Logical Architecture

Components

• Web: Next.js app (App Router), server-rendered pages, client hooks for auth state.
• API routes: Authentication, admin approvals, listings CRUD (soft-delete), profile update.
• Data: Postgres via Prisma (models: User, Listing, ListingTranslation, ListingImage, VerificationToken).
• Mail: SMTP (smtp.sohva.org) + DKIM signing for verification emails.
• Auth: Email/password, verified+approved requirement, JWT session cookie (session_token), roles.

Layers Diagram

Source: docs/drawio/architecture.drawio. Edit with draw.io and export locally.

Domain Model Snapshot

erDiagram
  USER ||--o{ LISTING : owns
  USER ||--o{ LISTING : approves
  LISTING ||--|{ LISTINGTRANSLATION : has
  LISTING ||--o{ LISTINGIMAGE : has

  USER {
    string id
    string email
    string passwordHash
    Role role
    UserStatus status
    datetime emailVerifiedAt
    datetime approvedAt
    datetime rejectedAt
    datetime removedAt
  }
  LISTING {
    string id
    ListingStatus status
    datetime approvedAt
    datetime rejectedAt
    datetime removedAt
    string country
    string region
    string city
  }
  LISTINGTRANSLATION {
    string id
    string slug
    string title
    string locale
  }
  LISTINGIMAGE {
    string id
    string url
  }

Auth Flow (High-Level)

See PlantUML source: docs/plantuml/auth-register-login.puml. Render locally with PlantUML.