435889ee79
- Migrate from custom HTTP server to VitePress framework - Rename project to Tokenized License Approval System (TLAS) - Add comprehensive documentation for all stakeholders: - Business: Executive summary, value proposition, governance - Operations: Infrastructure, installation, monitoring, backup - Departments: User guide, workflows, verification, issuance - Developers: API reference, authentication, webhooks, SDKs - Compliance: OWASP, DPDP Act, IT Act, audit framework - Add modern theme with dark mode and full-text search - Update Dockerfile for VitePress build process Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
5.0 KiB
5.0 KiB
Solution Architecture
System Overview
┌─────────────────────────────────────────────────────────────────────┐
│ TLAS Platform │
├─────────────────────────────────────────────────────────────────────┤
│ ┌──────────────┐ ┌──────────────┐ ┌──────────────┐ │
│ │ Applicant │ │ Department │ │ Admin │ │
│ │ Portal │ │ Portal │ │ Console │ │
│ └──────┬───────┘ └──────┬───────┘ └──────┬───────┘ │
│ │ │ │ │
│ └─────────────────┼─────────────────┘ │
│ │ │
│ ┌──────▼───────┐ │
│ │ API Gateway │ │
│ │ (NestJS) │ │
│ └──────┬───────┘ │
│ │ │
│ ┌─────────────────┼─────────────────┐ │
│ │ │ │ │
│ ┌──────▼──────┐ ┌──────▼──────┐ ┌──────▼──────┐ │
│ │ PostgreSQL │ │ Hyperledger │ │ External │ │
│ │ Database │ │ Besu │ │ Services │ │
│ └─────────────┘ └─────────────┘ └─────────────┘ │
└─────────────────────────────────────────────────────────────────────┘
Component Responsibilities
| Component | Function |
|---|---|
| Applicant Portal | Application submission, document upload, status tracking, certificate download |
| Department Portal | Queue management, application review, approval actions, reporting |
| Admin Console | Department onboarding, workflow configuration, system monitoring |
| API Gateway | Authentication, authorization, request routing, rate limiting |
| PostgreSQL | Application data, user accounts, workflow definitions, audit logs |
| Hyperledger Besu | NFT minting, certificate verification, immutable transaction record |
Data Flow: License Issuance
1. Applicant submits application
│
▼
2. System validates documents and routes to workflow
│
▼
3. Officers process through defined approval stages
│
▼
4. Final approval triggers blockchain transaction
│
▼
5. NFT minted with license metadata
│
▼
6. Certificate generated with embedded verification QR
│
▼
7. Applicant notified and certificate available for download
Blockchain Integration
Hyperledger Besu serves as the certificate authority:
- Private network: Government-controlled nodes, no public exposure
- Permissioned access: Only authorized services can mint tokens
- Smart contract: ERC-721 implementation for license NFTs
- Verification API: Public endpoint for certificate validation
NFT Structure
{
"tokenId": "0x...",
"licenseNumber": "GOA/TRADE/2026/00001",
"holder": {
"name": "Applicant Name",
"identifier": "AADHAAR-XXXX"
},
"issuingDepartment": "Department of Trade",
"issueDate": "2026-02-09",
"validUntil": "2027-02-08",
"documentHash": "SHA256:abcd1234..."
}
Security Architecture
| Layer | Controls |
|---|---|
| Network | HTTPS only, WAF, DDoS protection |
| Authentication | JWT tokens, session management, DigiLocker OAuth |
| Authorization | Role-based access control, department isolation |
| Data | Encryption at rest (AES-256), TLS 1.3 in transit |
| Application | Input validation, SQL injection prevention, XSS protection |
| Audit | Immutable logs, tamper detection, compliance reporting |