🏗️ System Architecture

Complete technical architecture, technology stack, and infrastructure design

Architecture Overview

The iSpeaker platform follows a modern three-tier architecture with separate presentation, application, and data layers. The system is designed for scalability, maintainability, and high availability.

High-Level Architecture Diagram

graph TB subgraph "Client Layer" A[Web Browser
Next.js] B[iOS App
Flutter] C[Android App
Flutter] end subgraph "CDN & Load Balancing" D[DigitalOcean CDN] E[Load Balancer] end subgraph "Application Layer" F[Laravel API Server] G[WebSocket Server
Laravel Echo] H[Jitsi Meet Server] end subgraph "Storage Layer" I[MySQL Database] J[Redis Cache] K[DigitalOcean Spaces
S3-Compatible] end subgraph "External Services" L[Firebase FCM] M[Payment Gateways
PayTabs/HyperPay] N[Email Service
AWS SES] end A --> D B --> D C --> D D --> E E --> F E --> G A --> H B --> H C --> H F --> I F --> J F --> K F --> L F --> M F --> N G --> J style A fill:#3b82f6,stroke:#1e40af,color:#fff style B fill:#3b82f6,stroke:#1e40af,color:#fff style C fill:#3b82f6,stroke:#1e40af,color:#fff style F fill:#ef4444,stroke:#dc2626,color:#fff style G fill:#ef4444,stroke:#dc2626,color:#fff style H fill:#10b981,stroke:#059669,color:#fff style I fill:#8b5cf6,stroke:#7c3aed,color:#fff style J fill:#f59e0b,stroke:#d97706,color:#fff style K fill:#ec4899,stroke:#db2777,color:#fff

Architecture Principles

🔄 Separation of Concerns

Clear separation between presentation (frontend), business logic (backend API), and data storage layers

📈 Scalability

Horizontal scaling capability for web servers and database, with load balancing for traffic distribution

🔒 Security First

Multiple security layers including HTTPS, JWT authentication, input validation, and SQL injection prevention

⚡ Performance

Redis caching, CDN distribution, database optimization, and async processing for optimal performance

🛠️ Technology Stack

Complete technology stack covering all layers of the application.

Frontend Technologies

Component Technology Version Purpose
Web Framework Next.js 14.x React framework with SSR, routing, and optimization
UI Library React 18.x Component-based UI development
State Management Redux Toolkit / Zustand Latest Global state management
Styling Tailwind CSS 3.x Utility-first CSS framework
UI Components shadcn/ui + Radix UI Latest Pre-built accessible components
Forms React Hook Form 7.x Form validation and handling
API Client Axios 1.x HTTP client for API calls
Real-time Socket.io Client 4.x WebSocket communication
Video Player Video.js / Plyr Latest Custom video player with controls
PDF Viewer React-PDF Latest PDF rendering and viewing
Charts Recharts 2.x Analytics and data visualization
Internationalization next-intl 3.x Arabic/English translations

Mobile Technologies (Flutter)

Component Technology Purpose
Framework Flutter 3.x (Dart) Cross-platform mobile development
State Management Provider / Riverpod State management solution
Local Storage Hive / Sqflite Offline data storage
HTTP Client Dio API communication
Video Player video_player / better_player Video playback
PDF Viewer flutter_pdfview PDF rendering
Push Notifications firebase_messaging FCM integration
WebRTC flutter_webrtc Video conferencing
Image Caching cached_network_image Image optimization
Secure Storage flutter_secure_storage Encrypted credential storage

Backend Technologies

Component Technology Version Purpose
Framework Laravel 11.x PHP web application framework
Language PHP 8.2+ Server-side programming
API Laravel API Resources Built-in RESTful API development
Authentication Laravel Sanctum / JWT Latest Token-based authentication
ORM Eloquent ORM Built-in Database abstraction
Validation Laravel Validation Built-in Input validation
Queue System Laravel Queue Built-in Async job processing
File Storage Laravel Filesystem (S3) Built-in File upload and storage
Real-time Laravel Echo + Pusher Latest WebSocket broadcasting
Search Laravel Scout Latest Full-text search
Notifications Laravel Notifications Built-in Multi-channel notifications
API Documentation Scribe / L5-Swagger Latest Auto-generated API docs
Testing PHPUnit / Pest Latest Unit and feature testing

Database & Caching

Component Technology Purpose
Primary Database MySQL 8.0 Relational database for structured data
Caching Redis 7.x In-memory caching and session storage
Object Storage DigitalOcean Spaces (S3) File and media storage
Search Engine Laravel Scout (database driver) Full-text search capability

Infrastructure & DevOps

Component Technology Purpose
Cloud Provider DigitalOcean Cloud hosting and infrastructure
Web Server Nginx Reverse proxy and web server
Application Server PHP-FPM PHP process manager
CDN DigitalOcean CDN / Cloudflare Content delivery network
SSL/TLS Let's Encrypt Free SSL certificates
CI/CD GitHub Actions Automated deployment pipeline
Monitoring DigitalOcean Monitoring + UptimeRobot Server and application monitoring
Logging Laravel Log + Papertrail Centralized logging
Version Control Git + GitHub Source code management

Third-Party Services

Service Provider Purpose
Push Notifications Firebase Cloud Messaging (FCM) Mobile and web push notifications
Email Service SendGrid Transactional and marketing emails
Payment Gateway PayTabs / HyperPay Payment processing for Saudi Arabia
Video Streaming Jitsi Meet (Self-hosted) Live video conferencing
Real-time Pusher / Laravel WebSockets WebSocket server for real-time features
Analytics Google Analytics / Mixpanel User behavior analytics
Error Tracking Sentry Error monitoring and tracking

🔧 System Components

1. Web Application (Next.js)

Server-side rendered React application providing the main user interface.

Architecture Pattern:

  • App Router: Next.js 14+ app directory structure
  • Server Components: RSC for improved performance
  • Client Components: Interactive UI elements
  • API Routes: Backend for frontend (BFF) pattern

Directory Structure:

app/
├── (auth)/
│   ├── login/
│   ├── register/
│   └── forgot-password/
├── (dashboard)/
│   ├── student/
│   │   ├── courses/
│   │   ├── books/
│   │   └── profile/
│   └── speaker/
│       ├── courses/
│       ├── analytics/
│       └── earnings/
├── courses/
│   ├── [id]/
│   └── watch/[lessonId]/
├── books/
│   └── [id]/
├── feed/
├── messages/
└── api/
    └── [...]/

Key Features:

  • SSR for SEO optimization
  • Image optimization with Next.js Image
  • Code splitting and lazy loading
  • Progressive Web App (PWA) capabilities
  • Responsive design for all devices

2. Mobile Applications (Flutter)

Native iOS and Android applications built with Flutter for optimal performance.

Architecture Pattern:

  • Clean Architecture: Separation of presentation, domain, and data layers
  • Feature-based Structure: Organized by feature modules
  • Provider/Riverpod: State management

Directory Structure:

lib/
├── core/
│   ├── constants/
│   ├── utils/
│   └── theme/
├── features/
│   ├── auth/
│   ├── feed/
│   ├── courses/
│   ├── books/
│   ├── rooms/
│   └── consultations/
├── data/
│   ├── models/
│   ├── repositories/
│   └── providers/
├── presentation/
│   ├── screens/
│   ├── widgets/
│   └── controllers/
└── main.dart

Key Features:

  • Offline-first architecture with Hive
  • Background sync for data
  • Push notifications with FCM
  • Deep linking support
  • Biometric authentication
  • Dark mode support

3. Backend API (Laravel)

RESTful API server handling all business logic and data operations.

Directory Structure:

app/
├── Http/
│   ├── Controllers/
│   │   ├── API/
│   │   │   ├── AuthController.php
│   │   │   ├── PostController.php
│   │   │   ├── CourseController.php
│   │   │   └── ...
│   │   └── ...
│   ├── Middleware/
│   ├── Requests/
│   └── Resources/
├── Models/
│   ├── User.php
│   ├── Post.php
│   ├── Course.php
│   └── ...
├── Services/
│   ├── PaymentService.php
│   ├── NotificationService.php
│   └── ...
├── Repositories/
├── Events/
├── Listeners/
└── Jobs/

API Design Principles:

  • RESTful: Standard HTTP methods (GET, POST, PUT, DELETE)
  • Versioned: API versioning (v1, v2) for backward compatibility
  • Resource-based: URLs represent resources
  • JSON: All responses in JSON format
  • Pagination: Large datasets paginated
  • Rate Limiting: Prevent abuse with rate limits

API Response Format:

{
  "success": true,
  "message": "Operation successful",
  "data": {
    // Response data
  },
  "meta": {
    "pagination": {
      "current_page": 1,
      "total_pages": 10,
      "per_page": 20,
      "total": 200
    }
  }
}

4. Real-time Communication (Laravel Echo + Pusher)

WebSocket server for real-time features like chat, notifications, and live updates.

Real-time Features:

  • Direct messaging
  • Live notifications
  • Post reactions and comments (live)
  • Online status indicators
  • Typing indicators
  • Live room updates

Implementation:

// Server-side (Laravel)
broadcast(new MessageSent($message));

// Client-side (Next.js)
Echo.channel('chat.' + userId)
    .listen('MessageSent', (e) => {
        // Handle new message
    });

5. Video Streaming (Jitsi Meet)

Self-hosted Jitsi Meet server for live rooms and consultations.

Deployment Options:

Option 1: Self-hosted Jitsi Meet
  • Deployed on DigitalOcean Droplet (8GB RAM, 4 vCPUs)
  • Domain: meet.ispeaker.com
  • Full control and customization
  • Lower long-term costs
Option 2: Jitsi as a Service (JaaS)
  • Cloud-hosted by 8x8
  • No infrastructure management
  • Pay per minute pricing
  • Faster setup

Integration:

  • Jitsi IFrame API for web
  • Jitsi Meet SDK for mobile apps
  • JWT authentication for secure access
  • Custom branding and theming
  • Recording capability

📊 Data Flow Architecture

Request Flow Diagram

sequenceDiagram participant Client as Client App participant CDN participant LB as Load Balancer participant API as Laravel API participant Cache as Redis Cache participant DB as MySQL Database participant Storage as DO Spaces Client->>CDN: Request static assets CDN-->>Client: Cached assets Client->>LB: API Request LB->>API: Forward request API->>Cache: Check cache alt Cache Hit Cache-->>API: Cached data else Cache Miss API->>DB: Query database DB-->>API: Data API->>Cache: Store in cache end alt File Upload API->>Storage: Upload file Storage-->>API: File URL end API-->>LB: Response LB-->>Client: JSON Response

Authentication Flow

sequenceDiagram participant User participant Client as Client App participant API as Laravel API participant DB as Database participant Redis User->>Client: Enter credentials Client->>API: POST /api/login API->>DB: Verify credentials DB-->>API: User data API->>API: Generate JWT token API->>Redis: Store session API-->>Client: JWT token + user data Client->>Client: Store token securely Note over Client,API: Subsequent Requests Client->>API: Request with JWT token API->>API: Validate token API->>Redis: Check session Redis-->>API: Session valid API->>DB: Fetch data DB-->>API: Data API-->>Client: Response

Payment Processing Flow

sequenceDiagram participant User participant Client participant API participant Gateway as Payment Gateway participant DB User->>Client: Purchase course Client->>API: Initiate payment API->>DB: Create pending order API->>Gateway: Create payment session Gateway-->>API: Payment URL API-->>Client: Payment URL Client->>Gateway: Redirect to payment User->>Gateway: Enter payment details Gateway->>Gateway: Process payment Gateway->>API: Webhook callback API->>DB: Update order status API->>DB: Grant access to course API->>User: Send confirmation email Gateway-->>User: Redirect to success page

File Upload Flow

sequenceDiagram participant User participant Client participant API participant Queue participant Worker participant Storage as DO Spaces User->>Client: Upload video Client->>API: POST /api/upload (chunked) API->>Storage: Store original file Storage-->>API: File URL API->>Queue: Add transcoding job API-->>Client: Upload complete Queue->>Worker: Process job Worker->>Storage: Download original Worker->>Worker: Transcode to multiple qualities Worker->>Storage: Upload transcoded files Worker->>API: Update lesson with URLs API->>User: Send notification (video ready)

☁️ Infrastructure & Deployment

DigitalOcean Infrastructure

Component Service Specifications Monthly Cost
Web Server Droplet (App Server) 4 vCPUs, 8GB RAM, 160GB SSD $48
Database Managed MySQL 2 vCPUs, 4GB RAM, 80GB storage $50
Cache Server Managed Redis 1 vCPU, 1GB RAM $15
Jitsi Server Droplet (Video) 4 vCPUs, 8GB RAM, 160GB SSD $48
Load Balancer Managed Load Balancer 3 nodes, health checks $12
Object Storage Spaces (S3-compatible) 250GB storage, 1TB outbound $20
CDN Spaces CDN Included with Spaces Included
Backups Automatic Backups Daily snapshots $15
Total Infrastructure (Monthly) ~$208

Server Architecture

graph TB subgraph "Internet" A[Users/Clients] end subgraph "Edge Layer" B[DigitalOcean CDN] C[Load Balancer] end subgraph "Application Layer" D1[App Server 1
Laravel + Nginx] D2[App Server 2
Laravel + Nginx] E[Jitsi Meet Server
Video Streaming] end subgraph "Data Layer" F[MySQL Database
Primary] F2[MySQL Database
Replica] G[Redis Cache
Session Store] H[DigitalOcean Spaces
File Storage] end A --> B A --> C B --> C C --> D1 C --> D2 A --> E D1 --> F D2 --> F F --> F2 D1 --> G D2 --> G D1 --> H D2 --> H style A fill:#3b82f6,stroke:#1e40af,color:#fff style B fill:#10b981,stroke:#059669,color:#fff style C fill:#10b981,stroke:#059669,color:#fff style D1 fill:#ef4444,stroke:#dc2626,color:#fff style D2 fill:#ef4444,stroke:#dc2626,color:#fff style E fill:#f59e0b,stroke:#d97706,color:#fff style F fill:#8b5cf6,stroke:#7c3aed,color:#fff style F2 fill:#8b5cf6,stroke:#7c3aed,color:#fff style G fill:#ec4899,stroke:#db2777,color:#fff style H fill:#14b8a6,stroke:#0d9488,color:#fff

Scaling Strategy

Horizontal Scaling

  • Add more app servers behind load balancer
  • Stateless application design
  • Session stored in Redis
  • Auto-scaling based on CPU/memory

Database Scaling

  • Read replicas for read-heavy operations
  • Database sharding (if needed)
  • Connection pooling
  • Query optimization

Caching Strategy

  • Redis for application cache
  • CDN for static assets
  • Browser caching with ETags
  • API response caching

Content Delivery

  • CDN for global distribution
  • Image optimization and lazy loading
  • Video adaptive bitrate streaming
  • Gzip compression

Deployment Pipeline (CI/CD)

graph LR A[Developer] -->|Push Code| B[GitHub] B -->|Trigger| C[GitHub Actions] C -->|Run Tests| D{Tests Pass?} D -->|No| E[Notify Developer] D -->|Yes| F[Build Application] F --> G[Run Security Scan] G --> H{Deploy to?} H -->|Staging| I[Staging Server] H -->|Production| J[Production Server] I --> K[Run Smoke Tests] K -->|Success| L[Ready for Production] J --> M[Zero-Downtime Deploy] M --> N[Health Check] N -->|Success| O[Deployment Complete] N -->|Fail| P[Rollback] style A fill:#3b82f6,stroke:#1e40af,color:#fff style O fill:#10b981,stroke:#059669,color:#fff style E fill:#ef4444,stroke:#dc2626,color:#fff style P fill:#ef4444,stroke:#dc2626,color:#fff

Deployment Process:

  1. Code Commit: Developer pushes code to GitHub
  2. Automated Tests: PHPUnit tests run automatically
  3. Build: Dependencies installed, assets compiled
  4. Security Scan: Check for vulnerabilities
  5. Deploy to Staging: Test in staging environment
  6. Manual Approval: QA team approves for production
  7. Production Deploy: Zero-downtime deployment with Laravel Envoyer
  8. Post-Deploy: Run migrations, clear caches
  9. Health Check: Verify application is running
  10. Rollback (if needed): Automatic rollback on failure

🔒 Security Architecture

Security Layers

graph TB A[User Request] --> B[HTTPS/TLS 1.3] B --> C[DDoS Protection] C --> D[Firewall Rules] D --> E[Rate Limiting] E --> F[Authentication JWT] F --> G[Authorization RBAC] G --> H[Input Validation] H --> I[SQL Injection Prevention] I --> J[XSS Protection] J --> K[CSRF Protection] K --> L[Application Logic] L --> M[Encrypted Data Storage] style A fill:#3b82f6,stroke:#1e40af,color:#fff style B fill:#10b981,stroke:#059669,color:#fff style F fill:#f59e0b,stroke:#d97706,color:#fff style M fill:#8b5cf6,stroke:#7c3aed,color:#fff

Authentication & Authorization

Security Feature Implementation Description
Authentication JWT (JSON Web Tokens) Stateless token-based authentication with 24-hour expiry
Password Hashing Bcrypt (Laravel Hash) Strong one-way password hashing with salt
Password Policy Laravel Validation Minimum 8 characters, 1 uppercase, 1 number, 1 special char
2FA (Optional) TOTP (Google Authenticator) Two-factor authentication for enhanced security
Authorization RBAC (Role-Based Access Control) Student and Speaker roles with specific permissions
Session Management Redis Sessions Secure session storage with automatic expiration
OAuth 2.0 Social Login Google and Apple sign-in integration

Data Protection

Protection Layer Technology Description
Data in Transit TLS 1.3 (HTTPS) All communications encrypted end-to-end
Data at Rest AES-256 Encryption Sensitive data encrypted in database
Database Encryption MySQL Encryption Encrypted database storage on DigitalOcean
File Encryption Storage Encryption Files encrypted on DigitalOcean Spaces
Secure Storage Flutter Secure Storage Encrypted credential storage on mobile devices
API Keys Environment Variables Sensitive keys stored securely, never in code

Application Security

Input Validation

  • Laravel Request Validation
  • Sanitize all user inputs
  • Whitelist approach for file uploads
  • File type and size validation

SQL Injection Prevention

  • Eloquent ORM (parameterized queries)
  • Prepared statements
  • No raw SQL queries
  • Database user permissions limited

XSS Protection

  • Output escaping by default
  • Content Security Policy (CSP)
  • HTML purification for rich text
  • React prevents XSS in JSX

CSRF Protection

  • CSRF tokens for all forms
  • Token validation middleware
  • SameSite cookie attribute
  • Double-submit cookie pattern

Security Best Practices

  • Rate Limiting: Prevent brute force attacks (60 requests/minute per IP)
  • DDoS Protection: Cloudflare or DigitalOcean DDoS protection
  • Firewall: UFW firewall configured to allow only necessary ports
  • Fail2Ban: Ban IPs after repeated failed login attempts
  • Security Headers: HSTS, X-Content-Type-Options, X-Frame-Options
  • CORS: Properly configured Cross-Origin Resource Sharing
  • API Versioning: Prevent breaking changes, maintain security patches
  • Logging: Comprehensive logging for audit trails
  • Error Handling: Generic error messages (no sensitive data leaked)
  • Dependency Updates: Regular updates for security patches

Payment Security (PCI DSS Compliance)

PCI DSS Compliance:
  • Payment data handled by certified payment gateways (PayTabs, HyperPay)
  • No credit card data stored on our servers
  • Tokenization for recurring payments
  • 3D Secure authentication for card payments
  • SSL/TLS encryption for all payment transactions
  • PCI DSS SAQ-A compliance (lowest scope)

Compliance & Privacy

Regulation Requirement Implementation
Saudi Data Protection Data residency All data stored within Saudi Arabia or compliant regions
GDPR-like Privacy User consent Explicit consent for data collection and processing
Right to Delete Data deletion Users can request account and data deletion
Data Portability Export data Users can export their data in JSON format
VAT Compliance Tax reporting VAT-compliant invoicing and reporting for Saudi Arabia
Copyright Protection DMCA compliance Content reporting and takedown procedures

Security Monitoring & Incident Response

  • Log Monitoring: Centralized logging with Papertrail/ELK Stack
  • Intrusion Detection: Monitor for suspicious activities
  • Error Tracking: Sentry for real-time error monitoring
  • Uptime Monitoring: UptimeRobot for availability checks
  • Security Audits: Regular penetration testing
  • Incident Response Plan: Documented procedures for security incidents
  • Backup Strategy: Daily automated backups with 30-day retention
  • Disaster Recovery: Recovery procedures documented and tested

⚡ Performance Optimization

Frontend Optimization

Technique Implementation Expected Impact
Code Splitting Next.js automatic code splitting by route Faster initial page load
Lazy Loading React.lazy() for components, lazy image loading Reduced initial bundle size
Image Optimization Next.js Image component, WebP format, responsive images 60% smaller image sizes
Tree Shaking Webpack eliminates unused code Smaller bundle size
Minification Terser for JS, cssnano for CSS 30-40% size reduction
Gzip/Brotli Nginx compression enabled 70-80% transfer size reduction
Browser Caching Cache-Control headers, versioned assets Instant repeat visits
Service Worker PWA with offline capabilities Offline functionality

Backend Optimization

Technique Implementation Expected Impact
Query Optimization Eager loading, query indexes, avoid N+1 problems 10x faster database queries
Redis Caching Cache frequently accessed data for 1-24 hours Sub-millisecond response times
Response Caching Laravel response cache for API endpoints Reduced server load
Queue System Async processing for emails, notifications, video processing Instant API responses
Database Indexing Indexes on foreign keys and frequently queried columns 100x faster lookups
Connection Pooling MySQL connection pool (persistent connections) Reduced connection overhead
OPcache PHP OPcache for bytecode caching 3-5x faster PHP execution
API Pagination Limit results to 20-50 per page Faster response, less memory

CDN & Asset Delivery

  • Static Assets: All CSS, JS, images served via CDN
  • Media Files: Videos and PDFs served from DigitalOcean Spaces with CDN
  • Geo-distribution: CDN edge servers in multiple regions
  • Cache-Control: Long cache times for immutable assets (1 year)
  • Adaptive Bitrate: Video streaming adjusts to user's bandwidth

Performance Targets

Metric Target Measurement Tool
First Contentful Paint (FCP) < 1.5 seconds Google Lighthouse
Largest Contentful Paint (LCP) < 2.5 seconds Google Lighthouse
Time to Interactive (TTI) < 3 seconds Google Lighthouse
API Response Time < 100ms (P95) Laravel Telescope
Database Query Time < 50ms (P95) Laravel Telescope
Page Size < 1MB (initial load) Browser DevTools
Lighthouse Score > 90/100 Google Lighthouse

📊 Monitoring & Logging

Application Monitoring

Tool Purpose Metrics Tracked
Laravel Telescope Application debugging and monitoring Requests, queries, jobs, exceptions, logs
Sentry Error tracking and monitoring Exceptions, errors, performance issues
Google Analytics User behavior analytics Page views, user flows, conversions
Mixpanel Product analytics User engagement, feature usage, funnels

Infrastructure Monitoring

Tool Purpose Alerts
DigitalOcean Monitoring Server resource monitoring CPU, memory, disk usage alerts
UptimeRobot Uptime monitoring Downtime alerts via email/SMS
Papertrail Centralized log management Error pattern alerts
New Relic / Datadog APM (Application Performance Monitoring) Performance degradation alerts

Logging Strategy

  • Application Logs: Laravel log files rotated daily
  • Access Logs: Nginx access logs for traffic analysis
  • Error Logs: PHP and Nginx error logs
  • Security Logs: Failed login attempts, suspicious activities
  • Audit Logs: User actions, data modifications
  • Payment Logs: All payment transactions logged
  • Retention: Logs retained for 90 days
← Previous: Features & Modules Next: Database & ERD →