Skip to main content

System Architecture

Component Breakdown

1. Web Store (Frontend)

Next.js 14 Application

Tech Stack:
  • Next.js 14 (App Router)
  • TypeScript
  • Tailwind CSS + Radix UI
  • React Query (TanStack Query)
Key Features:
  • Subdomain-based multi-tenancy
  • Server-side rendering (SSR) for SEO
  • Shopping cart and checkout flow
  • Payment method selection (UPI/Razorpay)
  • Order tracking pages

2. iOS App (Seller Dashboard)

Native iOS App

Tech Stack:
  • Swift 5.9
  • SwiftUI
  • Supabase Swift SDK
  • OneSignal (Push Notifications)
Key Features:
  • Product CRUD with image upload
  • AI-powered product descriptions
  • Order management workflow
  • Analytics dashboard
  • Store customization

3. Backend (Supabase)

Supabase Platform

Services:
  • PostgreSQL database
  • Row-Level Security (RLS) policies
  • Authentication (Email/OAuth)
  • Storage (product images)
  • Edge Functions (serverless)
  • Realtime subscriptions
Key Features:
  • Multi-tenant data isolation
  • Email notifications
  • Payment processing
  • Order lifecycle management

Data Flow

Product Creation Flow

Order Placement Flow

Multi-Tenancy Strategy

Subdomain Routing

Each seller gets a unique subdomain:
shopname.mypopup.shop → Seller's Store
another.mypopup.shop  → Different Store
Middleware Logic:
export function middleware(req: NextRequest) {
  const hostname = req.headers.get('host') || ''
  const subdomain = hostname.split('.')[0]

  // Fetch store data based on subdomain
  const store = await getStoreBySubdomain(subdomain)

  // Pass to page as context
  return NextResponse.rewrite(new URL(`/${store.id}`, req.url))
}

Deployment Architecture

Web App

Cloudflare Pages
  • Edge network (global CDN)
  • Automatic SSL
  • Wildcard subdomain support
  • Zero config deployment

iOS App

Apple App Store
  • TestFlight for beta testing
  • Push notification certificates
  • In-app purchase ready (future)

Database

Supabase Cloud
  • Managed PostgreSQL
  • Auto backups
  • Connection pooling (PgBouncer)
  • Global edge functions

Email

Resend
  • React Email templates
  • High deliverability
  • Webhook events
  • Custom domain ready

Security Considerations

  • Email/password with email verification
  • OAuth providers (Google, Apple, GitHub)
  • JWT tokens with refresh rotation
  • Row-level security (RLS) on all tables
  • PCI-compliant via Razorpay
  • UPI payments with manual verification
  • No credit card data stored locally
  • Payment webhooks verified with signatures
  • Strict RLS policies per store
  • No cross-store data leakage
  • API keys in environment variables
  • Secrets in Supabase Vault
  • Supabase built-in rate limits
  • Cloudflare DDoS protection
  • API key rotation strategy
  • Suspicious activity monitoring

Performance Optimizations

  1. Web Store
    • Static generation for public pages
    • Image optimization (Next.js Image)
    • React Query caching
    • Edge caching (Cloudflare)
  2. iOS App
    • Image lazy loading
    • Pagination for large lists
    • Local caching (UserDefaults)
    • Background fetch for orders
  3. Database
    • Indexed columns (store_id, created_at)
    • Materialized views for analytics
    • Connection pooling
    • Read replicas (future)
Want to dive deeper? Check out the Database Schema or Payment Flow