[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"skill-cfa38c25-d9b6-4d1c-8e28-31dbf5076be9":3,"$fpqDXZD_Qu8V_ZXA09Qq0Fbk589kfdIJy-nfStl9VPGI":42},{"id":4,"title":5,"description":6,"categoryId":7,"moduleId":8,"tags":9,"prompt":10,"icon":11,"source":12,"sourceUrl":13,"authorId":14,"authorName":15,"isPublic":16,"stars":17,"runs":18,"createdAt":19,"updatedAt":19,"module":20,"category":27,"packages":33},"cfa38c25-d9b6-4d1c-8e28-31dbf5076be9","senior-backend","设计和实施后端系统，包括REST API、微服务、数据库架构、认证流程和安全加固。当用户请求“设计REST API”、“优化数据库查询”、“实现认证”、“构建微服务”、“审查后端代码”、“设置GraphQL”、“处理数据库迁移”或“负载测试API”时使用。涵盖Node.js\u002FExpress\u002FFastify开发、PostgreSQL优化、API安全和后端架构模式。","cat_coding_backend","mod_coding","alirezarezvani,coding","---\nname: \"senior-backend\"\ndescription: Designs and implements backend systems including REST APIs, microservices, database architectures, authentication flows, and security hardening. Use when the user asks to \"design REST APIs\", \"optimize database queries\", \"implement authentication\", \"build microservices\", \"review backend code\", \"set up GraphQL\", \"handle database migrations\", or \"load test APIs\". Covers Node.js\u002FExpress\u002FFastify development, PostgreSQL optimization, API security, and backend architecture patterns.\n---\n\n# Senior Backend Engineer\n\nBackend development patterns, API design, database optimization, and security practices.\n\n---\n\n## Quick Start\n\n```bash\n# Generate API routes from OpenAPI spec\npython scripts\u002Fapi_scaffolder.py openapi.yaml --framework express --output src\u002Froutes\u002F\n\n# Analyze database schema and generate migrations\npython scripts\u002Fdatabase_migration_tool.py --connection postgres:\u002F\u002Flocalhost\u002Fmydb --analyze\n\n# Load test an API endpoint\npython scripts\u002Fapi_load_tester.py https:\u002F\u002Fapi.example.com\u002Fusers --concurrency 50 --duration 30\n```\n\n---\n\n## Tools Overview\n\n### 1. API Scaffolder\n\nGenerates API route handlers, middleware, and OpenAPI specifications from schema definitions.\n\n**Input:** OpenAPI spec (YAML\u002FJSON) or database schema\n**Output:** Route handlers, validation middleware, TypeScript types\n\n**Usage:**\n```bash\n# Generate Express routes from OpenAPI spec\npython scripts\u002Fapi_scaffolder.py openapi.yaml --framework express --output src\u002Froutes\u002F\n# Output: Generated 12 route handlers, validation middleware, and TypeScript types\n\n# Generate from database schema\npython scripts\u002Fapi_scaffolder.py --from-db postgres:\u002F\u002Flocalhost\u002Fmydb --output src\u002Froutes\u002F\n\n# Generate OpenAPI spec from existing routes\npython scripts\u002Fapi_scaffolder.py src\u002Froutes\u002F --generate-spec --output openapi.yaml\n```\n\n**Supported Frameworks:**\n- Express.js (`--framework express`)\n- Fastify (`--framework fastify`)\n- Koa (`--framework koa`)\n\n---\n\n### 2. Database Migration Tool\n\nAnalyzes database schemas, detects changes, and generates migration files with rollback support.\n\n**Input:** Database connection string or schema files\n**Output:** Migration files, schema diff report, optimization suggestions\n\n**Usage:**\n```bash\n# Analyze current schema and suggest optimizations\npython scripts\u002Fdatabase_migration_tool.py --connection postgres:\u002F\u002Flocalhost\u002Fmydb --analyze\n# Output: Missing indexes, N+1 query risks, and suggested migration files\n\n# Generate migration from schema diff\npython scripts\u002Fdatabase_migration_tool.py --connection postgres:\u002F\u002Flocalhost\u002Fmydb \\\n  --compare schema\u002Fv2.sql --output migrations\u002F\n\n# Dry-run a migration\npython scripts\u002Fdatabase_migration_tool.py --connection postgres:\u002F\u002Flocalhost\u002Fmydb \\\n  --migrate migrations\u002F20240115_add_user_indexes.sql --dry-run\n```\n\n---\n\n### 3. API Load Tester\n\nPerforms HTTP load testing with configurable concurrency, measuring latency percentiles and throughput.\n\n**Input:** API endpoint URL and test configuration\n**Output:** Performance report with latency distribution, error rates, throughput metrics\n\n**Usage:**\n```bash\n# Basic load test\npython scripts\u002Fapi_load_tester.py https:\u002F\u002Fapi.example.com\u002Fusers --concurrency 50 --duration 30\n# Output: Throughput (req\u002Fsec), latency percentiles (P50\u002FP95\u002FP99), error counts, and scaling recommendations\n\n# Test with custom headers and body\npython scripts\u002Fapi_load_tester.py https:\u002F\u002Fapi.example.com\u002Forders \\\n  --method POST \\\n  --header \"Authorization: Bearer token123\" \\\n  --body '{\"product_id\": 1, \"quantity\": 2}' \\\n  --concurrency 100 \\\n  --duration 60\n\n# Compare two endpoints\npython scripts\u002Fapi_load_tester.py https:\u002F\u002Fapi.example.com\u002Fv1\u002Fusers https:\u002F\u002Fapi.example.com\u002Fv2\u002Fusers \\\n  --compare --concurrency 50 --duration 30\n```\n\n---\n\n## Backend Development Workflows\n\n### API Design Workflow\n\nUse when designing a new API or refactoring existing endpoints.\n\n**Step 1: Define resources and operations**\n```yaml\n# openapi.yaml\nopenapi: 3.0.3\ninfo:\n  title: User Service API\n  version: 1.0.0\npaths:\n  \u002Fusers:\n    get:\n      summary: List users\n      parameters:\n        - name: \"limit\"\n          in: query\n          schema:\n            type: integer\n            default: 20\n    post:\n      summary: Create user\n      requestBody:\n        required: true\n        content:\n          application\u002Fjson:\n            schema:\n              $ref: '#\u002Fcomponents\u002Fschemas\u002FCreateUser'\n```\n\n**Step 2: Generate route scaffolding**\n```bash\npython scripts\u002Fapi_scaffolder.py openapi.yaml --framework express --output src\u002Froutes\u002F\n```\n\n**Step 3: Implement business logic**\n```typescript\n\u002F\u002F src\u002Froutes\u002Fusers.ts (generated, then customized)\nexport const createUser = async (req: Request, res: Response) => {\n  const { email, name } = req.body;\n\n  \u002F\u002F Add business logic\n  const user = await userService.create({ email, name });\n\n  res.status(201).json(user);\n};\n```\n\n**Step 4: Add validation middleware**\n```bash\n# Validation is auto-generated from OpenAPI schema\n# src\u002Fmiddleware\u002Fvalidators.ts includes:\n# - Request body validation\n# - Query parameter validation\n# - Path parameter validation\n```\n\n**Step 5: Generate updated OpenAPI spec**\n```bash\npython scripts\u002Fapi_scaffolder.py src\u002Froutes\u002F --generate-spec --output openapi.yaml\n```\n\n---\n\n### Database Optimization Workflow\n\nUse when queries are slow or database performance needs improvement.\n\n**Step 1: Analyze current performance**\n```bash\npython scripts\u002Fdatabase_migration_tool.py --connection $DATABASE_URL --analyze\n```\n\n**Step 2: Identify slow queries**\n```sql\n-- Check query execution plans\nEXPLAIN ANALYZE SELECT * FROM orders\nWHERE user_id = 123\nORDER BY created_at DESC\nLIMIT 10;\n\n-- Look for: Seq Scan (bad), Index Scan (good)\n```\n\n**Step 3: Generate index migrations**\n```bash\npython scripts\u002Fdatabase_migration_tool.py --connection $DATABASE_URL \\\n  --suggest-indexes --output migrations\u002F\n```\n\n**Step 4: Test migration (dry-run)**\n```bash\npython scripts\u002Fdatabase_migration_tool.py --connection $DATABASE_URL \\\n  --migrate migrations\u002Fadd_indexes.sql --dry-run\n```\n\n**Step 5: Apply and verify**\n```bash\n# Apply migration\npython scripts\u002Fdatabase_migration_tool.py --connection $DATABASE_URL \\\n  --migrate migrations\u002Fadd_indexes.sql\n\n# Verify improvement\npython scripts\u002Fdatabase_migration_tool.py --connection $DATABASE_URL --analyze\n```\n\n---\n\n### Security Hardening Workflow\n\nUse when preparing an API for production or after a security review.\n\n**Step 1: Review authentication setup**\n```typescript\n\u002F\u002F Verify JWT configuration\nconst jwtConfig = {\n  secret: process.env.JWT_SECRET,  \u002F\u002F Must be from env, never hardcoded\n  expiresIn: '1h',                 \u002F\u002F Short-lived tokens\n  algorithm: 'RS256'               \u002F\u002F Prefer asymmetric\n};\n```\n\n**Step 2: Add rate limiting**\n```typescript\nimport rateLimit from 'express-rate-limit';\n\nconst apiLimiter = rateLimit({\n  windowMs: 15 * 60 * 1000,  \u002F\u002F 15 minutes\n  max: 100,                   \u002F\u002F 100 requests per window\n  standardHeaders: true,\n  legacyHeaders: false,\n});\n\napp.use('\u002Fapi\u002F', apiLimiter);\n```\n\n**Step 3: Validate all inputs**\n```typescript\nimport { z } from 'zod';\n\nconst CreateUserSchema = z.object({\n  email: z.string().email().max(255),\n  name: \"zstringmin1max100\"\n  age: z.number().int().positive().optional()\n});\n\n\u002F\u002F Use in route handler\nconst data = CreateUserSchema.parse(req.body);\n```\n\n**Step 4: Load test with attack patterns**\n```bash\n# Test rate limiting\npython scripts\u002Fapi_load_tester.py https:\u002F\u002Fapi.example.com\u002Flogin \\\n  --concurrency 200 --duration 10 --expect-rate-limit\n\n# Test input validation\npython scripts\u002Fapi_load_tester.py https:\u002F\u002Fapi.example.com\u002Fusers \\\n  --method POST \\\n  --body '{\"email\": \"not-an-email\"}' \\\n  --expect-status 400\n```\n\n**Step 5: Review security headers**\n```typescript\nimport helmet from 'helmet';\n\napp.use(helmet({\n  contentSecurityPolicy: true,\n  crossOriginEmbedderPolicy: true,\n  crossOriginOpenerPolicy: true,\n  crossOriginResourcePolicy: true,\n  hsts: { maxAge: 31536000, includeSubDomains: true },\n}));\n```\n\n---\n\n## Reference Documentation\n\n| File | Contains | Use When |\n|------|----------|----------|\n| `references\u002Fapi_design_patterns.md` | REST vs GraphQL, versioning, error handling, pagination | Designing new APIs |\n| `references\u002Fdatabase_optimization_guide.md` | Indexing strategies, query optimization, N+1 solutions | Fixing slow queries |\n| `references\u002Fbackend_security_practices.md` | OWASP Top 10, auth patterns, input validation | Security hardening |\n\n---\n\n## Common Patterns Quick Reference\n\n### REST API Response Format\n```json\n{\n  \"data\": { \"id\": 1, \"name\": \"John\" },\n  \"meta\": { \"requestId\": \"abc-123\" }\n}\n```\n\n### Error Response Format\n```json\n{\n  \"error\": {\n    \"code\": \"VALIDATION_ERROR\",\n    \"message\": \"Invalid email format\",\n    \"details\": [{ \"field\": \"email\", \"message\": \"must be valid email\" }]\n  },\n  \"meta\": { \"requestId\": \"abc-123\" }\n}\n```\n\n### HTTP Status Codes\n| Code | Use Case |\n|------|----------|\n| 200 | Success (GET, PUT, PATCH) |\n| 201 | Created (POST) |\n| 204 | No Content (DELETE) |\n| 400 | Validation error |\n| 401 | Authentication required |\n| 403 | Permission denied |\n| 404 | Resource not found |\n| 429 | Rate limit exceeded |\n| 500 | Internal server error |\n\n### Database Index Strategy\n```sql\n-- Single column (equality lookups)\nCREATE INDEX idx_users_email ON users(email);\n\n-- Composite (multi-column queries)\nCREATE INDEX idx_orders_user_status ON orders(user_id, status);\n\n-- Partial (filtered queries)\nCREATE INDEX idx_orders_active ON orders(created_at) WHERE status = 'active';\n\n-- Covering (avoid table lookup)\nCREATE INDEX idx_users_email_name ON users(email) INCLUDE (name);\n```\n\n---\n\n## Common Commands\n\n```bash\n# API Development\npython scripts\u002Fapi_scaffolder.py openapi.yaml --framework express\npython scripts\u002Fapi_scaffolder.py src\u002Froutes\u002F --generate-spec\n\n# Database Operations\npython scripts\u002Fdatabase_migration_tool.py --connection $DATABASE_URL --analyze\npython scripts\u002Fdatabase_migration_tool.py --connection $DATABASE_URL --migrate file.sql\n\n# Performance Testing\npython scripts\u002Fapi_load_tester.py https:\u002F\u002Fapi.example.com\u002Fendpoint --concurrency 50\npython scripts\u002Fapi_load_tester.py https:\u002F\u002Fapi.example.com\u002Fendpoint --compare baseline.json\n```\n","","imported","https:\u002F\u002Fgithub.com\u002Falirezarezvani\u002Fclaude-skills","user_system_seed","SkillOPIC",true,67,590,"2026-05-16 13:57:02",{"id":8,"name":21,"slug":22,"icon":23,"description":24,"sort":25,"createdAt":26},"编程开发","coding","mdi-code-braces","代码生成、调试、审查，提升开发效率",2,"2026-05-16 12:53:40",{"id":7,"name":28,"slug":29,"icon":30,"description":31,"moduleId":8,"sort":25,"skillCount":32,"createdAt":26},"后端开发","backend","mdi-server","API、数据库、服务端架构",296,[34],{"id":35,"skillId":4,"version":36,"fileName":37,"fileSize":38,"filePath":39,"fileHash":40,"manifest":41,"createdAt":19},"590b8ada-dc9b-4c44-ae27-68e9ae7846b5","1.0.0","senior-backend.zip",40879,"uploads\u002Fskills\u002Fcfa38c25-d9b6-4d1c-8e28-31dbf5076be9\u002Fsenior-backend.zip","4dfee30637fa26c9acce4a2ab8bba702d8776ea7aa76bc10b7c38091cebb8a1d","[{\"path\":\"SKILL.md\",\"isDirectory\":false,\"size\":10156},{\"path\":\"references\u002Fapi_design_patterns.md\",\"isDirectory\":false,\"size\":13639},{\"path\":\"references\u002Fbackend_security_practices.md\",\"isDirectory\":false,\"size\":25480},{\"path\":\"references\u002Fdatabase_optimization_guide.md\",\"isDirectory\":false,\"size\":13949},{\"path\":\"scripts\u002Fapi_load_tester.py\",\"isDirectory\":false,\"size\":19800},{\"path\":\"scripts\u002Fapi_scaffolder.py\",\"isDirectory\":false,\"size\":21442},{\"path\":\"scripts\u002Fdatabase_migration_tool.py\",\"isDirectory\":false,\"size\":32200}]",{"code":43,"message":44,"data":45},200,"success",{"items":46,"stats":47,"page":50},[],{"averageRating":48,"totalRatings":48,"ratingCounts":49},0,[48,48,48,48,48],{"limit":51,"offset":48,"hasMore":52,"nextOffset":51,"ratedOnly":16},15,false]