoint (Most Critical!) </h3> <p>This endpoint must be <strong>blazingly fast</strong>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">async</span> <span class="nf">shortCode</span><span class="p">(</span><span class="nx">shortCode</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">req</span><span class="p">:</span> <span class="nx">Request</span><span class="p">):</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="p">{</span> <span class="na">long_url</span><span class="p">:</span> <span class="kr">string</span> <span class="p">}</span><span class="o">&gt;</span> <span class="p">{</span> <span class="c1">// ⚡ Step 1: Check cache first (fast path)</span> <span class="kd">const</span> <span class="nx">cache</span> <span class="o">=</span> <span class="k">await</span> <span class="k">this</span><span class="p">.</span><span class="nx">cacheManager</span><span class="p">.</span><span class="kd">get</span><span class="o">&lt;</span><span class="p">{</span> <span class="na">long_url</span><span class="p">:</span> <span class="kr">string</span> <span class="p">}</span><span class="o">&gt;</span><span class="p">(</span><span class="nx">shortCode</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="nx">cache</span><span class="p">)</span> <span class="p">{</span> <span class="k">this</span><span class="p">.</span><span class="nf">recordClick</span><span class="p">(</span><span class="nx">shortCode</span><span class="p">,</span> <span class="nx">req</span><span class="p">);</span> <span class="c1">// Non-blocking</span> <span class="k">return</span> <span class="p">{</span> <span class="na">long_url</span><span class="p">:</span> <span class="nx">cache</span><span class="p">.</span><span class="nx">long_url</span> <span class="p">};</span> <span class="p">}</span> <span class="c1">// 🔍 Step 2: Cache miss - query database</span> <span class="kd">const</span> <span class="p">{</span> <span class="na">data</span><span class="p">:</span> <span class="nx">url</span><span class="p">,</span> <span class="nx">error</span> <span class="p">}</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">supabase</span> <span class="p">.</span><span class="k">from</span><span class="p">(</span><span class="dl">'</span><span class="s1">urls</span><span class="dl">'</span><span class="p">)</span> <span class="p">.</span><span class="nf">select</span><span class="p">(</span><span class="dl">'</span><span class="s1">*</span><span class="dl">'</span><span class="p">)</span> <span class="p">.</span><span class="nf">eq</span><span class="p">(</span><span class="dl">'</span><span class="s1">short_code</span><span class="dl">'</span><span class="p">,</span> <span class="nx">shortCode</span><span class="p">)</span> <span class="p">.</span><span class="nf">maybeSingle</span><span class="p">();</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">url</span><span class="p">)</span> <span class="p">{</span> <span class="k">throw</span> <span class="k">new</span> <span class="nc">NotFoundException</span><span class="p">(</span><span class="s2">`URL not found`</span><span class="p">);</span> <span class="p">}</span> <span class="c1">// ⏰ Step 3: Check expiration</span> <span class="k">if </span><span class="p">(</span><span class="k">new</span> <span class="nc">Date</span><span class="p">(</span><span class="nx">url</span><span class="p">.</span><span class="nx">expires_at</span><span class="p">)</span> <span class="o">&lt;</span> <span class="k">new</span> <span class="nc">Date</span><span class="p">())</span> <span class="p">{</span> <span class="k">throw</span> <span class="k">new</span> <span class="nc">NotFoundException</span><span class="p">(</span><span class="dl">'</span><span class="s1">This URL has expired</span><span class="dl">'</span><span class="p">);</span> <span class="p">}</span> <span class="c1">// 🔓 Step 4: Decrypt URL</span> <span class="kd">const</span> <span class="nx">decryptedUrl</span> <span class="o">=</span> <span class="nf">decrypt</span><span class="p">(</span><span class="nx">url</span><span class="p">.</span><span class="nx">long_url</span><span class="p">);</span> <span class="c1">// 💾 Step 5: Cache result</span> <span class="k">await</span> <span class="k">this</span><span class="p">.</span><span class="nx">cacheManager</span><span class="p">.</span><span class="nf">set</span><span class="p">(</span><span class="nx">shortCode</span><span class="p">,</span> <span class="p">{</span> <span class="na">long_url</span><span class="p">:</span> <span class="nx">decryptedUrl</span> <span class="p">},</span> <span class="mi">86400</span><span class="p">);</span> <span class="c1">// 📊 Step 6: Record click (asynchronous - doesn't block redirect)</span> <span class="k">this</span><span class="p">.</span><span class="nf">recordClick</span><span class="p">(</span><span class="nx">shortCode</span><span class="p">,</span> <span class="nx">req</span><span class="p">);</span> <span class="k">return</span> <span class="p">{</span> <span class="na">long_url</span><span class="p">:</span> <span class="nx">decryptedUrl</span> <span class="p">};</span> <span class="p">}</span> </code></pre> </div> <p><strong>Key Optimization</strong>: Click recording happens asynchronously. The user gets their redirect immediately, and analytics are processed in the background.</p> <h3> 4. Analytics: The recordClick Method </h3> <p>This method extracts <strong>everything</strong> from the request:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">private</span> <span class="k">async</span> <span class="nf">recordClick</span><span class="p">(</span><span class="nx">shortCode</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">req</span><span class="p">?:</span> <span class="nx">Request</span><span class="p">):</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="k">void</span><span class="o">&gt;</span> <span class="p">{</span> <span class="k">try</span> <span class="p">{</span> <span class="c1">// 🌍 Extract IP address</span> <span class="kd">const</span> <span class="nx">ip</span> <span class="o">=</span> <span class="p">(</span><span class="nx">req</span><span class="p">?.</span><span class="nx">headers</span><span class="p">[</span><span class="dl">'</span><span class="s1">x-forwarded-for</span><span class="dl">'</span><span class="p">]</span> <span class="k">as</span> <span class="kr">string</span><span class="p">)?.</span><span class="nf">split</span><span class="p">(</span><span class="dl">'</span><span class="s1">,</span><span class="dl">'</span><span class="p">)[</span><span class="mi">0</span><span class="p">]?.</span><span class="nf">trim</span><span class="p">()</span> <span class="o">||</span> <span class="nx">req</span><span class="p">?.</span><span class="nx">socket</span><span class="p">?.</span><span class="nx">remoteAddress</span><span class="p">?.</span><span class="nf">replace</span><span class="p">(</span><span class="dl">'</span><span class="s1">::ffff:</span><span class="dl">'</span><span class="p">,</span> <span class="dl">''</span><span class="p">)</span> <span class="o">||</span> <span class="kc">null</span><span class="p">;</span> <span class="c1">// 📱 Parse user agent</span> <span class="kd">const</span> <span class="nx">userAgent</span> <span class="o">=</span> <span class="nx">req</span><span class="p">?.</span><span class="nx">headers</span><span class="p">[</span><span class="dl">'</span><span class="s1">user-agent</span><span class="dl">'</span><span class="p">]</span> <span class="o">||</span> <span class="dl">''</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">parser</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">UAParser</span><span class="p">(</span><span class="nx">userAgent</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">result</span> <span class="o">=</span> <span class="nx">parser</span><span class="p">.</span><span class="nf">getResult</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">deviceType</span> <span class="o">=</span> <span class="nx">result</span><span class="p">.</span><span class="nx">device</span><span class="p">.</span><span class="kd">type</span> <span class="o">||</span> <span class="dl">'</span><span class="s1">desktop</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">browser</span> <span class="o">=</span> <span class="nx">result</span><span class="p">.</span><span class="nx">browser</span><span class="p">.</span><span class="nx">name</span> <span class="o">||</span> <span class="dl">'</span><span class="s1">Unknown</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">os</span> <span class="o">=</span> <span class="nx">result</span><span class="p">.</span><span class="nx">os</span><span class="p">.</span><span class="nx">name</span> <span class="o">||</span> <span class="dl">'</span><span class="s1">Unknown</span><span class="dl">'</span><span class="p">;</span> <span class="c1">// 🗺️ Geo lookup</span> <span class="kd">const</span> <span class="nx">geo</span> <span class="o">=</span> <span class="nx">geoip</span><span class="p">.</span><span class="nf">lookup</span><span class="p">(</span><span class="nx">ip</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">country</span> <span class="o">=</span> <span class="nx">geo</span><span class="p">?.</span><span class="nx">country</span> <span class="o">||</span> <span class="kc">null</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">city</span> <span class="o">=</span> <span class="nx">geo</span><span class="p">?.</span><span class="nx">city</span> <span class="o">||</span> <span class="kc">null</span><span class="p">;</span> <span class="c1">// 🔗 Referrer</span> <span class="kd">const</span> <span class="nx">referrer</span> <span class="o">=</span> <span class="nx">req</span><span class="p">?.</span><span class="nx">headers</span><span class="p">[</span><span class="dl">'</span><span class="s1">referer</span><span class="dl">'</span><span class="p">]</span> <span class="o">||</span> <span class="kc">null</span><span class="p">;</span> <span class="c1">// 💾 Save to database</span> <span class="k">await</span> <span class="nx">supabaseAdmin</span><span class="p">.</span><span class="k">from</span><span class="p">(</span><span class="dl">'</span><span class="s1">clicks</span><span class="dl">'</span><span class="p">).</span><span class="nf">insert</span><span class="p">({</span> <span class="na">short_code</span><span class="p">:</span> <span class="nx">shortCode</span><span class="p">,</span> <span class="na">clicked_at</span><span class="p">:</span> <span class="k">new</span> <span class="nc">Date</span><span class="p">().</span><span class="nf">toISOString</span><span class="p">(),</span> <span class="na">ip_address</span><span class="p">:</span> <span class="nx">ip</span><span class="p">,</span> <span class="nx">referrer</span><span class="p">,</span> <span class="na">device_type</span><span class="p">:</span> <span class="nx">deviceType</span><span class="p">,</span> <span class="nx">browser</span><span class="p">,</span> <span class="nx">os</span><span class="p">,</span> <span class="nx">country</span><span class="p">,</span> <span class="nx">city</span><span class="p">,</span> <span class="p">});</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">err</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">error</span><span class="p">(</span><span class="dl">'</span><span class="s1">Failed to record click:</span><span class="dl">'</span><span class="p">,</span> <span class="nx">err</span><span class="p">.</span><span class="nx">message</span><span class="p">);</span> <span class="c1">// Don't throw - we don't want analytics failures to break redirects</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p><strong>Why geoip-lite?</strong></p> <ul> <li>No external API calls (faster)</li> <li>No rate limits</li> <li>Works offline</li> <li>Trade-off: Less accurate than paid services, but good enough</li> </ul> <h3> 5. Analytics Endpoint </h3> <p>Aggregating click data into useful insights:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">async</span> <span class="nf">getUrlStats</span><span class="p">(</span><span class="nx">shortCode</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">userId</span><span class="p">:</span> <span class="kr">string</span><span class="p">):</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="kr">any</span><span class="o">&gt;</span> <span class="p">{</span> <span class="c1">// 🔐 Verify ownership</span> <span class="kd">const</span> <span class="p">{</span> <span class="na">data</span><span class="p">:</span> <span class="nx">url</span> <span class="p">}</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">supabase</span> <span class="p">.</span><span class="k">from</span><span class="p">(</span><span class="dl">'</span><span class="s1">urls</span><span class="dl">'</span><span class="p">)</span> <span class="p">.</span><span class="nf">select</span><span class="p">(</span><span class="dl">'</span><span class="s1">*</span><span class="dl">'</span><span class="p">)</span> <span class="p">.</span><span class="nf">eq</span><span class="p">(</span><span class="dl">'</span><span class="s1">short_code</span><span class="dl">'</span><span class="p">,</span> <span class="nx">shortCode</span><span class="p">)</span> <span class="p">.</span><span class="nf">single</span><span class="p">();</span> <span class="k">if </span><span class="p">(</span><span class="nx">url</span><span class="p">.</span><span class="nx">user_id</span> <span class="o">!==</span> <span class="nx">userId</span><span class="p">)</span> <span class="p">{</span> <span class="k">throw</span> <span class="k">new</span> <span class="nc">ForbiddenException</span><span class="p">(</span><span class="dl">'</span><span class="s1">Not your URL</span><span class="dl">'</span><span class="p">);</span> <span class="p">}</span> <span class="c1">// 💾 Check cache</span> <span class="kd">const</span> <span class="nx">cacheKey</span> <span class="o">=</span> <span class="s2">`stats:</span><span class="p">${</span><span class="nx">shortCode</span><span class="p">}</span><span class="s2">`</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">cached</span> <span class="o">=</span> <span class="k">await</span> <span class="k">this</span><span class="p">.</span><span class="nx">cacheManager</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="nx">cacheKey</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="nx">cached</span><span class="p">)</span> <span class="k">return</span> <span class="nx">cached</span><span class="p">;</span> <span class="c1">// 📊 Query all clicks</span> <span class="kd">const</span> <span class="p">{</span> <span class="na">data</span><span class="p">:</span> <span class="nx">clicks</span> <span class="p">}</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">supabase</span> <span class="p">.</span><span class="k">from</span><span class="p">(</span><span class="dl">'</span><span class="s1">clicks</span><span class="dl">'</span><span class="p">)</span> <span class="p">.</span><span class="nf">select</span><span class="p">(</span><span class="dl">'</span><span class="s1">*</span><span class="dl">'</span><span class="p">)</span> <span class="p">.</span><span class="nf">eq</span><span class="p">(</span><span class="dl">'</span><span class="s1">short_code</span><span class="dl">'</span><span class="p">,</span> <span class="nx">shortCode</span><span class="p">)</span> <span class="p">.</span><span class="nf">order</span><span class="p">(</span><span class="dl">'</span><span class="s1">clicked_at</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">ascending</span><span class="p">:</span> <span class="kc">false</span> <span class="p">});</span> <span class="c1">// 📈 Calculate statistics</span> <span class="kd">const</span> <span class="nx">now</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Date</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">sevenDaysAgo</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Date</span><span class="p">(</span><span class="nx">now</span><span class="p">.</span><span class="nf">getTime</span><span class="p">()</span> <span class="o">-</span> <span class="mi">7</span> <span class="o">*</span> <span class="mi">24</span> <span class="o">*</span> <span class="mi">60</span> <span class="o">*</span> <span class="mi">60</span> <span class="o">*</span> <span class="mi">1000</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">thirtyDaysAgo</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Date</span><span class="p">(</span><span class="nx">now</span><span class="p">.</span><span class="nf">getTime</span><span class="p">()</span> <span class="o">-</span> <span class="mi">30</span> <span class="o">*</span> <span class="mi">24</span> <span class="o">*</span> <span class="mi">60</span> <span class="o">*</span> <span class="mi">60</span> <span class="o">*</span> <span class="mi">1000</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">stats</span> <span class="o">=</span> <span class="p">{</span> <span class="na">total_clicks</span><span class="p">:</span> <span class="nx">clicks</span><span class="p">.</span><span class="nx">length</span><span class="p">,</span> <span class="na">clicks_last_7_days</span><span class="p">:</span> <span class="nx">clicks</span><span class="p">.</span><span class="nf">filter</span><span class="p">(</span><span class="nx">c</span> <span class="o">=&gt;</span> <span class="k">new</span> <span class="nc">Date</span><span class="p">(</span><span class="nx">c</span><span class="p">.</span><span class="nx">clicked_at</span><span class="p">)</span> <span class="o">&gt;=</span> <span class="nx">sevenDaysAgo</span><span class="p">).</span><span class="nx">length</span><span class="p">,</span> <span class="na">clicks_last_30_days</span><span class="p">:</span> <span class="nx">clicks</span><span class="p">.</span><span class="nf">filter</span><span class="p">(</span><span class="nx">c</span> <span class="o">=&gt;</span> <span class="k">new</span> <span class="nc">Date</span><span class="p">(</span><span class="nx">c</span><span class="p">.</span><span class="nx">clicked_at</span><span class="p">)</span> <span class="o">&gt;=</span> <span class="nx">thirtyDaysAgo</span><span class="p">).</span><span class="nx">length</span><span class="p">,</span> <span class="c1">// Group by date</span> <span class="na">clicks_by_date</span><span class="p">:</span> <span class="k">this</span><span class="p">.</span><span class="nf">groupByDate</span><span class="p">(</span><span class="nx">clicks</span><span class="p">,</span> <span class="nx">thirtyDaysAgo</span><span class="p">),</span> <span class="c1">// Top countries</span> <span class="na">top_countries</span><span class="p">:</span> <span class="k">this</span><span class="p">.</span><span class="nf">aggregateField</span><span class="p">(</span><span class="nx">clicks</span><span class="p">,</span> <span class="dl">'</span><span class="s1">country</span><span class="dl">'</span><span class="p">),</span> <span class="c1">// Device breakdown</span> <span class="na">device_breakdown</span><span class="p">:</span> <span class="k">this</span><span class="p">.</span><span class="nf">aggregateField</span><span class="p">(</span><span class="nx">clicks</span><span class="p">,</span> <span class="dl">'</span><span class="s1">device_type</span><span class="dl">'</span><span class="p">),</span> <span class="c1">// Browser breakdown</span> <span class="na">browser_breakdown</span><span class="p">:</span> <span class="k">this</span><span class="p">.</span><span class="nf">aggregateField</span><span class="p">(</span><span class="nx">clicks</span><span class="p">,</span> <span class="dl">'</span><span class="s1">browser</span><span class="dl">'</span><span class="p">),</span> <span class="c1">// OS breakdown</span> <span class="na">os_breakdown</span><span class="p">:</span> <span class="k">this</span><span class="p">.</span><span class="nf">aggregateField</span><span class="p">(</span><span class="nx">clicks</span><span class="p">,</span> <span class="dl">'</span><span class="s1">os</span><span class="dl">'</span><span class="p">),</span> <span class="c1">// Top referrers</span> <span class="na">top_referrers</span><span class="p">:</span> <span class="k">this</span><span class="p">.</span><span class="nf">aggregateField</span><span class="p">(</span><span class="nx">clicks</span><span class="p">,</span> <span class="dl">'</span><span class="s1">referrer</span><span class="dl">'</span><span class="p">),</span> <span class="p">};</span> <span class="c1">// 💾 Cache for 5 minutes</span> <span class="k">await</span> <span class="k">this</span><span class="p">.</span><span class="nx">cacheManager</span><span class="p">.</span><span class="nf">set</span><span class="p">(</span><span class="nx">cacheKey</span><span class="p">,</span> <span class="nx">stats</span><span class="p">,</span> <span class="mi">300</span><span class="p">);</span> <span class="k">return</span> <span class="nx">stats</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <p><strong>Optimization Opportunity</strong>: For URLs with millions of clicks, querying all clicks every time is slow. Future enhancement: Daily aggregation table (pre-computed stats).</p> <h3> 6. Automated Expiration with Cron Jobs </h3> <p>URLs can have expiration times. I built a cron job to automatically delete expired URLs:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="p">@</span><span class="nd">Cron</span><span class="p">(</span><span class="nx">CronExpression</span><span class="p">.</span><span class="nx">EVERY_MINUTE</span><span class="p">)</span> <span class="k">async</span> <span class="nf">handleExpiredUrls</span><span class="p">()</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="dl">'</span><span class="s1">⏰ Checking for expired URLs...</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">now</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Date</span><span class="p">().</span><span class="nf">toISOString</span><span class="p">();</span> <span class="c1">// Use service role to bypass RLS</span> <span class="kd">const</span> <span class="nx">supabaseAdmin</span> <span class="o">=</span> <span class="nf">createClient</span><span class="p">(</span> <span class="k">this</span><span class="p">.</span><span class="nx">configService</span><span class="p">.</span><span class="kd">get</span><span class="o">&lt;</span><span class="kr">string</span><span class="o">&gt;</span><span class="p">(</span><span class="dl">'</span><span class="s1">SUPABASE_URL</span><span class="dl">'</span><span class="p">)</span><span class="o">!</span><span class="p">,</span> <span class="k">this</span><span class="p">.</span><span class="nx">configService</span><span class="p">.</span><span class="kd">get</span><span class="o">&lt;</span><span class="kr">string</span><span class="o">&gt;</span><span class="p">(</span><span class="dl">'</span><span class="s1">SUPABASE_SERVICE_ROLE_KEY</span><span class="dl">'</span><span class="p">)</span><span class="o">!</span> <span class="p">);</span> <span class="c1">// Find expired URLs</span> <span class="kd">const</span> <span class="p">{</span> <span class="na">data</span><span class="p">:</span> <span class="nx">expiredUrls</span> <span class="p">}</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">supabaseAdmin</span> <span class="p">.</span><span class="k">from</span><span class="p">(</span><span class="dl">'</span><span class="s1">urls</span><span class="dl">'</span><span class="p">)</span> <span class="p">.</span><span class="nf">select</span><span class="p">(</span><span class="dl">'</span><span class="s1">id, short_code</span><span class="dl">'</span><span class="p">)</span> <span class="p">.</span><span class="nf">lt</span><span class="p">(</span><span class="dl">'</span><span class="s1">expires_at</span><span class="dl">'</span><span class="p">,</span> <span class="nx">now</span><span class="p">)</span> <span class="p">.</span><span class="nf">limit</span><span class="p">(</span><span class="mi">100</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">expiredUrls</span> <span class="o">||</span> <span class="nx">expiredUrls</span><span class="p">.</span><span class="nx">length</span> <span class="o">===</span> <span class="mi">0</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="dl">'</span><span class="s1">✅ No expired URLs found.</span><span class="dl">'</span><span class="p">);</span> <span class="k">return</span><span class="p">;</span> <span class="p">}</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="s2">`🗑 Found </span><span class="p">${</span><span class="nx">expiredUrls</span><span class="p">.</span><span class="nx">length</span><span class="p">}</span><span class="s2"> expired URL(s). Deleting...`</span><span class="p">);</span> <span class="c1">// Delete them</span> <span class="kd">const</span> <span class="nx">ids</span> <span class="o">=</span> <span class="nx">expiredUrls</span><span class="p">.</span><span class="nf">map</span><span class="p">(</span><span class="nx">u</span> <span class="o">=&gt;</span> <span class="nx">u</span><span class="p">.</span><span class="nx">id</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">shortCodes</span> <span class="o">=</span> <span class="nx">expiredUrls</span><span class="p">.</span><span class="nf">map</span><span class="p">(</span><span class="nx">u</span> <span class="o">=&gt;</span> <span class="nx">u</span><span class="p">.</span><span class="nx">short_code</span><span class="p">);</span> <span class="k">await</span> <span class="nx">supabaseAdmin</span><span class="p">.</span><span class="k">from</span><span class="p">(</span><span class="dl">'</span><span class="s1">urls</span><span class="dl">'</span><span class="p">).</span><span class="k">delete</span><span class="p">().</span><span class="k">in</span><span class="p">(</span><span class="dl">'</span><span class="s1">id</span><span class="dl">'</span><span class="p">,</span> <span class="nx">ids</span><span class="p">);</span> <span class="c1">// Clear from cache</span> <span class="k">for </span><span class="p">(</span><span class="kd">const</span> <span class="nx">code</span> <span class="k">of</span> <span class="nx">shortCodes</span><span class="p">)</span> <span class="p">{</span> <span class="k">await</span> <span class="k">this</span><span class="p">.</span><span class="nx">cacheManager</span><span class="p">.</span><span class="nf">del</span><span class="p">(</span><span class="nx">code</span><span class="p">);</span> <span class="p">}</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="s2">`🧹 Successfully deleted </span><span class="p">${</span><span class="nx">expiredUrls</span><span class="p">.</span><span class="nx">length</span><span class="p">}</span><span class="s2"> expired URLs`</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p><strong>Why every minute?</strong> Balance between:</p> <ul> <li>Immediate cleanup (every second = too many queries)</li> <li>Delayed cleanup (every hour = expired URLs still work for too long)</li> </ul> <h2> 📊 API Documentation with Swagger </h2> <p>NestJS makes API documentation effortless with decorators:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="p">@</span><span class="nd">ApiTags</span><span class="p">(</span><span class="dl">'</span><span class="s1">URLs</span><span class="dl">'</span><span class="p">)</span> <span class="p">@</span><span class="nd">ApiBearerAuth</span><span class="p">()</span> <span class="p">@</span><span class="nd">Controller</span><span class="p">(</span><span class="dl">'</span><span class="s1">urls</span><span class="dl">'</span><span class="p">)</span> <span class="k">export</span> <span class="kd">class</span> <span class="nc">UrlsController</span> <span class="p">{</span> <span class="p">@</span><span class="nd">Post</span><span class="p">(</span><span class="dl">'</span><span class="s1">shorten</span><span class="dl">'</span><span class="p">)</span> <span class="p">@</span><span class="nd">UseGuards</span><span class="p">(</span><span class="nx">SupabaseAuthGuard</span><span class="p">)</span> <span class="p">@</span><span class="nd">ApiOperation</span><span class="p">({</span> <span class="na">summary</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Shorten a long URL</span><span class="dl">'</span><span class="p">,</span> <span class="na">description</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Creates a new shortened URL for the authenticated user.</span><span class="dl">'</span> <span class="p">})</span> <span class="p">@</span><span class="nd">ApiBody</span><span class="p">({</span> <span class="na">type</span><span class="p">:</span> <span class="nx">UrlsDto</span> <span class="p">})</span> <span class="p">@</span><span class="nd">ApiCreatedResponse</span><span class="p">({</span> <span class="na">description</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Successfully created</span><span class="dl">'</span><span class="p">,</span> <span class="na">type</span><span class="p">:</span> <span class="nx">ShortUrlResponseDto</span> <span class="p">})</span> <span class="k">async</span> <span class="nf">createShortUrl</span><span class="p">(@</span><span class="nd">Body</span><span class="p">()</span> <span class="nx">body</span><span class="p">:</span> <span class="nx">UrlsDto</span><span class="p">,</span> <span class="p">@</span><span class="nd">Req</span><span class="p">()</span> <span class="nx">req</span><span class="p">:</span> <span class="kr">any</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="k">this</span><span class="p">.</span><span class="nx">urlsService</span><span class="p">.</span><span class="nf">createShortUrl</span><span class="p">(</span> <span class="nx">body</span><span class="p">.</span><span class="nx">long_url</span><span class="p">,</span> <span class="nx">req</span><span class="p">.</span><span class="nx">user</span><span class="p">.</span><span class="nx">id</span><span class="p">,</span> <span class="nx">req</span><span class="p">.</span><span class="nx">accessToken</span><span class="p">,</span> <span class="nx">body</span><span class="p">.</span><span class="nx">password</span><span class="p">,</span> <span class="nx">body</span><span class="p">.</span><span class="nx">customAlias</span> <span class="p">);</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p><strong>Result</strong>: Beautiful, interactive documentation at <code>/api</code> endpoint.</p> <h2> 🚧 The AWS Deployment Challenge </h2> <h3> The Plan </h3> <p>I initially planned to deploy on AWS with this architecture:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>┌─────────────┐ │ CloudFront │ (CDN for edge caching) └──────┬──────┘ │ ▼ ┌─────────────┐ │ EC2 │ (NestJS app on t2.micro) └───┬─────┬───┘ │ │ ▼ ▼ ┌────────┐ ┌──────────┐ │ElastiCache││ Supabase │ │ (Redis) │ │ (external)│ └────────┘ └──────────┘ │ ▼ ┌─────────────┐ │ SQS │ (Queue for analytics) └──────┬──────┘ │ ▼ ┌─────────────┐ │ Lambda │ (Process click events) └─────────────┘ </code></pre> </div> <p><strong>Benefits</strong>:</p> <ul> <li>Global CDN caching</li> <li>Auto-scaling Lambda workers</li> <li>Managed Redis</li> <li>Free tier eligible</li> </ul> <h3> The Reality </h3> <p>AWS deployment hit several roadblocks:</p> <h4> 1. <strong>IAM Permission Hell</strong> </h4> <p>Every service needs specific permissions:</p> <ul> <li>EC2 needs ElastiCache access</li> <li>Lambda needs SQS read permissions</li> <li>Lambda needs Supabase network access</li> <li>CloudWatch needs logging permissions</li> </ul> <p>Creating the right IAM policies took <strong>hours</strong> of trial and error.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="err">//</span><span class="w"> </span><span class="err">Example</span><span class="w"> </span><span class="err">of</span><span class="w"> </span><span class="err">complex</span><span class="w"> </span><span class="err">IAM</span><span class="w"> </span><span class="err">policy</span><span class="w"> </span><span class="err">needed</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"Version"</span><span class="p">:</span><span class="w"> </span><span class="s2">"2012-10-17"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Statement"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"Effect"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Allow"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Action"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"sqs:ReceiveMessage"</span><span class="p">,</span><span class="w"> </span><span class="s2">"sqs:DeleteMessage"</span><span class="p">,</span><span class="w"> </span><span class="s2">"sqs:GetQueueAttributes"</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"Resource"</span><span class="p">:</span><span class="w"> </span><span class="s2">"arn:aws:sqs:us-east-1:123456789:click-queue"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"Effect"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Allow"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Action"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"logs:CreateLogGroup"</span><span class="p">,</span><span class="w"> </span><span class="s2">"logs:CreateLogStream"</span><span class="p">,</span><span class="w"> </span><span class="s2">"logs:PutLogEvents"</span><span class="p">],</span><span class="w"> </span><span class="nl">"Resource"</span><span class="p">:</span><span class="w"> </span><span class="s2">"*"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <h4> 2. <strong>VPC Networking Complexity</strong> </h4> <ul> <li>ElastiCache requires VPC</li> <li>Lambda in VPC can't access internet (needs NAT Gateway)</li> <li>NAT Gateway costs <strong>$32/month</strong> (not free tier!)</li> <li>Security groups need careful configuration</li> </ul> <h4> 3. <strong>Cost Monitoring Anxiety</strong> </h4> <p>AWS's pay-as-you-go model is powerful but scary:</p> <ul> <li>Forgot to delete a snapshot → $5 charge</li> <li>Left NAT Gateway running → $32/month</li> <li>CloudFront overages → surprise bill</li> </ul> <p>Setting up billing alerts helped, but the anxiety was real.</p> <h4> 4. <strong>Learning Curve</strong> </h4> <p>AWS has <strong>200+ services</strong>. Even for a simple app, I needed to understand:</p> <ul> <li>EC2 (compute)</li> <li>ElastiCache (managed Redis)</li> <li>SQS (message queue)</li> <li>Lambda (serverless functions)</li> <li>CloudFront (CDN)</li> <li>VPC (networking)</li> <li>IAM (permissions)</li> <li>CloudWatch (monitoring)</li> <li>Route 53 (DNS)</li> </ul> <p>Each service has its own quirks, best practices, and gotchas.</p> <h3> The Decision </h3> <p>After spending 2 days on AWS configuration with limited progress, I made a tough call:</p> <p><strong>Focus on core functionality first, defer AWS deployment.</strong></p> <p><strong>Why?</strong></p> <ul> <li>Core app works perfectly locally</li> <li>Can demonstrate all features</li> <li>Can always deploy later with better knowledge</li> <li>Simpler alternatives exist (Vercel, Railway, Render)</li> </ul> <p><strong>Lessons Learned</strong>:</p> <ol> <li>AWS is powerful but has a steep learning curve</li> <li>Start with simpler deployment platforms for MVPs</li> <li>Document everything (future me will need it)</li> <li>Don't let DevOps block feature development</li> <li>Know when to defer and move forward</li> </ol> <p>I documented the entire AWS setup process in <code>AWS-DEPLOYMENT-GUIDE.md</code> for future reference. When budget and time permit, I'll revisit it with a clearer understanding.</p> <h2> 🎓 Key Takeaways </h2> <h3> Technical Lessons </h3> <ol> <li> <p><strong>Caching is Not Optional</strong></p> <ul> <li>Redis reduced response time by 10x</li> <li>Proper cache invalidation is crucial</li> <li>Monitor cache hit rates</li> </ul> </li> <li> <p><strong>Async Everything</strong></p> <ul> <li>Don't block user-facing requests</li> <li>Analytics can be processed later</li> <li>Use queues for heavy workloads</li> </ul> </li> <li> <p><strong>Security in Layers</strong></p> <ul> <li>Database-level security (RLS)</li> <li>Encrypted storage</li> <li>API authentication</li> <li>Input validation</li> </ul> </li> <li> <p><strong>Type Safety Saves Time</strong></p> <ul> <li>TypeScript caught bugs at compile time</li> <li>Refactoring is much safer</li> <li>IDE auto-completion speeds development</li> </ul> </li> <li> <p><strong>Monitor from Day One</strong></p> <ul> <li>Logging helped debug issues fast</li> <li>Cron job logs showed silent failures</li> <li>Performance metrics guide optimization</li> </ul> </li> </ol> <h3> Project Management Lessons </h3> <ol> <li> <p><strong>Start Simple, Iterate</strong></p> <ul> <li>Built URL shortening first</li> <li>Added analytics second</li> <li>Deferred complex features (AWS, custom domains)</li> </ul> </li> <li> <p><strong>Perfect is the Enemy of Done</strong></p> <ul> <li>AWS deployment was blocking progress</li> <li>Shipped working product &gt; unfinished AWS setup</li> <li>Can always improve later</li> </ul> </li> <li> <p><strong>Document Everything</strong></p> <ul> <li>README helps others (and future you)</li> <li>Code comments explain "why", not "what"</li> <li>Architecture diagrams prevent confusion</li> </ul> </li> <li> <p><strong>Know Your Trade-offs</strong></p> <ul> <li>geoip-lite vs paid service: speed vs accuracy</li> <li>Local dev vs cloud deployment: simplicity vs scalability</li> <li>Every decision has trade-offs</li> </ul> </li> </ol> <h2> 📈 Performance Metrics </h2> <p>Here's how the system performs:</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Metric</th> <th>Value</th> <th>Target</th> </tr> </thead> <tbody> <tr> <td><strong>Redirect time (cached)</strong></td> <td>15-50ms</td> <td>&lt; 100ms ✅</td> </tr> <tr> <td><strong>Redirect time (uncached)</strong></td> <td>80-150ms</td> <td>&lt; 200ms ✅</td> </tr> <tr> <td><strong>Database query time</strong></td> <td>5-15ms</td> <td>&lt; 50ms ✅</td> </tr> <tr> <td><strong>Analytics calculation</strong></td> <td>1-3s (10k clicks)</td> <td>&lt; 5s ✅</td> </tr> <tr> <td><strong>Cron job execution</strong></td> <td>200-500ms</td> <td>&lt; 1s ✅</td> </tr> <tr> <td><strong>Cache hit rate</strong></td> <td>~85%</td> <td>&gt; 70% ✅</td> </tr> </tbody> </table></div> <p><strong>Load Testing Results</strong> (using Artillery):</p> <ul> <li>1,000 concurrent users</li> <li>10,000 requests over 60 seconds</li> <li>0% error rate</li> <li>Average response time: 45ms</li> </ul> <h2> 🚀 Future Enhancements </h2> <h3> Short-Term (Next 2-4 weeks) </h3> <ul> <li>[ ] QR code generation endpoint</li> <li>[ ] Bulk URL import via CSV</li> <li>[ ] Email notifications for expired URLs</li> <li>[ ] Rate limiting (prevent abuse)</li> <li>[ ] User dashboard frontend (React)</li> </ul> <h3> Medium-Term (1-3 months) </h3> <ul> <li>[ ] Custom domains (<code>go.yourcompany.com/abc123</code>)</li> <li>[ ] A/B testing (multiple destinations, weighted routing)</li> <li>[ ] Webhook notifications on click events</li> <li>[ ] URL preview with Open Graph data</li> <li>[ ] Mobile app (React Native)</li> </ul> <h3> Long-Term (3-6 months) </h3> <ul> <li>[ ] AWS deployment with full CI/CD</li> <li>[ ] Daily aggregation table for faster analytics</li> <li>[ ] Machine learning: detect malicious URLs</li> <li>[ ] Multi-region deployment</li> <li>[ ] GraphQL API</li> </ul> <h2> 💡 If I Started Over, I'd... </h2> <ol> <li> <strong>Start with simpler deployment</strong> (Railway/Render instead of AWS)</li> <li> <strong>Add tests from day one</strong> (I learned this the hard way)</li> <li> <strong>Use a daily aggregation table</strong> (for analytics performance)</li> <li> <strong>Implement rate limiting early</strong> (prevent abuse before it happens)</li> <li> <strong>Add comprehensive logging</strong> (more structured logs, not just console.log)</li> </ol> <h2> 🎯 Conclusion </h2> <p>Building this URL shortener taught me more than any tutorial could:</p> <ul> <li> <strong>Backend architecture</strong>: API design, database modeling, caching strategies</li> <li> <strong>Performance optimization</strong>: Query optimization, indexing, async processing</li> <li> <strong>Security</strong>: Encryption, RLS, authentication best practices</li> <li> <strong>DevOps</strong>: Deployment challenges, monitoring, cost management</li> <li> <strong>Project management</strong>: Knowing when to defer, when to ship</li> </ul> <p>The app runs smoothly on local environments, efficiently manages multiple requests at once, and delivers detailed analytics. Although deploying it to AWS is still on the roadmap, the core system is fully built and showcases up-to-date backend development techniques. </p> <p><strong>The biggest lesson?</strong> Ship working code. Perfect deployment can wait.</p> <h2> 📚 Resources </h2> <p>If you want to build your own:</p> <p><strong>Documentation</strong>:</p> <ul> <li><a href="https://docs.nestjs.com/" rel="noopener noreferrer">NestJS Documentation</a></li> <li><a href="https://supabase.com/docs" rel="noopener noreferrer">Supabase Documentation</a></li> <li><a href="https://redis.io/docs/" rel="noopener noreferrer">Redis Documentation</a></li> </ul> <p><strong>Libraries Used</strong>:</p> <ul> <li> <code>@nestjs/common</code> - Core NestJS framework</li> <li> <code>@supabase/supabase-js</code> - Supabase client</li> <li> <code>@nestjs/cache-manager</code> - Redis caching</li> <li> <code>ua-parser-js</code> - User agent parsing</li> <li> <code>geoip-lite</code> - IP geolocation</li> <li> <code>bcrypt</code> - Password hashing</li> </ul> <p><strong>Tutorials That Helped</strong>:</p> <ul> <li><a href="https://supabase.com/docs/guides/auth" rel="noopener noreferrer">Supabase Auth Tutorial</a></li> <li><a href="https://redis.io/docs/manual/patterns/" rel="noopener noreferrer">Redis Caching Best Practices</a></li> </ul> <h2> 🔗 Links </h2> <ul> <li> <strong>GitHub Repository</strong>: <a href="https://github.com/yourusername/url-shortener" rel="noopener noreferrer">github.com/yourusername/url-shortener</a> </li> <li> <strong>Live Demo</strong>: Coming soon (post-AWS deployment)</li> <li> <strong>API Documentation</strong>: Available locally at <code>localhost:3000/api</code> </li> </ul> <h2> 💬 Let's Connect! </h2> <p>I'd love to hear your thoughts:</p> <ul> <li>What features would you add?</li> <li>Have you faced similar AWS challenges?</li> <li>What's your preferred deployment platform?</li> </ul> <p>Drop a comment below or reach out:</p> <ul> <li> <strong>Twitter</strong>: <a href="https://x.com/jerry92023784" rel="noopener noreferrer">@yourhandle</a> </li> <li> <strong>LinkedIn</strong>: <a href="//www.linkedin.com/in/jeremiah-coblah-anku-2b3732229">Your Name</a> </li> <li> <strong>Email</strong>: <a href="mailto:jeremiah.anku.coblah@gmail.com">jeremiah.anku.coblah@gmail.com</a> </li> </ul> <p><strong>If you found this helpful, please give it a ❤️ and share it with others!</strong></p> <h2> 📝 Changelog </h2> <p><strong>v1.0.0</strong> (October 2025)</p> <ul> <li>✅ Initial release</li> <li>✅ URL shortening with custom aliases</li> <li>✅ Redis caching</li> <li>✅ Comprehensive analytics</li> <li>✅ Auto-expiration cron job</li> <li>✅ Supabase Auth &amp; RLS</li> <li>✅ Swagger documentation</li> <li>📝 AWS deployment documented (not yet implemented)</li> </ul> <p><strong>Tags</strong>: #NestJS #Supabase #Redis #Backend #TypeScript #API #URLShortener #WebDevelopment #PostgreSQL #Caching</p> <p><em>Happy coding! 🚀</em></p> nextjs supabase redis backend Jeremiah Anku Coblah Sat, 04 Oct 2025 12:20:02 +0000 https://dev.to/jeremiah_ankucoblah_e1d5/-building-a-real-time-matchmaking-system-with-nestjs-and-mongodb-5fh0 https://dev.to/jeremiah_ankucoblah_e1d5/-building-a-real-time-matchmaking-system-with-nestjs-and-mongodb-5fh0 <h2> How I Built a Competitive Gaming Matchmaking API Like Valorant and CS:GO </h2> <p>Have you ever wondered how games like Valorant, CS:GO, or League of Legends instantly find you opponents at your skill level? In this article, I'll walk you through building a production-ready matchmaking system from scratch using NestJS, MongoDB, and intelligent algorithms.</p> <h2> 🎯 What We're Building </h2> <p>A backend matchmaking system that:</p> <ul> <li>✅ Automatically pairs players based on skill level (ELO rating)</li> <li>✅ Groups players by geographic region to minimize lag</li> <li>✅ Implements a fair queueing system (FIFO - First In, First Out)</li> <li>✅ Uses smart algorithms to balance wait times vs match quality</li> <li>✅ Updates player ratings after matches using the ELO system</li> <li>✅ Handles edge cases like odd numbers of players and long wait times</li> </ul> <p><strong>This isn't just CRUD</strong> - it's a real-world system design challenge that requires algorithm thinking, database optimization, and state management.</p> <h2> 🏗️ System Architecture </h2> <h3> Core Components </h3> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>┌─────────────┐ ┌──────────────┐ ┌─────────────┐ │ Players │ ───▶ │ Queue API │ ───▶ │ Queue DB │ └─────────────┘ └──────────────┘ └─────────────┘ │ ▼ ┌─────────────────┐ │ Matchmaking │ ◀──── Runs every 10s │ Service │ └─────────────────┘ │ ▼ ┌─────────────────┐ │ Match API │ └─────────────────┘ │ ▼ ┌─────────────────┐ │ Match DB │ └─────────────────┘ </code></pre> </div> <h2> 📊 Database Schema Design </h2> <h3> User Schema </h3> <p>Stores player profiles and their current state:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="p">{</span> <span class="nl">_id</span><span class="p">:</span> <span class="nx">ObjectId</span><span class="p">,</span> <span class="nx">username</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">rating</span><span class="p">:</span> <span class="kr">number</span><span class="p">,</span> <span class="c1">// ELO rating (starts at 1200)</span> <span class="nx">region</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="c1">// Encrypted: "NA", "EU", "ASIA"</span> <span class="nx">status</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="c1">// Encrypted: "idle", "searching", "in_match"</span> <span class="nx">matchHistory</span><span class="p">:</span> <span class="nx">ObjectId</span><span class="p">[],</span> <span class="nx">createdAt</span><span class="p">:</span> <span class="nb">Date</span> <span class="p">}</span> </code></pre> </div> <p><strong>Why encrypt region and status?</strong> Security best practice for sensitive player data.</p> <h3> Queue Schema </h3> <p>The "waiting room" for players looking for matches:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="p">{</span> <span class="nl">_id</span><span class="p">:</span> <span class="nx">ObjectId</span><span class="p">,</span> <span class="nx">userId</span><span class="p">:</span> <span class="nx">ObjectId</span><span class="p">,</span> <span class="c1">// Reference to User</span> <span class="nx">username</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="c1">// Denormalized for faster queries</span> <span class="nx">rating</span><span class="p">:</span> <span class="kr">number</span><span class="p">,</span> <span class="c1">// Denormalized to avoid joins</span> <span class="nx">region</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">mode</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="c1">// "1v1", "2v2", "5v5"</span> <span class="nx">status</span><span class="p">:</span> <span class="dl">"</span><span class="s2">searching</span><span class="dl">"</span><span class="p">,</span> <span class="nx">joinedAt</span><span class="p">:</span> <span class="nb">Date</span> <span class="p">}</span> </code></pre> </div> <p><strong>Denormalization Trade-off:</strong> We duplicate <code>username</code> and <code>rating</code> here for query performance. In matchmaking, speed matters more than storage.</p> <h3> Match Schema </h3> <p>Records of created matches:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="p">{</span> <span class="nl">_id</span><span class="p">:</span> <span class="nx">ObjectId</span><span class="p">,</span> <span class="nx">status</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="c1">// "pending", "active", "finished"</span> <span class="nx">mode</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">players</span><span class="p">:</span> <span class="p">[{</span> <span class="na">userId</span><span class="p">:</span> <span class="nx">ObjectId</span><span class="p">,</span> <span class="na">username</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="na">rating</span><span class="p">:</span> <span class="kr">number</span><span class="p">,</span> <span class="nx">team</span><span class="p">?:</span> <span class="kr">string</span> <span class="c1">// For team-based modes</span> <span class="p">}],</span> <span class="nx">winner</span><span class="p">:</span> <span class="nx">ObjectId</span><span class="p">,</span> <span class="nx">result</span><span class="p">:</span> <span class="p">{</span> <span class="nl">winnerRating</span><span class="p">:</span> <span class="kr">number</span><span class="p">,</span> <span class="nx">loserRating</span><span class="p">:</span> <span class="kr">number</span><span class="p">,</span> <span class="nx">ratingChange</span><span class="p">:</span> <span class="kr">number</span> <span class="p">},</span> <span class="nx">createdAt</span><span class="p">:</span> <span class="nb">Date</span> <span class="p">}</span> </code></pre> </div> <h2> 🧠 The Matchmaking Algorithm </h2> <p>This is the <strong>heart</strong> of the system. Here's how it works:</p> <h3> Step 1: Automatic Scheduling </h3> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="p">@</span><span class="nd">Cron</span><span class="p">(</span><span class="nx">CronExpression</span><span class="p">.</span><span class="nx">EVERY_10_SECONDS</span><span class="p">)</span> <span class="k">async</span> <span class="nf">runMatchmaking</span><span class="p">()</span> <span class="p">{</span> <span class="k">this</span><span class="p">.</span><span class="nx">logger</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="dl">'</span><span class="s1">🔍 Starting matchmaking scan...</span><span class="dl">'</span><span class="p">);</span> <span class="k">await</span> <span class="k">this</span><span class="p">.</span><span class="nf">find1v1Matches</span><span class="p">();</span> <span class="p">}</span> </code></pre> </div> <p>Using NestJS's <code>@Cron</code> decorator, the matchmaking service runs automatically every 10 seconds in the background.</p> <h3> Step 2: Fetch and Group Players </h3> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">const</span> <span class="nx">queuedPlayers</span> <span class="o">=</span> <span class="k">await</span> <span class="k">this</span><span class="p">.</span><span class="nx">queueModel</span><span class="p">.</span><span class="nf">aggregate</span><span class="p">([</span> <span class="p">{</span> <span class="na">$match</span><span class="p">:</span> <span class="p">{</span> <span class="na">mode</span><span class="p">:</span> <span class="dl">'</span><span class="s1">1v1</span><span class="dl">'</span> <span class="p">}</span> <span class="p">},</span> <span class="p">{</span> <span class="na">$sort</span><span class="p">:</span> <span class="p">{</span> <span class="na">joinedAt</span><span class="p">:</span> <span class="mi">1</span> <span class="p">}</span> <span class="p">},</span> <span class="c1">// FIFO ordering</span> <span class="p">{</span> <span class="na">$group</span><span class="p">:</span> <span class="p">{</span> <span class="na">_id</span><span class="p">:</span> <span class="dl">'</span><span class="s1">$region</span><span class="dl">'</span><span class="p">,</span> <span class="c1">// Group by region</span> <span class="na">players</span><span class="p">:</span> <span class="p">{</span> <span class="na">$push</span><span class="p">:</span> <span class="dl">'</span><span class="s1">$$ROOT</span><span class="dl">'</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> <span class="p">]);</span> </code></pre> </div> <p><strong>Why MongoDB Aggregation?</strong> It's incredibly efficient for complex queries. We get region-grouped, time-sorted data in a single database call.</p> <h3> Step 3: Compatibility Check </h3> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="nf">arePlayersCompatible</span><span class="p">(</span><span class="nx">player1</span><span class="p">:</span> <span class="kr">any</span><span class="p">,</span> <span class="nx">player2</span><span class="p">:</span> <span class="kr">any</span><span class="p">):</span> <span class="nx">boolean</span> <span class="p">{</span> <span class="c1">// Rule 1: Same region</span> <span class="k">if </span><span class="p">(</span><span class="nx">player1</span><span class="p">.</span><span class="nx">region</span> <span class="o">!==</span> <span class="nx">player2</span><span class="p">.</span><span class="nx">region</span><span class="p">)</span> <span class="k">return</span> <span class="kc">false</span><span class="p">;</span> <span class="c1">// Rule 2: Rating tolerance</span> <span class="kd">const</span> <span class="nx">ratingDiff</span> <span class="o">=</span> <span class="nb">Math</span><span class="p">.</span><span class="nf">abs</span><span class="p">(</span><span class="nx">player1</span><span class="p">.</span><span class="nx">rating</span> <span class="o">-</span> <span class="nx">player2</span><span class="p">.</span><span class="nx">rating</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">RATING_TOLERANCE</span> <span class="o">=</span> <span class="mi">100</span><span class="p">;</span> <span class="k">if </span><span class="p">(</span><span class="nx">ratingDiff</span> <span class="o">&gt;</span> <span class="nx">RATING_TOLERANCE</span><span class="p">)</span> <span class="k">return</span> <span class="kc">false</span><span class="p">;</span> <span class="c1">// Rule 3: Wait time flexibility</span> <span class="kd">const</span> <span class="nx">avgWaitTime</span> <span class="o">=</span> <span class="p">(</span><span class="nx">player1WaitTime</span> <span class="o">+</span> <span class="nx">player2WaitTime</span><span class="p">)</span> <span class="o">/</span> <span class="mi">2</span><span class="p">;</span> <span class="k">if </span><span class="p">(</span><span class="nx">avgWaitTime</span> <span class="o">&gt;</span> <span class="mi">30000</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// After 30s, allow ±200 rating difference</span> <span class="k">return</span> <span class="nx">ratingDiff</span> <span class="o">&lt;=</span> <span class="mi">200</span><span class="p">;</span> <span class="p">}</span> <span class="k">return</span> <span class="kc">true</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <p><strong>Smart Trade-offs:</strong></p> <ul> <li> <strong>First 30 seconds:</strong> Strict ±100 rating for fair matches</li> <li> <strong>After 30 seconds:</strong> Lenient ±200 rating to prevent long waits</li> </ul> <h3> Step 4: Match Creation with Transactions </h3> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">async</span> <span class="nf">createMatch</span><span class="p">(</span><span class="nx">players</span><span class="p">:</span> <span class="kr">any</span><span class="p">[],</span> <span class="nx">mode</span><span class="p">:</span> <span class="kr">string</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">session</span> <span class="o">=</span> <span class="k">await</span> <span class="k">this</span><span class="p">.</span><span class="nx">queueModel</span><span class="p">.</span><span class="nx">db</span><span class="p">.</span><span class="nf">startSession</span><span class="p">();</span> <span class="nx">session</span><span class="p">.</span><span class="nf">startTransaction</span><span class="p">();</span> <span class="k">try</span> <span class="p">{</span> <span class="c1">// 1. Create match document</span> <span class="kd">const</span> <span class="nx">match</span> <span class="o">=</span> <span class="k">new</span> <span class="k">this</span><span class="p">.</span><span class="nf">matchModel</span><span class="p">({</span> <span class="cm">/* ... */</span> <span class="p">});</span> <span class="k">await</span> <span class="nx">match</span><span class="p">.</span><span class="nf">save</span><span class="p">({</span> <span class="nx">session</span> <span class="p">});</span> <span class="c1">// 2. Remove players from queue</span> <span class="k">await</span> <span class="k">this</span><span class="p">.</span><span class="nx">queueModel</span><span class="p">.</span><span class="nf">deleteMany</span><span class="p">({</span> <span class="na">userId</span><span class="p">:</span> <span class="p">{</span> <span class="na">$in</span><span class="p">:</span> <span class="nx">userIds</span> <span class="p">}</span> <span class="p">},</span> <span class="p">{</span> <span class="nx">session</span> <span class="p">});</span> <span class="c1">// 3. Update user statuses to "in_match"</span> <span class="k">await</span> <span class="k">this</span><span class="p">.</span><span class="nx">userModel</span><span class="p">.</span><span class="nf">updateMany</span><span class="p">({</span> <span class="na">_id</span><span class="p">:</span> <span class="p">{</span> <span class="na">$in</span><span class="p">:</span> <span class="nx">userIds</span> <span class="p">}</span> <span class="p">},</span> <span class="p">{</span> <span class="na">status</span><span class="p">:</span> <span class="nf">encrypt</span><span class="p">(</span><span class="dl">'</span><span class="s1">in_match</span><span class="dl">'</span><span class="p">)</span> <span class="p">},</span> <span class="p">{</span> <span class="nx">session</span> <span class="p">});</span> <span class="c1">// 4. Add to match history</span> <span class="k">await</span> <span class="k">this</span><span class="p">.</span><span class="nx">userModel</span><span class="p">.</span><span class="nf">updateMany</span><span class="p">({</span> <span class="na">_id</span><span class="p">:</span> <span class="p">{</span> <span class="na">$in</span><span class="p">:</span> <span class="nx">userIds</span> <span class="p">}</span> <span class="p">},</span> <span class="p">{</span> <span class="na">$push</span><span class="p">:</span> <span class="p">{</span> <span class="na">matchHistory</span><span class="p">:</span> <span class="nx">match</span><span class="p">.</span><span class="nx">_id</span> <span class="p">}</span> <span class="p">},</span> <span class="p">{</span> <span class="nx">session</span> <span class="p">});</span> <span class="k">await</span> <span class="nx">session</span><span class="p">.</span><span class="nf">commitTransaction</span><span class="p">();</span> <span class="k">return</span> <span class="nx">match</span><span class="p">;</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">error</span><span class="p">)</span> <span class="p">{</span> <span class="k">await</span> <span class="nx">session</span><span class="p">.</span><span class="nf">abortTransaction</span><span class="p">();</span> <span class="k">throw</span> <span class="nx">error</span><span class="p">;</span> <span class="p">}</span> <span class="k">finally</span> <span class="p">{</span> <span class="nx">session</span><span class="p">.</span><span class="nf">endSession</span><span class="p">();</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p><strong>Why Transactions?</strong> Ensures atomicity. Either all operations succeed, or none do. This prevents bugs like:</p> <ul> <li>Player in two matches simultaneously</li> <li>Match created but players still in queue</li> <li>Inconsistent state between collections</li> </ul> <h2> 🎲 ELO Rating System </h2> <p>After a match finishes, we update ratings using the classic ELO algorithm:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="nf">calculateELO</span><span class="p">(</span><span class="nx">winnerRating</span><span class="p">:</span> <span class="kr">number</span><span class="p">,</span> <span class="nx">loserRating</span><span class="p">:</span> <span class="kr">number</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">K</span> <span class="o">=</span> <span class="mi">32</span><span class="p">;</span> <span class="c1">// K-factor (rating change magnitude)</span> <span class="c1">// Expected win probability</span> <span class="kd">const</span> <span class="nx">expectedWinner</span> <span class="o">=</span> <span class="mi">1</span> <span class="o">/</span> <span class="p">(</span><span class="mi">1</span> <span class="o">+</span> <span class="nb">Math</span><span class="p">.</span><span class="nf">pow</span><span class="p">(</span><span class="mi">10</span><span class="p">,</span> <span class="p">(</span><span class="nx">loserRating</span> <span class="o">-</span> <span class="nx">winnerRating</span><span class="p">)</span> <span class="o">/</span> <span class="mi">400</span><span class="p">));</span> <span class="kd">const</span> <span class="nx">expectedLoser</span> <span class="o">=</span> <span class="mi">1</span> <span class="o">/</span> <span class="p">(</span><span class="mi">1</span> <span class="o">+</span> <span class="nb">Math</span><span class="p">.</span><span class="nf">pow</span><span class="p">(</span><span class="mi">10</span><span class="p">,</span> <span class="p">(</span><span class="nx">winnerRating</span> <span class="o">-</span> <span class="nx">loserRating</span><span class="p">)</span> <span class="o">/</span> <span class="mi">400</span><span class="p">));</span> <span class="c1">// Calculate changes</span> <span class="kd">const</span> <span class="nx">winnerChange</span> <span class="o">=</span> <span class="nb">Math</span><span class="p">.</span><span class="nf">round</span><span class="p">(</span><span class="nx">K</span> <span class="o">*</span> <span class="p">(</span><span class="mi">1</span> <span class="o">-</span> <span class="nx">expectedWinner</span><span class="p">));</span> <span class="kd">const</span> <span class="nx">loserChange</span> <span class="o">=</span> <span class="nb">Math</span><span class="p">.</span><span class="nf">round</span><span class="p">(</span><span class="nx">K</span> <span class="o">*</span> <span class="p">(</span><span class="mi">0</span> <span class="o">-</span> <span class="nx">expectedLoser</span><span class="p">));</span> <span class="k">return</span> <span class="p">{</span> <span class="na">newWinnerRating</span><span class="p">:</span> <span class="nx">winnerRating</span> <span class="o">+</span> <span class="nx">winnerChange</span><span class="p">,</span> <span class="na">newLoserRating</span><span class="p">:</span> <span class="nx">loserRating</span> <span class="o">+</span> <span class="nx">loserChange</span><span class="p">,</span> <span class="na">ratingChange</span><span class="p">:</span> <span class="nx">winnerChange</span><span class="p">,</span> <span class="p">};</span> <span class="p">}</span> </code></pre> </div> <p><strong>Example:</strong></p> <ul> <li>Player A (1200) beats Player B (1250)</li> <li>Player A: 1200 → 1225 (+25 points)</li> <li>Player B: 1250 → 1235 (-15 points)</li> </ul> <p>The upset victory gives A more points since B was favored.</p> <h2> 🔐 Security &amp; Performance Features </h2> <h3> 1. Data Encryption </h3> <p>Sensitive fields like <code>region</code> and <code>status</code> are encrypted at rest:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">encrypt</span><span class="p">,</span> <span class="nx">decrypt</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">src/middlewares/encryption/encrypt</span><span class="dl">'</span><span class="p">;</span> <span class="c1">// When saving</span> <span class="kd">const</span> <span class="nx">encryptedRegion</span> <span class="o">=</span> <span class="nf">encrypt</span><span class="p">(</span><span class="nx">region</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">encryptedStatus</span> <span class="o">=</span> <span class="nf">encrypt</span><span class="p">(</span><span class="nx">status</span><span class="p">);</span> <span class="c1">// When reading</span> <span class="kd">const</span> <span class="nx">decryptedRegion</span> <span class="o">=</span> <span class="nf">decrypt</span><span class="p">(</span><span class="nx">user</span><span class="p">.</span><span class="nx">region</span><span class="p">);</span> </code></pre> </div> <h3> 2. Region Validation </h3> <p>We validate region codes to prevent bad data:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nf">isValidCountryCode</span><span class="p">(</span><span class="nx">region</span><span class="p">))</span> <span class="p">{</span> <span class="k">throw</span> <span class="k">new</span> <span class="nc">BadRequestException</span><span class="p">(</span><span class="dl">'</span><span class="s1">Invalid region code</span><span class="dl">'</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <h3> 3. Caching Layer </h3> <p>Frequently accessed user data is cached to reduce database load:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">await</span> <span class="k">this</span><span class="p">.</span><span class="nx">cacheManager</span><span class="p">.</span><span class="nf">set</span><span class="p">(</span> <span class="s2">`user:</span><span class="p">${</span><span class="nx">username</span><span class="p">}</span><span class="s2">`</span><span class="p">,</span> <span class="p">{</span> <span class="nx">id</span><span class="p">,</span> <span class="nx">username</span><span class="p">,</span> <span class="nx">region</span> <span class="p">},</span> <span class="mi">3600</span> <span class="c1">// 1 hour TTL</span> <span class="p">);</span> </code></pre> </div> <h3> 4. Input Validation </h3> <p>Every API endpoint validates inputs:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// Can't join queue if already in a match</span> <span class="k">if </span><span class="p">(</span><span class="nx">decryptedStatus</span> <span class="o">===</span> <span class="dl">"</span><span class="s2">in_match</span><span class="dl">"</span><span class="p">)</span> <span class="p">{</span> <span class="k">throw</span> <span class="k">new</span> <span class="nc">BadRequestException</span><span class="p">(</span><span class="dl">"</span><span class="s2">User is currently in a match</span><span class="dl">"</span><span class="p">);</span> <span class="p">}</span> <span class="c1">// Can't join queue twice</span> <span class="kd">const</span> <span class="nx">alreadyInQueue</span> <span class="o">=</span> <span class="k">await</span> <span class="k">this</span><span class="p">.</span><span class="nx">queueModel</span><span class="p">.</span><span class="nf">findOne</span><span class="p">({</span> <span class="nx">userId</span> <span class="p">});</span> <span class="k">if </span><span class="p">(</span><span class="nx">alreadyInQueue</span><span class="p">)</span> <span class="p">{</span> <span class="k">throw</span> <span class="k">new</span> <span class="nc">BadRequestException</span><span class="p">(</span><span class="dl">"</span><span class="s2">User already in queue</span><span class="dl">"</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <h2> 🛣️ API Endpoints </h2> <h3> User Management </h3> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>POST /users/register # Create new player GET /users/:id # Get player profile </code></pre> </div> <h3> Queue Management </h3> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>POST /queue/join # Join matchmaking queue POST /queue/leave # Leave queue GET /queue/status/:userId # Check queue position </code></pre> </div> <h3> Matchmaking </h3> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>POST /matchmaking/trigger # Manual trigger (testing) GET /matchmaking/queue-stats # Queue statistics </code></pre> </div> <h3> Match Management </h3> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>GET /matches # List all matches (paginated) GET /matches/:id # Get match details GET /matches/active/all # Get active matches GET /matches/history/:userId # User's match history POST /matches/:id/start # Start a match POST /matches/:id/finish # Finish match &amp; update ratings POST /matches/:id/cancel # Cancel match (admin) </code></pre> </div> <h2> 🧪 Testing the System </h2> <h3> Test Scenario: Create a Match </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># 1. Create two players</span> curl <span class="nt">-X</span> POST http://localhost:3000/users/register <span class="se">\</span> <span class="nt">-H</span> <span class="s2">"Content-Type: application/json"</span> <span class="se">\</span> <span class="nt">-d</span> <span class="s1">'{"username":"Alice","region":"NA","status":"idle"}'</span> curl <span class="nt">-X</span> POST http://localhost:3000/users/register <span class="se">\</span> <span class="nt">-H</span> <span class="s2">"Content-Type: application/json"</span> <span class="se">\</span> <span class="nt">-d</span> <span class="s1">'{"username":"Bob","region":"NA","status":"idle"}'</span> <span class="c"># 2. Both join queue</span> curl <span class="nt">-X</span> POST http://localhost:3000/queue/join <span class="se">\</span> <span class="nt">-H</span> <span class="s2">"Content-Type: application/json"</span> <span class="se">\</span> <span class="nt">-d</span> <span class="s1">'{"userId":"ALICE_ID","mode":"1v1"}'</span> curl <span class="nt">-X</span> POST http://localhost:3000/queue/join <span class="se">\</span> <span class="nt">-H</span> <span class="s2">"Content-Type: application/json"</span> <span class="se">\</span> <span class="nt">-d</span> <span class="s1">'{"userId":"BOB_ID","mode":"1v1"}'</span> <span class="c"># 3. Wait 10 seconds (automatic matching)</span> <span class="c"># Check server logs:</span> <span class="c"># 🔍 Starting matchmaking scan...</span> <span class="c"># ✅ MATCH FOUND: Alice (1200) vs Bob (1200)</span> <span class="c"># 🎮 Match created: 65a1b2c3d4e5f6789</span> <span class="c"># 4. Verify match was created</span> curl http://localhost:3000/matches <span class="c"># 5. Start the match</span> curl <span class="nt">-X</span> POST http://localhost:3000/matches/MATCH_ID/start <span class="c"># 6. Finish match (Alice wins)</span> curl <span class="nt">-X</span> POST http://localhost:3000/matches/MATCH_ID/finish <span class="se">\</span> <span class="nt">-H</span> <span class="s2">"Content-Type: application/json"</span> <span class="se">\</span> <span class="nt">-d</span> <span class="s1">'{"winnerId":"ALICE_ID","loserId":"BOB_ID"}'</span> <span class="c"># 7. Check updated ratings</span> curl http://localhost:3000/users/ALICE_ID <span class="c"># Rating: 1225</span> curl http://localhost:3000/users/BOB_ID <span class="c"># Rating: 1185</span> </code></pre> </div> <h2> 🚀 Key Technical Decisions </h2> <h3> Why MongoDB over PostgreSQL? </h3> <ol> <li> <strong>Flexible Schema:</strong> Match results can vary by game mode</li> <li> <strong>Aggregation Pipeline:</strong> Perfect for complex matchmaking queries</li> <li> <strong>Denormalization:</strong> Trade storage for query speed</li> <li> <strong>Horizontal Scaling:</strong> Better for high-concurrency gaming systems</li> </ol> <h3> Why NestJS? </h3> <ol> <li> <strong>Built-in Scheduling:</strong> <code>@Cron</code> decorator for background jobs</li> <li> <strong>Dependency Injection:</strong> Clean, testable architecture</li> <li> <strong>TypeScript:</strong> Type safety for complex algorithms</li> <li> <strong>Mongoose Integration:</strong> Seamless MongoDB ODM</li> </ol> <h3> Why Transactions? </h3> <p>Gaming systems require <strong>strong consistency</strong>. A player can't be in two states simultaneously. Transactions ensure atomic operations across multiple collections.</p> <h2> 📈 Performance Optimizations </h2> <h3> 1. Denormalization </h3> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// Queue stores username and rating directly</span> <span class="c1">// Avoids JOIN operations during matchmaking</span> <span class="p">{</span> <span class="nl">userId</span><span class="p">:</span> <span class="nx">ObjectId</span><span class="p">,</span> <span class="nx">username</span><span class="p">:</span> <span class="dl">"</span><span class="s2">Player1</span><span class="dl">"</span><span class="p">,</span> <span class="c1">// ← Denormalized</span> <span class="nx">rating</span><span class="p">:</span> <span class="mi">1200</span> <span class="c1">// ← Denormalized</span> <span class="p">}</span> </code></pre> </div> <h3> 2. Indexing Strategy </h3> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// Queue collection indexes</span> <span class="nx">queueSchema</span><span class="p">.</span><span class="nf">index</span><span class="p">({</span> <span class="na">region</span><span class="p">:</span> <span class="mi">1</span><span class="p">,</span> <span class="na">mode</span><span class="p">:</span> <span class="mi">1</span><span class="p">,</span> <span class="na">joinedAt</span><span class="p">:</span> <span class="mi">1</span> <span class="p">});</span> <span class="nx">queueSchema</span><span class="p">.</span><span class="nf">index</span><span class="p">({</span> <span class="na">userId</span><span class="p">:</span> <span class="mi">1</span> <span class="p">});</span> <span class="c1">// User collection indexes</span> <span class="nx">userSchema</span><span class="p">.</span><span class="nf">index</span><span class="p">({</span> <span class="na">username</span><span class="p">:</span> <span class="mi">1</span> <span class="p">},</span> <span class="p">{</span> <span class="na">unique</span><span class="p">:</span> <span class="kc">true</span> <span class="p">});</span> <span class="nx">userSchema</span><span class="p">.</span><span class="nf">index</span><span class="p">({</span> <span class="na">region</span><span class="p">:</span> <span class="mi">1</span><span class="p">,</span> <span class="na">rating</span><span class="p">:</span> <span class="mi">1</span> <span class="p">});</span> </code></pre> </div> <h3> 3. Aggregation Pipeline </h3> <p>Single query to get grouped, sorted players:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// Instead of:</span> <span class="c1">// 1. Fetch all players</span> <span class="c1">// 2. Group by region in code</span> <span class="c1">// 3. Sort by join time in code</span> <span class="c1">// We do:</span> <span class="nx">$match</span> <span class="err">→</span> <span class="nx">$sort</span> <span class="err">→</span> <span class="nx">$group</span> <span class="c1">// All in database!</span> </code></pre> </div> <h2> 🎓 What I Learned </h2> <h3> Algorithm Design </h3> <ul> <li>Balancing fairness (skill matching) vs speed (wait times)</li> <li>Implementing gradual tolerance increases</li> <li>FIFO queue management</li> </ul> <h3> System Design </h3> <ul> <li>State machines (idle → searching → in_match → idle)</li> <li>Background job scheduling</li> <li>Atomic operations with transactions</li> </ul> <h3> Database Optimization </h3> <ul> <li>When to denormalize for performance</li> <li>Effective use of aggregation pipelines</li> <li>Strategic indexing for query patterns</li> </ul> <h3> Real-World Trade-offs </h3> <ul> <li>Perfect matches vs reasonable wait times</li> <li>Data consistency vs system complexity</li> <li>Storage cost vs query performance</li> </ul> <h2> 🔮 Future Enhancements </h2> <h3> 1. WebSocket Integration </h3> <p>Real-time notifications when matches are found:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="p">@</span><span class="nd">WebSocketGateway</span><span class="p">()</span> <span class="k">export</span> <span class="kd">class</span> <span class="nc">MatchmakingGateway</span> <span class="p">{</span> <span class="p">@</span><span class="nd">WebSocketServer</span><span class="p">()</span> <span class="nx">server</span><span class="p">:</span> <span class="nx">Server</span><span class="p">;</span> <span class="nf">notifyMatchFound</span><span class="p">(</span><span class="nx">match</span><span class="p">:</span> <span class="nx">Match</span><span class="p">)</span> <span class="p">{</span> <span class="nx">match</span><span class="p">.</span><span class="nx">players</span><span class="p">.</span><span class="nf">forEach</span><span class="p">(</span><span class="nx">player</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">this</span><span class="p">.</span><span class="nx">server</span><span class="p">.</span><span class="nf">to</span><span class="p">(</span><span class="nx">player</span><span class="p">.</span><span class="nx">userId</span><span class="p">).</span><span class="nf">emit</span><span class="p">(</span><span class="dl">'</span><span class="s1">match-found</span><span class="dl">'</span><span class="p">,</span> <span class="nx">match</span><span class="p">);</span> <span class="p">});</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h3> 2. Team-Based Matchmaking </h3> <p>Support for 2v2 and 5v5 modes with team balancing:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">async</span> <span class="nf">find5v5Matches</span><span class="p">()</span> <span class="p">{</span> <span class="c1">// Find 10 players</span> <span class="c1">// Balance teams so sum(team1.ratings) ≈ sum(team2.ratings)</span> <span class="p">}</span> </code></pre> </div> <h3> 3. Regional Fallback </h3> <p>If no match in primary region after 60s, try nearby regions:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">const</span> <span class="nx">REGION_FALLBACKS</span> <span class="o">=</span> <span class="p">{</span> <span class="dl">'</span><span class="s1">NA</span><span class="dl">'</span><span class="p">:</span> <span class="p">[</span><span class="dl">'</span><span class="s1">SA</span><span class="dl">'</span><span class="p">],</span> <span class="dl">'</span><span class="s1">EU</span><span class="dl">'</span><span class="p">:</span> <span class="p">[</span><span class="dl">'</span><span class="s1">ME</span><span class="dl">'</span><span class="p">],</span> <span class="dl">'</span><span class="s1">ASIA</span><span class="dl">'</span><span class="p">:</span> <span class="p">[</span><span class="dl">'</span><span class="s1">OCE</span><span class="dl">'</span><span class="p">]</span> <span class="p">};</span> </code></pre> </div> <h3> 4. Priority Queue </h3> <p>VIP players or those who've waited longest get priority matching.</p> <h3> 5. Anti-Cheat Integration </h3> <p>Track suspicious rating changes, match dodging, etc.</p> <h2> 💡 Key Takeaways </h2> <ol> <li> <strong>Matchmaking is NOT CRUD</strong> - It's algorithm design, state management, and real-time decision making</li> <li> <strong>Transactions are critical</strong> in systems where consistency matters</li> <li> <strong>Denormalization has a place</strong> when query performance is paramount</li> <li> <strong>Background jobs</strong> enable autonomous system behavior</li> <li> <strong>Trade-offs are everywhere</strong> - perfect vs fast, consistency vs availability</li> </ol> <h2> 🛠️ Tech Stack </h2> <ul> <li> <strong>Framework:</strong> NestJS (Node.js)</li> <li> <strong>Database:</strong> MongoDB with Mongoose ODM</li> <li> <strong>Scheduling:</strong> @nestjs/schedule</li> <li> <strong>Caching:</strong> @nestjs/cache-manager</li> <li> <strong>Encryption:</strong> Custom AES encryption middleware</li> <li> <strong>Validation:</strong> class-validator, class-transformer</li> </ul> <h2> 📦 Repository &amp; Installation </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Clone repository</span> git clone https://github.com/Jerry-Khobby/matchmaking-system <span class="c"># Install dependencies</span> npm <span class="nb">install</span> <span class="c"># Set up MongoDB</span> <span class="c"># Update connection string in app.module.ts</span> <span class="c"># Run in development</span> npm run start:dev </code></pre> </div> <h2> 🎯 Conclusion </h2> <p>Building a matchmaking system taught me that backend development goes far beyond CRUD operations. It requires:</p> <ul> <li> <strong>Algorithmic thinking</strong> for pairing logic</li> <li> <strong>System design</strong> for state management</li> <li> <strong>Database optimization</strong> for performance</li> <li> <strong>Error handling</strong> for edge cases</li> </ul> <p>This project demonstrates production-ready backend skills: handling concurrent users, making intelligent automated decisions, and maintaining data consistency in complex scenarios.</p> <p>If you're looking to level up from tutorial projects to <strong>real system design challenges</strong>, building a matchmaking system is an excellent way to do it.</p> <h2> 📚 Resources </h2> <ul> <li><a href="https://docs.nestjs.com" rel="noopener noreferrer">NestJS Documentation</a></li> <li><a href="https://www.mongodb.com/docs/manual/aggregation/" rel="noopener noreferrer">MongoDB Aggregation Pipeline</a></li> <li><a href="https://en.wikipedia.org/wiki/Elo_rating_system" rel="noopener noreferrer">ELO Rating System Explained</a></li> <li><a href="https://www.mongodb.com/docs/manual/core/transactions/" rel="noopener noreferrer">Transaction Best Practices</a></li> </ul> <p><strong>Questions or suggestions?</strong> Drop a comment below! I'd love to discuss system design trade-offs and algorithm optimizations.</p> <p><strong>Found this helpful?</strong> Share it with other developers building real-world backend systems! 🚀</p> <p><em>Tags: #NestJS #MongoDB #SystemDesign #Backend #Gaming #Algorithms #NodeJS #TypeScript</em></p> nestjs mongodb nextjs backend