Saas-Base / apps.md
rsnarsna
Update footer and sidebar links to point to correct URLs; enhance subscription page with error handling and improved structure
54dca99
|
Raw
History Blame Contribute Delete
11.2 kB
# SaaS Platform — Apps Inventory
> **10 Django apps** · Source of truth: `AGENT.md` · Config: `config/settings/__init__.py`
---
## Architecture
```
core → apps → domains (one-way, no reverse)
```
| Layer | Purpose |
|-------|---------|
| `config/` | Runtime wiring (settings, urls, jinja2) |
| `core/` | Infrastructure glue (base models, middleware, permissions, utils) |
| `apps/` | 10 SaaS platform apps |
| `domains/` | Pluggable business modules (empty — future verticals) |
| `services/` | Background execution (email, maintenance, monitoring, scheduling) |
---
## 1. `apps/accounts` — Identity & Lifecycle
**Phase 1** · Registration, login, email verification, password management, profiles, OAuth.
### Models (7)
| Model | File |
|-------|------|
| User | `models/user.py` |
| Credentials | `models/credentials.py` |
| PasswordHistory | `models/password_history.py` |
| EmailVerification | `models/email_verification.py` |
| PasswordReset | `models/password_reset.py` |
| Profile | `models/profile.py` |
| LoginHistory | `models/login_history.py` |
### Services (2)
| Service | File | Functions |
|---------|------|-----------|
| Auth Service | `services/auth_service.py` | ~19 (register, login, verify, reset, change password/email, profile) |
| OAuth Service | `services/oauth_service.py` | Google + GitHub OAuth flow |
### Config Dependencies
| Setting | Value |
|---------|-------|
| `AUTH_USER_MODEL` | `accounts.User` |
| `LOGIN_URL` | `/login/` |
| `LOGIN_REDIRECT_URL` | `/dashboard/` |
| `LOGOUT_REDIRECT_URL` | `/` |
| `EMAIL_VERIFICATION_EXPIRY_HOURS` | `1` |
| `PASSWORD_RESET_EXPIRY_HOURS` | `1` |
| `NOTIFY_NEW_DEVICE_LOGIN` | `True` |
| `OAUTH_GOOGLE_CLIENT_ID` | (from settings) |
| `OAUTH_GITHUB_CLIENT_ID` | (from settings) |
---
## 2. `apps/security` — Threat Protection
**Phase 2** · MFA, sessions, token rotation, rate limiting, trusted devices, security events.
### Models (8)
| Model | File |
|-------|------|
| Session | `models/session.py` |
| RefreshToken | `models/refresh_token.py` |
| TokenBlacklist | `models/token_blacklist.py` |
| MFAFactor | `models/mfa_factor.py` |
| BackupCode | `models/backup_code.py` |
| TrustedDevice | `models/trusted_device.py` |
| SecurityEvent | `models/security_event.py` |
| RateLimit | `models/rate_limit.py` |
### Services (6)
| Service | File |
|---------|------|
| Session Service | `services/session_service.py` |
| MFA Service | `services/mfa_service.py` |
| Rate Limit Service | `services/rate_limit_service.py` |
| Alert Service | `services/alert_service.py` |
| Event Service | `services/event_service.py` |
| JWT Service | `services/jwt_service.py` |
### Config Dependencies
| Setting | Value |
|---------|-------|
| `JWT_SECRET_KEY` | (from env, fallback to SECRET_KEY) |
| `JWT_ALGORITHM` | `HS256` |
| `JWT_ACCESS_EXPIRY_MINUTES` | `60` |
---
## 3. `apps/access` — RBAC Authorization
**Phase 3** · Roles, permissions, role-permission mapping, authorization middleware.
### Models (4)
| Model | File |
|-------|------|
| Role | `models/role.py` |
| Permission | `models/permission.py` |
| RolePermission | `models/role_permission.py` |
| UserRole | `models/user_role.py` |
### Services (2)
| Service | File | Functions |
|---------|------|-----------|
| RBAC Service | `services/rbac_service.py` | 16 (create/assign/revoke roles & permissions, check_access) |
| Role Seed Service | `services/role_seed_service.py` | Default role seeding |
### Additional Files
- `decorators.py` — `@require_role`, `@require_permission`
- `middleware.py` — Request-level access guard
---
## 4. `apps/organizations` — Multi-Tenancy
**Phase 4** · Organizations, memberships, API keys, feature flags, storage quotas, tenant isolation.
### Models (13)
| Model | File |
|-------|------|
| Organization | `models/organization.py` |
| OrgMembership | `models/membership.py` |
| OrgRole | `models/org_role.py` |
| OrgInvitation | `models/invitation.py` |
| OrgSettings | `models/org_settings.py` |
| FeatureFlag | `models/feature_flag.py` |
| APIKey | `models/api_key.py` |
| ServiceToken | `models/service_token.py` |
| File | `models/file.py` |
| StorageQuota | `models/storage_quota.py` |
| UsageMetric | `models/usage_metric.py` |
| QuotaCounter | `models/quota_counter.py` |
| SocialAccount | `models/social_account.py` |
### Services (6)
| Service | File |
|---------|------|
| Org Service | `services/org_service.py` |
| Membership Service | `services/membership_service.py` |
| API Key Service | `services/api_key_service.py` |
| Feature Flag Service | `services/feature_flag_service.py` |
| File Service | `services/file_service.py` |
| Quota Service | `services/quota_service.py` |
### Config Dependencies
| Setting | Value |
|---------|-------|
| `BASE_DOMAIN` | `localhost:9000` |
| `SESSION_COOKIE_DOMAIN` | `.localhost` |
| `CSRF_COOKIE_DOMAIN` | `.localhost` |
| `DEFAULT_BUSINESS_TYPES` | `["E-Commerce", "Agency", "Retail", "Other"]` |
---
## 5. `apps/audit` — Compliance & GDPR
**Phase 5** · Consent tracking, data export, soft delete, PII audit, deletion locks.
### Models (5)
| Model | File |
|-------|------|
| ConsentRecord | `models/consent_record.py` |
| DataExport | `models/data_export.py` |
| Deletion | `models/deletion.py` |
| DeletionLock | `models/deletion_lock.py` |
| PIIAccessLog | `models/pii_access_log.py` |
### Services (1)
| Service | File | Functions |
|---------|------|-----------|
| Compliance Service | `services/compliance_service.py` | 14 (consent, export, delete, PII access, locks) |
### Config Dependencies
| Setting | Value |
|---------|-------|
| `TERMS_OF_SERVICE_VERSION` | `1.0` |
---
## 6. `apps/notifications` — Communications
**Phase 2 + 7** · Email, SMS, push, in-app notifications with user preferences.
### Models (2)
| Model | File |
|-------|------|
| NotificationPreference | `models/preference.py` |
| NotificationTemplate | `models/template.py` |
### Services (2)
| Service | File |
|---------|------|
| Dispatch Service | `services/dispatch_service.py` (18 functions) |
| SMS Provider | `services/sms_provider.py` (Twilio REST adapter) |
### Config Dependencies
| Setting | Value |
|---------|-------|
| `EMAIL_BACKEND` | `django.core.mail.backends.filebased.EmailBackend` |
| `EMAIL_FILE_PATH` | `BASE_DIR / 'emails'` |
| `DEFAULT_FROM_EMAIL` | `noreply@saas.local` |
| `NOTIFY_NEW_DEVICE_LOGIN` | `True` |
---
## 7. `apps/intelligence` — AI & Security Intelligence
**Phase 6** · Activity logging, risk scoring, anomaly detection, LLM chat, content moderation.
### Models (5+)
| Model | File |
|-------|------|
| EventLog | `models/event_log.py` |
| AIModel | `models/ai_model.py` |
| AIPrompt | `models/ai_prompt.py` |
| ChatSession / ChatMessage | `models/chat.py` |
| RiskScore / Anomaly / Metric / ContentEmbedding / etc. | `models/analytics.py` |
### Services (5)
| Service | File |
|---------|------|
| Event Service | `services/event_service.py` |
| Analytics Service | `services/analytics_service.py` (risk scoring, anomaly detection, vector search) |
| AI Service | `services/ai_service.py` (LLM integration, RAG pipeline) |
| Moderation Service | `services/moderation_service.py` |
| Personalization Service | `services/personalization_service.py` |
---
## 8. `apps/operations` — Enterprise Operations
**Phase 7** · Audit logs, admin ops, webhooks, maintenance mode, system settings, jobs.
### Models (5)
| Model | File |
|-------|------|
| AuditLog / AdminAction | `models/audit.py` |
| SystemSetting / BackgroundJob | `models/system.py` |
| Webhook / WebhookDelivery | `models/webhook.py` |
| Deployment | `models/deployment.py` |
| Notification | `models/notification.py` |
### Services (4)
| Service | File |
|---------|------|
| Admin Ops Service | `services/admin_ops_service.py` (force reset, impersonation, revoke sessions) |
| Operations Service | `services/operations_service.py` (maintenance mode, emergency lock, system settings) |
| Webhook Service | `services/webhook_service.py` (HMAC + replay protection) |
| Idempotency Service | `services/idempotency_service.py` |
### Config Dependencies
| Setting | Value |
|---------|-------|
| `Q_CLUSTER.name` | `saas_cluster` |
| `Q_CLUSTER.workers` | `2` |
| `Q_CLUSTER.timeout` | `60` |
---
## 9. `apps/billing` — Monetization & Razorpay
**Phase 8** · Subscription plans, org subscriptions, payment history, Razorpay integration.
### Models (3)
| Model | File |
|-------|------|
| SubscriptionPlan | `models.py` |
| OrganizationSubscription | `models.py` |
| BillingHistory | `models.py` |
### Services (3)
| Service | File |
|---------|------|
| Billing Service | `services/billing_service.py` |
| Plan Enforcement Service | `services/plan_enforcement.py` |
| Razorpay Service | `services/razorpay_service.py` |
### Config Dependencies
| Setting | Value |
|---------|-------|
| `RAZORPAY_KEY_ID` | (from `.env`) |
| `RAZORPAY_KEY_SECRET` | (from `.env`) |
| `RAZORPAY_CURRENCY` | `INR` |
---
## 10. `apps/dashboard` — UI Aggregator
**No Phase** · Authenticated landing page. Pulls data from accounts, organizations, and other apps.
- **Models**: None
- **Services**: None
- **Views**: `views.py` — dashboard index
---
## Background Services (`services/`)
| Service | File | Purpose |
|---------|------|---------|
| Email | `email/email_service.py` | Async email sending with template rendering and retry |
| Maintenance | `maintenance/maintenance_service.py` | Token cleanup, scheduled purge, data retention |
| Monitoring | `monitoring/monitoring_service.py` | Health checks, metrics aggregation |
| Scheduling | `scheduling/scheduling_service.py` | Job queue, retry policy, dead-letter handling |
---
## Core Layer (`core/`)
| Module | Files | Purpose |
|--------|-------|---------|
| `models/` | `base.py`, `tenant_mixin.py` | TimestampedModel, SoftDeleteModel, TenantScopedModel |
| `middleware/` | 6 files | JWT, subdomain, tenant, security, authorization, request_id |
| `permissions/` | `base.py`, `decorators.py`, `security_decorators.py` | `@require_role`, `@require_permission`, `@stepup_auth_required` |
| `utils/` | 6 files | circuit_breaker, pii_registry, privacy, password_breach, ip, slug |
| `exceptions/` | `base.py` | Custom exception classes |
| `filters/` | `pii_filters.py` | `mask_email`, `mask_phone`, `mask_name`, `mask_ip` |
| `services/` | `encryption.py` | Encryption utilities |
---
## Middleware Pipeline (13 layers, order matters)
| # | Middleware | Source |
|---|-----------|--------|
| 1 | SecurityMiddleware | Django built-in |
| 2 | RequestIDMiddleware | `core.middleware.request_id` |
| 3 | SessionMiddleware | Django built-in |
| 4 | CommonMiddleware | Django built-in |
| 5 | CsrfViewMiddleware | Django built-in |
| 6 | AuthenticationMiddleware | Django built-in |
| 7 | JWTMiddleware | `core.middleware.jwt_middleware` |
| 8 | SubdomainMiddleware | `core.middleware.subdomain_middleware` |
| 9 | RateLimitMiddleware | `core.middleware.security` |
| 10 | TenantContextMiddleware | `core.middleware.tenant` |
| 11 | AuthorizationMiddleware | `core.middleware.authorization` |
| 12 | MessageMiddleware | Django built-in |
| 13 | XFrameOptionsMiddleware | Django built-in |