Architecture
1. System Context (C4 L1)
2. Container View (C4 L2)
3. Mode-Based Deployment
Controlled by
APP_ENV_MQ_PAY_MODE. Source:@nx/mq-pay/src/common/constants.ts:11-14.
| Mode | Controllers | Queue producer | Worker | Production pattern |
|---|---|---|---|---|
FULL (default) | ✓ | ✓ | ✓ | Dev / single-instance |
API | ✓ | ✓ | ✗ | One pod, scale REST horizontally |
WORKER | ✗ | ✗ | ✓ | N pods, each with unique Snowflake ID (91, 92, …) |
4. Component View (C4 L3)
5. Runtime Scenarios
5.1 Boot — MQ-Pay wiring
5.2 IPN → Event → Webhook + WS
5.3 Per-merchant credential lookup
6. Crosscutting Concerns
| Concern | Handling |
|---|---|
| Encryption | CryptoUtility (AES-256-GCM) + secret from APP_ENV_APPLICATION_SECRET; payment provider credentials encrypted at rest |
| Mode-based deployment | APP_ENV_MQ_PAY_MODE ∈ {FULL, API, WORKER}; ApplicationPaymentComponent binds options accordingly |
| AuthN | JWT (verified locally via JWKS from identity); IPN endpoints have provider-signature verification (in MQ-Pay) |
| AuthZ | Casbin via PolicyDefinitionService; permissions cached |
| Idempotency | WebhookEventHandlerHelper skips webhook dispatch for non-actionable events (CREATED/SENT); subscriber-side dedup recommended |
| Logging | IGNIS structured (key: %s); event type + transaction id in every line |
| Soft-delete | WebhookConfig soft-deletable; Configuration soft-deletable |
| IDs | Snowflake; FULL=4, API=8, WORKER=91+ |
7. Related Pages
- Domain Model
- Integration — MQ-Pay + sale + subscribers
- API Events — full webhook + WS catalogue
- Webhook Dispatch
- Provider Credentials
- Decisions