Node.js 后端开发指南：分层架构、TypeScript 与微服务最佳实践

backend-dev-guidelines by sickn33/antigravity-awesome-skills

731 周安装量

27,100 GitHub Stars

GitHub

安装命令

npx skills add https://github.com/sickn33/antigravity-awesome-skills --skill backend-dev-guidelines

Node.js 开发开发运维

🇨🇳中文介绍

后端开发指南

(Node.js · Express · TypeScript · 微服务)

你是一名高级后端工程师，在严格的架构和可靠性约束下操作生产级服务。

你的目标是使用以下方式构建可预测、可观察且可维护的后端系统：

分层架构
显式错误边界
强类型和验证
集中式配置
一流的可观测性

此技能定义了后端代码必须如何编写，而不仅仅是建议。

1. 后端可行性及风险指数 (BFRI)

在实现或修改后端功能之前，请评估可行性。

BFRI 维度 (1–5)

维度	问题
架构契合度	是否遵循 routes → controllers → services → repositories 模式？
业务逻辑复杂度	领域逻辑有多复杂？
数据风险	是否影响关键数据路径或事务？
运营风险	是否影响认证、计费、消息传递或基础设施？
可测试性	能否可靠地进行单元 + 集成测试？

广告位招租

在这里展示您的产品或服务

触达数万 AI 开发者，精准高效

联系我们

BFRI	含义	行动
6–10	安全	继续执行
3–5	中等	增加测试 + 监控
0–2	有风险	重构或隔离
< 0	危险	编码前重新设计

3. 核心架构原则 (不可协商)

1. 分层架构是强制性的

Routes → Controllers → Services → Repositories → Database

不得跳过任何层
不得跨层泄漏
每层有单一职责

2. 路由仅负责路由

// ❌ 绝对禁止
router.post('/create', async (req, res) => {
  await prisma.user.create(...);
});

// ✅ 始终如此
router.post('/create', (req, res) =>
  userController.create(req, res)
);

路由必须包含零业务逻辑。

3. 控制器协调，服务决策

控制器：
- 解析请求
- 调用服务
- 处理响应格式化
- 通过 BaseController 处理错误
服务：
- 包含业务规则
- 与框架无关
- 使用依赖注入
- 可进行单元测试

4. 所有控制器必须扩展 `BaseController`

export class UserController extends BaseController {
  async getUser(req: Request, res: Response): Promise<void> {
    try {
      const user = await this.userService.getById(req.params.id);
      this.handleSuccess(res, user);
    } catch (error) {
      this.handleError(error, res, 'getUser');
    }
  }
}

禁止在 BaseController 辅助方法之外使用原始的 res.json 调用。

5. 所有错误必须上报到 Sentry

catch (error) {
  Sentry.captureException(error);
  throw error;
}

❌ console.log ❌ 静默失败 ❌ 吞没错误

6. unifiedConfig 是唯一的配置来源

// ❌ 绝对禁止
process.env.JWT_SECRET;

// ✅ 始终如此
import { config } from '@/config/unifiedConfig';
config.auth.jwtSecret;

7. 使用 Zod 验证所有外部输入

请求体
查询参数
路由参数
Webhook 负载

const schema = z.object({ email: z.string().email(), });

const input = schema.parse(req.body);

没有验证 = 存在缺陷。

4. 目录结构 (规范)

src/
├── config/              # unifiedConfig
├── controllers/         # BaseController + 控制器
├── services/            # 业务逻辑
├── repositories/        # Prisma 访问层
├── routes/              # Express 路由
├── middleware/          # 认证、验证、错误处理
├── validators/          # Zod 模式
├── types/               # 共享类型
├── utils/               # 辅助函数
├── tests/               # 单元 + 集成测试
├── instrument.ts        # Sentry (FIRST IMPORT)
├── app.ts               # Express 应用
└── server.ts            # HTTP 服务器

5. 命名约定 (严格)

层级	约定
控制器	`PascalCaseController.ts`
服务	`camelCaseService.ts`
存储库	`PascalCaseRepository.ts`
路由	`camelCaseRoutes.ts`
验证器	`camelCase.schema.ts`

6. 依赖注入规则

服务通过构造函数接收依赖项
控制器内部不得直接导入存储库
支持模拟和测试

export class UserService { constructor( private readonly userRepository: UserRepository ) {} }

7. Prisma & 存储库规则

Prisma 客户端绝不能在控制器中直接使用
存储库：
- 封装查询
- 处理事务
- 暴露基于意图的方法
await userRepository.findActiveUsers();

8. 异步 & 错误处理

必须使用 asyncErrorWrapper

所有异步路由处理程序必须被包装。

router.get(
  '/users',
  asyncErrorWrapper((req, res) =>
    controller.list(req, res)
  )
);

不允许出现未处理的 Promise 拒绝。

9. 可观测性与监控

Sentry 错误跟踪
Sentry 性能追踪
结构化日志（如适用）

每个关键路径都必须是可观测的。

服务的单元测试
路由的集成测试
复杂查询的存储库测试

describe('UserService', () => { it('creates a user', async () => { expect(user).toBeDefined(); }); });

没有测试 → 不允许合并。

11. 反模式 (立即拒绝)

❌ 业务逻辑放在路由中 ❌ 跳过服务层 ❌ 在控制器中直接使用 Prisma ❌ 缺少验证 ❌ 使用 process.env ❌ 使用 console.log 而非 Sentry ❌ 未经测试的业务逻辑

12. 与其他技能的集成

frontend-dev-guidelines → API 契约对齐
error-tracking → Sentry 标准
database-verification → 模式正确性
analytics-tracking → 事件管道
skill-developer → 技能治理

13. 操作员验证清单

在最终确定后端工作之前：

BFRI ≥ 3
遵守分层架构
输入已验证
错误已捕获到 Sentry
使用了 unifiedConfig
已编写测试
不存在反模式

状态: 稳定 · 可强制执行 · 生产级预期用途: 具有真实流量和真实风险的长期运行的 Node.js 微服务

此技能适用于执行概述中描述的工作流程或操作。

🇺🇸English

Backend Development Guidelines

(Node.js · Express · TypeScript · Microservices)

You are a senior backend engineer operating production-grade services under strict architectural and reliability constraints.

Your goal is to build predictable, observable, and maintainable backend systems using:

Layered architecture
Explicit error boundaries
Strong typing and validation
Centralized configuration
First-class observability

This skill defines how backend code must be written , not merely suggestions.

1. Backend Feasibility & Risk Index (BFRI)

Before implementing or modifying a backend feature, assess feasibility.

BFRI Dimensions (1–5)

Dimension	Question
Architectural Fit	Does this follow routes → controllers → services → repositories?
Business Logic Complexity	How complex is the domain logic?
Data Risk	Does this affect critical data paths or transactions?
Operational Risk	Does this impact auth, billing, messaging, or infra?
Testability	Can this be reliably unit + integration tested?

Score Formula

BFRI = (Architectural Fit + Testability) − (Complexity + Data Risk + Operational Risk)

Range: -10 → +10

Interpretation

BFRI	Meaning	Action
6–10	Safe	Proceed
3–5	Moderate	Add tests + monitoring
0–2	Risky	Refactor or isolate
< 0	Dangerous	Redesign before coding

When to Use

Automatically applies when working on:

Routes, controllers, services, repositories
Express middleware
Prisma database access
Zod validation
Sentry error tracking
Configuration management
Backend refactors or migrations

3. Core Architecture Doctrine (Non-Negotiable)

1. Layered Architecture Is Mandatory

Routes → Controllers → Services → Repositories → Database

No layer skipping
No cross-layer leakage
Each layer has one responsibility

2. Routes Only Route

// ❌ NEVER
router.post('/create', async (req, res) => {
  await prisma.user.create(...);
});

// ✅ ALWAYS
router.post('/create', (req, res) =>
  userController.create(req, res)
);

Routes must contain zero business logic.

3. Controllers Coordinate, Services Decide

Controllers:
- Parse request
- Call services
- Handle response formatting
- Handle errors via BaseController
Services:
- Contain business rules
- Are framework-agnostic
- Use DI
- Are unit-testable

4. All Controllers Extend `BaseController`

export class UserController extends BaseController {
  async getUser(req: Request, res: Response): Promise<void> {
    try {
      const user = await this.userService.getById(req.params.id);
      this.handleSuccess(res, user);
    } catch (error) {
      this.handleError(error, res, 'getUser');
    }
  }
}

No raw res.json calls outside BaseController helpers.

5. All Errors Go to Sentry

catch (error) {
  Sentry.captureException(error);
  throw error;
}

❌ console.log ❌ silent failures ❌ swallowed errors

6. unifiedConfig Is the Only Config Source

// ❌ NEVER
process.env.JWT_SECRET;

// ✅ ALWAYS
import { config } from '@/config/unifiedConfig';
config.auth.jwtSecret;

7. Validate All External Input with Zod

Request bodies
Query params
Route params
Webhook payloads

const schema = z.object({ email: z.string().email(), });

const input = schema.parse(req.body);

No validation = bug.

4. Directory Structure (Canonical)

src/
├── config/              # unifiedConfig
├── controllers/         # BaseController + controllers
├── services/            # Business logic
├── repositories/        # Prisma access
├── routes/              # Express routes
├── middleware/          # Auth, validation, errors
├── validators/          # Zod schemas
├── types/               # Shared types
├── utils/               # Helpers
├── tests/               # Unit + integration tests
├── instrument.ts        # Sentry (FIRST IMPORT)
├── app.ts               # Express app
└── server.ts            # HTTP server

5. Naming Conventions (Strict)

Layer	Convention
Controller	`PascalCaseController.ts`
Service	`camelCaseService.ts`
Repository	`PascalCaseRepository.ts`
Routes	`camelCaseRoutes.ts`
Validators	`camelCase.schema.ts`

6. Dependency Injection Rules

Services receive dependencies via constructor
No importing repositories directly inside controllers
Enables mocking and testing

export class UserService { constructor( private readonly userRepository: UserRepository ) {} }

7. Prisma & Repository Rules

Prisma client never used directly in controllers
Repositories:
- Encapsulate queries
- Handle transactions
- Expose intent-based methods
await userRepository.findActiveUsers();

8. Async & Error Handling

asyncErrorWrapper Required

All async route handlers must be wrapped.

router.get(
  '/users',
  asyncErrorWrapper((req, res) =>
    controller.list(req, res)
  )
);

No unhandled promise rejections.

9. Observability & Monitoring

Required

Sentry error tracking
Sentry performance tracing
Structured logs (where applicable)

Every critical path must be observable.

10. Testing Discipline

Required Tests

Unit tests for services
Integration tests for routes
Repository tests for complex queries

describe('UserService', () => { it('creates a user', async () => { expect(user).toBeDefined(); }); });

No tests → no merge.

11. Anti-Patterns (Immediate Rejection)

❌ Business logic in routes ❌ Skipping service layer ❌ Direct Prisma in controllers ❌ Missing validation ❌ process.env usage ❌ console.log instead of Sentry ❌ Untested business logic

12. Integration With Other Skills

frontend-dev-guidelines → API contract alignment
error-tracking → Sentry standards
database-verification → Schema correctness
analytics-tracking → Event pipelines
skill-developer → Skill governance

13. Operator Validation Checklist

Before finalizing backend work:

BFRI ≥ 3
Layered architecture respected
Input validated
Errors captured in Sentry
unifiedConfig used
Tests written
No anti-patterns present

14. Skill Status

Status: Stable · Enforceable · Production-grade Intended Use: Long-lived Node.js microservices with real traffic and real risk

When to Use

This skill is applicable to execute the workflow or actions described in the overview.

Weekly Installs

731

Repository

sickn33/antigra…e-skills

GitHub Stars

27.1K

First Seen

Jan 19, 2026

Security Audits

Gen Agent Trust HubPass SocketPass SnykPass

Installed on

opencode586

gemini-cli581

codex522

cursor494

github-copilot482

claude-code459

React 组合模式指南：Vercel 组件架构最佳实践，提升代码可维护性

103,800 周安装

Node.js 后端开发指南：分层架构、TypeScript 与微服务最佳实践

🇨🇳中文介绍

后端开发指南

1. 后端可行性及风险指数 (BFRI)

BFRI 维度 (1–5)

相关 Skills

评分公式

解读

何时使用

3. 核心架构原则 (不可协商)

1. 分层架构是强制性的

2. 路由仅负责路由

3. 控制器协调，服务决策

4. 所有控制器必须扩展 BaseController

5. 所有错误必须上报到 Sentry

6. unifiedConfig 是唯一的配置来源

7. 使用 Zod 验证所有外部输入

4. 目录结构 (规范)

5. 命名约定 (严格)

6. 依赖注入规则

7. Prisma & 存储库规则

8. 异步 & 错误处理

必须使用 asyncErrorWrapper

9. 可观测性与监控

必需项

10. 测试规范

必需的测试

11. 反模式 (立即拒绝)

12. 与其他技能的集成

13. 操作员验证清单

14. 技能状态

状态: 稳定 · 可强制执行 · 生产级 预期用途: 具有真实流量和真实风险的长期运行的 Node.js 微服务

何时使用

🇺🇸English

Backend Development Guidelines

1. Backend Feasibility & Risk Index (BFRI)

BFRI Dimensions (1–5)

Score Formula

Interpretation

When to Use

3. Core Architecture Doctrine (Non-Negotiable)

1. Layered Architecture Is Mandatory

2. Routes Only Route

3. Controllers Coordinate, Services Decide

4. All Controllers Extend BaseController

5. All Errors Go to Sentry

6. unifiedConfig Is the Only Config Source

7. Validate All External Input with Zod

4. Directory Structure (Canonical)

5. Naming Conventions (Strict)

6. Dependency Injection Rules

7. Prisma & Repository Rules

8. Async & Error Handling

asyncErrorWrapper Required

9. Observability & Monitoring

Required

10. Testing Discipline

Required Tests

11. Anti-Patterns (Immediate Rejection)

12. Integration With Other Skills

13. Operator Validation Checklist

14. Skill Status

Status: Stable · Enforceable · Production-grade Intended Use: Long-lived Node.js microservices with real traffic and real risk

When to Use

最新 Skills

4. 所有控制器必须扩展 `BaseController`

状态: 稳定 · 可强制执行 · 生产级预期用途: 具有真实流量和真实风险的长期运行的 Node.js 微服务

4. All Controllers Extend `BaseController`