5.2 KiB
5.2 KiB
Architecture Overview
System Architecture
The STUPA PDF API is built using a microservices architecture with clear separation of concerns between the frontend, backend, and database layers.
┌─────────────────┐ ┌─────────────────┐ ┌─────────────────┐
│ │ │ │ │ │
│ Frontend │────▶│ API Gateway │────▶│ Backend │
│ (React/TS) │ │ (Nginx) │ │ (FastAPI) │
│ │ │ │ │ │
└─────────────────┘ └─────────────────┘ └────────┬────────┘
│
▼
┌─────────────────┐ ┌─────────────────┐
│ │ │ │
│ Database │ │ File Storage │
│ (MySQL) │ │ (Base64 DB) │
│ │ │ │
└─────────────────┘ └─────────────────┘
Components
Frontend (React Application)
- Technology: React 18 with TypeScript
- State Management: With State
- UI Framework: Material-UI
- Build Tool: Vite
- Features:
- Single Page Application (SPA)
- Responsive design
- Real-time form validation
- File upload management
- PDF preview capabilities
API Gateway (Nginx)
- Purpose: Reverse proxy and static file serving
- Features:
- Route
/api/*requests to backend - Serve static frontend assets
- Handle CORS
- SSL termination (production)
- Request buffering
- Gzip compression
- Route
Backend (FastAPI)
- Framework: FastAPI (Python 3.11)
- ORM: SQLAlchemy
- PDF Processing: PyPDF2, ReportLab
- Features:
- RESTful API design
- Automatic API documentation
- Request validation
- Rate limiting
- Authentication middleware
- PDF parsing and generation
Database (MySQL)
- Version: MySQL 8.0
- Character Set: utf8mb4
- Features:
- Relational data model
- Foreign key constraints
- Indexes for performance
- Transaction support
Data Flow
Application Creation Flow
1. User uploads PDF → Frontend
2. Frontend sends PDF to API → POST /upload
3. Backend parses PDF → Extracts structured data
4. Backend creates application → Stores in database
5. Backend returns application ID and key
6. Frontend redirects to application view
PDF Generation Flow
1. User requests PDF → GET /applications/{id}?format=pdf
2. Backend loads application data
3. Backend fills PDF template
4. Backend returns filled PDF
5. Frontend displays/downloads PDF
Security Architecture
Authentication Layers
-
Application Key (
X-PA-KEY)- Generated per application
- Allows read/write access to specific application
- Stored as SHA-256 hash
-
Master Key (
X-MASTER-KEY)- Environment variable
- Full admin access
- Never exposed to frontend
Security Features
- Rate limiting per IP and per key
- SQL injection prevention (ORM)
- XSS protection (React)
- CORS configuration
- Input validation
- Secure password hashing
Database Schema
Core Tables
applications- Main application dataapplication_keys- Authentication keysattachments- File storage (Base64)application_attachments- Link tablecomparison_offers- Cost comparison datacost_position_justifications- Justification text
Key Relationships
- Applications ↔ Keys (1:N)
- Applications ↔ Attachments (N:N)
- Applications ↔ Comparison Offers (1:N)
Scalability Considerations
Horizontal Scaling
- Stateless API design
- Database connection pooling
- Load balancer ready
- Containerized deployment
Performance Optimizations
- Database indexes on foreign keys
- Lazy loading of attachments
- Efficient PDF streaming
- Response caching headers
- Gzip compression
Development vs Production
Development Environment
- Hot reloading (frontend & backend)
- Debug logging
- Local file storage
- Relaxed CORS
- Default credentials
Production Environment
- Optimized builds
- Error tracking
- Cloud storage ready
- Strict CORS
- Secret management
- SSL/TLS encryption
Future Architecture Considerations
Potential Enhancements
-
Microservice Separation
- PDF service
- Authentication service
- Notification service
-
External Storage
- S3-compatible object storage
- CDN for static assets
-
Caching Layer
- Redis for session management
- Application data caching
-
Message Queue
- Async PDF generation
- Email notifications
-
Monitoring
- Application metrics
- Performance monitoring
- Error tracking