Xuanbiao Zhu, SEAS Masters in Systems Engineering, 2024
This summer I served as a Backend Engineer intern at a startup company, contributing to the Backend Team between May and September of this summer. My primary role involved spearheading the development of the complete backend server using Java Spring Boot. This platform was crucial in facilitating the functionality of both the Frontend and Mobile App components.
The application’s central purpose revolves around streamlining personal finance management. It encompasses a suite of features such as consolidating data from various bank accounts, curating transaction histories, documenting expenditures, allowing the sharing and tracking of spending/investment strategies, and automating investments based on predefined strategies.
During my three-month internship, I successfully finished almost all the Issues assigned to me by my mentor and started to do some Merge request reviewing, gaining more and more understanding of how useful the git tool and the coding standard are in the co-working team. Besides that, given the sensitivity of financial data our company working with, I also learned how to make our backend secure enough, including the authentication and authority of the requests, prevention of SQL injection, error handling rules, etc.
As for co-working, it is much more formal than working in a course project team. Everything needs to be trackable with the help of Gitlab, and the code must obey the coding standard to make sure other team members know the logic as easily as possible. When I write the code, I need to let the code make sense in logic and readability. When the logic is vague, some comments will be helpful. We make all these style checkers right before the test checker in the pre-build session thanks to the Gradle wrapper, which makes our life easier in the CI process. In addition, before every merging, the MR needs to be reviewed by my colleagues, which is also a good way to check if the code is acceptable. Throughout this internship, I almost always considered the quality of my code rather than just making it work, thanks to the check style checker and the reviewing process. The reviewing session also gave me a chance to see and learn the coding style of my colleagues. Without it, I might still overlook the code standard since the git tool might be overkill in the course project, and most of our coursework focuses on logic rather than readability.
Other than co-working in my internship, I also learned some strategies to make our backend server more secure and robust to malicious requests in the real world. As for the authentication, we are using the JWT token to verify the identity of the request. On the other hand, the Authority process was instrumental in blueprinting which APIs required authorization and which did not. For example, users were permitted to access only their personal Asset information. Any attempts to request another user’s data, even if authenticated, would be blocked. This segregation of access is a fundamental security feature. The Authority process is tied to specific APIs; for instance, public Strategy information was made accessible to users.
This internship experience enriched my understanding of the technical facets of backend engineering and the paramount significance of adhering to industry-grade coding practices and collaborative tools like Git. It also provided me with a tangible understanding of how these theoretical concepts manifest in real-world applications.
This is part of a series of posts by recipients of the 2023 GAPSA Summer Internship Funding Program that is coordinated by Penn Career Services. We’ve asked funding recipients to reflect on their summer experiences and talk about the industries in which they spent their summer. You can read the entire series here.
