Consult Transaction Revamp

Summary

Complete overhaul of the shipment creation flow, migrating critical pricing and calculation logic from frontend to a secure, high-performance Golang backend. This initiative eliminated calculation vulnerabilities and ensured data integrity across all transaction types.

Context & Requirements

The existing shipment creation flow had critical vulnerabilities:

• Client-side Calculations: Pricing computed on frontend, vulnerable to manipulation
• Inconsistent Results: Different calculation results between web and mobile apps
• No Audit Trail: Difficult to trace how final prices were determined
• Performance Issues: Complex calculations slowing down user experience

Business Requirements:

• Eliminate pricing manipulation vulnerabilities
• Ensure 100% consistency across all platforms
• Maintain sub-second response times
• Full audit trail for all transactions

Architecture

Tech Stack:

| Component | Technology | Purpose | |-----------|------------|---------| | Calculation Engine | Golang | High-performance, type-safe calculations | | Communication | gRPC | Fast internal service communication | | Database | PostgreSQL | ACID-compliant transaction storage | | Caching | Redis | Rate data caching, session management | | Container | Docker + K8s | Scalable deployment |

Key Decisions & Tradeoffs

Why Backend-Sided Calculations?

| Approach | Pros | Cons | |----------|------|------| | Frontend (Old) | Fast UI feedback | Vulnerable, inconsistent | | Backend (New) | Secure, authoritative | Requires network call |

Our Solution: Hybrid approach with backend verification

Why Golang?

Selected Golang for the calculation engine because:

1. Performance: Compiled language with excellent concurrency support
2. Type Safety: Strong typing prevents calculation errors at compile time
3. Standard Library: Built-in support for precise decimal calculations
4. Deployment: Single binary, easy to deploy and scale

Implementation Highlights

1. Calculation Engine

Built a robust calculation service with:

• Precise Decimals: Using shopspring/decimal for financial accuracy
• Rule Engine: Configurable pricing rules without code changes
• Rate Versioning: Historical rates preserved for auditing

type Calculator struct {
    rateRepo    RateRepository
    ruleEngine  *RuleEngine
    auditLogger *AuditLogger
}

func (c *Calculator) Calculate(req CalculationRequest) (CalculationResult, error) {
    // Get current rates
    rates, err := c.rateRepo.GetActiveRates(req.ServiceType)
    if err != nil {
        return CalculationResult{}, err
    }

    // Apply all applicable rules
    result := c.ruleEngine.Apply(req, rates)

    // Log for audit
    c.auditLogger.LogCalculation(req, result)

    return result, nil
}

2. Validation Layer

Comprehensive input validation:

• Weight Limits: Per service type constraints
• Distance Calculation: Server-side geocoding verification
• Service Availability: Real-time route checking

3. Audit System

Complete transaction traceability:

• Every calculation logged with full context
• Immutable audit records in separate database
• Dispute resolution with historical data

Results & Metrics

Key Achievements:

• Eliminated 100% of pricing manipulation vulnerabilities
• Reduced calculation response time by 87%
• Zero pricing disputes due to calculation errors
• Full audit trail for regulatory compliance
• Consistent pricing across web, iOS, and Android

Team Leadership

Led a team of 3 engineers to:

• Design and document the new architecture
• Implement the Golang calculation service
• Migrate existing transactions without downtime
• Establish monitoring and alerting

What I Would Improve

Future improvements planned:

1. Real-time Rate Updates: Push-based rate changes without redeployment
2. ML-based Fraud Detection: Identify suspicious patterns automatically
3. Multi-currency Support: Dynamic exchange rate calculations
4. Load Testing: More comprehensive performance benchmarks

Lessons Learned

"Security-critical calculations should never trust client input. Always verify on the backend, even if it seems redundant."

This project reinforced the importance of "trust but verify" - while we still show estimated prices on the frontend for UX, the authoritative calculation always happens on the server.