TECHNICAL SPECIFICATION FOR FlOWGUIDE SERVICE

1. INTRODUCTION

This is the technical specification for FlowGuide. If you have any questions, please do not hesitate to contact
support@mudlify.com.

2. SYSTEM ARCHITECTURE

2.1. System Architecture Diagram

2.2. Vercel

Vercel is a hosting platform used for hosting Flowguide and its assets: fonts, images, icons, favicon and company logos. Vercel will generate and assign an SSL certificate automatically for every domain added to a project, regardless of whether the domain is registered through Vercel or not. All certificates have an expiry date when they are created and therefore, need to be renewed before the expiry date in order for your domain to continue to work properly. Vercel attempts to renew certificates automatically within a 14-30 day period before it expires.

2.3. MongoDb

MongoDb Atlas is a multi-cloud developer data platform. It is used by FlowGuide to Create, Read, Update and Delete data.

The data consists of:

  •  All user input data
  • Guide Schematics
  • Clicked button data
  • Completion button data

 

2.4. AWS S3 Bucket

Amazon Simple Storage Service (S3) is an object storage service. FlowGuide requires the use of 2 buckets:

  • AWS S3 Bucket – Block Public Access: The block public access bucket is used for storing and retrieving assets/files. FlowGuide will request a signed URL from AWS that grants permission to download assets/files.
  • AWS S3 Bucket – Public: The public bucket is used for uploading and retrieving icons and images. The bucket policy written, allows public read and “get object” action only for specified domains.

 

2.5. 3rd Party Video Hosting

FlowGuide uses video embed URL to display videos from external 3rd Party Video Hosting (using Vimeo and YouTube embed URL).

2.6. Google Maps

FlowGuide uses Google Maps embed URL to display an interactive map.

3. TECHNOLOGY STACK

Below is a set of technologies used to run FlowGuide:

  • Frontend: React, Chakra-UI, TypeScript, Tiptap, Formik.
  • Backend: Next.js, TypeScript, AWS, Node.js, Passport.js /passport-local, Cookie, Hapi iron.
  • Database: MongoDB Atlas (NoSQL database).

 

4. SECURITY CONSIDERATIONS

4.1 Authentication

FlowGuide uses an email-password combination for user authentication. The authentication process involves the following:

  • User Registration: Authorised User in the form of “Admin” only, create an account by providing the email address, first name, last name and password for the “Employee/Customer”. The password is securely hashed using crypto before being stored in the database to prevent plain-text password storage.
  • Supplying the Password: The “Admin” provides the “Employee/Customer” the email and password.
  • Login: “Employee/Customer” logs in by entering their email and password. The system retrieves the stored hashed password associated with the email and uses crypto to compare it with the password provided. If they match, the user is authenticated, and a session token is generated and returned to the client.
  • Session Management: The session token is stored HTTP-only cookie to prevent access from JavaScript, enhancing security against XSS attacks. The token is used to authenticate requests.

 

4.2. Authorisation

Authorisation is managed using Role-Based Access Control.

  • Roles: Authorised Users are assigned roles based on their account type (Admin, Employee, Customer).
  • Access Control: Each role has specific permissions that define what actions the user can perform and what resources they can access. For instance: Admin: Full access to all resources and management capabilities. Employee/Customer: Limited access to personal data and functionality.
  • Permission Checks: Before accessing a protected resource, the application checks the user’s role against the required permissions for that action. If the user’s role meets or exceeds the required permissions, access is granted; otherwise, it is denied.

 

By implementing these authentication and authorisation mechanisms, the application ensures secure access to user data and resources.

5. SSL CERTIFICATES

To ensure secure communication and protect data integrity between clients and the web server, the application uses SSL/TLS certificates. The following measures are implemented:

5.1. SSL/TLS Encryption:

  • The application uses SSL/TLS (Secure Sockets Layer/Transport Layer Security) to encrypt all data transmitted between the client’s browser and the server.
  • The SSL certificate is issued by a trusted Certificate Authority (CA), ensuring that the application’s server is authenticated and trusted by browsers.

 

5.2. Certificate Management:

Automatic Renewal: The SSL certificate is set to automatically renew before its expiration date to avoid service disruptions and maintain continuous security.

6. VULNERABILITY MANAGEMENT: MONGODB ATLAS

MongoDB Atlas: MongoDB Atlas is a managed NoSQL database. It prevents injection attacks by:

Parameterized Queries: MongoDB drivers support parameterized queries, which ensure user input is treated as data, not executable code. This prevents injection attacks.

Access Control and Authentication: MongoDB Atlas provides strong authentication and role-based access controls, reducing the risk of unauthorised data access.

7. DEPLOYMENT AND HOSTING

7.1 Deploying GitHub Projects with Vercel

Vercel for GitHub automatically deploys your GitHub projects with Vercel, providing Preview Deployment URLs, and automatic Custom Domain updates. This seamless integration between GitHub and Vercel allows for continuous deployment without manual intervention.

7.2. Hosting Environment

FlowGuide is hosted on Vercel, a cloud platform optimised for front-end frameworks and static sites.

7.3. Environment Configuration

Environment-Specific Configurations:

  • Development: In the development environment, the application is set up to use local resources and debugging tools. Environment variables are stored in the .env.local file, which is not committed to the repository to maintain security.
  • Staging: The staging environment mirrors the production setup but is isolated for testing purposes. This environment uses Vercel’s environment variables for staging, ensuring a consistent setup for pre-production testing.
  • Production: In the production environment, the application uses Vercel’s managed services with production-specific environment variables securely stored in Vercel’s dashboard. The production environment is optimised for performance, using Vercel’s global CDN and edge functions for minimal latency.

 

By utilising Vercel for GitHub, the deployment pipeline is streamlined, ensuring fast, reliable, and automated deployments across different environments with little to no interruptions/downtime.

8. ERROR HANDLING AND LOGGING

In an event when an error occurs on the server side, FlowGuide logs the error in MongoDB Atlas. The error logged consists of the following: HTTP request method, date error occurred, the endpoint name and the error message.

Vercel continuously has runtime logs that are generated by Serverless and Edge Function invocations in both staging and production environments. These log results are shown in real-time and provide information about the output for functions as well as the console.log output. The retention time for log results is 1 day.