This document outlines the architectural vision, technical decisions, and future roadmap for the VPN Subscription Service.
┌─────────────────────────────────────┐
│ Client Interfaces │
│ ┌─────────┐ ┌─────────┐ ┌─────┐ │
│ │ Web App │ │Telegram │ │ API │ │
│ │(Next.js)│ │ Bot │ │Clients│
│ └────┬────┘ └────┬────┘ └───┬─┘ │
└───────┼─────────────┼──────────┼────┘
│ │ │
┌────────┼─────────────┼──────────┼────┐
│ ┌─┴─────────────┴──────────┴─┐ │
│ │ API Gateway │ │
│ └─┬─────────────┬────────────┘ │
│ │ │ │
│ ┌─────┴──────┐ ┌────┴─────────┐ │
│ │ Auth API │ │ Subscription │ │
│ │ │ │ API │ │
│ └─────┬──────┘ └────┬─────────┘ │
│ │ │ │
│ ┌─────┴──────┐ ┌────┴─────────┐ │
│ │ Supabase │ │ Payment │ │
│ │(Auth & DB) │ │ Provider │ │
│ └────────────┘ └──────────────┘ │
└─────────────────────────────────────┘
│
┌──────────────────┼──────────────────┐
│ ┌───────────────┴───────────────┐ │
│ │ VPN Servers │ │
│ │ ┌─────────┐ ┌─────────┐ │ │
│ │ │ Server 1│...│ Server n│ │ │
│ │ └─────────┘ └─────────┘ │ │
│ └───────────────────────────────┘ │
└─────────────────────────────────────┘
-
Client Interfaces
- Web application built with Next.js
- Telegram bot for user interactions
- API clients for third-party integrations
-
Backend Services
- Auth API: Manages authentication and authorization
- Subscription API: Handles subscription lifecycle and billing
- VPN Management API: Provisions and manages VPN credentials
-
Data Storage
- Supabase for user data, authentication, and subscriptions
- Dedicated storage for VPN configurations and logs
-
VPN Infrastructure
- Multiple VPN servers across different regions
- Load balancing and failover mechanisms
id UUID PRIMARY KEY
email TEXT UNIQUE
full_name TEXT
created_at TIMESTAMP
last_login TIMESTAMP
status ENUM (active, suspended, deleted)
id UUID PRIMARY KEY
user_id UUID REFERENCES users(id)
plan_id UUID REFERENCES plans(id)
status ENUM (active, cancelled, expired)
start_date TIMESTAMP
end_date TIMESTAMP
recurring BOOLEAN
payment_method TEXT
id UUID PRIMARY KEY
name TEXT
description TEXT
price DECIMAL
duration_days INTEGER
data_limit_gb INTEGER
concurrent_connections INTEGER
features JSONB
id UUID PRIMARY KEY
user_id UUID REFERENCES users(id)
subscription_id UUID REFERENCES subscriptions(id)
server_id UUID REFERENCES vpn_servers(id)
username TEXT
password TEXT ENCRYPTED
config TEXT ENCRYPTED
created_at TIMESTAMP
expires_at TIMESTAMP
id UUID PRIMARY KEY
user_id UUID REFERENCES users(id)
subscription_id UUID REFERENCES subscriptions(id)
amount DECIMAL
currency TEXT
status ENUM (pending, completed, failed, refunded)
provider TEXT
provider_id TEXT
created_at TIMESTAMP
- Framework: Next.js
- State Management: React Query, Context API
- Styling: Tailwind CSS
- Authentication: Supabase Auth
- Runtime: Node.js
- Framework: Express.js
- API Documentation: OpenAPI/Swagger
- Authentication: JWT, Supabase Auth
- Primary Database: PostgreSQL (via Supabase)
- Caching: Redis
- Containerization: Docker
- CI/CD: GitHub Actions
- Monitoring: Prometheus, Grafana
- Logging: ELK Stack (Elasticsearch, Logstash, Kibana)
-
Authentication & Authorization
- JWT tokens with appropriate expiration
- Role-based access control
- Two-factor authentication for admin access
-
Data Protection
- Encryption at rest for sensitive data
- TLS for all communications
- Regular security audits
-
VPN Security
- Modern encryption protocols (WireGuard/OpenVPN)
- Perfect forward secrecy
- No-logs policy
- Stateless backend services for easy replication
- Load balancing across multiple API instances
- Read replicas for database scaling
- Resource optimization for CPU and memory-intensive components
- Database query optimization and indexing
- CDN for static assets
- Regional VPN endpoints for improved latency
- Database sharding by region (future consideration)
- User authentication and basic subscription management
- VPN credential provisioning
- Admin dashboard for user management
- Multiple payment providers
- Subscription plan management
- Usage analytics and reporting
- Improved admin dashboard with real-time monitoring
- Traffic optimization and routing
- Ad and malware blocking features
- Multi-device synchronization
- Mobile applications (iOS/Android)
- Team/organization accounts
- Custom branding options
- API access for enterprise customers
- Compliance reporting and audit logs
- Follow contributing guidelines for all development work
- Adhere to the code structure and naming conventions
- Maintain comprehensive test coverage
- Document all APIs using OpenAPI specification
- Development: For active development and testing
- Staging: Mirrors production for final testing
- Production: Live customer-facing environment
- Automated testing in CI pipeline
- Build and tag Docker images
- Deploy to staging environment
- Run integration tests
- Manual approval for production deployment
- Blue/green deployment to production
- System health metrics
- Error rate monitoring
- User activity and conversion tracking
- Automated alerts for critical issues