Architecture Overview
High-Level Architecture
Section titled “High-Level Architecture”Platform Waqfuel menggunakan arsitektur microservices dengan 4 backend services yang ditulis dalam Rust, 2 frontend clients (Next.js), dan shared proto definitions.
Penjelasan Komponen
Section titled “Penjelasan Komponen”| Service | Tanggung Jawab | Database |
|---|---|---|
| auth-api | Registrasi, login, JWT, JWKS, user profile, invitation | waqfuel_auth |
| main-api | Family, volunteer, collector, collection, pickup request, impact, CMS | waqfuel_main |
| notif-api | Email verification code, invitation email via Resend | - |
| reference-api | Data lokasi Indonesia (provinsi→kelurahan), validasi foto | waqfuel_reference |
Communication Patterns
Section titled “Communication Patterns”REST API (Client → Service)
Section titled “REST API (Client → Service)”Semua client (web, platform) berkomunikasi dengan backend via REST API. JWT access token dikirim via Authorization: Bearer <token> header.
gRPC (Service → Service)
Section titled “gRPC (Service → Service)”Komunikasi internal antar services menggunakan gRPC melalui Fly.io private network (di production). Proto definitions di-share via Git submodule waqfuel-proto-defs.
auth/v1/auth.proto → Auth messagesuser/v1/user.proto → UserService (GetUserById, CreateUser, dll)notif/v1/notif.proto → NotifService (SendEmailCodeVerification, dll)reference/v1/reference.proto → ReferenceService (ValidateLocation, dll)shared/v1/common.proto → Shared types (Gender, ErrorResponse, dll)JWKS (JWT Verification)
Section titled “JWKS (JWT Verification)”Main API memvalidasi JWT token tanpa perlu shared secret — cukup fetch public key dari Auth API:
GET https://auth.waqfuel.com/.well-known/jwks.jsonAuth API meng-expose JWKS endpoint, Main API fetch dan cache public key untuk verifikasi signature.
Authentication Flow
Section titled “Authentication Flow”Data Model Overview
Section titled “Data Model Overview”Auth Database (waqfuel_auth)
Section titled “Auth Database (waqfuel_auth)”- users — id, email, phone, password_hash, name, photo, role, is_verified
- audit_logs — tracking semua user actions
- invitations — token untuk admin-created users (collector, admin)
Roles: volunteer, admin, super_admin, collector, family
Main Database (waqfuel_main)
Section titled “Main Database (waqfuel_main)”- families — data keluarga yang mengumpulkan UCO
- volunteers — relawan yang mengelola keluarga di area tertentu
- collectors — mitra pengumpul (perusahaan)
- collections — catatan pengumpulan UCO (liter, timestamp, bukti foto)
- pickup_requests — workflow permintaan pengambilan UCO
- impact_factors — faktor dampak per liter (CO2, air, dll)
- landing_content — CMS untuk landing page
- gallery_photos — galeri foto kegiatan
Reference Database (waqfuel_reference)
Section titled “Reference Database (waqfuel_reference)”- locations — seluruh data lokasi Indonesia (provinsi, kota/kabupaten, kecamatan, kelurahan)
Deployment Architecture
Section titled “Deployment Architecture”Production:├── Fly.io (Singapore region)│ ├── auth-api (REST :8080, gRPC :50051 internal)│ ├── main-api (REST :8081)│ ├── notif-api (gRPC :50052 internal)│ └── reference-api (REST :4000, gRPC :50050 internal)├── Neon (Managed PostgreSQL)│ ├── waqfuel_auth│ └── waqfuel_main├── AWS S3 (ap-southeast-1)│ └── waqfuel-assets├── Vercel│ ├── waqfuel-web (waqfuel.com)│ └── platform-client (platform.waqfuel.com)└── External Services ├── Resend (email) └── Redis (via Fly.io)Selanjutnya
Section titled “Selanjutnya”- Deployment Guide — cara deploy ke Fly.io
- Auth API Reference — endpoint lengkap auth service
- Pickup Request Workflow — state machine pickup