Feedback wanted: did I over-engineer RBAC with CQRS in my first NestJS pet project?
Hi everyone!
I want to get feedback from experienced and not-so-experienced developers on the architecture of the most mature service (AccessControl) in my first pet project. I have a strong feeling that I overloaded the system with patterns. Many things (DDD, CQRS, Mixin, UoW, etc.) I was using for the first time. The project technically works and does its job, but I have no one to show the code to for review, so I came here for independent criticism.
Stack: Node.js, TypeScript, NestJS, MikroORM, PostgreSQL, Redis, Lua, Kafka, Debezium.
The task and the architectural solution
I needed to implement a hierarchical RBAC model and to fully give up storing permissions in tokens. To solve this task on hot-path requests, I introduced CQRS at several levels at once:
- Database level: classic split into read/write PostgreSQL replicas.
- Application level: clear separation of operational pipelines into Commands/Queries.
- Hot-path projection: via CDC (Debezium) and Kafka I stream changes from Postgres into Redis. Redis stores a structure that is symmetric by entities but impoverished in metadata (everything the system doesn't need is removed). On top of that I had to introduce three classes of indexes for fast query handling.
Where the main pain is
This solution is already starting to feel inadequate to me. Yes, it fully covers the task and works fast enough, but the feeling of monstrosity doesn't leave me.
The system grew a thick layer of custom Lua scripts, which I had to sit over for a whole week, and the structure of the Redis storage itself turned out extremely complex because of the need to support a permission hierarchy and an index system.
Questions for the community
- Did I choose the right path to solving the task?
- Hasn't my solution turned into an ambassador of the word "over-engineering"?
- What mistakes did I make in understanding the patterns?
You may also point out other flaws of my pet project not related to the main problem - I'll accept those too.
Repo: https://github.com/LambdiusLab/access-control-service
I'll be glad to get harsh and constructive criticism, but keep in mind the fact that I literally have no education and this is my first pet project. I'm here to learn. Thanks!