Introduction:

Tencent Lexiang is a one-stop enterprise community launched by Tencent, providing online classes, exams, learning maps, live streaming, documents, questionnaires and other application services.

Tencent Lexiang has been able to connect with enterprise WeChat open platform since 0, and it has been 4 years since it was launched as a third-party application of enterprise WeChat. Now Tencent Lexiang will also become a service provider and allow other SaaS products to be accessed as third-party applications. How should the accumulated experience be passed on to the developers who will be accessing the applications?

Tencent Lexiang third-party application open platform has been online for some time. The first phase of access includes Shanhu, Tencent Questionnaire and Qiaoyun. These three are mature products and have their own open interfaces, so the problem lies in how to connect the open interfaces of both platforms. Tencent Cloud IPAS connects the coral points platform and makes the cloud for us, while Tencent Questionnaire develops the transfer station service together with the two platforms.

In this process, we found that the development colleagues inside and outside the team were repeating the ability to enjoy the open platform, and the docking process would encounter various problems due to the inconsistency of understanding and implementation. The pit we had stepped on in connecting with enterprise WeChat in those years was spreading. At that time, various tweets in the company mentioned Cloudbase cloud development. After understanding it, I found that it is suitable for building a third-party application development framework. If all application access uses a unified framework, it will have a great advantage in both development efficiency and post-maintenance.

Problems of the pre

What does it take to access a third party application?

  • Receive callbacks: the company’s authorization/cancellation notification of the application, the company’s address book change notification, the ticket push of invoking credentials, etc., are all pushed to the application by the happy service provider actively, and the application needs to provide CGI to receive the callback event. In particular, a ticket is an important field to exchange for the credentials of an interface call, so implementing a CGI that receives callbacks is the first step to start development;
  • Interface calls: Interface calls seem like a problem the SDK can solve, but interface calls in SaaS are not so simple. The interface has application dimension and enterprise dimension, and the required credentials are different. Moreover, the credentials cannot be obtained frequently, so it needs to be cached. The cache of enterprise credentials is also affected by enterprise authorization/cancellation of authorization events, all of which are not satisfied by SDK.
  • Contact book synchronization: pull interface, write DB, it seems that you can write good business logic by hand, in fact, it is also very basic skills of developers. Whether the synchronization process is smooth, whether the synchronization script can interrupt the rerun or restart, how to clean up the dirty data, etc., without stepping on enough pits, it is easy to miss these details;
  • Login authorization: standard OAuth protocol access, pit is not much, but it still involves the development of a series of functions such as identity verification, authorization jump, authorization callback, token generation and issuance, etc., repetitive and unchallenged work often makes people tired.

From the perspective of Web application, in addition to selecting a server language to develop, we should also consider the overall architecture, database, cache, object storage and other basic components, the division of VPC, the deployment of applications, etc. Therefore, even with a more mature open platform, there is a barrier to entry for many development teams. The development framework is designed to lower this threshold and attract more teams with ideas to implement their applications easily and quickly. In my initial conception, developers only need to implement the page and interface of the application itself, without caring about how the application interacts with the background of Lexiang. With the help of cloud development capability of Cloudbase, the third-party application of Lexiang can be deployed with one click, providing services for thousands of enterprises. And that idea, too, is now taking shape.

Framework implementations

1. Database

Cloudbase comes with a non-relational database similar to MongoDB, so you can configure CloudBaserc.json to create the following data tables for application initialization.

  • Companies: The company table, which records the company information that licensed the current application from Joy, is also a necessary table for SaaS applications.
  • Departments, Users, Department_User: The three essential tables for a contact book that record the user’s relationship with the department and the relationships between them. In fact, the department_user middle table here is not necessary, because cloudbase provides a non-relational database, and the department information of each user can be recorded in the users table, but the final design still creates the middle table just like MySQL, which foreshadows a further goal. This will be explained later.
  • LX_Suite_Callback_Logs: Log a log of callbacks from Enjoy to help locate problems;
  • Lx_suites: It is mainly used to record the current valid ticket, the token used by the application to access the Plex interface, and the token used by various enterprises to access the Plex interface, etc. In fact, it is equivalent to a cache. Because Cloudbase does not have the ability to mount Redis directly at present, it firstly uses the database as a cache. Since this table is read and written by the framework’s own basic cloud functions, developers do not need to pay attention to it, so there are more elegant solutions can also be upgraded at any time.

In fact, the most important idea of this development framework is to transform the mode of enjoying interface development into database development. It is often said that web application development is based on the database to add, delete, change and search, this is the framework to bring advantage.

Receive a callback

The framework implements the cloud function base_suite_callback, which is responsible for listening for ticket changes and notification of application opening/closing by the enterprise. companies, lx_suites, lx_suite_callback_logs. lx_suite_callback_logs This cloud function is also the most important entry point of the whole framework, once unserviceable or response timeout will bring serious impact, so it will also do a good job of instance warm-up, to avoid the loss of enterprise authorization information due to cold start.

3. Interface call

The Lexiang platform has more than ten application modules, hundreds of application interfaces and more than ten address book interfaces, all of which are encapsulated in base_lx_apis, providing function descriptions for developers to simply invoke the Lexiang capability.

In addition to interface encapsulation, the cloud function also implements the cache and refresh mechanism of access_token, because it needs to use the storage service, which is not satisfied by the simple SDK.

The interface authorization mode provided by Lex is < SPAN > Client Creatile
, which is suitable for server-side request. If the client requests the interface directly, there will be serious vulnerabilities, and the enterprise data will be exposed to malicious tampering and leakage risks. Using the permission setting of cloud function provided by Cloudbase, the client can be prohibited from calling directly. The client must call the developer’s cloud function first, and can access it through the server call, which ensures the security of the application. In the sample code of the framework, the code demo is also provided to guide the developer to use correctly.

4, address book synchronization

The framework provides a fully synchronized cloud function base_sync_contact, which can be triggered by a timed task or client call.

During the process of full contact book synchronization, it is easy to cause data problems due to code logic, script interrupts and other reasons.

deprtments table and department_user table only append data and do not modify data at each synchronization, so as to ensure that the data are consistent at the end of full synchronization. To update the current company’s address book version, delete the data of other versions in the table, and ensure that the address book data is available at every moment.

5. Login authorization

The identity verification logic is mainly placed in the client code VUE, which determines the company ID of the current user’s login status in the form of routing middleware. If the company ID is missing or does not match the company ID in the URL, it will be redirected to the Le Authorizing Page where the specified company is located. These code logic is a valuable experience to enjoy, developers can use directly to avoid all kinds of B-side login disorders.

6. Effect experience

With the above basic capabilities encapsulated, it is easy enough to develop applications on top of this framework. We also try to develop a third-party learning material management platform, which only needs three steps:

(1) Create new data table;

(2) Implement the cloud function logic related to material management, which will call the base_lx_apis cloud function to call the enjoy interface, and also use the API of object storage;

(3) Add relevant routing pages to VUE.

As with any Web application, developers don’t stop because they don’t know how to have fun. The learning cost is transferred from learning to enjoy the interface and learning to develop SaaS applications to learning to use Cloudbase.

A key deployment

One-click deployment is a capability provided by the Cloudbase Framework that allows code to run in a cloud development environment with simple operations. However, in order for Lexiang to actively call back events to the cloud development environment, the receiving callback CGI corresponding to the cloud development environment should be configured on Lexiang’s side; After configuring the CGI, you have to first ask Joy to push Ticket to allow the company to license your app; Login authorization also involves trusted callback domain name configuration; Application entry also needs to configure links. Developers need to look at the documentation, copy links from the cloud development to the Le Enjoy page for each configuration, and then debug and verify each function to make sure there is no hand shaking and copy mistakes. The process is as follows:

In order to solve the problem of manual initialization configuration, the interface of application initialization configuration is provided in the enjoyment side for this scenario. The cloud development environment can directly use Suite_ID + Suite_Secret to initialize the configuration of specified fields, including CGI callback, login authorization of trusted domain name, and entry address. After the configuration is completed, it will trigger Lexiang to actively push a ticket to the application, so as to ensure that the enterprise can directly authorize the use. This call to initialize the interface is placed in the Cloudbase one-click deployment PostDeploy hook, requiring no manual operation and ensuring successful deployment, greatly reducing the barrier to use of the framework.

The current one-button deployment process is shown in the figure below:

The whole one-click deployment process also has several aspects that can be optimized;

It is not necessary to click a button on GitHub for deployment. Later, the deployment button can be directly placed in the background of Lexiang’s company management, allowing the public developers to directly jump from Lexiang to Tencent Cloud for deployment configuration.

Based on the optimization of point 1, if the cloud development deployment page allows configuration parameters to be passed through a URL or form, then the pleasure side can be brought in directly, eliminating the need for the developer to copy and paste.

Step 4 and 5 download the custom private key and inject it into the cloud function. At present, cloud development cannot directly configure it through CloudBaserc. JSON, and it will be better to support it later.

Ability to expand

The framework was designed to allow developers to quickly build a fun third-party app from scratch. However, as I think about and understand the implementation process, I think the use scenario of this framework should not be limited to this, it should also serve for the docking of other mature applications and platforms.

The docking between applications or platforms with open interfaces is often deadlocked due to unsuitable interfaces, and no one is willing to modify their interfaces to match the other. The final solution is for one side to give in and build an intermediate service from scratch, looking at both sides’ interface documentation and doing the work.

If Le Xiang can provide the framework, what can the framework provide?

Foreign authorized

The login authorization mentioned above refers to the authorization granted by Le Enjoy to the service (” A Service “) that deploys the framework. However, if it is the docking of two platforms, A service is required to authorize the third platform. Although developers no longer need to implement the process of Service A being authorized to log in, I think there are things that can be done to make secondary development easier, such as encapsulating the OAuth and SMAL protocols for external authorization.

Callback notification is passed

Pleasure callbacks, in addition to the pre-implemented logic, retain configurable hooks that allow developers to configure custom cloud functions or message queues. Developers don’t have to worry about whether messages are forged, expired, or replayed when they are processed through cloud functions or message queues.

The data is written directly to the business database

The framework has implemented writing contact book data into the database of the cloud development environment from the interface of Le Xila, but it is completely meaningless for the business outside the cloud development environment (even if VPC gets through, there is no SDK to read and write the database after leaving the cloud development environment, so it is too difficult to implement it by myself). Therefore, the framework should have the ability to write address book data to the specified database from the Lexora interface, and should support not only non-relational databases such as MongoDB but also the most common MySQL, so the table design of the address book retains the department_user middle table. The framework should allow you to configure MySQL connections so that data can be written directly to the business database.

Privatization deployment

As a SaaS product, privatizing deployment is a constant topic. It is not easy to privatize the product itself, and it is often necessary to consider the means of service degradation to satisfy the privatization, not to mention third-party applications that can be turned on and off. But if it is a third-party application developed based on Cloudbase, why not deploy it with one click?

Low code development

If third-party application development frameworks are a start, low-code development platforms may be next. Regardless of the development approach, the current encapsulation of each of the underlying capabilities is necessary and reusable, taking the first step to create possibilities for the next goal.

conclusion

From the development of WeChat third-party applications for enterprises to the development of open platforms for third-party applications access, identity replacement has given me a lot of experience. The appearance of Cloudbase just makes me think and summarize and realize some design concepts. Welcome to exchange and discuss with me.

PS: From the beginning of designing this framework, I named this project the “Enjoy Reemployment Program”. When I want to retire one day, I will use this framework to do various outsourcing projects for Lexiang as a service provider. Enjoy until you are eighty.

The appendix

GitHub code repository:

https://github.com/TencentLexiang/cloudbase-template

Product introduction

Cloud development (TCB) is the cloud native integrated development environment and tool platform provided by Tencent Cloud. It provides developers with high availability, automatic elastic expansion of back-end cloud services, including computing, storage, hosting and other serverless capabilities, which can be used for integrated cloud development of a variety of end-end applications (small programs, Official account, Web application, Flutter client, etc.), which helps developers to build and manage back-end services and cloud resources in a unified way, avoiding tedious server construction, operation and maintenance in the application development process, and allowing developers to focus on the implementation of business logic with lower development threshold and higher efficiency. Open cloud development: https://console.cloud.tencent.com/tcb?tdl_anchor=techsite product documentation: https://cloud.tencent.com/product/tcb?from=12763 technical documentation: https://cloudbase.net?from=10004 technology exchange group, the latest information on WeChat public tencent cloud development CloudBase 】 【 no.