Design and Implementation of a Hundred-Million-Level User Center System

The user center is one of the most fundamental core systems in internet applications. As business and user base grow, it brings continuous challenges. This article provides a practical solution for ensuring high availability, high performance, and high security in a hundred-million-level user system.

1. Service Architecture

Based on business characteristics, the user center is split into three independent microservices: Gateway Service, Core Service, and Async Consumer Service. The gateway service provides HTTP services and aggregates various business logic and service calls. The core service handles simple business logic and data storage, located at the end of the call chain with minimal dependencies. The async consumer service processes and consumes asynchronous messages.

2. Interface Design

Interfaces are divided into Web and App categories. Web interfaces need cross-domain single sign-on, while App interfaces require replay prevention and signature verification. Core interfaces undergo special processing: user information tables are split into core information tables (userId, username, phone, password, salt) and user profile tables (gender, avatar, nickname). The login core path is shortened to depend only on read databases, with dependent services capable of automatic degradation.

3. Database Sharding

For data exceeding 100 million records, vertical sharding is applied first: separating core user information from other user data. User event tables are migrated to separate databases. For horizontal sharding, two methods are discussed: Index Table Method and Gene Method. The Gene Method embeds username or mobile number into the UID using a function to generate N-bit genes.

4. Token Graceful Degradation

After user login, tokens are generated and stored in Redis. When Redis becomes unavailable, the system generates a special format token that can be decrypted and verified against the database, with rate limiting applied to prevent database overload.

5. Data Security

Sensitive data requires desensitization, and passwords undergo multiple encryption layers. User passwords are validated against weak password blacklists. The system uses bcrypt/scrypt algorithms for password hashing, which implement random salt processing and memory-intensive operations to effectively resist rainbow table attacks.

6. Async Consumer Design

After user operations (login/register), user events are stored and sent to MQ. Downstream businesses listen to user events for积分, coupons, and other rewards. This decouples the user center from downstream services.

7. Monitoring

Comprehensive monitoring includes QPS of important interfaces, machine memory usage, garbage collection time, service call time, database Binlog writing, front-end components, and full-link tracing via ZipKin.