DEV Community: Vishw Patel

99% of developers Don't Get Sockets

Vishw Patel — Mon, 28 Apr 2025 16:21:57 +0000

99% of developers don't get sockets.

What actually is a socket?

You've probably seen electrical sockets, but I'm referring to a completely different kind of socket in the software industry or computer science universe.

Some ideas, such as sockets, anonymous pipes, file descriptors, etc., are just not adequately represented by us. Most developers' conceptions of these ideas end up being vague, wavy creations. Additionally, there are numerous other ideas and phrases that require attention and are not presented in nearly enough detail. I will thus give you a brief overview of sockets and explain what you need to know about them in this post. So, the next time someone asks you these questions, could you tell me what a socket is, how TCP or UDP uses sockets, and which OSI model layer sockets work in? You won't be at a loss for ideas.

It is always best to begin with a specific response to the query, "What are sockets?" Essentially, sockets are an abstraction that operating systems give to allow for communication between several processes on the same machine or over a network. In a two-way communication channel, they serve as endpoints. Therefore, each side of a connection will construct a socket when two machines or two apps need to communicate with one another via the internet or a local network. Additionally, a "socket" is basically a software construct that encapsulates a combination of an IP address, a port number, and a protocol, such as TCP or UDP. This combination is used by the operating system to properly route messages. It can be compared to a telephone.

The IP address and port are like the phone number and extension, while a socket represents the phone. To create a connection, the two sides need to dial each other appropriately. Maybe you've heard of the OSI model, but you're wondering how sockets fit into it. The OSI model, a conceptual framework for network system communication, is where sockets should be placed in order to comprehend them in context.

In the OSI model, sockets mostly function at the transport layer, often known as layer 4. The socket API is called by the application layer, often known as layer 7, such as your web browser or a back-end service, requesting that it send or receive data. After adding some headers and wrapping the data into TCP or UDP segments, the socket forwards it to the network layer or layer 3, which handles IP routing.

Thus, sockets hide developers from the intricacies of routing, packet fragmentation, retransmission, etc., and offer a clear interface between application logic and the underlying network stack. Alright, but before you can truly comprehend sockets, you must be aware that there are two primary types of sockets: TCP and UDP.

Transmission control protocol sockets, or TCP sockets, are connection-oriented and offer dependable, error-checked, and ordered data transfer. A three-way handshake involving the exchange of SIN and ACT packets is carried out to establish the connection before data is delivered. This ensures that both parties are prepared, and TCP is perfect for applications like file transfers, database access, and web browsing since it guarantees that packets will arrive in the correct order and without duplication.

On the other hand, the user datagram protocol, or UDP, is unreliable and connectionless. Without a handshake, it merely sends datagrams to the target IP and port. Delivery, ordering, and integrity are not guaranteed. But as a result, it's much lighter and faster, which makes it perfect for real-time applications where speed is more important than dependability, like streaming videos.

Sockets have a defined life cycle on the server side. The first step is to create a listening socket that is connected to a particular IP address and port. This socket waits for incoming client connections rather than communicating directly.

A new socket instance is created specifically for the client after the server accepts a connection made by the client, and the existing socket keeps listening for more requests. This new socket serves as the conduit for all correspondence with that particular client. And because of this, a server may manage numerous clients at once, each with its own socket.

Multi-threading or multi-processing, in which every client connection is controlled by a different thread or process, is usually used to handle this in synchronous settings. Although this strategy is simple and effective for a limited number of connections, it is not scalable. Every thread has overhead associated with context switching and memory consumption. Additionally, the performance rapidly deteriorates as the number of concurrent sockets increases because of resource fatigue and contention. Techniques like non-blocking IO or event-driven architectures are used to overcome this issue in high performance systems like message brokers, multiplayer gaming servers, and real-time APIs.

These methods enable the simultaneous management of thousands of open sockets by a single thread or a small group of threads. System functions like select, pull, or even more scalable options like e-pole on Linux or KQ on BSD or Mac OS are used to do this. These methods alert the application only when certain sockets are prepared for reading or writing.

By preventing idle waiting or redundant pulling, these event notification systems significantly lower CPU consumption and latency, which is why they are the cornerstone of frameworks like Engine X, Node.js, and Async.io.

The client establishes a socket and connects to the IP address and port of the server. This starts the three-way handshake if TCP is being used. Like working with a file, the client can write to and read from the socket once it is connected. Sockets can actually be used with standard system calls like read and write since they are regarded as file descriptors on Unix-like platforms. To refresh your memory, a file descriptor is essentially an entry that the operating system creates to represent a file and keep information about it when it is opened. Therefore, there will be ten entries in the kernel for every ten files that are open in your operating system. And these entries are nothing, but simple integers called file descriptions.

In exactly the same way, an integer is also used to represent opening a network socket. The socket descriptor in this instance. In order to free up system resources and stop memory leaks, both the client and the server are expected to shut the socket after the conversation is over. Resource fatigue may result from any incorrectly closed sockets, particularly on servers that are busy. Interesting peculiarities pertaining to socket internals and states are also present. As a result, the system keeps a state machine for every connection to TCP sockets.

LISTEN, SIN-SENT, SIN-RECIEVED, ESTABLISHED, FIN-WAIT-1, TIME-WAIT, and CLOSE-WAIT are a few of the common states. Additionally, these states correspond to different stages of connection setup, upkeep, and disassembly. To prevent delayed packets from an old connection from being mistakenly regarded as belonging to a new one, the TIME-WAIT status, for example, is used. Additionally, understanding these stages is essential for detecting problems that frequently afflict servers or high concurrency applications, such as port exhaustion or socket leakage. However, how does the operating system handle socket uniqueness and port numbers in practice?

A five-tuple consisting of the protocol, source IP, source port, destination IP, and destination port uniquely identifies each socket. Additionally, even when several connections are communicating to the same remote server and port at the same time, this combination enables the OS to discern between them.

For instance, the OS will allocate a distinct source port to each of the browser tabs connected to example.com:443 so that the client and server can distinguish between those sessions. One machine can have hundreds of open connections to various or even identical distant services thanks to this mechanism. However, network communication is the main topic of socket debates.

Unix domain sockets, or UDS, are another significant form, such as TCP or UDP over IP. Network sockets are not what these are. On the same host, they are employed for inter-process communication, or IPC. Thus, UDS employs a file path on the file system in place of an IP address and port. For instance, the address might be /temp/app.sock. Since they completely avoid the network stack and don't require any IP routing or protocol overhead, they are significantly faster than network sockets.

When efficiency and security are crucial, UDS is frequently used by default for local client-server communication in programs like Postgres SQL and Redis, which you are most likely already familiar with. However, it's crucial to remember that sockets are by nature unsafe. And the reason for this is that, unless specifically encrypted, they send raw data. TLS, or transport layer security, is typically used to provide secure socket connection. An existing socket connection is wrapped with TLS, which guarantees that any data transmitted over it is encrypted and verified. For instance, the SSL module in Python offers the ability to encapsulate a plain socket in TLS. For apps that send sensitive data, such as passwords, financial transactions, private user information, etc., this is crucial.

Man-in-the-middle attacks and packet sniffing can target any unconfigured or raw sockets that do not employ TLS. There is socket-based connectivity everywhere. Popular protocols for service-to-service communication include gRPC over HTTP2, which is likewise TCP based, and restful APIs over HTTP, which employ TCP sockets. Socket level routing and traffic shaping are controlled by service meshes like ISTTO and load balancers like EngineX or Envoy. For ultra-low latency communication, engineers occasionally construct proprietary binary protocols over raw TCP or UDP connections in high performance systems. Sockets behind the hood are used by technologies such as CFKA, Redis, and Cassandra to distribute data among nodes.

You should at least be able to explain what a socket is for a very good reason. In actuality, sockets constitute the cornerstone of contemporary work computers. Sockets are used to communicate data across the wire whenever you send an email, stream a video, view a web page, or use a mobile application.

Gaining a thorough understanding of socket operation as a developer allows you to manage the security and performance of network connection. It also lets you optimize communication protocols, solve complicated problems, and create scalable back-end systems. You will be much more successful if you have a firm understanding of sockets. if this article taught you something new. Post a remark and a like.

Keep learning and keep growing.

Mastering Authentication in MERN Stack Apps with JWT

Vishw Patel — Thu, 24 Apr 2025 15:50:52 +0000

Mastering Authentication in MERN Stack Apps with JWT

In this tutorial, we will focus on implementing JWT Authentication in a MERN stack application. JWT is a popular and efficient way to handle user authentication in modern web apps. By the end of this tutorial, you will be able to set up user registration, login, and secure routes using JWT.

What is JWT?

JWT (JSON Web Token) is an open standard (RFC 7519) that defines a compact and self-contained way to securely transmit information between parties as a JSON object. This information stored as JWT is digitally signed. That means information can be verified that it is not tempered and from original source. Because of JWT is self-signatured, this token is widely used for authentication and information exchange in web applications.

Benefits of Using JWT

Stateless Authentication: JWT is stateless, meaning you don’t need to store session information on the server.
Secure: JWT tokens can be signed and optionally encrypted, providing security and integrity of data.
Scalable: Since JWT is stateless, it is ideal for scaling applications across multiple servers.

How JWT Works

Client Logs In: The user provides their credentials (username and password) to the server.
Server Validates Credentials: The server validates the credentials against the database.
JWT Creation: If the credentials are correct, the server generates a JWT token that contains user information (typically, user ID and other claims).
Client Receives Token: The client stores the token (usually in local storage or cookies) and includes it in the Authorization header of future requests.
Token Validation: On every API call, the server validates the token to check if the user is authenticated.

Project Setup

To get started, let's create a basic MERN stack application with MongoDB, Express.js, React.js, and Node.js. This will include user registration and login functionality.

First, initialize the Node.js app:

We can initialize node application using npm init and it initializes a project by generating a package.json file, which contains metadata about the project, such as its name, version, description, main file, scripts, author, license, and dependencies.

When you run npm init in a terminal, it prompts you with a series of questions to gather information about your project. You can either provide specific answers or press enter to accept the default values.

mkdir mern-jwt-auth
cd mern-jwt-auth
npm init -y

After initializing project, we need to add some dependencies which we will use on our example. We are using express for server, mongoose as ODM (Object Data Modeling) library for MongoDB, jsonwebtoken for generating and verifying JWT tokens, bcryptjs for encryption, dotenv for accessing environment variables.

Install the required dependencies:

npm install express mongoose jsonwebtoken bcryptjs dotenv cors
npm install --save-dev nodemon

Note: We are adding nodemon as dev dependency, So , we do noyt have to re-run our server every time when we changes something. It will be automatically handled by nodemon.

Set up your backend structure like so:

backend/
  ├── config/
  ├── controllers/
  ├── middleware/
  ├── models/
  ├── routes/
  └── server.js

It is self-explanatory that all controllers are in controllers folder/directory, middleware are in middleware folder/directory and so on for models and routes also.

Let's start creating our first model using mongoose. Models are nothing but logical structure of database schema/structure.

Creating the User Model

In the models folder, create a User.js file with the following code to define the User schema:

const mongoose = require('mongoose');
const bcrypt = require('bcryptjs');

const userSchema = new mongoose.Schema({
  name: {
    type: String,
    required: true,
  },
  email: {
    type: String,
    required: true,
    unique: true,
  },
  password: {
    type: String,
    required: true,
  },
});

// Hash the password before saving to the database
userSchema.pre('save', async function (next) {
  if (!this.isModified('password')) return next();
  this.password = await bcrypt.hash(this.password, 10);
  next();
});

const User = mongoose.model('User', userSchema);
module.exports = User;

Explaining the Model Structure

User Schema: We define the User schema using Mongoose, which allows us to model our MongoDB data. The schema defines the structure of the documents we store in the database. For instance, the name, email, and password fields are crucial for our authentication process.
Email as Unique: We ensure the email field is unique so that no two users can register with the same email address. This is important for preventing conflicts during the authentication process and ensures each user is identified by a unique email.
Hashing the Password: We use bcryptjs to hash the user's password before saving it to the database. This is done in the pre('save') hook, which is executed before the user document is saved to the database. Why Hash? Storing passwords as plain text is highly insecure. Hashing ensures that even if the database is compromised, the actual passwords remain unreadable.
Why this.isModified('password')?: This check ensures that we only hash the password when it is newly created or updated, avoiding unnecessary hashing if the password hasn't changed.

If you are not familiar with mongoose schema you can check it official documentation. Below is working link of its documentation while I am writing this blog.

Mongoose Documentation : Mongoose Documentation

Register and Login Routes

Now, let’s set up the registration and login routes. We can consider routes are endpoint of rest api. These routes will handle user registration and authentication. In the routes folder, create a authRoutes.js file:

const express = require('express');
const bcrypt = require('bcryptjs');
const jwt = require('jsonwebtoken');
const User = require('../models/User');

const router = express.Router();

// Register user
router.post('/register', async (req, res) => {
  const { name, email, password } = req.body;
  const userExists = await User.findOne({ email });
  if (userExists) return res.status(400).json({ msg: 'User already exists' });

  const user = new User({ name, email, password });
  await user.save();
  res.json({ msg: 'User registered successfully' });
});

// Login user
router.post('/login', async (req, res) => {
  const { email, password } = req.body;
  const user = await User.findOne({ email });
  if (!user) return res.status(400).json({ msg: 'User does not exist' });

  const isMatch = await bcrypt.compare(password, user.password);
  if (!isMatch) return res.status(400).json({ msg: 'Invalid credentials' });

  const token = jwt.sign({ id: user._id }, process.env.JWT_SECRET, { expiresIn: '1h' });
  res.json({ token });
});

module.exports = router;

Steps of JWT authentication

Register Route: First, we check if the user already exists using User.findOne({ email }). This prevents multiple users from registering with the same email address. If the email already exists, we return an error message.
Login Route: After validating the email, we use bcryptjs to compare the provided password with the hashed password stored in the database. If the password is incorrect, we return an error.
JWT Generation: Once the user’s credentials are validated, we create a JWT token using jwt.sign(). The id of the user is included in the token's payload, allowing the server to identify the user on subsequent requests.
Why Use JWT? JWT allows us to create stateless sessions. Once the user logs in, they receive a token, which can be stored on the client side (usually in local storage or cookies). The server doesn’t need to remember anything about the user between requests, making this approach scalable and efficient.

Middleware for Protecting Routes

Middleware refers to functions that process requests before reaching the route handlers. These functions can modify the request and response objects, end the request-response cycle, or call the next middleware function. Middleware functions are executed in the order they are defined.

Below image shows how middleware works.

Now back to our authentication part.

To protect certain routes and ensure only authenticated users can access them, create a authMiddleware.js file in the middleware folder:

const jwt = require('jsonwebtoken');

const authMiddleware = (req, res, next) => {
  const token = req.header('Authorization')?.split(' ')[1];
  if (!token) return res.status(401).json({ msg: 'No token, authorization denied' });

  try {
    const decoded = jwt.verify(token, process.env.JWT_SECRET);
    req.user = decoded;
    next();
  } catch (err) {
    res.status(400).json({ msg: 'Token is not valid' });
  }
};

module.exports = authMiddleware;

Why Middleware?

The authMiddleware function intercepts incoming requests to protected routes, checks for a valid JWT in the Authorization header, and decodes the token to verify the user’s identity. If the token is missing or invalid, the middleware returns an error.

By using this middleware, we ensure that only authenticated users can access protected routes, like viewing or updating their profile.

Frontend Setup with React

On the frontend, we'll use React to handle user registration and login forms. The Axios library will be used to make API requests to our backend.

First, install Axios:

npm install axios

Then, create a login.js component to handle login and save the token to localStorage:

import React, { useState } from 'react';
import axios from 'axios';

const Login = () => {
  const [email, setEmail] = useState('');
  const [password, setPassword] = useState('');

  const handleLogin = async () => {
    try {
      const response = await axios.post('http://localhost:5000/api/auth/login', { email, password });
      localStorage.setItem('token', response.data.token);
    } catch (err) {
      console.error('Error logging in', err);
    }
  };

  return (
    <div>
      <input type='email' value={email} onChange={(e) => setEmail(e.target.value)} placeholder='Email' />
      <input type='password' value={password} onChange={(e) => setPassword(e.target.value)} placeholder='Password' />
      <button onClick={handleLogin}>Login</button>
    </div>
  );
};

export default Login;

Conclusion

JWT authentication is a simple, effective, and scalable method to handle user authentication in modern web applications. By following this guide, you’ve learned how to implement JWT-based authentication in your MERN stack application. You can expand on this by adding features such as user roles, refresh tokens, and token expiration handling.

Keep Learning and keep growing!

How to implement Rate limiting in Dot net.

Vishw Patel — Wed, 23 Apr 2025 17:35:11 +0000

In this article, we go through on topics listed as what is rate limiting, how to implement it in Dot net with simple approach, problem in simple approach, implement it as production ready solution.

We are going to address the following topics:

Introduction to Rate Limiting
Project Setup
Register Redis Connection
Create Middleware for Rate limiting
Register middleware
Run the Application and Check

Introduction to Rate Limiting

Rate limitation refers to a method that limits the quantity of incoming requests that a server receives within a given time frame. The purpose of implementing this is to guarantee the availability, stability, and security of the API. API providers can avoid misuse, lower the chance of server overload, and ensure consistent performance for all users by capping the rate of queries. These are a few important rate-limiting factors.

Thresholds: Generally, rate restrictions are expressed as the maximum number of requests that are permitted in a given amount of time,
e.g., "100 requests per minute" or "10,000 requests per day."
Client Identification: Different identities, including IP addresses, API keys, user accounts, and other tokens, can be used to apply rate limits.
Types of Rate Limiting:

User-based rate limiting: This technique applies limits to individual users or accounts so that no user is able to send more requests than is permitted.
IP-based rate limiting: By applying limits according to the IP address of the client, it is possible to keep a single IP from overloading the server.
Application-based rate limiting: This feature allows you to differentiate between various applications that use the API by enforcing limits depending on the API key.

When a client exceeds the allowed rate, the server typically responds with an HTTP status code, such as 429 Too Many Requests.

The response often includes information about the limit, the time until the limit resets, and guidance on how to retry the request.

Project Setup

Create a new ASP.NET Core MVC 7 project or Web Api project, using Visual Studio or VSCode or any text editor.

dotnet new mvc -n RateLimitingDemo
cd RateLimitingDemo

After creating the project, required packages must be downloaded. So, Add following NuGet packages.

Microsoft.Extensions.Caching.StackExchangeRedis
StackExchange.Redis

dotnet add package Microsoft.Extensions.Caching.StackExchangeRedis
dotnet add package StackExchange.Redis

Register Redis Connection

Before Going any further be sure your redis server is running.

To start the Redis server, simply run the redis-server command in your terminal. This will start the server with default configurations:

redis-server

You should see the server starting up and a log of activities indicating that it is ready to accept connections.

Open another terminal window to interact with the Redis server using the Redis Command Line Interface (CLI):

redis-cli

Now check server is responding or not by ping Command.

PING

PING Returns PONG This command is useful for:

Testing whether a connection is still alive.
Verifying the server's ability to serve data - an error is returned when this isn't the case (e.g., during load from persistence or accessing a stale replica).
Measuring latency.

If Redis is configured correctly and running fine then we can jump onto next steps:

Add connection string of Redis in appSettings.json file.

{
  "Redis": {
    "ConnectionString": "localhost:6379"
  }
}

Now Configure Redis in Program.cs

//...

builder.Services.AddStackExchangeRedisCache(options =>
{
options.Configuration = builder.Configuration.GetSection("Redis"["ConnectionString"];});
//...

Create Middleware for Rate limiting

Right Click on your Project RateLimitingDemo and click on Add and then Add Folder.Rename that newly created folder from NewFolder to Middlewares.

After renaming right click on middlewares folder and add New Item, set its name as RateLimitingMiddleware.

Every middleware in dotnet has Request Delegate as member and has to implement InvokeAsyncmethod.

public class RateLimitingMiddleware
{
 private readonly RequestDelegate _next;
 public RateLimitingMiddleware(RequestDelegate next)
 {
     _next = next;
 }
 public async Task InvokeAsync(HttpContext context)
 {
    // do something 
     await _next(context);
 }

Don't forget to add _next() method , If _next() method is not there then request is not propagating to respective controller and that leads to request being stuck.

For this case we will do as follow in middleware:

Get Ip of request.
checks Requests ang get Request count from Redis of this Ip.
if Request count reaches the max limit than we give response 429 too many requests.
remove Requests than are older than our window size. i.e. time limit.
Now, Add new Request in Redis.

using Microsoft.Extensions.Caching.Distributed;
using System.Text.Json;

public class RateLimitingMiddleware
{
 private readonly RequestDelegate _next;
 private readonly IDistributedCache _cache;
 private readonly int _maxRequests;
 private readonly TimeSpan _windowSize;

 public RateLimitingMiddleware(RequestDelegate next, IDistributedCache cache)
 {
     _next = next;
     _cache = cache;
     _maxRequests = 10; // Set your max requests
     _windowSize = TimeSpan.FromMinutes(1); // Set your sliding window size
 }

 public async Task InvokeAsync(HttpContext context)
 {
     var key = $"ratelimit:{context.Connection.RemoteIpAddress}";

     var currentRequestCount = await GetRequestCountAsync(key); 
//we will implement this method for Now Assume it gives request count
     if (currentRequestCount >= _maxRequests)
     {
         context.Response.StatusCode = StatusCodes.Status429TooManyRequests;
         await context.Response.WriteAsync("Rate limit exceeded. Try again later.");
         return;
     }
     await IncrementRequestCountAsync(key);
     //we will implement this method for Now Assume it increment request count
     await _next(context);
 }

Method GetRequestCountAsync takes string key as parameter. this method then check Redis for Requests for this key. If gets any Request than returns request count else returns 0.

private async Task<int> GetRequestCountAsync(string key)
 {
     var cacheValue = await _cache.GetStringAsync(key);
     if (cacheValue == null)
     {
         return 0;
     }

     var requestLog = JsonSerializer.Deserialize<List<long>>(cacheValue);
     var currentTime = DateTimeOffset.UtcNow.ToUnixTimeSeconds();
     requestLog = requestLog.Where(timestamp => timestamp > currentTime - _windowSize.TotalSeconds).ToList();

     await _cache.SetStringAsync(key, JsonSerializer.Serialize(requestLog), new DistributedCacheEntryOptions
     {
         SlidingExpiration = _windowSize
     });

     return requestLog.Count;
 }

Method IncrementRequestCountAsync takes string key as parameter.

this method calls GetRequestCountAsync method and checks if there is Requests then add new request in it. else create new Request list.

private async Task IncrementRequestCountAsync(string key)
 {
     var cacheValue = await _cache.GetStringAsync(key);
     var requestLog = cacheValue == null ? new List<long>() : JsonSerializer.Deserialize<List<long>>(cacheValue);

     requestLog.Add(DateTimeOffset.UtcNow.ToUnixTimeSeconds());

     await _cache.SetStringAsync(key, JsonSerializer.Serialize(requestLog), new DistributedCacheEntryOptions
     {
         SlidingExpiration = _windowSize
     });
 }

Our RateLimitingMiddleware with all functions implemented looks like this.

using Microsoft.Extensions.Caching.Distributed;
using System.Text.Json;

public class RateLimitingMiddleware
{
 private readonly RequestDelegate _next;
 private readonly IDistributedCache _cache;
 private readonly int _maxRequests;
 private readonly TimeSpan _windowSize;

 public RateLimitingMiddleware(RequestDelegate next, IDistributedCache cache)
 {
     _next = next;
     _cache = cache;
     _maxRequests = 10; // Set your max requests
     _windowSize = TimeSpan.FromMinutes(1); // Set your sliding window size
 }

 public async Task InvokeAsync(HttpContext context)
 {
     var key = $"ratelimit:{context.Connection.RemoteIpAddress}";

     var currentRequestCount = await GetRequestCountAsync(key);

     if (currentRequestCount >= _maxRequests)
     {
         context.Response.StatusCode = StatusCodes.Status429TooManyRequests;
         await context.Response.WriteAsync("Rate limit exceeded. Try again later.");
         return;
     }

     await IncrementRequestCountAsync(key);
     await _next(context);
 }

 private async Task<int> GetRequestCountAsync(string key)
 {
     var cacheValue = await _cache.GetStringAsync(key);
     if (cacheValue == null)
     {
         return 0;
     }

     var requestLog = JsonSerializer.Deserialize<List<long>>(cacheValue);
     var currentTime = DateTimeOffset.UtcNow.ToUnixTimeSeconds();
     requestLog = requestLog.Where(timestamp => timestamp > currentTime - _windowSize.TotalSeconds).ToList();

     await _cache.SetStringAsync(key, JsonSerializer.Serialize(requestLog), new DistributedCacheEntryOptions
     {
         SlidingExpiration = _windowSize
     });

     return requestLog.Count;
 }

 private async Task IncrementRequestCountAsync(string key)
 {
     var cacheValue = await _cache.GetStringAsync(key);
     var requestLog = cacheValue == null ? new List<long>() : JsonSerializer.Deserialize<List<long>>(cacheValue);

     requestLog.Add(DateTimeOffset.UtcNow.ToUnixTimeSeconds());

     await _cache.SetStringAsync(key, JsonSerializer.Serialize(requestLog), new DistributedCacheEntryOptions
     {
         SlidingExpiration = _windowSize
     });
 }
}

Register middleware

Now ,It is time to add this Register in Program.cs.
Add app. UseMiddleware(); in program.cs.

//...

app.UseMiddleware<RateLimitingMiddleware>();

//...

Run the Application and Check

Set _maxRequests to lower values like 3 or 5 for checking in middleware.

Now, Run the Application

dotnet run

You can use tools like Postman or cURL to send multiple requests and verify that after the limit is reached, the server responds with a 429 status code.

This setup ensures that each IP address is limited to a certain number of requests within a specified sliding window timeframe using Redis for distributed caching. The middleware tracks request timestamps and enforces the rate limit by checking and updating these timestamps in Redis.

Conclusion

In conclusion, rate limitation is essential for controlling API traffic, assuring equitable use, and guarding against overloads and exploitation of the system. It is responsible for preserving the API service's performance and dependability high.

Scaling the Viral App: The Emotional Rollercoaster of Taming Traffic with Consistent Hashing

Vishw Patel — Sun, 01 Dec 2024 09:43:10 +0000

In this article, we’ll walk through the technical journey of scaling a viral app, facing the challenges of explosive growth, and a range of approaches to scaling your infrastructure and managing traffic effectively.

By the end of this article, you’ll understand how to solve the complex problem of data distribution and server scaling when dealing with massive, unpredictable traffic. Let’s dive in!

The Calm Before the Chaos

Picture this: after months of relentless effort, your app, a platform for sharing short, funny videos, has finally launched. It’s your dream come true.

The first six month is steady. A few thousand downloads trickle in, users love the app, and everything runs smoothly. The server hums along like a well-oiled machine. Life is good.

Then, the unimaginable happens. A very influential and powerful celebrity, Melon Musk, stumbles upon your app, shares a video, and in a matter of hours, your app becomes the hottest thing on the internet.

Downloads skyrocket. Millions of users sign up overnight, uploading videos, liking, and commenting at a pace you never anticipated. You are on cloud nine. Your servers, though, are not celebrating—they're struggling, then failing. Boom. The app is down.

You’re no longer living the dream. You’re in a nightmare.

The First Fix: Peace Before the Storm

Desperate to bring your app back online, you gather your team. After some time, the issue is spotted. The issue is clear: your database server simply cannot handle the flood of requests.

What is the first and fastest solution? Make the server bigger. You decide to scale your server vertically.

You upgrade everything: CPU, memory, storage. Now, the server is more powerful and fast. After a night of frantic work, the app is back. The users are happy. Problem solved. Life is at peace? Not quite.

Two days later, traffic doubles again. The server, despite its upgrades, crashes under the relentless load. You realize you’ve hit the limits of vertical scaling.

Why Vertical Scaling Fails

Hardware Limits: No matter how powerful, a single server has a ceiling.
Cost: Upgrading to high-end hardware is prohibitively expensive.
Single Point of Failure: One server means one failure point. If it goes down, your entire app goes offline.

You need a more robust solution.

A Bold Step Forward: Dividing the Load

It’s time to think differently. Your team suggests horizontal scaling: instead of relying on a single powerful server, distribute the load across multiple smaller servers.

Each server will handle a portion of the data, reducing the burden on any one machine.

You think about implement this, and for a while, it seems like a breakthrough.

New Problems, New Mysteries

Horizontal Scaling is promising solution. But it also introduces new challenges as traffic grows. In which server data is stored? as we have now multiple instances of server. In which cluster a particular user's data is stored?

Imagine a user uploads a video. Which server should store it? Later, when someone wants to watch it, how will your system know where to look?

Your team tries a Simple and easy approach.

The Brute Force Method

You decided to use a brute force approach and successfully scaled your server vertically. However, within hours, you received complaints that your app was very slow. This time you know the issue as each server is searched until the data is found. While this approach is simple, it doesn't scale. As the number of servers grows, the time required to locate the data becomes unbearably long, leading to user complaints about slow performance.

Clearly, brute force isn’t the answer. You need a smarter way to decide where data belongs.

Hashing: A Glimmer of Hope

You need a way to store data distributed across multiple servers and also able to find that without searching every server.
For that you need to know which server to store the data and where to get the server when read operation.

Your team proposes to use a mathematical function to organize data. It is simple math function that takes data and output the server number where data need to be stored.

You came up with basic math function : Modulus.

How It works:
Suppose you have three servers and this modulus function transforms a key (like a userId or VideoId) into number. That number is used to decide which server stores the data.

Example:

You have three servers: Server0, Server1, and Server2.
A video ID is mapped to a value, e.g., hash(5) = Server2.To decide the server, use 5 % 3 = 2. The data is stored on Server Server0.

Below table depicts which data is mapped to which table.

When you need the data, get the server by using the key and modulus function again and go directly to the correct server. No more searching through every server!

Now this seems propitious, and you proceed to launch this on live. But, after this many emotional roller-coaster you are ready for something bad. However, this time everything is perfect, not any issue.

A month passed and fortunately, everything is going smoothly. Your app continues to grow steadily, with new users joining at a consistent rate. It’s also gaining more popularity, and the average time users spend on the app is steadily increasing. Things are looking promising, and the future holds even more potential.

is this calm before storm?

The Growth Dilemma: More Servers, More Problems

As your app continues to grow, you realize you need to add another server. But this brings an unexpected problem.

What Happens When You Add a Server?

The hash function is based on the number of servers. Adding a new server changes the total, which means every hash value changes. Data previously stored on Server2 might now belong on Server0.

Example:

When you previously have three servers: Server0, Server1, and Server2.
A video ID is hashed to produce a value, e.g., hash(5) = Server2.
To decide the server, use 5 % 3 = 2. The data is stored on Server Server0.

Now you have four servers: Server0, Server1, Server2, Server3.
A video with Id 5 is previously mapped to 5%3 = 2.
But, Now , that same video with Id 5 is mapped to 5%4 = 1.

That means data with video Id 5 need to move to Server1.

Adding server leads to inconsistent data across servers. For our case more than 80% of data is in wrong server. So, we have to move data to its relevant server. This process is chaotic, slow, and prone to errors.

By every time new server is added or removed, we have to move our data to its relevant server and this process is time consuming and can risk of data loss.

So, we need some better approach that way our functions output keeps consistent irrespective of number of servers. We need to change modulus function to some other consistent function and also need to consider that moving of data should be minimal.

Consistent Hashing: The Turning Point

Now, you need a function that maps an input to an output and consistently produces the same output for the same input. Does that sound familiar? Yes, you’re right—we need a hash function, such as MD5 or SHA.

So, the problem of changing outputs with changes in the number of servers is solved. But now, a new question arises: how do we manage the addition or removal of nodes while ensuring minimal data movement?

You team came up with an idea- Consistent hashing.

Consider a system where the hash ring ranges from 0 to 1023, and four servers—server0, server1, server2, and server3—are already present. Their positions on the hash ring might look like this after applying the hash function:

server0 → Position 100
server1 → Position 300
server2 → Position 600
server3 → Position 900

Data is also hashed and placed on the ring. For example:
dataA → Position 150 → Stored on server1 (next clockwise server)
dataB → Position 700 → Stored on server3
dataC → Position 50 → Stored on server0.

We can represent that as array.

server0	server1	server2	server3
100	300	600	900

How to add a new server

If you need a new server, we need Its position in ring and data that needs to be moved in new server. No need to move almost all the data.

Suppose new server Server4 is added then.

Hash new server Server4 For example, Hash(Server4) = 200.
Moves corresponding data to new server.

server0	server4	server1	server2	server3
100	200	300	600	900

Can you see a problem in it?

At first glance, it seems like all things are perfect and there is not any problem with consistent hashing. But there is one. We give our main control to hashing function which basically is pseudo-random function. So, we do not have any control over it, and it can generate new server's position such that it is not impacting any performance improvement.

Suppose server3 is overloaded and nearing a red zone where it risks going down, you try to add a new server, but hash function places it at 1000.It is impact less. It should be added between 600 and 900.So we can balance load.

If there is a problem, then there is a solution also.

The problem with hash function is its randomness, it is needed for data but for server we cannot rely on it as it can be insignificant as we see in above example.

Our server location is already stored in array. Can't you modify it and add or remove server as we need. Yes, you can. Now, control is again on your hand.

We can add or remove server exactly where it needed.

server0	server4	server1	server2	server5	server3
100	200	300	600	700	900

Scaling Without Tears

Now whole scaling problem narrow downs to simple hashing and array problem.

Adding or removing servers becomes seamless with consistent hashing.

When a server is added, only data in its immediate range is moved.
When a server is removed, its data is distributed among its neighbors.
This makes scaling fast, efficient, and error-free.

What’s Next? Comments, Feedback, and Reviews

I love to hear your thoughts on this topic. Have you faced similar scaling challenges in your apps? How did you overcome them, and how do you see consistent hashing fitting into your solutions? Feel free to share your experiences in the comments below or leave a review. Your feedback helps me keep improving the content and ensure that I am providing value to the community.

Conclusion: A Scalable Future

Consistent hashing isn’t just an optimization; it’s a mindset. It’s about building systems that adapt gracefully to growth and change.

Your viral app, once brought to its knees by traffic, is now ready for anything the internet throws at it. With consistent hashing, you’ve turned chaos into order and laid the foundation for a truly scalable platform.

And who knows? With these tools, your next big idea might just be the next viral sensation.

Keep learning, keep growing.

Why Every Local Business Needs a Professional Website

Vishw Patel — Wed, 13 Nov 2024 17:40:24 +0000

In today’s fast-paced, digital-first world, having a strong online presence is no longer a luxury for local businesses — it's a necessity. A professional website serves as the cornerstone of your online identity, acting as your digital storefront that never closes. Whether you're a small boutique, a local restaurant, or an independent service provider, a website offers countless benefits that can help you attract new customers, retain existing ones, and grow your business. In this blog post, we will delve into why every local business needs a professional website, focusing on the importance of an online presence and how a website can help you stay competitive in today’s market.

1. Builds Credibility and Trust

The first impression matters — and when it comes to your local business, your website is often the first thing potential customers will see. A well-designed and professional website instantly builds credibility. It tells your customers that you are serious about your business and that they can trust you.

Without a website, your business may appear outdated or unreliable, especially in the eyes of younger, tech-savvy customers who expect to find businesses online. A professional website shows that you're modern, accessible, and ready to serve. Additionally, when customers can easily find essential information like your address, contact details, and hours of operation, they’re more likely to trust you and choose your business over a competitor.

Make sure your website is search engine optimized (SEO-friendly). Optimizing your website content, including keywords like "local business in [your city]" or "[your product or service] near me", can help your site rank higher in search engine results, making it easier for potential customers to find you. If you have Ice-cream shop then you should be targeting keywords like "Ice-cream shop near me", "best ice cream in Sydney". These type of keywords helps you to get good rank in search engine.

2. Improves Local Search Visibility

When people look for services or products online, they often type in specific keywords followed by their location. For example, “best pizza in [city]” or “plumber near me.” Having a professional website helps you take advantage of local SEO. This is a strategy that optimizes your website to rank higher in search results, especially for location-based searches.

By implementing local SEO techniques such as listing your business on Google My Business, using location-specific keywords, and ensuring your business information is consistent across the web, your website can appear in local searches and on Google Maps. This makes it easier for customers to find your business when they search for services in your area.

Be sure to claim and optimize your Google My Business profile. Include your business name, address, phone number, and website URL. This will improve your local search rankings and increase the chances of being found by potential customers.

3. Attracts New Customers

A website acts as a 24/7 marketing tool for your business. It not only helps you establish an online presence but also works as a powerful lead-generation machine. Through content like blogs, case studies, testimonials, and product pages, a website helps introduce your business to new customers.

Whether through organic search, social media, or paid advertising, your website serves as the primary destination for anyone looking to learn more about your business. A modern website with clear, easy-to-navigate pages and compelling calls-to-action (CTAs) can convert these visitors into paying customers.

Additionally, integrating features like an online store or appointment booking system allows potential customers to interact with your business directly from your website, making it easy for them to engage and convert.

4. Enhances Customer Engagement and Retention

A professional website allows you to engage with customers in ways that go beyond traditional marketing methods. From offering special discounts or promotions to sharing news and updates, your website can be an ongoing source of value for customers.

Regularly updating your website with blog posts, newsletters, or helpful resources can keep your customers engaged and coming back. Furthermore, having a blog or news section gives you the opportunity to share your expertise, answer common customer questions, and highlight your business’s unique offerings.

Customer retention can also be increased through loyalty programs, exclusive offers, and a personalized user experience, which can be integrated into your website. Whether it’s creating an account to track their purchases or sending them personalized email offers, a well-designed website allows for a more connected and personalized relationship with your customers.

Interested in engaging your customers online? I can help you design a website with loyalty programs, special offers, and personalized experiences. Reach out to discuss your options.

5. Boosts Competitive Advantage

In today’s competitive market, businesses that fail to have a website are at a significant disadvantage. Without an online presence, customers may not even know your business exists, or worse, they might think your business is outdated or not professional.

A website allows you to share detailed information about your products or services, display customer reviews, and showcase your unique selling proposition (USP). This way, customers can easily understand why your business is the best choice.

Stand out from your competitors with a website that highlights your unique selling points. Let’s talk about how to make your business shine online.

6. Increases Sales and Revenue

A website has the potential to directly increase your sales and revenue. If you’re running a retail business, an e-commerce platform can open up a new revenue stream by allowing customers to purchase products directly from your website.

With e-commerce integrations, such as secure payment gateways, you can offer customers a seamless and secure shopping experience. This is particularly important for building trust with online customers who are unfamiliar with your business.

Looking to boost sales? I specialize in creating e-commerce platforms and booking systems to help you increase your revenue. Contact me to start building an online sales channel for your business.

where to build Seo friendly website

For personalized help in building an SEO-optimized website, feel free to reach out. I specialize in web development, SEO strategy, and content optimization to help businesses maximize their online presence.

📧 Email: vishw.m.patel@gmail.com
Skills: SEO, Web Design, Web Development, Content Strategy, and Digital Marketing.

Conclusion

In today’s digital landscape, every local business should have a professional website. Not only does it help establish credibility and trust, but it also provides a competitive advantage, enhances customer engagement, and boosts sales. A website acts as a 24/7 marketing tool, helping you connect with customers, increase visibility, and stay ahead of the competition. By implementing SEO strategies and regularly updating your website, you can ensure that your business is well-positioned to attract and retain local customers. If you haven’t already, it’s time to invest in a professional website for your business — it’s the key to unlocking long-term success in the modern marketplace.

Ready to take your business online? If you’re looking to create or improve your website with e-commerce integrations, scheduling, or service management, get in touch today. I’ll help you build the digital tools needed to stay competitive and drive growth.

Building a Real-Time Chat Application with .NET Core 7 and SignalR

Vishw Patel — Sun, 10 Nov 2024 05:39:55 +0000

SignalR is a library for ASP.NET that enables real-time web functionality, allowing servers to push updates to clients instantly, enhancing efficiency and responsiveness in applications. It's useful for instant updates in chat apps, live dashboards, and collaborative tools by simplifying communication and supporting various transport protocols. Real-time communication boosts user engagement, reduces resource-intensive polling, and is essential for interactive applications like online gaming and financial trading platforms, providing seamless and dynamic user experiences.

This article will show you how to build a real-time chat application with .Net Core 7 and SignalR.

What is SignalR?

SignalR is a library for ASP.NET that enables real-time web functionality. SignalR uses WebSockets to establish persistent connections between the server and the client, if available. If WebSockets are not available, SignalR relies on other suitable transport protocols such as Server-Sent Events or Long Polling to ensure broad compatibility.
The foundation of SignalR's functionality is based on "Hubs", which are high-level pipeline APIs that enable the server to call methods on connected clients and vice versa. Developers create Hub classes, which contain methods that may be invoked by clients. The client then calls these methods with JavaScript, and SignalR handles the communication details.
SignalR supports grouping connections, which allows messages to be sent to a specific subset of connected clients. This is useful for scenarios like chat rooms, where only certain users should receive specific messages.
SignalR controls connection lifecycles and automatically handles reconnections when a connection is lost. This ensures that the server and clients communicate reliably without forcing the developer to do anything extra.
The server can automatically push updates to clients using the technique provided by SignalR. Because of this, clients may communicate in real-time more effectively and the server burden is decreased without having to query the server for updates.

Steps to create a Real-Time Chat Application with .NET Core 7 and SignalR

Step 1: Setting up the project

Let's start by making a new ASP.NET Core 7 project. In Visual Studio, choose "Create a new project" after opening. Give the project a name and select "ASP.NET Core Web Application" as the project type.
Next, choose the project template "Web Application" and ensure that "Enable Docker Support" is not checked. To begin creating the project, click "Create".

Open the "Program.cs" file after the project has been created, then add the following code to add SignalR:


builder.Services.AddSignalR();
builder.Services.AddControllersWithViews();

Now Add the SignalR client library to our Project.
In Solution Explorer, right-click the project, and select Add > Client-Side Library.

In the Add Client-Side Library dialog:

Select unpkg for Provider.
Enter @microsoft/signalr@latest for Library.
Select Choose specific files, expand the dist/browser folder, and select signalr.js and signalr.min.js.
Set Target Location to wwwroot/js/signalr/.
Select Install.

Step 2: Creating the Hub

Create a folder named Hubs.
To create a new folder right click on solution,then click on Add and now click on Add Folder.(Add>Add Folder).

Rename this newly created to Hubs.
Every real-time communication between the client and the server will be managed through the Hub. In our project's "Hubs" folder, let's build a new class named "ChatHub".

flood class with below code:

using Microsoft.AspNetCore.SignalR;
using System.Threading.Tasks;

namespace YourProjectName.Hubs
{
    public class ChatHub : Hub
    {
        public async Task Message(string user, string message)
        {
            await Clients.All.SendAsync("ReceiveMessage", user, message);
            //this will be listen by client using javascript.
        }
    }
}

This will create a new Hub class inherited from SignalR Hub .We define method named Message,that takes two string parameters user and message , and SendAsync method send messages to all the connected clients.
However ,Before using ChatHub ,we have to Configure It in Program.cs

//...
app.MapHub<ChatHub>("chatHub");
//...

Note: This line configures the SignalR middleware to use the Chat Hub by mapping the "/chatHub" URL to the ChatHub class.

Step 3: Creating UI

After implementing the Chat Hub, we still need to design the user interface (UI) for our chat program. For real-time communication in this tutorial, a basic HTML page with some JavaScript code will be used.

Add the following code to your project's "index.cshtml" file:

@{
Layout = null;
}
<!DOCTYPE html>
<html>

<head>
    <meta charset="utf-8" />
    <title>
        SignalR Chat
    </title>
    <script src=
"https://code.jquery.com/jquery-3.6.0.min.js">
    </script>
    <script src=
"https://cdnjs.cloudflare.com/ajax/libs/microsoft-signalr/5.0.13/signalr.min.js">
    </script>
</head>

<body>
    <div>
        <input id="username" placeholder="username" 
               type="text" />
        <input id="message" placeholder="message"
               type="text" />
        <button id="send-btn">
            Send
        </button>
    </div>
    <div id="chatBox">
    </div>
    <script>
        let connection = new signalR.HubConnectionBuilder()
                                    .withUrl("/chatHub").build();
        connection.on("ReceiveMessage", function (User, Message) {
            let encodedUser = $("<div />").text(user).html();
            let encodedMsg = $("<div />").text(message).html();
            $("#chatBox").append("<p><strong>" + encodedUser + "</strong>: " + encodedMsg + "</p>");
        });

        $("#send-btn").click(function () {
            let our_user = $("#username").val();
            let Message = $("#message").val();
            connection.invoke("Message", our_user, Message);
            $("#message").val("").focus();
        });


        connection.start().then(function () {
            console.log("Connected!");
        }).catch(function (err) {
            console.error(err.toString());
        });
    </script>
</body>

</html>

Note: This code generates a simple user interface (UI) containing a "Send" button, an input form for the message, and a field for the user's name. Additionally, a div with the id "chatBox" is created, and this is where the chat messages will be shown.

Using the URL "/chatHub" (which we mapped to our ChatHub class in the "Startup.cs" file), we establish a new SignalR connection in the JavaScript code. The "ReceiveMessage" event, which is triggered each time a message is sent from the server to the client, is then handled by a function that we define. The message is appended to the chatBox div using this function.
Additionally, we construct a click event handler for the "Send" button that sends the user's name and message to the server using the "Message" method. Lastly, we initiate the SignalR connection and, upon connection establishment, log a message to the console.

Step 4: Running the application

Now is the time to start the application To launch the program in debug mode, press F5. You should be able to view the chat UI with the input fields and the "Send" button as soon as the application launches.
After putting in your name and a message, click "Send". Your message will pop up in the chat window. Navigate to the same URL in an other browser window. Send a message and enter a different name. The message appears in both windows.

Congratulations, you've just built a real-time chat application with .NET Core 7 and SignalR!

Conclusion

This article demonstrates how to use SignalR and.NET Core 7 to create a real-time chat application. The fundamentals of project setup, Chat Hub creation, and Chat UI creation have all been addressed. We hope that this article has given you a better understanding of SignalR's capabilities and how to use them to create real-time web applications. Have fun with coding!