The Leaky Tokens project follows a microservices architecture pattern with the following key components:
┌─────────────────┐ ┌─────────────────┐ ┌─────────────────┐
│ Client Apps │ │ External │ │ Monitoring │
│ │ │ Services │ │ Systems │
│ (Web/Mobile) │ │ (Qwen/Gemini/ │ │ (Prometheus/ │
│ │ │ OpenAI Stubs) │ │ Grafana) │
└─────────┬───────┘ └─────────┬───────┘ └─────────┬───────┘
│ │ │
▼ ▼ ▼
┌─────────────────────────────────────────────────────────────────┐
│ API Gateway │
│ (Spring Cloud Gateway) │
└─────────────────┬───────────────────────────────────────────────┘
│
┌─────────▼─────────┐
│ Service Discovery │
│ (Eureka) │
└─────────┬─────────┘
│
┌─────────────┼─────────────┐
│ │ │
┌───▼───┐ ┌────▼────┐ ┌───▼───┐
│ Auth │ │ Config │ │ Kafka │
│Server │ │ Server │ │ │
└───────┘ └─────────┘ └───┬───┘
│
┌─────────────────────┼─────────────────────┐
│ │ │
┌───▼───┐ ┌───▼─────┐ ┌───▼────┐
│Token │ │Analytics│ │Other │
│Service│ │Service │ │Services│
└───┬───┘ └───┬─────┘ └───┬────┘
│ │ │
┌───▼─────────────────────▼───────────────────────▼───┐
│ │
│ Data Layer │
│ ┌──────────┐ ┌─────────┐ ┌──────────────────┐ │
│ │PostgreSQL│ │ Redis │ │ Apache Cassandra │ │
│ │ │ │ │ │ │ │
│ └──────────┘ └─────────┘ └──────────────────┘ │
└─────────────────────────────────────────────────────┘
- Technology: Spring Cloud Gateway
- Responsibilities:
- Request routing to appropriate microservices
- Cross-cutting concerns (authentication, rate limiting, logging)
- SSL termination
- Request/response transformation
- Circuit breaking
- Technology: Netflix Eureka
- Responsibilities:
- Service registration and discovery
- Health monitoring of services
- Load balancing between service instances
- Technology: Spring Cloud Config
- Responsibilities:
- Centralized configuration management
- Dynamic configuration updates
- Environment-specific configurations
- Technology: Spring Security OAuth2
- Responsibilities:
- User authentication
- Token generation and validation
- Role-based access control
- API key management
- Technology: Spring Boot
- Responsibilities:
- Implements leaky bucket algorithm
- Manages token pools for different API providers
- Tracks token consumption
- Enforces rate limiting
- Applies tier-based quotas (USER/ADMIN) and org-level shared quotas
Tier selection is derived from JWT roles and mapped to token.tiers.
If an orgId is supplied, org-level quotas are used instead of per-user quotas.
Example requests:
POST /api/v1/tokens/consume
{
"userId": "00000000-0000-0000-0000-000000000001",
"orgId": "10000000-0000-0000-0000-000000000001",
"provider": "openai",
"tokens": 25
}
GET /api/v1/tokens/quota/org?orgId=10000000-0000-0000-0000-000000000001&provider=openai
- Technology: Spring Boot + Kafka
- Responsibilities:
- Processes usage events
- Generates analytics and reports
- Stores metrics in time-series database
- Purpose: Primary relational database
- Use Cases: User accounts, subscriptions, configurations, transactional data
- Purpose: In-memory caching and session store
- Use Cases: Session management, cache for frequently accessed data, rate limiting counters
- Purpose: Distributed NoSQL database
- Use Cases: Time-series data, logs, metrics, audit trails
- Technology: Apache Kafka
- Responsibilities:
- Event-driven communication between services
- Transactional outbox implementation
- Async processing of background tasks
- REST APIs between services via API Gateway
- Service discovery lookup
- Direct database queries
- Event-driven communication via Kafka
- Saga pattern coordination
- Background job processing
┌─────────────────┐
│ Client │
└─────────┬───────┘
│ HTTPS
▼
┌─────────────────┐
│ API Gateway │ ← OAuth2/JWT Validation
└─────────┬───────┘
│ Internal Communication
▼
┌─────────────────┐
│ Microservices │ ← Service-to-Service Auth
└─────────┬───────┘
│ Data Access
▼
┌─────────────────┐
│ Data Layer │ ← Encrypted Connections
└─────────────────┘
- Docker Compose: Single-file orchestration for local development
- Service Dependencies: Proper startup ordering with health checks
- Resource Management: Memory and CPU constraints per service
- Prometheus: Metrics collection
- Grafana: Visualization and dashboards
- Jaeger/Zipkin: Distributed tracing
- ELK Stack: Log aggregation and analysis
- Implemented using Spring Cloud Circuit Breaker
- Prevents cascade failures
- Provides fallback mechanisms
- Configurable retry policies
- Exponential backoff
- Timeout handling
- Resource isolation between services
- Thread pool separation
- Semaphore-based concurrency limits
- Choreography-based SAGA implementation
- Compensation transactions for rollback
- Event-driven coordination
- Events stored in database transactionally
- Separate process publishes events to Kafka
- Ensures at-least-once delivery
- Statelessness of services
- Load balancing via service discovery
- Database sharding strategies
- Resource allocation per service based on requirements
- Caching strategies to reduce load
- Asynchronous processing for heavy operations
- Latest language features and performance improvements
- Strong ecosystem for enterprise applications
- Excellent tooling and community support
- Rapid development and prototyping
- Extensive integration with cloud-native technologies
- Mature ecosystem for microservices
- Simple orchestration for local development
- Reproducible environments
- Easy to extend for production scenarios
This architecture provides a solid foundation for demonstrating advanced microservices concepts while maintaining scalability, reliability, and maintainability.