System Architecture

Looping Binary is built on a modern, scalable microservices architecture designed to handle high traffic and ensure reliability across all connected platforms.

Microservices Architecture

The system is divided into two main services: Authentication Service and Coin Service. Each service is independently deployable, scalable, and maintainable.

High-Level Overview

Client Applications

LMS • E-commerce • Tournaments • Community

API Gateway / Load Balancer
Auth Service

Port 5000

Coin Service

Port 5001

PostgreSQL Database

Centralized data storage

Authentication Service

Handles all user authentication, authorization, and identity management operations.

Core Responsibilities

  • User Registration: Create new user accounts with email verification
  • Login & Authentication: JWT token generation and validation
  • OAuth Integration: LoopingBinary OAuth ("Sign in with LoopingBinary")
  • Password Management: Reset, change, and secure password storage (bcrypt)
  • Email Verification: Send and verify email confirmation tokens
  • Role-Based Access Control: USER, DEVELOPER, ADMIN, SUPERADMIN roles
  • Session Management: Token expiration and refresh logic

Technology Stack

Runtime:Node.js
Framework:Express.js
ORM:Prisma
Database:PostgreSQL
Auth:JWT, Passport.js
Password Hash:bcrypt

Key Endpoints

POST/api/auth/register
POST/api/auth/login
GET/api/auth/me
GET/api/auth/google
POST/api/auth/forgot-password

Coin Service

Manages the entire digital currency system including wallets, transactions, and treasuries.

Core Responsibilities

  • Wallet Management: Create and manage user coin wallets
  • Coin Minting: Admin-controlled coin creation
  • Coin Burning: Remove coins from circulation
  • P2P Transfers: User-to-user coin transfers
  • Treasury Operations: Manage four system treasuries
  • Transaction History: Complete audit trail of all coin movements
  • API Key Management: Generate and validate API keys
  • Balance Tracking: Real-time wallet and treasury balances

Technology Stack

Runtime:Node.js
Framework:Express.js
ORM:Prisma
Database:PostgreSQL
Encryption:crypto (SHA-256)
Validation:Zod

Key Endpoints

GET/api/coins/balance
POST/api/coins/transfer
POST/api/admin/mint
POST/api/admin/burn
GET/api/coins/history

Database Schema

PostgreSQL database with the following key tables:

Users Table

Stores all user account information

id, email, password, fullName, role, isVerified, googleId, githubId, createdAt, updatedAt

Wallets Table

User coin balances (1:1 with Users)

id, userId, balance, createdAt, updatedAt

Transactions Table

Complete audit trail of all coin movements

id, type, amount, fromUserId, toUserId, treasuryType, reason, createdAt

Treasuries Table

Four system treasuries for fund management

id, type (COURSE, SUBSCRIPTION, REWARD, GENERAL), balance, createdAt, updatedAt

ApiKeys Table

API key management for secure access

id, name, keyHash, userId, permissions, lastUsed, createdAt

Security Features

Password Security

  • bcrypt hashing (12 rounds)
  • Salt per password
  • No plaintext storage

Token Security

  • JWT with RS256
  • 7-day expiration
  • Secure secret keys

API Keys

  • SHA-256 encryption
  • Permission-based access
  • Usage tracking

Database Security

  • Prepared statements
  • SQL injection prevention
  • Transaction rollback

Scalability & Performance

Horizontal Scaling

Both services can be horizontally scaled by deploying multiple instances behind a load balancer.

  • Stateless service design
  • Database connection pooling
  • Load balancer distribution

Database Optimization

  • Indexed primary and foreign keys
  • Query optimization with Prisma
  • Connection pooling (max 10 connections per service)
  • Transaction batching for bulk operations

Caching Strategy

  • JWT tokens cached client-side
  • User profile caching (future enhancement)
  • Balance queries optimized

Deployment Architecture

Hosting: Cloud-based infrastructure (AWS/DigitalOcean/Heroku)
Auth Service: Port 5000 (http://localhost:5000)
Coin Service: Port 5001 (http://localhost:5001)
Database: PostgreSQL (managed instance)
Load Balancer: Nginx/HAProxy for traffic distribution
SSL/TLS: HTTPS enforced for all API endpoints
Monitoring: Application logs and error tracking

Inter-Service Communication

Services communicate via RESTful HTTP APIs. Future enhancements may include:

  • Message queues (RabbitMQ/Redis) for async operations
  • Event-driven architecture for real-time updates
  • Service mesh for advanced routing and observability