← Back to Documentation
System Architecture
Intrex follows a modern serverless architecture built on Next.js, Supabase, and Vercel. Designed for multi-tenant SaaS with security and scalability in mind.
Architecture Overview
Client Layer
Next.js Client Components•SWR Data Fetching•Tailwind CSS UI
Server Layer (Next.js)
App Router
Server Components
Route Handlers
Auth & Security
JWT Sessions
RBAC Middleware
Background Jobs
Cron Endpoints
Edge Functions
Data Layer
Supabase Postgres•Drizzle ORM•RLS Policies•Supabase Storage
External Services
SMTP Servers•Telegram API•WhatsApp Business•Stripe
Security Layer
- JWT Session Management
- Row Level Security (RLS)
- Role-Based Access Control
- Request Rate Limiting
Application Layer
- Next.js App Router
- Server Components
- Route Handlers
- Server Actions
Data Layer
- PostgreSQL (Supabase)
- Drizzle ORM
- Connection Pooling
- Migrations
Integration Layer
- Email SMTP
- Telegram Bot API
- WhatsApp Business
- Webhooks
Background Jobs
Vercel Cron jobs handle periodic tasks like SSL checks, notifications, and recurrence generation.
| Endpoint | Schedule | Purpose |
|---|---|---|
| /api/cron/ssl-scan | Every 12 hours | Check SSL certificates |
| /api/cron/process-notifications | Every 5 minutes | Send queued notifications |
| /api/cron/retries | Every 5 minutes | Retry failed deliveries |
| /api/cron/recurrence | Daily at 2 AM | Generate recurring obligations |
Security Model
Tenant Isolation: Row Level Security policies ensure users can only access data belonging to their tenant.
Authentication: JWT-based sessions with HTTP-only cookies, secure flag, and SameSite=Lax.
Authorization: Three-tier role system (Head Office Admin, Branch Manager, Operator) with server-side enforcement.
Encryption: Connector credentials encrypted at rest using AES-256-GCM.
Technology Stack
Frontend
Next.js 15
React 19
Tailwind CSS 4
Backend
Next.js API
Drizzle ORM
jose (JWT)
Database
PostgreSQL
Supabase
RLS Policies
Deployment
Vercel
Cron Jobs
Edge Runtime