Flux_bot/pulse-crm-backend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
pulse-crm-backend/docs/TECH-STACK.md
Flux_bot d9e4539dd6 feat: Architektur & Tech-Stack Dokumentation 
📐 Architektur:
- Cloud-basiert (SaaS) Entscheidung
- Multi-Tenancy Konzept
- Architektur-Diagramm

🛠️ Tech-Stack:
- Deno + Oak Backend
- PostgreSQL Datenbank
- Vue 3 + PrimeVue Frontend
- Hetzner Hosting (DSGVO)

📁 Projektstruktur:
- src/ mit routes, middleware, services
- docs/ mit Architektur-Doku
- Basis main.ts mit Health Check
2026-02-11 09:59:54 +00:00

3.5 KiB
Raw Permalink Blame History

Pulse CRM - Tech Stack

Backend

Komponente Technologie Version Begründung
Runtime Deno 2.x Sicher by default, TypeScript nativ, moderne APIs
Framework Oak 17.x Express-ähnlich, bewährt für Deno
Datenbank PostgreSQL 16.x ACID, JSON-Support, Row-Level Security
ORM Drizzle ORM Latest Type-safe, leichtgewichtig, gute DX
Auth JWT - Stateless, skalierbar
Hashing Argon2 - Sicherster Passwort-Hash-Algorithmus
Validation Zod 3.x Runtime type validation
Email Resend - Moderne E-Mail API

Frontend

Komponente Technologie Version Begründung
Framework Vue 3 3.5.x Composition API, TypeScript, reaktiv
UI Library PrimeVue 4.x Enterprise-ready, umfangreich
State Pinia 2.x Offizieller Vue Store
Router Vue Router 4.x SPA Navigation
HTTP Axios 1.x HTTP Client
Build Vite 5.x Schnell, HMR, optimiert
CSS TailwindCSS 3.x Utility-first
i18n vue-i18n 9.x Mehrsprachigkeit (DE/EN)

Infrastruktur

Komponente Technologie Begründung
Hosting Hetzner Cloud DSGVO, Deutschland, günstig
Container Docker Portabilität, Reproduzierbarkeit
Reverse Proxy nginx Performance, SSL Termination
SSL Let's Encrypt Kostenlose Zertifikate
CI/CD Gitea Actions Self-hosted, integriert
Monitoring Prometheus + Grafana Open Source, bewährt

Datenbank Schema (Übersicht)

-- Multi-Tenant Core
organizations (id, name, settings, created_at)
users (id, org_id, email, password_hash, role, ...)

-- CRM Core
contacts (id, org_id, first_name, last_name, email, phone, company_id, ...)
companies (id, org_id, name, industry, website, ...)
deals (id, org_id, title, value, stage_id, contact_id, owner_id, ...)
pipelines (id, org_id, name, stages JSONB, ...)

-- Activities
activities (id, org_id, type, contact_id, deal_id, note, due_at, ...)

-- System
audit_logs (id, org_id, user_id, action, entity, entity_id, changes, ...)

API Design

RESTful Conventions

GET    /api/v1/contacts          # Liste
GET    /api/v1/contacts/:id      # Detail
POST   /api/v1/contacts          # Erstellen
PUT    /api/v1/contacts/:id      # Update
DELETE /api/v1/contacts/:id      # Löschen

# Nested Resources
GET    /api/v1/contacts/:id/activities
POST   /api/v1/deals/:id/move    # Custom Action

Response Format

{
  "success": true,
  "data": { ... },
  "meta": {
    "page": 1,
    "limit": 20,
    "total": 150
  }
}

Error Format

{
  "success": false,
  "error": {
    "code": "VALIDATION_ERROR",
    "message": "Invalid email format",
    "details": [...]
  }
}

Security

  • Authentication: JWT (Access Token 15min, Refresh Token 7d)
  • Password: Argon2id, min 8 chars
  • Rate Limiting: 100 req/min per IP, 1000 req/min per User
  • CORS: Whitelist allowed origins
  • Input Validation: Zod schemas for all inputs
  • SQL Injection: Parameterized queries via ORM
  • XSS: Content-Security-Policy headers
  • HTTPS: Enforced, HSTS enabled

DSGVO Compliance

  • Hosting in Deutschland (Hetzner)
  • Verschlüsselung (Transit + Rest)
  • Audit Logging
  • Datenexport (Art. 20)
  • Löschkonzept (Art. 17)
  • AVV-Vorlage für Kunden
Reference in New Issue View Git Blame Copy Permalink