Skip to content

Architecture

Jump to bottom
Salem874 edited this page Feb 24, 2026 · 1 revision

Architecture

Directory Structure

SIGNula/
├── web/
│   ├── _config/                    # Database config, global functions
│   │   ├── config.php              # getSetting(), getClientIP(), redirect(), etc.
│   │   └── database.php            # Database singleton connection
│   │
│   ├── _backend/                   # Core application classes
│   │   ├── Auth.php                # Authentication (login, logout, sessions)
│   │   ├── MFA.php                 # Multi-factor authentication orchestrator
│   │   ├── Database.php            # MySQLi singleton wrapper
│   │   ├── SessionManager.php      # Session lifecycle management
│   │   └── RateLimiter.php         # Endpoint-level rate limiting
│   │
│   ├── private_html/               # Non-public PHP classes
│   │   ├── security/               # Security layer classes (7 files)
│   │   │   ├── SecurityUtils.php   # AES-256-CBC, Argon2id, tokens, CSRF
│   │   │   ├── TOTP.php            # Time-based OTP (RFC 6238)
│   │   │   ├── FormProtection.php  # Honeypot + HMAC timing + JS challenge
│   │   │   ├── CaptchaVerifier.php # Turnstile + reCAPTCHA v3
│   │   │   ├── IPReputationChecker.php  # AbuseIPDB + proxycheck.io
│   │   │   ├── BotDetector.php     # CrawlerDetect + regex fallback
│   │   │   ├── SessionGuard.php    # SHA-256 session fingerprinting
│   │   │   ├── SecurityAlertManager.php # Brute force/travel detection
│   │   │   └── SecurityMiddleware.php   # Unified pipeline orchestrator
│   │   ├── payments/               # Payment processing
│   │   │   ├── PayPalProvider.php
│   │   │   ├── StripeProvider.php
│   │   │   ├── CoinbaseProvider.php
│   │   │   ├── PartnerPaymentService.php
│   │   │   ├── InvoiceManager.php
│   │   │   └── ServiceFeeManager.php
│   │   ├── email/                  # Email system
│   │   │   ├── EmailService.php    # Queue-based email orchestrator
│   │   │   ├── EmailTemplateManager.php
│   │   │   ├── EmailTemplateBuilder.php
│   │   │   ├── EmailTracker.php
│   │   │   └── providers/
│   │   │       ├── SMTPEmailProvider.php
│   │   │       ├── MicrosoftGraphEmailProvider.php
│   │   │       └── GmailAPIEmailProvider.php
│   │   ├── utils/                  # Utility classes
│   │   │   ├── AvatarService.php   # Multi-source avatar resolution
│   │   │   ├── ActivityLogger.php  # Activity audit logging
│   │   │   └── ErrorLogger.php     # Error logging to tblErrorLog
│   │   ├── admin/                  # Admin service classes
│   │   │   └── CredentialResetService.php
│   │   ├── api/                    # API infrastructure
│   │   │   ├── BaseController.php
│   │   │   ├── Validator.php
│   │   │   └── RateLimitMiddleware.php
│   │   └── layout/                 # Shared HTML templates
│   │
│   ├── public_html/                # Web-accessible files
│   │   ├── SIGNula.id/             # Main app (login, register, account, MFA)
│   │   ├── SIGNula.com/            # Marketing site (about, pricing, docs)
│   │   ├── admin/                  # Admin panel
│   │   ├── partners/               # Partner dashboard
│   │   ├── settings/               # User settings pages
│   │   ├── auth/                   # Passwordless + passkey auth
│   │   ├── api/                    # REST API endpoints
│   │   └── webhooks/               # Incoming webhook handlers
│   │
│   └── _private/                   # Non-web uploads, logs
│       └── uploads/avatars/        # User avatar storage
│
├── _database/
│   └── migrations/                 # SQL migrations 001-017
│
├── _tests/                         # PHPUnit test suite
│   ├── Unit/                       # Unit tests (no DB)
│   ├── Integration/                # Integration tests (requires DB)
│   └── Fixtures/                   # Test data files
│
├── _docs/                          # Developer documentation
└── vendor/                         # Composer (dev only)

Design Patterns

Static Method Classes

All core classes use static methods. No instantiation required:

$hash = SecurityUtils::hashPassword($password);
$isValid = Auth::login($email, $password);
$token = SecurityUtils::generateToken(32);

Database Singleton

Database::query() and Database::fetchOne() provide a single MySQLi connection:

$user = Database::fetchOne("SELECT * FROM tblUsers WHERE userID = ?", [$id]);

SIGNULA_INIT Guard

Every source file begins with:

if (!defined('SIGNULA_INIT')) { http_response_code(403); exit('Access denied'); }

Settings from Database

All configuration lives in tblSettings, retrieved via getSetting():

$maxAttempts = getSetting('security.login.max_attempts', 5);

Database Schema (47 Tables)

Core Tables

Table Purpose
tblUsers User accounts (email, passwordHash, isActive, MFA status)
tblSettings Application configuration (key-value with encryption)
tblActivityLog Audit trail (login, changes, API calls)
tblErrorLog PHP error and exception logging
tblSessions Active session tracking

Authentication Tables

Table Purpose
tblMFAMethods User MFA configurations (TOTP, backup codes)
tblOAuthAccounts Linked OAuth provider accounts
tblUserLinkedAccounts User-visible connected accounts
tblPasswordResets Password reset tokens
tblLoginAttempts Failed login tracking
tblPasskeys WebAuthn credential storage

Security Tables

Table Purpose
tblRateLimitConfig Per-endpoint rate limit configuration
tblRateLimitLog Rate limit tracking
tblIPBlocklist Blocked IP addresses
tblSecurityAlerts Detected security events
tblCredentialResets Mass credential reset operations
tblSaltRotationHistory Encryption salt rotation audit

Payment Tables

Table Purpose
tblPaymentProviders Configured payment gateways
tblTransactions Payment transaction records
tblSubscriptions Recurring subscription tracking
tblInvoices Invoice records
tblServiceFees Platform fee configuration

Partner Tables

Table Purpose
tblPartners Partner organisations
tblPartnerAPIKeys API key management
tblPartnerWebhooks Webhook endpoint configuration
tblPartnerFeatures Feature flag assignments
tblPartnerTiers Subscription tier definitions

Email Tables

Table Purpose
tblEmailQueue Outbound email queue
tblEmailTemplates Email template storage
tblEmailProviders Email provider configuration
tblEmailTracking Open/click tracking

Migration History

Migration Version Description
001 2.0.0 Core schema (users, settings, sessions, activity log)
002 2.0.0 Authentication (MFA, OAuth, password resets)
003 2.1.0 API infrastructure (rate limiting, API keys)
004 2.1.0 Payment system (providers, transactions, subscriptions)
005 2.2.0 Partner portal (partners, features, tiers)
006 2.2.0 Email system (queue, templates, tracking)
007 2.3.0 WebAuthn/Passkeys support
008 2.3.0 Security enhancements (IP blocklist, alerts)
009 2.4.0 Invoice and billing system
010 2.4.0 Service fee management
011 2.4.0 Webhook system
012 2.4.0 Partner discounts and credits
013 2.5.0 Ko-fi and Patreon payment providers
014 2.6.0 Security middleware tables
015 2.6.0 Avatar management system
016 2.6.0 Session security enhancements
017 2.6.0 Mass credential reset system

SIGNula Wiki

Home

Setup

Integration

Operations

External Links

Clone this wiki locally