全栈开发硬核命题，拒绝CRUD男孩

这里整理了五条全栈开发命题。这些题目剥离了那些花哨的营销词汇，直接指向真实业务中让人头秃的难点：数据一致性、高并发下的系统稳定性、复杂权限控制、实时通信以及遗留系统的现代化改造。它们不考察你会背多少八股文，只考察你在面对脏活累活时，能不能写出健壮、可维护且性能达标的代码。

1. Idempotent Payment Gateway Integration

Build a mock payment processing service that handles webhook callbacks from a third-party provider (simulate Stripe). The core challenge is idempotency: ensure that if the provider sends the same webhook event multiple times due to network retries, the order status is updated only once and no duplicate records are created in the database. Implement a signature verification middleware to reject forged requests. Use a relational database with transactional integrity. If a payment succeeds, trigger an asynchronous email notification (mocked) without blocking the response. Handle race conditions where two webhooks for the same event arrive simultaneously. Log all incoming payloads for debugging. The API must return 200 OK immediately after validating the signature, processing the logic asynchronously or within a fast transaction.

2. Real-Time Collaborative Kanban Board

Develop a Trello-like board where multiple users can drag and drop cards between lists in real-time. Use WebSockets (Socket.io or WS) for bidirectional communication. The backend must broadcast state changes to all connected clients except the sender. Implement optimistic UI updates on the frontend, but reconcile with server state upon confirmation. Handle disconnects gracefully: if a user drops a card and loses connection, the server should retain the last known valid state. Use Redis to store temporary session data and manage active rooms. Ensure that concurrent moves of the same card by different users are resolved using a "last-write-wins" strategy or a simple versioning vector. No external state management libraries for the sync logic; implement the conflict resolution manually.

3. Role-Based Access Control (RBAC) with Dynamic Permissions

Design a user management system where permissions are not hardcoded but stored in the database. Create three tables: Users, Roles, and Permissions, with many-to-many relationships. Implement a middleware that checks if the current user's role has the specific permission required for the requested API endpoint (e.g., user:create, report:view). Support hierarchical roles (e.g., Admin inherits Editor permissions). Provide an admin interface to assign roles and toggle permissions dynamically without restarting the server. Cache permission lookups in Redis to avoid hitting the database on every request, with a cache invalidation strategy when roles are updated. Write unit tests to verify that a user with insufficient privileges receives a 403 Forbidden response.

4. High-Throughput Log Aggregation Service

Create a service that accepts high-volume log entries via HTTP POST and stores them for later analysis. The write path must be optimized for throughput: accept logs, validate basic structure, and push them into a message queue (Kafka or RabbitMQ) immediately. A separate worker process consumes from the queue and batches inserts into a time-series database or Elasticsearch. Implement rate limiting per API key to prevent abuse. Provide a read API that supports filtering by date range, log level, and service name. Handle backpressure: if the database is slow, the worker should pause consumption or drop non-critical logs based on configuration. Ensure no data loss during graceful shutdowns by flushing the queue.

5. Legacy Monolith to Microservices Strangler Fig Pattern

Take a simulated monolithic e-commerce application (provided as a single Node.js/Express app with coupled user, product, and order logic) and refactor it using the Strangler Fig pattern. Extract the "Product Catalog" into a separate microservice with its own database. Set up an API Gateway (using Nginx or a simple Node.js proxy) to route traffic: new requests for products go to the microservice, while everything else goes to the legacy monolith. Ensure data consistency: when a product is updated in the new service, propagate the change to the legacy database via events or dual-write (acknowledge the trade-offs). Maintain a shared authentication context (JWT) across both services. Document the routing rules and the decomposition strategy. The goal is to demonstrate how to incrementally migrate without downtime.

这五个命题涵盖了分布式系统中的幂等性设计、实时状态同步、动态权限架构、高吞吐数据处理以及系统重构策略。这些都是中级向高级全栈工程师进阶时必须跨越的门槛。能独立完成这些任务，意味着你不再只是一个API调用者，而是一个能独立设计并落地复杂系统的架构预备役。