-
Notifications
You must be signed in to change notification settings - Fork 0
ARCHITECTURE
NEXUS Support System edited this page May 16, 2026
·
2 revisions
This document provides an in-depth overview of NEXUS Support System architecture and design decisions.
- Main Server - Application entry point
- Database Config - Database configuration
- Middleware Directory - All middleware components
- Models Directory - Data models
- Controllers Directory - Business logic
- Routes Directory - API endpoints
- Docker Configuration - Container setup
- Nginx Configuration - Web server config
- Monitoring Directory - Monitoring setup
- Logging Directory - Logging configuration
NEXUS is a full-stack web application that provides ticket management capabilities with GitHub integration.
┌─────────────────────────────────────────────────────────────┐
│ Client Layer │
│ (Static HTML/CSS/JS) │
└────────────────────────┬────────────────────────────────────┘
│ HTTP/HTTPS
▼
┌─────────────────────────────────────────────────────────────┐
│ Server Layer │
│ (Express.js Application) │
│ ┌──────────────┐ ┌──────────────┐ ┌──────────────┐ │
│ │ Middleware │ │ Routes │ │ Controllers │ │
│ └──────────────┘ └──────────────┘ └──────────────┘ │
└────────────────────────┬────────────────────────────────────┘
│ Mongoose
▼
┌─────────────────────────────────────────────────────────────┐
│ Database Layer │
│ (MongoDB) │
│ ┌──────────────┐ ┌──────────────┐ │
│ │ Tickets │ │ Users │ │
│ └──────────────┘ └──────────────┘ │
└─────────────────────────────────────────────────────────────┘
│
▼
┌─────────────────────────────────────────────────────────────┐
│ External Services │
│ (GitHub API) │
└─────────────────────────────────────────────────────────────┘
- Runtime: Node.js
- Framework: Express.js
- Database: MongoDB
- ODM: Mongoose
- Authentication: JWT + bcrypt
- HTTP Client: Axios
- Security: Helmet, CORS, express-rate-limit
- Technology: Vanilla HTML5, CSS3, JavaScript
- No Framework: Lightweight, no build step required
- Theme: Custom sci-fi theme with CSS
- Process Manager: PM2 (production)
- Reverse Proxy: Nginx (production)
- SSL: Let's Encrypt (production)
Responsibilities:
- Express application initialization
- Middleware configuration
- Route registration
- Error handling
- Server startup
Key Components:
- Database connection
- Security middleware (Helmet, CORS)
- Rate limiting
- Static file serving
- API routes
- Error handling middlewarePurpose: Business logic and request/response handling
Controllers:
-
ticketController.js
- Create, read, update, delete tickets
- Add comments to tickets
- Link tickets to GitHub issues
-
githubController.js
- Process GitHub webhooks
- Sync tickets to GitHub
- Handle GitHub events
-
userController.js
- User registration
- User login
- Get current user profile
Design Pattern: Each controller handles CRUD operations for a specific resource.
Purpose: Data structure definition and validation
Models:
-
Ticket.js
- Ticket schema with GitHub integration fields
- Pre-save hooks for timestamps
- Validation rules
-
User.js
- User schema with authentication fields
- Password hashing (handled in controller)
Design Pattern: Mongoose schemas with built-in validation.
Purpose: API endpoint definitions and routing
Route Files:
-
ticketRoutes.js -
/api/ticketsendpoints -
githubRoutes.js -
/api/githubendpoints -
userRoutes.js -
/api/usersendpoints
Design Pattern: RESTful API design with resource-based routing.
Purpose: Cross-cutting concerns
Middleware:
-
auth.js
- JWT token verification
- User attachment to request object
-
githubWebhook.js
- GitHub webhook signature verification
- Security validation
Design Pattern: Express middleware pattern for request processing.
User (Frontend)
↓ HTTP POST /api/tickets
Express Server
↓ ticketController.createTicket()
Ticket Model (Mongoose)
↓ MongoDB
Database
↓ Response
Frontend (Update UI)
GitHub Event
↓ POST /api/github/webhook
githubWebhook Middleware
↓ Verify signature
githubController.handleGitHubWebhook()
↓ Process event type
Ticket Model (Create/Update)
↓ MongoDB
Database
User Request
↓ POST /api/github/sync-ticket/:id
githubController.syncTicketToGitHub()
↓ Axios Request
GitHub API
↓ Create/Update Issue
Ticket Model (Update with GitHub data)
↓ MongoDB
Database
{
_id: ObjectId,
ticketId: String (unique, indexed),
title: String,
description: String,
status: Enum ['open', 'in_progress', 'resolved', 'closed'],
priority: Enum ['low', 'medium', 'high', 'critical'],
category: String,
createdBy: String,
createdByEmail: String,
assignedTo: String,
githubIssueNumber: Number,
githubIssueUrl: String,
comments: [{
author: String,
authorEmail: String,
content: String,
createdAt: Date
}],
tags: [String],
createdAt: Date,
updatedAt: Date,
resolvedAt: Date
}Indexes:
-
ticketId(unique) statuspriority-
createdAt(descending)
{
_id: ObjectId,
username: String (unique),
email: String (unique),
password: String (hashed),
role: Enum ['admin', 'support_agent', 'user'],
githubUsername: String,
createdAt: Date
}Indexes:
-
username(unique) -
email(unique)
- Resources: Tickets, Users, GitHub
- HTTP Methods: GET, POST, PUT, DELETE
- Status Codes: Proper HTTP status codes
- Response Format: Consistent JSON format
Success:
{
"success": true,
"data": { ... }
}Error:
{
"success": false,
"error": "Error message"
}- User registers or logs in
- Server generates JWT token
- Client stores token
- Client includes token in Authorization header
- Server verifies token on protected routes
-
Transport Layer
- SSL/TLS (HTTPS) with automatic enforcement in production
- Secure headers (Helmet) with explicit Content Security Policy
- HSTS (HTTP Strict Transport Security)
- MongoDB SSL/TLS configuration support
-
Application Layer
- Input validation with validator library
- Output sanitization (xss-clean)
- NoSQL injection prevention (express-mongo-sanitize)
- XSS prevention
- Parameter pollution prevention (hpp)
- Body size limits (10kb)
-
Authentication Layer
- JWT tokens with 1-hour expiration
- Password hashing (bcrypt with 10 salt rounds)
- Password complexity requirements (8+ chars, uppercase, lowercase, number, special char)
- General rate limiting (100 requests/15min per IP)
- Login-specific rate limiting (5 attempts/15min per IP)
-
Network Layer
- CORS configuration with origin control
- Firewall rules
- IP whitelisting
-
Audit Layer
- Security event logging to logs/security.log
- Failed login attempt tracking
- Rate limit violation logging
- Suspicious input detection
- User registration monitoring
- Helmet: Security headers with explicit Content Security Policy
- CORS: Cross-origin resource sharing control with configurable origins
- Rate Limiting: 100 requests/15min per IP (general), 5 login attempts/15min per IP
- Password Hashing: bcrypt with 10 salt rounds
- Password Complexity: Minimum 8 characters with uppercase, lowercase, number, and special character requirements
- JWT: Token-based authentication with 1-hour expiration
- Webhook Verification: HMAC signature verification
- Input Validation: Mongoose validators + validator library
- Input Sanitization: express-mongo-sanitize, xss-clean, hpp
- Environment Variables: Secrets not in code
- Security Audit Logging: Comprehensive logging of security events
- HTTPS Enforcement: Automatic redirect to HTTPS in production
- MongoDB SSL/TLS: Configurable encrypted database connections
GitHub Repository
↓ Webhook Event
Application Server
↓ Signature Verification
Event Handler
↓ Process Event
Database Update
↓ Sync to GitHub (if needed)
GitHub API
- Issues: opened, closed, reopened, edited, labeled
- Issue Comments: created
- GitHub → Application: Webhooks create/update tickets
- Application → GitHub: Manual sync creates/updates issues
- Single server deployment
- Single MongoDB instance
- In-memory session management
-
Horizontal Scaling
- Load balancer (Nginx)
- Multiple application instances
- Shared session storage (Redis)
-
Database Scaling
- MongoDB replica sets
- Sharding for large datasets
- Read replicas for read-heavy workloads
-
Caching
- Redis for session storage
- Application-level caching
- CDN for static assets
-
Performance Optimization
- Database indexing
- Query optimization
- Response compression
- Connection pooling
- Try-Catch Blocks: All async operations
- Error Middleware: Centralized error handling
- Consistent Format: Standardized error responses
- Logging: Error logging for debugging
- Validation Errors: 400 Bad Request
- Authentication Errors: 401 Unauthorized
- Not Found Errors: 404 Not Found
- Server Errors: 500 Internal Server Error
- Local MongoDB
- nodemon for auto-restart
- Environment variables in .env
- MongoDB Atlas or self-hosted
- PM2 process manager
- Nginx reverse proxy
- SSL/TLS encryption
- Environment-specific configuration
- Application logs (PM2)
- Database logs (MongoDB)
- Access logs (Nginx)
- Error tracking (optional: Sentry)
- Server uptime
- Response times
- Error rates
- Database performance
- GitHub API rate limits
-
Real-time Updates
- WebSocket integration
- Live ticket updates
-
Advanced Features
- File attachments
- Email notifications
- SLA tracking
- Reporting dashboard
-
Integrations
- Slack notifications
- Jira integration
- Zendesk integration
-
Performance
- Redis caching
- Query optimization
- CDN integration
- Flexible schema for ticket data
- Easy to scale horizontally
- Good for document-based data
- Built-in indexing
- Minimal and flexible
- Large ecosystem
- Easy to learn
- Good performance
- No build step required
- Easy to deploy
- Lightweight
- Easy to customize
- Stateless
- Easy to implement
- Good for API authentication
- Cross-platform support
- Real-time event processing
- Efficient synchronization
- No polling required
- Event-driven architecture
- Separation of Concerns: Each layer has distinct responsibility
- DRY: Don't repeat yourself
- SOLID Principles: Single responsibility, open/closed, etc.
- RESTful Design: Standard HTTP methods and status codes
- Consistent Naming: Clear, descriptive names
- Unit Tests: Test individual functions
- Integration Tests: Test API endpoints
- End-to-End Tests: Test complete user flows
- Jest for unit tests
- Supertest for API tests
- Playwright for E2E tests
- User Documentation: How to use the system
- Developer Documentation: How to contribute
- API Documentation: Endpoint reference
- Deployment Documentation: How to deploy
- Architecture Documentation: This document
- Dependency updates
- Security patches
- Database backups
- Log rotation
- Performance monitoring
- Semantic versioning
- Git branches for features
- Pull request process
- Change logs
This architecture provides a solid foundation for a support ticket system with GitHub integration. The modular design allows for easy maintenance and future enhancements while maintaining security and performance.