System Design Document

1. Purpose and Overview

Cinedata is a JSON-based API designed to manage and retrieve movie information, similar to the functionality of the Open Movie Database API. It supports various endpoints that allow users to perform CRUD (Create, Read, Update, Delete) operations on movie data, manage user authentication, and reset passwords. The API is built for scalability and security, ensuring reliable access and interaction with movie data.

2. Functional Requirements

Cinedata supports the following core functionalities:

User Management:

• Register a new user
• Activate users via email
• Reset passwords
• Authenticate and generate tokens

Movie Management:

• Retrieve all movies or filter by parameters
• Create, update, and delete specific movies
• View details of a specific movie

Health Check:

• Provides an endpoint for checking API health and uptime

3. Non-Functional Requirements

• Performance: The API must handle a high volume of requests efficiently, with rate limiting in place to prevent abuse.
• Security: Implements strict input validation, HTTPS for encrypted communication, and secure password hashing.
• Scalability: Follows a monolithic architecture with vertical scaling to handle increased load.
• Reliability: IP-based rate limiting to avoid overload and ensure consistent uptime.

4. System Architecture

Cinedata follows a monolithic architecture, combining all API functionalities in a single application. The application is hosted on a DigitalOcean Linux server with Caddy as a reverse proxy for load balancing, caching, and SSL certificate management.

• Backend: The backend is developed using Go with the httprouter package for RESTful routing.
• Database: PostgreSQL is used to manage user and movie data with prepared statements and parameterized queries for security.
• Middleware:
  • CORS is implemented to handle cross-origin requests.
  • Global and IP-based rate limiting is enforced to protect against excessive requests.

5. Data Flow and Models

User Management Flow:

• Users can register and receive an activation email.
• Users can reset their passwords and generate authentication tokens for further API interactions.
• After logging in, users can access movie data and perform authorized actions based on their permissions.

Movie Management Flow:

• Users can view all movies or filter the list by specific parameters.
• Users with appropriate permissions can create, update, or delete movies.
• Details of a specific movie can be fetched using its ID.

Key Data Tables:

• users: Stores user credentials and metadata.
• movies: Contains details of all movies in the database.
• tokens: Stores password-reset and authentication tokens.
• permissions: Manages user permissions for access control.

6. Technology Stack

• Backend: Go (with httprouter for routing)
• Database: PostgreSQL for data storage and retrieval
• Security: HTTPS (TLS encryption), bcrypt for password hashing, and IP-based rate limiting
• Server & Proxy: Hosted on a DigitalOcean Linux server, using Caddy for reverse proxy and SSL management

7. APIs and Endpoints

The Cinedata API supports the following endpoints:

Health Check:

• GET /v1/healthcheck – Check API status and uptime.

User Management:

• POST /v1/users – Register a new user.
• PUT /v1/users/activated – Activate a user.
• POST /v1/tokens/password-reset – Generate a password reset token.
• PUT /v1/users/password – Update a user's password.
• POST /v1/tokens/authentication – Generate an authentication token.

Movie Management:

• GET /v1/movies – Retrieve all movies, with optional filtering.
• POST /v1/movies – Add a new movie.
• GET /v1/movies/:id – Retrieve details of a specific movie.
• PATCH /v1/movies/:id – Update details of a specific movie.
• DELETE /v1/movies/:id – Delete a specific movie.

8. Security Considerations

• Password Protection: Passwords are hashed with bcrypt to ensure secure storage.
• Session Management: Authentication is handled via stateful tokens, which must be presented for authorized API access.
• Data Encryption: All communication between clients and the server is encrypted using TLS to protect data in transit.
• Input Validation: Strict validation and prepared statements are used to prevent SQL injection attacks.

9. Deployment and Scalability

• Hosting: The application is deployed on a DigitalOcean Linux server.
• Reverse Proxy: Caddy handles load balancing, caching, and SSL certificate management.
• Scaling: As a monolithic application, it supports vertical scaling (increasing server resources) to accommodate growing traffic.

10. Challenges and Future Enhancements

Challenges:

• The current setup supports vertical scaling but may face limits as user traffic grows. Implementing horizontal scaling or microservices could be future considerations.

Future Enhancements:

• Expand the API to include more data types and support additional endpoints.
• Implement multi-factor authentication (MFA) for enhanced security.
• Add detailed logging and monitoring to track API performance and identify issues.

• Details API Documentation
• Codes on Github