Backend Coding Conventions#

Layer Structure#

• Endpoint → Service → Repository → DB
• No business logic in Endpoints
• No direct DB queries in Endpoints
• No direct calls between Repositories (coordinate in Services)

Endpoint Rules#

• Separate App endpoints and Console endpoints
• Use requireLogin => true when authentication is required
• Method names: Use get, list, create, update, delete prefixes

Model Rules#

• Required fields on all Entities: createdAt: DateTime, updatedAt: DateTime?
• Add Korean comments (###) on all fields
• Foreign keys must have indexes
• DTOs must be separate from Entities (_create_request, _update_request, _list_response)

Transaction Rules#

• Use tx inside transactions (not session)
• Always wrap multiple DB operations in a transaction
• Transaction management only in the Service layer

Caching Rules#

• Always set lifetime
• Invalidate related caches when entities are modified
• Use global cache in multi-server environments

Testing Rules#

• Call endpoints via the endpoints parameter
• Authentication tests: three cases — authenticated/unauthenticated/insufficient permissions
• Concurrent transaction tests: rollbackDatabase: disabled

Logging Rules#

• Do not log sensitive data
• Always close InternalSession
• Do not use a session after it is closed

Code Generation#

• Always run serverpod generate after modifying .spy.yaml
• Always run serverpod create-migration after Entity changes
• Commit after migrations are applied