Technology Stack
Technology Stack
This page is for technically inclined evaluators — architects, CTOs, and developers assessing whether Message Center integrates with your infrastructure.
Overview
Message Center is a Next.js 14 backend-for-frontend (BFF) that owns multi-tenancy, identity, and moderation. It talks to the SMS Gateway (Core) via a stateless mTLS connection. All tenant state — workspaces, memberships, campaigns, audit logs — lives in MongoDB.
Browser ──── HTTPS ────▶ Message Center (Next.js BFF)
│
mTLS client cert
│
┌──────▼──────┐
│ SMPP Proxy │ ← mTLS server cert
└──────┬──────┘
│ internal
┌──────▼──────┐
│ SMS Core │ ← stateless job engine
└─────────────┘
Runtime
| Component | Technology |
|---|---|
| Web framework | Next.js 14 (App Router, TypeScript) |
| Runtime | Node.js 20+ |
| Package manager | Yarn 1.x |
Next.js App Router provides both the web UI (React Server Components) and the BFF API routes — no separate Express server needed.
Data Layer
| Component | Technology |
|---|---|
| Primary database | MongoDB 6+ (raw mongodb driver — no Mongoose) |
| Schema validation | Zod (runtime validation at DAO boundary) |
| Migrations | Custom incremental migration runner (9 migrations, v1–v9) |
| Query safety | cursor.maxTimeMS on all reads; chunkedFindIn for large $in arrays |
MongoDB is Message Center's only persistent store. Redis, PostgreSQL, and other databases are not required.
Authentication & Security
| Component | Technology |
|---|---|
| User authentication | next-auth v4 (Credentials provider) |
| Password hashing | bcryptjs (cost factor 12) |
| Session | HTTP-only JWT cookie (8h default) |
| Service-to-gateway auth | mTLS mutual certificate authentication |
| Gateway JWT | Singleton cached in process memory with auto-refresh |
| CSP | Strict Content-Security-Policy enforced via Next.js middleware |
User sessions and gateway credentials are completely independent — user JWTs never reach the SMS Gateway.
HTTP & Networking
| Component | Technology |
|---|---|
| Gateway HTTP client | undici (Node.js native HTTP/1.1 client) |
| Connection pool | Two undici Agent instances — regular (60s timeout) and upload (30min) |
| mTLS | Client certificates presented per-connection; hot-reload via file mtime check |
| File streaming | Manual multipart body via async generator (O(chunk) heap, not O(file)) |
The separate upload agent (30-minute timeout) prevents large file transfers from sharing connection budget with regular API calls.
Frontend
| Component | Technology |
|---|---|
| UI components | shadcn/ui (Radix UI primitives + Tailwind) |
| Styling | Tailwind CSS 3 |
| State management | TanStack Query v5 (server state), Zustand (UI state) |
| Internationalization | next-intl (Russian default, English fallback) |
| Icons | Lucide React |
| Theme | Light-only (dark mode not implemented) |
Observability
| Component | Technology |
|---|---|
| Log sentinels | Structured log lines: [core-slow], [core-large], [audit-fallback] |
| Metrics dashboard | Grafana (embedded iframe in monitoring tab) |
| Audit diagnostics | GET /api/diagnostics/audit (fallback file size, TTL index status) |
Code Generation
Core's REST API is consumed via OpenAPI codegen (orval). The generator produces TypeScript types and TanStack Query hooks from openapi/core.yaml. Types are used throughout the BFF; generated hooks are used only for non-workspace-scoped operations.
Minimum Requirements
| Resource | Minimum |
|---|---|
| Node.js | 20+ |
| MongoDB | 6.0+ replica set or standalone |
| RAM | 256 MB (idle), 512 MB (recommended) |
| Disk (temp) | 2× maximum recipient file size |
| CPU | 1 vCPU (4 recommended for high concurrency) |
Next Steps
- Deployment Overview — installation and Kubernetes manifests
- Compliance & Security — security architecture