How Yuque, Alibaba’s Work Collaboration Software, Has Evolved Over Time

The Evolution of Yuque’s Technical Architecture

Yuque in the Early Stages of Its Development

  • Object service: This is a MongoDB-like data storage service.
  • File service: This is a file storage service encapsulated on Alibaba Cloud Object Storage Service (OSS).
  • DockerLab: This is a container-hosting platform.

An Internal Service

Becoming an External Product

  • Microservices: For example, because the multi-person real-time collaboration service was a relatively independent persistent connection service that was not suitable for frequent release, we extracted it as an independent microservice to maintain its stability.
  • Task service: For example, the preview service for massive local files provided by Yuque consume many resources and have complex dependencies. We extracted it from the primary service to avoid the impact of uncontrollable dependencies and resource consumption on the primary service.
  • Function Compute: Tasks such as plantuml preview and mermaid preview are not sensitive to responsiveness, and their dependencies can be packaged into Alibaba Cloud Function Compute. So, we run these tasks in Function Compute to reduce costs and ensure security.

Full-Stack JavaScript

Full-Stack JavaScript and Product Engineers

Full-Stack JavaScript and Node.js

Hybrid Application Architecture

  • Microservice: Some independent and stable functional modules or services that require additional architecture deployment are deployed independently as microservices. Provisionally, we use HTTP interfaces for interaction between systems. For example, the real-time collaboration service is deployed as an independent microservice because it is an independent and stable persistent connection service that cannot be released and restarted frequently.
  • Task cluster: Some CPU-intensive tasks or services with complex third-party dependencies are placed in an independent task cluster. For example, various file preview services may depend on other services and account for a large amount of computing costs. Therefore, it is best to place these services into a task cluster to eliminate concurrency through queues.
  • Serverless Function Compute: As far as possible, we try to migrate services that are less responsive and can be functionalized to Alibaba Cloud Function Compute. Such services include plantuml, mermaid, and other text drawing services.

Common Fields Other than Language Fields

  • Front-end security risks: cross-site scripting (XSS), phishing, and cross-site requests
  • Server security risks: horizontal permission issues, unauthorized access, sensitive information leakage, Server-Side Request Forgery (SSRF), and SQL injection
  • Cloud service security risks: SMS or email bombing, data leakage, and content security
  • XSS must be prevented anywhere rich text is rendered, and the content may not be input through an integrated development environment (IDE).
  • When running user code on the server, put it in a sandbox.
  • When requesting resources transmitted by users from the server, the request must be filtered for SSRF.
  • All interfaces must have a permission verification mechanism.
  • Use the response serialization method to filter sensitive information.
  • SQL statements cannot be spliced.
  • Service availability assurance: In the architecture design, we must eliminate single point of failure (SPOF). Disaster recovery and backup are required for underlying data, and services must be deployed in multiple units and zones. Avoid introducing unnecessary strong dependencies.
  • Abnormality monitoring and tracing: This includes the monitoring of frontend business tracking logs and exception logs, end-to-end tracking and collection of logs on the server, and the monitoring and analysis of system performance. Eventually, we will be able to promptly detect and track exceptions and locate and analyze performance problems.

How Did Yuque Choose an Appropriate Technology Stack?

Original Source:

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Alibaba Cloud

Alibaba Cloud

4.97K Followers

Follow me to keep abreast with the latest technology news, industry insights, and developer trends. Alibaba Cloud website:https://www.alibabacloud.com