Cloud Architecture

Complete infrastructure topology — every service, every connection, every data flow

Client / Compute

Auth / AI

Edge / CDN

Backend Services

RBAC / Caching

Metering

Events

Payments / Cache

Client Layer

Browser Client

Browser Client

React 18 + Next.js 15 SSR

Server-Side Rendered Pages

React Query + Hono RPC Client

Socket.IO Client (Realtime)

Middleware Auth Guards

SSRRSCCSRISR

OAuth Providers

OAuth Providers

Third-Party Identity

Google OAuth 2.0

GitHub OAuth

PKCE + State Validation

Edge / CDN Layer

EDGE

Cloudflare

Cloudflare

Edge Network + Security

DDoS Protection (L3/L4/L7)

WAF — OWASP Top 10 Rules

Global CDN (Static Assets)

Rate Limiting Rules

Cloudflare R2

Cloudflare R2

Object Storage (S3-Compatible)

Task Attachments (max 20MB)

Project Documents (max 25MB)

Profile Images → WebP 256×256

IMAGES_BUCKETATTACHMENTS_BUCKETPROJECT_DOCS_BUCKET

Compute Layer

DigitalOcean

DigitalOcean

App Platform

Managed Container Hosting

Auto-Scaling

SSL/TLS Certificates

CORE

Next.js 15 + Hono

Full-Stack Framework — 200+ API Endpoints

React 18 Server Components (SSR)

Hono Router — 35+ Route Modules

Session Middleware (Cookie Auth)

Traffic Metering Middleware

Billing Enforcement Middleware

RBAC — 4 Layers (WS → Org → Project → Space)

authtasksprojectsworkspacesbillingsprintsworkflowsspaces

Socket.IO Server

Socket.IO Server

Custom HTTP Server (server.ts)

WebSocket + Long Polling Fallback

User-Scoped Rooms user:{id}

Event: notification:new

Internal Push via X-Socket-Secret

Middleware Pipeline

Traffic Metering

Batched — flushes/60s

Measures req/res size + duration

In-memory buffer (max 100)

Flush every 60s → usage_events

Session Middleware

Cookie-Based Auth

Reads fairlx-session cookie

Validates via Appwrite Account API

Injects user into Hono context

Billing Guard

Enforcement Middleware

ACTIVE → pass through

DUE → pass + warning headers

SUSPENDED → 403 block

RBAC Layer

4-Tier Permission System

L1: Workspace (OWNER→VIEWER)

L2: Org + Department Permissions

L3: Project RBAC (per-project roles)

L4: Space (visibility + membership)

Notification & Event System

Event Dispatcher

Singleton — 23 Event Types

TaskCreated, Assigned, Completed, Deleted

StatusChanged, PriorityChanged

CommentAdded, Mention, Reply

MemberAdded, MemberRemoved, RoleChanged

Socket Channel

Realtime Push

HTTP bridge → Socket.IO emit

X-Socket-Secret auth

Email Channel

Email Channel

Appwrite Messaging SMTP

Themed HTML Templates

Type-specific subjects (emoji)

Self-action suppression

Webhook Channel

Outbound Project Events

Per-project webhook URLs

Maps events → webhook payloads

Backend Services

BACKEND

Appwrite Cloud

Appwrite Cloud

Backend-as-a-Service — 60+ Collections

Auth: Email/Pass, OAuth, Magic Links, 2FA

Database: 60+ collections across 8 domains

Storage: 3 buckets (images, attachments, docs)

Messaging: SMTP for emails

Realtime Subscriptions

tasksprojectsworkspacesbilling_accountsnotifications

Redis

Redis

In-Memory Cache

Session Cache (TTL-based)

Rate Limit Counters

Permission Resolution Cache

Billing Cycle Lock (CAS)

External Service Integrations

Razorpay

Payment Gateway

Wallet Top-up Orders

UPI / Card / NetBanking

Payment Webhooks (5 events)

HMAC-SHA256 Signature Verification

Google Gemini

Google Gemini

AI / LLM Services

Workflow AI (6 endpoints)

GitHub Repo Documentation Gen

Codebase Q&A (context-aware)

GitHub API

Repository Integration

Repo linking to projects

File tree fetching, commit history

Code documentation pipeline

Supabase

Supabase

Landing Page DB (PostgreSQL)

GitHub Star rewards coupon system

Service role key (server-only)