aioflare

System Architecture

Built with modern technologies

Tech Stack

aioflare is built on Next.js, providing server-side rendering and optimized performance. Supabase powers the backend β€” handling authentication, database operations, and real-time features.

Database

aioflare uses Supabase PostgreSQL as its primary database, with Row Level Security (RLS) enforced at the database level. RLS policies ensure each user can only access their own data β€” providing an additional layer of protection beyond application-level checks, including in error scenarios.

Encryption Flow

All sensitive data is encrypted server-side before being stored. aioflare uses an envelope encryption model β€” each user has a dedicated Data Encryption Key (DEK) used to encrypt their data using AES-256-GCM. The DEK itself is wrapped using AES Key Wrap (AES-KW) before being persisted, ensuring raw keys are never stored in plaintext.

Encrypted fields include Cloudflare API tokens, credentials, zone data, DNS records, and job queue context. Decryption happens server-side on authenticated requests, with strict ownership checks enforced at every layer.

API Architecture

aioflare uses a RESTful API architecture with authentication and rate limiting enforced on all endpoints. The API is designed for bulk operations β€” with proper error handling, retry mechanisms, and tier-based rate limiting to ensure stability and fair usage across all users.

Queue System Beta

Beta

aioflare's queue system handles large operations asynchronously with rate limiting to prevent timeouts and ensure stability.

Server-Side Processing β€” Operations run independently on the server, continuing regardless of browser session state. Recommended for large-scale and long-running tasks.

Browser-Based Processing β€” Operations run during an active browser session with controlled pacing. Suitable for moderate operations when server-side processing is unavailable.

Rate Limiting

Rate limiting is enforced by subscription tier to ensure fair usage and system stability. Limits apply to bulk operations, API calls, and concurrent processes β€” monitored and enforced in real-time to maintain consistent performance for all users.