Authorization? How hard can it be? I am pretty sure that others have already solved it. We are not the first ones doing microservices. It should be easy to integrate what's already out there.

- Everybody when they started designing their microservices, before they cried

Fine-grained authorization in microservices is hard. Definitely not impossible, but hard. You would expect that a more standardized, all-around, full-proof solution is out there, but I am afraid there isn't. It's a complex matter and depending on what you are building, implementation varies.

You will probably start with a boolean admin flag in your User model and then you will replace it with a role field, as we all did. However, as things progress and the business model becomes more and more complex, so do the solutions that we need to implement in order to deal with that complexity.

But how do you actually go from a simple flag to Role Based Access Control (RBAC) and then to Attribute Based Access Control (ABAC), especially in a microservices environment? In the following post I hope to help you get there.

(UPDATE: 02/04/2022): This article made it to the HackerNews frontpage and some interesting comments can be found here. Feel free to participate!

Yes. I know. Forking a process in Node.js is slow. Instead of crying about it, let's see how we can handle it!

Let's assume that you have a service in which you:

1. Accept a request
2. Fork a process with child_process.fork
3. Execute some code within that process
4. Exit from the child process
5. Complete the request

Probably the first thing you tried was to receive the request, spin up a process, do whatever you need in the processor, and exit. You timed the whole thing and your jaw dropped that it took a million years for the request to complete, even if you are just doing a console.log('I love kittens') inside your processor.

Don't bother. I will tell you right now that the bottleneck is the forking.

This is a post about a specific Node.js library, named bull, which is used to execute background jobs.

The reason I am writing this is to address some cases which the library does not cover out of the box and share our experience on how we solved them in case others have the same needs.

If you are reading this, then congratulations, you’ve just checked one of the things that I am looking for in a candidate; the ability to do some basic research. In this case, by simply reading information about the company you are applying to.

I am astounded by the number of candidates that come for an interview and have no clue what the company does exactly. Except of what the – clueless recruiter – might have told them, they haven’t even bothered to check the company site in detail. There is occasionally someone that has read the first paragraph of the home page, but that’s usually it. If you don’t give a damn or don’t even have the curiosity to check out the place you will be spending a large part of your day, then I do not want to work with you.

If on the other hand you do give a damn, then keep reading.