Skip to content

Instantly share code, notes, and snippets.

View oscarychen's full-sized avatar

Oscar Y Chen oscarychen

25 followers · 9 following
  • Calgary
View GitHub Profile
@oscarychen
oscarychen / alloydb_inline_filtering.md
Last active August 8, 2025 05:50
Effcient hybrid search on vector database using inline filtering with ScaNN index

Background

Filtering on structured metadata as well as embedding vectors effciently has historically been a scaling challenge for applications involving RAG. AlloyDB released a new feature called inline filtering to achieve exactly that. This gist contains some of my learnings while experimenting with inline filtering using ScaNN index to achieve efficent and scalable hybrid search.

Summary (TLDR)

  • The recommended query utilizes a 2-stage hybrid search process, where first stage performs a search on embedding chunks using inline filtering with ScaNN index, and the second stage refines the result by selecting the highest score chunk for each document.

  • The query scales in the majority of the hybrid search scenarios with O(√n + k log k) where k << n.

  • In order to utilize inline filtering for hybrid search, it is necessary to denormalize the filtering metadata columns

@oscarychen
oscarychen / django_design_pattern.md
Last active April 10, 2025 13:54
Building Django project like a Java developer: design pattern for complex web projects

Background

Django and Django REST Framework are designed around Active Records design pattern where each Record Object represents a “living” database record that can be interacted with where the changes as resulted of the interaction is reflected on the underlying database record automatically. This has allowed many of Django's libraries including Django REST Framework to access data and modify data from all parts of the application, and thus encourages vertically integrated features where behaviors that are defined by Models, such as using ModelSerializer and ModelViewset.

Challenges

This design pattern presents several areas of concerns:

  • Tight coupling: mixes data access and business logic, violates Single Responsibility, makes unit test difficult. DRF Serializer is one such example that does much more than what the name suggests, it not only serializes data but also performs CRUD operation on models.
  • Performance limitation: heavy object creation and retrieval for simple database operati
@oscarychen
oscarychen / postgres_ltree.sql
Created March 11, 2023 02:07
Postgres Ltree Cheatsheet
CREATE EXTENSION ltree;
CREATE TABLE test (path ltree);
-- Top
-- / | \
-- Science Hobbies Collections
-- / | \
-- Astronomy Amateurs_Astronomy Pictures
@oscarychen
oscarychen / go_notes.md
Last active February 2, 2024 18:27
Go notes

Go commands

go mod init: start new module, this will put a "go.mod" file in the current directory

go get <package>: install dependency

go run <module_name>: Run

go build <module_name>: compile executable

Language basics

@oscarychen
oscarychen / rust_notes.md
Last active November 15, 2022 16:50
Rust notes

Cargo commands

cargo new <project_name>: start new project

cargo run: compile and run project

cargo build: build executable

Language basics

Primitive types

bool: boolean

@oscarychen
oscarychen / drf-exception-handling.md
Last active January 25, 2025 15:25
Exception handling in Django REST Framework

Exception Handling in Django REST Framework

In Django REST Framework views (this includes anything that might be called from a view), anytime when an exception occurs it will get handled by the framework.

  • If the Exception is DRF APIException, or Django PermissionDenied, the View will return the appropriate HTTP response with a HTTP status code and detail about the error.
  • If the Exception is other types of Django or Python Exceptions, HTTP 500 response will be returned.

To provide more customized error response with the appropriate status code, you will want to raise a subclass of APIException:

from rest_framework.exceptions import ValidationError
@oscarychen
oscarychen / csp.md
Last active January 19, 2023 04:07
Content Security Policy explained

Content Security Policy (CSP)

CSP limits our site from making requests to other sites, controls what resources the page is allowed to load. It limits the damage even if malicious code is running in a user's browser within our site's context.

Common examples

  • Content-Security-Policy: default-src ‘self’ Prevents loading resources from other domains. Prevents inline scripts, such as <script>alert('hello')</script>.

  • Content-Security-Policy: default-src ‘self’ *.trusted.com

@oscarychen
oscarychen / xss.md
Last active December 9, 2021 19:27
cross-site scripting explained

Cross-site scripting (XSS)

What is XSS?

  • Unexpected JavaScript code running in an HTML document
  • Unexpected code in SQL query
  • Any code that combines a command with user data is susceptible

Attacker may:

@oscarychen
oscarychen / csrf.md
Last active December 9, 2021 19:22
cross site request forgery explained

Cross Site Request Forgery (CSRF)

Session Hijacking

Cookie sent over unencrypted HTTP connection

Mitigation

Use Secure attribute on cookie to prevent it from being sent over unencrypted connection: Set-Cookie: key=value; Secure

@oscarychen
oscarychen / cookies_same_origin_policy.md
Last active May 15, 2024 11:42
Cookies and Same Origin Policy explained

Cookies and Same Origin Policy

Origin

origin

_Origin_ is defined as the protocol-host-port tuple

Same Origin Policy

Ensures host document can only be accessed by JavaScript execution context from the same origin.