backend-architecture

Guide for backend-architecture

Backend Architecture - Legends of Hastinapur

Overview

Server-authoritative MMORPG backend built with Rust (Axum/Tokio) and PostgreSQL.

┌─────────────────────────────────────────────────────────────────┐
│                         Clients                                  │
│              (Bevy Desktop / Unity / Web)                       │
└────────────────────────┬────────────────────────────────────────┘
                         │ WebSocket + MessagePack
                         ▼
┌─────────────────────────────────────────────────────────────────┐
│                     Rust Game Server                             │
│  ┌─────────────┐  ┌─────────────┐  ┌─────────────┐             │
│  │  WebSocket  │  │   Axum      │  │   Tick      │             │
│  │   Handler   │──│   Routes    │──│   Engine    │             │
│  └─────────────┘  └─────────────┘  └─────────────┘             │
│         │                │                │                      │
│  ┌──────┴────────────────┴────────────────┴──────┐             │
│  │              Game Systems                       │             │
│  │  combat │ skills │ trading │ pvp │ zones      │             │
│  └──────────────────────────────────────────────────┘           │
└────────────────────────┬────────────────────────────────────────┘
                         │
         ┌───────────────┴───────────────┐
         ▼                               ▼
┌─────────────────┐             ┌─────────────────┐
│   PostgreSQL    │             │     Redis       │
│   (Persistent)  │             │   (Session/     │
│                 │             │    Cache)       │
└─────────────────┘             └─────────────────┘

Tech Stack

Layer	Technology
Runtime	Tokio (async)
Web Framework	Axum 0.7
Database	PostgreSQL (SQLx)
Cache	Redis
Protocol	WebSocket + MessagePack
Auth	Salted SHA256 + JWT + RSA (PKI)
Payments	Stripe
Shared Types	`shared-protocol` crate

Directory Structure

loh-backend/
├── rust-engine/crates/game-server/src/
│   ├── main.rs              # Entry point
│   ├── websocket.rs         # WS connection handling
│   ├── tick_engine.rs       # 600ms game tick
│   ├── game_state.rs        # Server state management
│   │
│   ├── handlers/            # WebSocket message handlers
│   ├── api/                 # REST endpoints
│   ├── auth/                # Auth & JWT
│   ├── repositories/        # Database access
│   │
│   ├── combat.rs            # Combat calculations
│   ├── skills.rs            # Skill progression
│   ├── gathering.rs         # Resource gathering
│   ├── production_skills.rs # Crafting
│   ├── smithing.rs          # Metal crafting
│   ├── prayers.rs           # Prayer/Tapasya
│   │
│   ├── inventory.rs         # 28-slot inventory
│   ├── bank.rs              # Bank storage
│   ├── equipment.rs         # Equip/unequip
│   ├── items.rs             # Item definitions
│   │
│   ├── trading.rs           # Player trading
│   ├── pvp.rs               # PvP combat
│   ├── social.rs            # Friends/ignore
│   │
│   ├── zone.rs              # Zone logic
│   ├── zone_manager.rs      # Zone state
│   ├── zone_spawns.rs       # NPC spawning
│   │
│   ├── payment.rs           # Payment processing
│   ├── stripe_integration.rs
│   ├── membership.rs        # Premium tiers
│   ├── wallet.rs            # Virtual currency
│   │
│   └── redis_cache.rs       # Session/cache layer

Database Schema

42 tables across domains:

Domain	Tables
Core Player	`users`, `players`, `player_states`, `daily_login_streaks`, `player_memberships`
Skills	`skills` (13 per player), `xp_lamps`
Inventory	`inventories`, `bank_storage`, `bank_metadata`
Equipment	`player_equipment`, `item_definitions`, `item_requirements`, `item_bonuses`
Social	`friends`, `ignore_list`
Trading	`trade_history`
PvP	`pvp_stats`, `death_log`
MTX	16 tables (wallets, treasure hunter, cosmetics, events)

See database/COMPLETE_SCHEMA_REFERENCE.md for full details.

Key Systems

1. Tick Engine (400ms Online / Flexible Offline)

Online: Strict 400ms tick (2.5/sec).
Offline (Single Player): Flexible 200ms-400ms floor.
- Forgiveness: Combat ticks decoupled from render/input loop to allow smoother feel.
- Goal: "Fast-Paced OSRS" feel with modern responsiveness.

2. WebSocket Protocol

MessagePack binary serialization
Bidirectional real-time communication
Per-connection state in game_state.rs

3. Authentication

Argon2id password hashing (OWASP standard).
HMAC-SHA256 request signing
RSA public-private key encryption
JWT access tokens (15min)
CSRF protection for web clients

4. Rate Limiting Strategy

Layer 1 (Volumetric): Cloudflare WAF.
Layer 2 (Edge): Cloudflare Workers (Web/Auth APIs).
Layer 3 (Application): action_rate_limiter.rs (Game Logic Speedlimit).
Layer 4 (Connection): governor crate for handshake limits.

5. Shared Types

Imports shared-protocol from loh-libs/rust/ for:

CombatStats, AttackStyle
ItemDefinition, LootTable
Message enums

Integration Points

System	Connection
Game Client	`ws://host:8080/ws`
REST API	`http://host:8080/api/*`
PostgreSQL	`postgres://host:5432/loh_game`
Redis	`redis://host:6379`
Stripe	Webhook at `/api/stripe/webhook`

Deployment

Docker Compose files:

docker-compose.yml - Local dev
docker-compose.dev.yml - Development
docker-compose.qa.yml - QA (5 replicas)
docker-compose.prod.yml - Production

Scalability Notes

Stateless game server - Can scale horizontally
Redis pub/sub - Cross-instance chat/events
PostgreSQL - 10KB per player → 100GB for 10M players
Target: 2,500 CCU per instance