- Project Overview
- Architecture Decision
- Functional Requirements
- Non-Functional Requirements
- User Stories
- Technical Architecture
- API Specification
- Security Requirements
- Performance Requirements
A modern two-part web platform consisting of a marketing landing site and a full-featured web application. The landing site focuses on visitor conversion, while the web application provides authenticated users with content browsing, collection management, and data processing capabilities. The system includes an integrated admin panel within the web application for content and user management.
- Landing Site: Maximize visitor conversion with optimized performance
- Web Application: Provide intuitive experience for authenticated users
- Admin Integration: Enable efficient content management within the main app
- Shared Infrastructure: Leverage unified backend and shared components
- Security: Ensure secure authentication and data protection
- Performance: Deliver fast, responsive experience across all devices
- Framework: React 18 with Vite
- UI Components: shadcn/ui
- Styling: Tailwind CSS
- Animations: Framer Motion
- Deployment: Vercel/Netlify (static hosting)
- Framework: React 18 with TypeScript, Vite
- UI Components: shadcn/ui
- Routing: React Router v6
- State Management: Zustand
- Data Fetching: TanStack Query
- Authentication: Clerk
- Forms: React Hook Form + Zod (integrated with shadcn/ui form components)
- Styling: Tailwind CSS
- Framework: FastAPI with Python
- ORM: Prisma
- Database: PostgreSQL
- Cache: Redis
- Authentication: JWT verification (from Clerk)
- Monorepo: pnpm workspaces
- Shared Packages: @project/ui (shadcn/ui based), @project/utils, @project/types
- Containerization: Docker
- Orchestration: Docker Compose
- Reverse Proxy: Nginx (subdomain routing)
The project is structured as two separate applications:
-
Landing Site (
yourdomain.com)- Public-facing marketing site
- Optimized for SEO and conversion
- Minimal JavaScript for fast loading
- Static site generation capabilities
- No authentication required
-
Web Application (
app.yourdomain.com)- Full-featured SPA for authenticated users
- Integrated admin dashboard at
/admin - Protected routes and role-based access
- Rich interactive features
- Real-time updates
- Performance: Landing site loads faster without app bundle
- SEO: Better search engine optimization for marketing content
- Security: Application code not exposed to public visitors
- Deployment: Independent deployment cycles
- Scalability: Can scale landing and app separately
- Sign Up: Users can create accounts using email/password or social providers
- Sign In: Users can authenticate using credentials or social login
- Sign Out: Users can securely log out from their session
- Password Reset: Users can reset forgotten passwords via email
- Profile Management: Users can update their profile information
- User: Can browse content, manage collections, perform actions
- Admin: Full access to content management, data processing, and user administration
- Hero Section: Eye-catching banner with CTA
- Features Showcase: Key platform benefits
- Pricing/Plans: Service tiers (if applicable)
- Testimonials: Customer reviews
- FAQ Section: Common questions
- Contact Form: Lead capture
- Newsletter Signup: Email list building
- Static Generation: Pre-rendered pages
- Image Optimization: WebP with fallbacks
- Lazy Loading: Progressive image loading
- Minimal JavaScript: Fast initial load
- Featured Items: Highlighted on landing and web app
- Category Navigation: Browse by content type
- Public API: Accessible without authentication
- Full Catalog: All items with pagination
- Advanced Search: Filter by multiple criteria
- Detailed Views: Complete item information
- User Interactions: Add to collections
- Add to Collection: Add items with quantity/options selection
- Update Selection: Modify item properties in collection
- Remove Items: Delete items from collection
- Collection Persistence: Collections saved for authenticated users
- Guest Collections: Session-based for non-authenticated users
- Real-time updates
- Validation checks
- Apply modifiers/rules
- Collection summary display
- Quick actions from any page
- Data Review: Display summary before confirmation
- User Information: Collect necessary details
- Process Confirmation: Generate reference number and send confirmation
- Activity History: Users can view past activities
- Pending, Processing, Completed, Cancelled
- Email notifications for status changes
- Activity tracking for users
- Real-time status updates
- Route Protection:
/admin/*routes require admin role - Role Verification: Checked at both frontend and backend
- Seamless Integration: Same authentication as main app
- CRUD Operations: Create, read, update, delete content items
- Media Upload: Upload and manage images/files
- Bulk Operations: Update multiple items at once
- Status Management: Track item availability
- Featured Selection: Mark items for homepage display
- Data Dashboard: View all activities with filters
- Status Updates: Change process status
- Data Details: View complete activity information
- Export Data: Download activity reports
- User List: View all registered users
- Role Management: Assign admin privileges
- User Activity: Track user activities and engagement
- Contact Submissions: View landing site inquiries
- UI Components: Buttons, cards, modals
- Utilities: Formatters, validators
- Type Definitions: Consistent data models
- Landing → Web: "Get Started" CTA
- Web → Landing: Logo link to marketing site
- Deep Linking: Preserve user intent
- Shared Database: Single source of truth
- Public API: Consistent data access
- Cache Strategy: Optimized for each use case
- Page load time < 3 seconds
- API response time < 200ms for simple queries
- Support 1000+ concurrent users
- Image optimization and lazy loading
- HTTPS encryption for all communications
- Secure authentication with Clerk
- Input validation and sanitization
- SQL injection prevention with Prisma
- XSS protection
- CSRF protection
- Responsive design for all screen sizes
- Intuitive navigation
- Clear error messages
- Loading states for async operations
- Accessibility compliance (WCAG 2.1 AA)
- 99.9% uptime
- Automated backups
- Error logging and monitoring
- Graceful error handling
- Horizontal scaling capability
- Database optimization
- Caching strategy
- CDN for static assets
-
As a user, I want to browse content by category so that I can find what I'm looking for quickly.
- Acceptance Criteria:
- Categories are clearly visible
- Content loads within 2 seconds
- Can switch between categories without page reload
- Acceptance Criteria:
-
As a user, I want to add items to my collection so that I can manage multiple selections.
- Acceptance Criteria:
- "Add" button is prominent
- Collection updates without page reload
- Visual feedback when item is added
- Acceptance Criteria:
-
As a user, I want to view my activity history so that I can review past actions.
- Acceptance Criteria:
- History shows all past activities
- Can view activity details
- Can repeat actions with one click
- Acceptance Criteria:
-
As an admin, I want to add new content so that I can update the platform.
- Acceptance Criteria:
- Form with all content fields
- Media upload functionality
- Preview before saving
- Acceptance Criteria:
-
As an admin, I want to manage user activities so that I can process user requests.
- Acceptance Criteria:
- Dashboard shows pending activities
- Can update activity status
- Can view user details
- Acceptance Criteria:
apps/
├── landing/ # Marketing site
├── web/ # Main application + admin
└── backend/ # Shared API
packages/
├── ui/ # Shared components
├── utils/ # Common utilities
└── types/ # TypeScript types
The admin dashboard remains integrated within the web application:
- Location:
apps/web/src/pages/admin/* - Route Guards:
AdminGuardcomponent - Shared Auth: Same Clerk instance as main app
- Benefits: Code reuse, single deployment
apps/landing/src/
├── components/
│ ├── Hero.tsx # Hero section
│ ├── Features.tsx # Features showcase
│ ├── Pricing.tsx # Pricing tiers
│ ├── Testimonials.tsx # Customer reviews
│ ├── FAQ.tsx # Frequently asked questions
│ └── ContactForm.tsx # Contact form
├── App.tsx # Main app
└── main.tsx # Entry point
apps/web/src/
├── components/
│ ├── common/ # Shared UI components
│ ├── layout/ # App layout components
│ ├── content/ # Content components
│ ├── collections/ # Collection components
│ └── admin/ # Admin components
├── pages/
│ ├── dashboard/ # User pages
│ └── admin/ # Admin pages
├── guards/ # Route protection
├── hooks/ # Custom hooks
├── services/ # API services
├── store/ # Zustand stores
└── types/ # TypeScript types
backend/
├── app/
│ ├── api/ # API route endpoints
│ ├── core/ # Core configuration
│ ├── models/ # Pydantic models
│ ├── services/ # Business logic
│ ├── middleware/ # FastAPI middleware
│ └── utils/ # Utility functions
├── prisma/
│ ├── schema.prisma # Database schema
│ └── migrations/ # Database migrations
- Users table (web app users via Clerk)
- Items table (content for both sites)
- Categories table (navigation structure)
- Activities table (user activities)
- ActivityItems table (activity details)
- Collections table (user collections)
- CollectionItems table (collection items)
- ContactSubmissions table (form submissions)
- NewsletterSubscriptions table (email signups)
GET /api/public/items/featured- Featured items for homepageGET /api/public/categories- All categoriesPOST /api/public/contact- Submit contact formPOST /api/public/newsletter- Newsletter signup
GET /api/items- List all itemsGET /api/items/:id- Get item detailsGET /api/categories/:slug/items- Items by categoryGET /api/collections- User's collectionPOST /api/collections/items- Add to collectionPUT /api/collections/items/:id- Update collection itemDELETE /api/collections/items/:id- Remove from collectionGET /api/activities- User's activitiesPOST /api/activities- Create activity
POST /api/items- Create itemPUT /api/items/:id- Update itemDELETE /api/items/:id- Delete itemGET /api/admin/dashboard- Dashboard statsGET /api/admin/users- List all usersPUT /api/admin/users/:id/role- Update user rolePUT /api/activities/:id/status- Update activity statusGET /api/admin/contact-submissions- View submissions
- No authentication required
- Rate limiting on contact forms
- CSRF protection on forms
- Honeypot fields for bot prevention
- Clerk authentication required
- JWT tokens for API access
- Role-based access control (USER/ADMIN)
- Session management via Clerk
- JWT verification using JWKS
- Role extraction from token claims
- Admin middleware for protected routes
- API key for service-to-service (future)
- HTTPS enforced on all domains
- Database encryption at rest
- Sensitive data hashing (future passwords)
- PII data isolation and audit trails
CORS_ORIGINS = [
"https://yourdomain.com", # Landing
"https://app.yourdomain.com", # Web app
# Development origins
"http://localhost:3000",
"http://localhost:5173"
]- First Contentful Paint: < 1.5s
- Time to Interactive: < 3s
- Lighthouse Score: > 90
- Core Web Vitals: All green
- Static Asset Caching: 1 year
- CDN Distribution: Global edge nodes
- Initial Load: < 3s
- Route Changes: < 200ms
- API Response: < 300ms (p95)
- Collection Updates: < 100ms
- Search Results: < 500ms
- Database Queries: < 50ms
- Concurrent Users: 1000+
- Request Rate: 100 req/s
- Cache Hit Rate: > 80%
- Static generation for all pages
- Image optimization pipeline
- Critical CSS inlining
- Minimal JavaScript bundle
- Preconnect to API domain
- Route-based code splitting
- Component lazy loading
- Virtual scrolling for lists
- Optimistic UI updates
- Service worker caching
- WebP images with fallbacks
- Brotli compression
- HTTP/2 push for critical resources
- Database query optimization
- Redis caching strategy
- Landing:
http://localhost:3000 - Web App:
http://localhost:5173 - Backend:
http://localhost:5000 - Database: Local PostgreSQL
- Tools: Docker Compose, hot reload
- Landing:
staging.yourdomain.com - Web App:
app-staging.yourdomain.com - Backend: Shared with web app
- Database: Staging PostgreSQL
- Purpose: Pre-production testing
- Landing:
yourdomain.com(Vercel/Netlify) - Web App:
app.yourdomain.com(Cloud provider) - Backend:
app.yourdomain.com/api - Database: Managed PostgreSQL (RDS/CloudSQL)
- CDN: CloudFlare for all domains
-
Landing Site
- Push to main branch
- Vercel auto-deploys
- Instant global distribution
-
Web Application
- Push to main branch
- CI/CD builds Docker image
- Deploy to cloud provider
- Health checks before switch
-
Backend API
- Same as web application
- Database migrations first
- Rolling deployment
# Example Terraform structure
modules/
├── landing/ # S3 + CloudFront
├── web-app/ # ECS/K8s + ALB
├── backend/ # Shared with web-app
├── database/ # RDS PostgreSQL
└── networking/ # VPC, subnets, security groups