← Back to Index

Pandit Javdekar Smart Society Management Application • Version 1.0 • June 2026 • ByteWise Consulting LLP

Society Management Platform — Technical Architecture Document

Document Information

| Field | Value |

|-------|-------|

| Project | Pandit Javdekar Smart Society Management Application |

| Version | 2.0 |

| Date | June 2026 |

| Author | ByteWise Consulting LLP |

| Tech Stack Update | Migrated from React.js/React Native to Next.js 14+ (Admin + PWA) |

---

1. Architecture Overview

1.1 High-Level Architecture

┌─────────────────────────────────────────────────────────────────────────────┐

│ CLIENT LAYER │

├─────────────────────────────────────────────────────────────────────────────┤

│ │

│ ┌──────────────────────┐ ┌──────────────────────┐ ┌──────────────────┐ │

│ │ Next.js Admin Portal │ │ Next.js PWA │ │ React Native │ │

│ │ (Web Dashboard) │ │ (Mobile Web App) │ │ (Phase 2 - │ │

│ │ - App Router │ │ - Same codebase as │ │ Later) │ │

│ │ - Server Components │ │ admin portal │ │ - Native │ │

│ │ - Responsive Design │ │ - PWA manifest │ │ Android + iOS │ │

│ │ - TypeScript │ │ - Service worker │ │ - React Native │ │

│ └──────────┬───────────┘ └──────────┬───────────┘ └────────┬─────────┘ │

│ │ │ │ │

└─────────────┼──────────────────────────┼────────────────────────┼────────────┘

│ │ │

└──────────────────────────┼────────────────────────┘

┌────────────────────────────────────────┼───────────────────────────────────────┐

│ API GATEWAY (NGINX + Rate Limiting) │

└────────────────────────────────────────┼───────────────────────────────────────┘

┌────────────────────────────────────────┼───────────────────────────────────────┐

│ BACKEND LAYER │

├────────────────────────────────────────┼───────────────────────────────────────┤

│ │ │

│ ┌─────────────────────────────────────┴─────────────────────────────────────┐ │

│ │ Node.js (nextJS) Application Server │ │

│ │ │ │

│ │ ┌────────────┐ ┌────────────┐ ┌────────────┐ ┌────────────┐ │ │

│ │ │ Auth │ │ Gate │ │ Maintenance│ │ Notice │ │ │

│ │ │ Module │ │ Module │ │ Module │ │ Module │ │ │

│ │ └────────────┘ └────────────┘ └────────────┘ └────────────┘ │ │

│ │ │ │

│ │ ┌────────────┐ ┌────────────┐ ┌────────────┐ ┌────────────┐ │ │

│ │ │ Biometric │ │ Visitor │ │ Poll │ │ Document │ │ │

│ │ │ Module │ │ Module │ │ Module │ │ Module │ │ │

│ │ └────────────┘ └────────────┘ └────────────┘ └────────────┘ │ │

│ │ │ │

│ │ ┌────────────┐ ┌────────────┐ ┌────────────┐ ┌────────────┐ │ │

│ │ │ Amenity │ │ Showcase │ │ Analytics │ │ SOS │ │ │

│ │ │ Module │ │ Module │ │ Module │ │ Module │ │ │

│ │ └────────────┘ └────────────┘ └────────────┘ └────────────┘ │ │

│ └──────────────────────────────────────────────────────────────────────────┘ │

│ │ │

└──────────────────────────────┼────────────────────────────────────────────────┘

┌──────────────────────────────┼────────────────────────────────────────────────┐

│ DATA LAYER │

├──────────────────────────────┼────────────────────────────────────────────────┤

│ │ │

│ ┌──────────────┐ ┌────────┴────────┐ ┌───────────────┐ ┌────────────┐ │

│ │ PostgreSQL │ │ Redis │ │ AWS S3 │ │ MQTT │ │

│ │ (Primary │ │ (Cache + │ │ (File │ │ Broker │ │

│ │ Database) │ │ Sessions) │ │ Storage) │ │ (Mosquitto│ │

│ └──────────────┘ └─────────────────┘ └─────────────────┘ └────────────┘ │

│ │

└──────────────────────────────────────────────────────────────────────────────┘

┌──────────────────────────────┼────────────────────────────────────────────────┐

│ EXTERNAL SERVICES │

├──────────────────────────────┼────────────────────────────────────────────────┤

│ │ │

│ ┌──────────────┐ ┌────────┴────────┐ ┌───────────────┐ ┌────────────┐ │

│ │ Firebase │ │ SMS Gateway │ │ ESP32 Gate │ │ Biometric │ │

│ │ (FCM) │ │ (Twilio/MSG91) │ │ Controllers │ │ Device │ │

│ └──────────────┘ └─────────────────┘ └─────────────────┘ └────────────┘ │

│ │

└──────────────────────────────────────────────────────────────────────────────┘

---

2. Technology Stack

2.1 Frontend Technologies

| Component | Technology | Version | Purpose |

|-----------|------------|---------|---------|

| Web Admin Portal | Next.js | 14.x | React framework with App Router, SSR, API routes |

| Mobile PWA | Next.js | 14.x | Progressive Web App (same codebase as admin) |

| Native Mobile (Phase 2) | React Native | 0.73+ | Cross-platform native mobile (Android + iOS) |

| Language | TypeScript | 5.x | Type safety across all frontends |

| Styling | Tailwind CSS | 3.x | Utility-first CSS |

| State Management | Zustand | 4.x | Client-side state |

| Server State | SWR | 2.x | Server state management for client components |

| Forms | React Hook Form | 7.x | Form management |

| Charts | Recharts | 2.x | Data visualization |

| Auth (Web) | NextAuth.js | 5.x | Authentication for Next.js |

| PWA | next-pwa | - | Service worker, manifest, offline support |

| Icons | Material Icons | - | Google Material Icons |

| MQTT (PWA) | MQTT.js | 4.x | MQTT over WebSocket for IoT |

2.2 Backend Technologies

| Component | Technology | Version | Purpose |

|-----------|------------|---------|---------|

| Runtime | Node.js | 20.x LTS | JavaScript runtime |

| Framework | nextJS | 10.x | Enterprise-grade Node.js framework |

| Language | TypeScript | 5.x | Type safety |

| Validation | class-validator | 0.14.x | Request validation |

| Authentication | Passport.js | 0.6.x | Authentication strategies |

| JWT | @nextjs/jwt | 10.x | JSON Web Token handling |

| ORM | Prisma | 5.x | Database ORM |

| API Docs | Swagger | 6.x | API documentation |

2.3 Database Technologies

| Component | Technology | Version | Purpose |

|-----------|------------|---------|---------|

| Primary DB | PostgreSQL | 16.x | Relational database |

| Cache | Redis | 7.x | Caching + session storage |

| File Storage | AWS S3 | - | Photo and document storage |

| CDN | CloudFront | - | Static asset delivery |

2.4 Infrastructure Technologies

| Component | Technology | Purpose |

|-----------|------------|---------|

| Cloud Provider | AWS / GCP | Cloud hosting |

| Container | Docker | Application containerization |

| Orchestration | ECS / Kubernetes | Container orchestration |

| CI/CD | GitHub Actions | Continuous integration/deployment |

| SSL | Let's Encrypt / AWS ACM | SSL certificates |

| Domain | Route 53 / Cloudflare | DNS management |

2.5 IoT Technologies

| Component | Technology | Purpose |

|-----------|------------|---------|

| Microcontroller | ESP32 | WiFi + Bluetooth IoT controller |

| Relay Module | 5V 10A Relay | Gate motor control |

| MQTT Broker | Mosquitto | Message queuing |

| MQTT Protocol | MQTT 5.0 over TLS | Secure messaging |

| Biometric Device | Fingerprint Scanner | Helper attendance |

2.6 Notification Technologies

| Component | Technology | Purpose |

|-----------|------------|---------|

| Android Push | Firebase Cloud Messaging (FCM) | Push notifications |

| iOS Push | Apple Push Notification Service (APNs) | Push notifications |

| SMS | Twilio / MSG91 | OTP and emergency SMS |

| Email | SendGrid / AWS SES | Email notifications |

---

3. Module Architecture

3.1 Project Structure (Monorepo — Turborepo)

project-root/

├── apps/

│ ├── web/ # Next.js Admin Portal + PWA

│ │ ├── app/ # Next.js App Router

│ │ │ ├── (auth)/ # Auth group (login, OTP, register)

│ │ │ │ ├── login/page.tsx

│ │ │ │ ├── otp/page.tsx

│ │ │ │ └── register/page.tsx

│ │ │ ├── (dashboard)/ # Dashboard group (protected)

│ │ │ │ ├── layout.tsx # Dashboard layout with sidebar

│ │ │ │ ├── page.tsx # Home/Overview

│ │ │ │ ├── gates/page.tsx

│ │ │ │ ├── maintenance/page.tsx

│ │ │ │ ├── notices/page.tsx

│ │ │ │ ├── residents/page.tsx

│ │ │ │ ├── visitors/page.tsx

│ │ │ │ ├── polls/page.tsx

│ │ │ │ ├── documents/page.tsx

│ │ │ │ ├── amenities/page.tsx

│ │ │ │ ├── analytics/page.tsx

│ │ │ │ ├── sos/page.tsx

│ │ │ │ ├── showcase/page.tsx

│ │ │ │ └── settings/page.tsx

│ │ │ ├── api/ # Next.js API Routes (BFF)

│ │ │ │ └── [...proxy]/route.ts # Proxy to nextJS backend

│ │ │ ├── layout.tsx # Root layout

│ │ │ └── page.tsx # Landing/redirect

│ │ ├── components/ # Shared React components

│ │ │ ├── ui/ # Base UI components (Button, Card, Input, etc.)

│ │ │ ├── layout/ # Layout components (Sidebar, Header, TabBar)

│ │ │ ├── gates/ # Gate access components

│ │ │ ├── maintenance/ # Maintenance components

│ │ │ ├── notices/ # Notice board components

│ │ │ └── ...

│ │ ├── hooks/ # Custom React hooks

│ │ │ ├── useAuth.ts

│ │ │ ├── useGate.ts

│ │ │ ├── useMQTT.ts

│ │ │ └── ...

│ │ ├── lib/ # Utilities and helpers

│ │ │ ├── api.ts # API client (axios/fetch)

│ │ │ ├── mqtt.ts # MQTT client setup

│ │ │ ├── auth.ts # Auth utilities

│ │ │ └── utils.ts

│ │ ├── store/ # Zustand stores

│ │ │ ├── authStore.ts

│ │ │ ├── gateStore.ts

│ │ │ └── ...

│ │ ├── styles/ # Global styles

│ │ │ └── globals.css

│ │ ├── public/ # Static assets

│ │ ├── next.config.js

│ │ ├── tailwind.config.ts

│ │ ├── tsconfig.json

│ │ └── package.json

│ │

│ └── api/ # nextJS Backend

│ └── src/

│ ├── modules/ # Feature modules (unchanged)

│ │ ├── auth/

│ │ ├── users/

│ │ ├── gates/

│ │ ├── visitors/

│ │ ├── maintenance/

│ │ ├── notices/

│ │ ├── biometric/

│ │ ├── polls/

│ │ ├── documents/

│ │ ├── amenities/

│ │ ├── showcase/

│ │ ├── analytics/

│ │ ├── sos/

│ │ └── notifications/

│ ├── common/ # Shared utilities

│ ├── config/

│ └── database/

├── packages/ # Shared packages

│ ├── types/ # Shared TypeScript types

│ ├── utils/ # Shared utilities

│ └── config/ # Shared configuration

├── docker-compose.yml

├── turbo.json # Turborepo config

└── package.json # Root workspace

3.2 nextJS Module Structure

apps/api/src/

├── app.module.ts

├── main.ts

├── modules/

│ ├── auth/

│ │ ├── auth.module.ts

│ │ ├── auth.controller.ts

│ │ ├── auth.service.ts

│ │ ├── strategies/

│ │ │ ├── jwt.strategy.ts

│ │ │ └── local.strategy.ts

│ │ └── guards/

│ │ ├── jwt-auth.guard.ts

│ │ └── roles.guard.ts

│ │

│ ├── users/

│ │ ├── users.module.ts

│ │ ├── users.controller.ts

│ │ ├── users.service.ts

│ │ └── entities/

│ │ └── user.entity.ts

│ │

│ ├── gates/

│ │ ├── gates.module.ts

│ │ ├── gates.controller.ts

│ │ ├── gates.service.ts

│ │ ├── mqtt/

│ │ │ └── mqtt.service.ts

│ │ └── entities/

│ │ ├── gate.entity.ts

│ │ └── gate-log.entity.ts

│ │

│ ├── visitors/

│ │ ├── visitors.module.ts

│ │ ├── visitors.controller.ts

│ │ ├── visitors.service.ts

│ │ └── entities/

│ │ └── visitor.entity.ts

│ │

│ ├── maintenance/

│ │ ├── maintenance.module.ts

│ │ ├── maintenance.controller.ts

│ │ ├── maintenance.service.ts

│ │ └── entities/

│ │ ├── maintenance-request.entity.ts

│ │ └── maintenance-category.entity.ts

│ │

│ ├── notices/

│ │ ├── notices.module.ts

│ │ ├── notices.controller.ts

│ │ ├── notices.service.ts

│ │ └── entities/

│ │ └── notice.entity.ts

│ │

│ ├── biometric/

│ │ ├── biometric.module.ts

│ │ ├── biometric.controller.ts

│ │ ├── biometric.service.ts

│ │ └── entities/

│ │ └── biometric-log.entity.ts

│ │

│ ├── polls/

│ │ ├── polls.module.ts

│ │ ├── polls.controller.ts

│ │ ├── polls.service.ts

│ │ └── entities/

│ │ ├── poll.entity.ts

│ │ └── poll-vote.entity.ts

│ │

│ ├── documents/

│ │ ├── documents.module.ts

│ │ ├── documents.controller.ts

│ │ ├── documents.service.ts

│ │ └── entities/

│ │ └── document.entity.ts

│ │

│ ├── amenities/

│ │ ├── amenities.module.ts

│ │ ├── amenities.controller.ts

│ │ ├── amenities.service.ts

│ │ └── entities/

│ │ └── amenity.entity.ts

│ │

│ ├── showcase/

│ │ ├── showcase.module.ts

│ │ ├── showcase.controller.ts

│ │ ├── showcase.service.ts

│ │ └── entities/

│ │ └── showcase-item.entity.ts

│ │

│ ├── analytics/

│ │ ├── analytics.module.ts

│ │ ├── analytics.controller.ts

│ │ └── analytics.service.ts

│ │

│ ├── sos/

│ │ ├── sos.module.ts

│ │ ├── sos.controller.ts

│ │ ├── sos.service.ts

│ │ └── entities/

│ │ └── sos-alert.entity.ts

│ │

│ └── notifications/

│ ├── notifications.module.ts

│ ├── notifications.controller.ts

│ ├── notifications.service.ts

│ ├── firebase/

│ │ └── firebase.service.ts

│ └── sms/

│ └── sms.service.ts

├── common/

│ ├── decorators/

│ │ ├── roles.decorator.ts

│ │ └── current-user.decorator.ts

│ ├── guards/

│ │ ├── roles.guard.ts

│ │ └── throttle.guard.ts

│ ├── interceptors/

│ │ └── logging.interceptor.ts

│ ├── filters/

│ │ └── http-exception.filter.ts

│ └── pipes/

│ └── validation.pipe.ts

├── config/

│ ├── configuration.ts

│ └── config.module.ts

└── database/

├── migrations/

└── seeds/

---

4. API Architecture

4.1 Data Fetching Patterns

Server Component →直接 fetch nextJS API (internal network)

Client Component → SWR → nextJS API (via BFF proxy at /api/[...proxy])

PWA → MQTT.js over WebSocket → MQTT Broker (for IoT)

4.2 Next.js API Routes (BFF — Backend for Frontend)

The `app/api/[...proxy]/route.ts` catches all `/api/*` requests and proxies them to the nextJS backend:

// apps/web/app/api/[...proxy]/route.ts

import { NextRequest, NextResponse } from 'next/server';

const BACKEND_URL = process.env.nextJS_API_URL || 'http://localhost:3001';

async function proxyRequest(request: NextRequest, params: { proxy: string[] }) {

const path = params.proxy.join('/');

const url = `${BACKEND_URL}/api/v1/${path}`;

const response = await fetch(url, {

method: request.method,

headers: {

'Content-Type': request.headers.get('content-type') || 'application/json',

'Authorization': request.headers.get('authorization') || '',

},

body: request.method !== 'GET' && request.method !== 'HEAD'

? await request.text()

: undefined,

});

const data = await response.text();

return new NextResponse(data, {

status: response.status,

headers: { 'Content-Type': response.headers.get('content-type') || 'application/json' },

});

}

export async function GET(request: NextRequest, { params }: { params: { proxy: string[] } }) {

return proxyRequest(request, await params);

}

export async function POST(request: NextRequest, { params }: { params: { proxy: string[] } }) {

return proxyRequest(request, await params);

}

export async function PATCH(request: NextRequest, { params }: { params: { proxy: string[] } }) {

return proxyRequest(request, await params);

}

export async function DELETE(request: NextRequest, { params }: { params: { proxy: string[] } }) {

return proxyRequest(request, await params);

}

4.3 REST API Endpoints

#### Authentication

| Method | Endpoint | Description | Auth Required |

|--------|----------|-------------|---------------|

| POST | /api/v1/auth/register | Register new user | No |

| POST | /api/v1/auth/verify-otp | Verify OTP | No |

| POST | /api/v1/auth/login | Login | No |

| POST | /api/v1/auth/refresh | Refresh token | Yes |

| POST | /api/v1/auth/logout | Logout | Yes |

| POST | /api/v1/auth/pin | Set/verify PIN | Yes |

#### Users

| Method | Endpoint | Description | Auth Required | Roles |

|--------|----------|-------------|---------------|-------|

| GET | /api/v1/users | Get all users (project) | Yes | Admin, Manager |

| GET | /api/v1/users/:id | Get user by ID | Yes | Admin, Manager |

| PATCH | /api/v1/users/:id | Update user | Yes | Admin |

| DELETE | /api/v1/users/:id | Delete user | Yes | Admin |

| POST | /api/v1/users/:id/family | Add family member | Yes | Primary |

| DELETE | /api/v1/users/:id/family/:memberId | Remove family member | Yes | Primary |

| POST | /api/v1/users/:id/helpers | Add helper | Yes | Primary |

| DELETE | /api/v1/users/:id/helpers/:helperId | Remove helper | Yes | Primary |

#### Gates

| Method | Endpoint | Description | Auth Required | Roles |

|--------|----------|-------------|---------------|-------|

| POST | /api/v1/gates/:id/open | Open gate | Yes | Resident, Guard |

| GET | /api/v1/gates/:id/status | Get gate status | Yes | All |

| GET | /api/v1/gates/:id/logs | Get gate logs | Yes | Admin, Manager |

| POST | /api/v1/gates/rush-hour | Toggle rush hour | Yes | Guard |

| POST | /api/v1/gates/override | Guard override | Yes | Guard |

#### Visitors

| Method | Endpoint | Description | Auth Required | Roles |

|--------|----------|-------------|---------------|-------|

| POST | /api/v1/visitors/pre-approve | Pre-approve visitor | Yes | Resident |

| GET | /api/v1/visitors | Get visitors list | Yes | Guard, Manager |

| PATCH | /api/v1/visitors/:id/check-in | Check in visitor | Yes | Guard |

| PATCH | /api/v1/visitors/:id/check-out | Check out visitor | Yes | Guard |

| GET | /api/v1/visitors/logs | Get visitor logs | Yes | Admin, Manager |

#### Maintenance

| Method | Endpoint | Description | Auth Required | Roles |

|--------|----------|-------------|---------------|-------|

| POST | /api/v1/maintenance | Create request | Yes | Resident |

| GET | /api/v1/maintenance | Get requests | Yes | All |

| GET | /api/v1/maintenance/:id | Get request by ID | Yes | All |

| PATCH | /api/v1/maintenance/:id/assign | Assign request | Yes | Manager |

| PATCH | /api/v1/maintenance/:id/status | Update status | Yes | Maintenance |

| POST | /api/v1/maintenance/:id/complete | Complete request | Yes | Maintenance |

| POST | /api/v1/maintenance/:id/rate | Rate request | Yes | Resident |

#### Notices

| Method | Endpoint | Description | Auth Required | Roles |

|--------|----------|-------------|---------------|-------|

| POST | /api/v1/notices | Create notice | Yes | Chairman, Secretary, Treasurer |

| GET | /api/v1/notices | Get notices | Yes | All |

| GET | /api/v1/notices/:id | Get notice by ID | Yes | All |

| PATCH | /api/v1/notices/:id | Update notice | Yes | Creator |

| DELETE | /api/v1/notices/:id | Delete notice | Yes | Creator, Admin |

| POST | /api/v1/notices/:id/read | Mark as read | Yes | Resident |

#### Biometric

| Method | Endpoint | Description | Auth Required | Roles |

|--------|----------|-------------|---------------|-------|

| POST | /api/v1/biometric/check-in | Helper check-in | No | Biometric Device |

| POST | /api/v1/biometric/check-out | Helper check-out | No | Biometric Device |

| POST | /api/v1/biometric/register | Register fingerprint | Yes | Manager |

| GET | /api/v1/biometric/logs | Get attendance logs | Yes | Manager, Resident |

| GET | /api/v1/biometric/reports | Get monthly reports | Yes | Manager |

#### Polls

| Method | Endpoint | Description | Auth Required | Roles |

|--------|----------|-------------|---------------|-------|

| POST | /api/v1/polls | Create poll | Yes | Chairman, Secretary, Treasurer |

| GET | /api/v1/polls | Get polls | Yes | All |

| GET | /api/v1/polls/:id | Get poll by ID | Yes | All |

| POST | /api/v1/polls/:id/vote | Vote in poll | Yes | Resident (any family member, one vote per flat) |

| GET | /api/v1/polls/:id/results | Get results | Yes | All |

#### Documents

| Method | Endpoint | Description | Auth Required | Roles |

|--------|----------|-------------|---------------|-------|

| POST | /api/v1/documents | Upload document | Yes | Admin |

| GET | /api/v1/documents | Get documents | Yes | All |

| GET | /api/v1/documents/:id | Get document by ID | Yes | All |

| DELETE | /api/v1/documents/:id | Delete document | Yes | Admin |

#### Amenities

| Method | Endpoint | Description | Auth Required | Roles |

|--------|----------|-------------|---------------|-------|

| POST | /api/v1/amenities | Create amenity | Yes | Admin |

| GET | /api/v1/amenities | Get amenities | Yes | All |

| POST | /api/v1/amenities/:id/book | Book amenity | Yes | Resident |

| GET | /api/v1/amenities/calendar | Get calendar | Yes | All |

#### Showcase

| Method | Endpoint | Description | Auth Required | Roles |

|--------|----------|-------------|---------------|-------|

| POST | /api/v1/showcase | Create item | Yes | Admin |

| GET | /api/v1/showcase | Get items | Yes | All |

| PATCH | /api/v1/showcase/:id | Update item | Yes | Admin |

| DELETE | /api/v1/showcase/:id | Delete item | Yes | Admin |

#### Analytics

| Method | Endpoint | Description | Auth Required | Roles |

|--------|----------|-------------|---------------|-------|

| GET | /api/v1/analytics/gate-usage | Gate usage analytics | Yes | Admin, Manager |

| GET | /api/v1/analytics/attendance | Attendance reports | Yes | Admin, Manager |

| GET | /api/v1/analytics/maintenance | Maintenance trends | Yes | Admin, Manager |

| GET | /api/v1/analytics/export | Export report | Yes | Admin |

#### SOS

| Method | Endpoint | Description | Auth Required | Roles |

|--------|----------|-------------|---------------|-------|

| POST | /api/v1/sos/trigger | Trigger SOS | Yes | Admin, Manager, Guard |

| PATCH | /api/v1/sos/dnd-override | Toggle DND override | Yes | Admin, Manager, Guard |

| GET | /api/v1/sos/logs | Get SOS logs | Yes | Admin |

| GET | /api/v1/sos/:id/acknowledgments | Get acknowledgments | Yes | Admin |

---

5. Database Architecture

5.1 PostgreSQL Schema Design

-- Organizations (PJA)

CREATE TABLE organizations (

id UUID PRIMARY KEY DEFAULT gen_random_uuid(),

name VARCHAR(255) NOT NULL,

logo_url VARCHAR(500),

settings JSONB,

created_at TIMESTAMP DEFAULT NOW(),

updated_at TIMESTAMP DEFAULT NOW()

);

-- Projects (Manorama, Future Projects)

CREATE TABLE projects (

id UUID PRIMARY KEY DEFAULT gen_random_uuid(),

organization_id UUID REFERENCES organizations(id),

name VARCHAR(255) NOT NULL,

address TEXT,

city VARCHAR(100),

total_units INTEGER,

towers JSONB,

features JSONB, -- Feature toggle configuration

settings JSONB,

status VARCHAR(20) DEFAULT 'active',

created_at TIMESTAMP DEFAULT NOW(),

updated_at TIMESTAMP DEFAULT NOW()

);

-- Users (All user types)

CREATE TABLE users (

id UUID PRIMARY KEY DEFAULT gen_random_uuid(),

organization_id UUID REFERENCES organizations(id),

project_id UUID REFERENCES projects(id),

flat_id UUID,

mobile VARCHAR(15) UNIQUE NOT NULL,

email VARCHAR(255),

name VARCHAR(255) NOT NULL,

role VARCHAR(50) NOT NULL, -- primary_member, family_member, helper, guard, manager, admin, chairman, secretary, treasurer

pin_hash VARCHAR(255),

device_fingerprint VARCHAR(500),

is_active BOOLEAN DEFAULT true,

created_at TIMESTAMP DEFAULT NOW(),

updated_at TIMESTAMP DEFAULT NOW()

);

-- Flats

CREATE TABLE flats (

id UUID PRIMARY KEY DEFAULT gen_random_uuid(),

project_id UUID REFERENCES projects(id),

tower VARCHAR(50),

flat_number VARCHAR(50) NOT NULL,

floor INTEGER,

owner_id UUID REFERENCES users(id),

occupancy_type VARCHAR(20), -- owner, tenant

status VARCHAR(20) DEFAULT 'occupied', -- occupied, vacant, sold

created_at TIMESTAMP DEFAULT NOW()

);

-- Family Members (linked to primary member)

CREATE TABLE family_members (

id UUID PRIMARY KEY DEFAULT gen_random_uuid(),

primary_member_id UUID REFERENCES users(id),

user_id UUID REFERENCES users(id),

relationship VARCHAR(100),

created_at TIMESTAMP DEFAULT NOW()

);

-- Helpers (linked to primary member)

CREATE TABLE helpers (

id UUID PRIMARY KEY DEFAULT gen_random_uuid(),

primary_member_id UUID REFERENCES users(id),

user_id UUID REFERENCES users(id),

helper_type VARCHAR(50), -- maid, driver, cook, other

has_gate_access BOOLEAN DEFAULT false,

biometric_id VARCHAR(100),

created_at TIMESTAMP DEFAULT NOW()

);

-- Gates

CREATE TABLE gates (

id UUID PRIMARY KEY DEFAULT gen_random_uuid(),

project_id UUID REFERENCES projects(id),

name VARCHAR(100) NOT NULL,

location VARCHAR(255),

iot_device_id VARCHAR(100),

mqtt_topic VARCHAR(255),

status VARCHAR(20) DEFAULT 'active',

is_online BOOLEAN DEFAULT true,

created_at TIMESTAMP DEFAULT NOW()

);

-- Gate Logs

CREATE TABLE gate_logs (

id UUID PRIMARY KEY DEFAULT gen_random_uuid(),

gate_id UUID REFERENCES gates(id),

user_id UUID,

action VARCHAR(50), -- open, close, override

method VARCHAR(50), -- app, pin, guard, rush_hour, physical

device_id VARCHAR(100),

timestamp TIMESTAMP DEFAULT NOW(),

metadata JSONB

);

-- Visitors

CREATE TABLE visitors (

id UUID PRIMARY KEY DEFAULT gen_random_uuid(),

project_id UUID REFERENCES projects(id),

gate_id UUID REFERENCES gates(id),

flat_id UUID REFERENCES flats(id),

name VARCHAR(255) NOT NULL,

phone VARCHAR(15),

purpose VARCHAR(255),

photo_url VARCHAR(500),

status VARCHAR(20) DEFAULT 'pending', -- pending, approved, checked_in, checked_out

pre_approved BOOLEAN DEFAULT false,

checked_in_at TIMESTAMP,

checked_out_at TIMESTAMP,

created_at TIMESTAMP DEFAULT NOW()

);

-- Maintenance Requests

CREATE TABLE maintenance_requests (

id UUID PRIMARY KEY DEFAULT gen_random_uuid(),

project_id UUID REFERENCES projects(id),

flat_id UUID REFERENCES flats(id),

requested_by UUID REFERENCES users(id),

assigned_to UUID REFERENCES users(id),

category VARCHAR(50) NOT NULL, -- plumbing, electrical, civil, lift, painting, pest_control, other

priority VARCHAR(20) DEFAULT 'medium', -- low, medium, high, urgent

status VARCHAR(20) DEFAULT 'open', -- open, assigned, in_progress, completed, rated, closed

description TEXT,

photo_urls JSONB,

completion_photo_url VARCHAR(500),

completion_notes TEXT,

resident_rating INTEGER,

resident_feedback TEXT,

manager_rating INTEGER,

created_at TIMESTAMP DEFAULT NOW(),

updated_at TIMESTAMP DEFAULT NOW()

);

-- Notices

CREATE TABLE notices (

id UUID PRIMARY KEY DEFAULT gen_random_uuid(),

project_id UUID REFERENCES projects(id),

created_by UUID REFERENCES users(id),

title VARCHAR(255) NOT NULL,

content TEXT NOT NULL,

category VARCHAR(50), -- maintenance, events, water_power, general

priority VARCHAR(20) DEFAULT 'normal', -- normal, important, emergency

target_audience JSONB, -- { type: "all" | "tower" | "flat", value: "..." }

is_published BOOLEAN DEFAULT false,

published_at TIMESTAMP,

expires_at TIMESTAMP,

created_at TIMESTAMP DEFAULT NOW()

);

-- Notice Reads

CREATE TABLE notice_reads (

id UUID PRIMARY KEY DEFAULT gen_random_uuid(),

notice_id UUID REFERENCES notices(id),

user_id UUID REFERENCES users(id),

read_at TIMESTAMP DEFAULT NOW()

);

-- Biometric Logs

CREATE TABLE biometric_logs (

id UUID PRIMARY KEY DEFAULT gen_random_uuid(),

project_id UUID REFERENCES projects(id),

helper_id UUID REFERENCES helpers(id),

device_id VARCHAR(100),

action VARCHAR(20), -- check_in, check_out

timestamp TIMESTAMP DEFAULT NOW(),

synced BOOLEAN DEFAULT true

);

-- Polls

CREATE TABLE polls (

id UUID PRIMARY KEY DEFAULT gen_random_uuid(),

project_id UUID REFERENCES projects(id),

created_by UUID REFERENCES users(id),

question TEXT NOT NULL,

options JSONB NOT NULL, -- [{ id, text }]

deadline TIMESTAMP,

status VARCHAR(20) DEFAULT 'active', -- active, closed, cancelled

created_at TIMESTAMP DEFAULT NOW()

);

-- Poll Votes

CREATE TABLE poll_votes (

id UUID PRIMARY KEY DEFAULT gen_random_uuid(),

poll_id UUID REFERENCES polls(id),

flat_id UUID REFERENCES flats(id),

user_id UUID REFERENCES users(id),

option_id VARCHAR(50) NOT NULL,

voted_at TIMESTAMP DEFAULT NOW()

);

-- Documents

CREATE TABLE documents (

id UUID PRIMARY KEY DEFAULT gen_random_uuid(),

project_id UUID REFERENCES projects(id),

title VARCHAR(255) NOT NULL,

description TEXT,

file_url VARCHAR(500) NOT NULL,

category VARCHAR(100),

uploaded_by UUID REFERENCES users(id),

is_visible BOOLEAN DEFAULT true,

created_at TIMESTAMP DEFAULT NOW()

);

-- Amenities

CREATE TABLE amenities (

id UUID PRIMARY KEY DEFAULT gen_random_uuid(),

project_id UUID REFERENCES projects(id),

name VARCHAR(255) NOT NULL,

description TEXT,

type VARCHAR(50), -- hall, terrace, conference_room, garden, gym, pool

is_paid BOOLEAN DEFAULT false,

booking_fee DECIMAL(10,2),

status VARCHAR(20) DEFAULT 'active',

created_at TIMESTAMP DEFAULT NOW()

);

-- Amenity Bookings

CREATE TABLE amenity_bookings (

id UUID PRIMARY KEY DEFAULT gen_random_uuid(),

amenity_id UUID REFERENCES amenities(id),

flat_id UUID REFERENCES flats(id),

booked_by UUID REFERENCES users(id),

event_name VARCHAR(255),

booking_date DATE NOT NULL,

start_time TIME,

end_time TIME,

status VARCHAR(20) DEFAULT 'confirmed', -- confirmed, cancelled

created_at TIMESTAMP DEFAULT NOW()

);

-- Showcase Items

CREATE TABLE showcase_items (

id UUID PRIMARY KEY DEFAULT gen_random_uuid(),

organization_id UUID REFERENCES organizations(id),

project_id UUID, -- NULL for organization-wide

title VARCHAR(255) NOT NULL,

description TEXT,

image_url VARCHAR(500),

link_url VARCHAR(500),

button_text VARCHAR(100),

display_order INTEGER,

is_active BOOLEAN DEFAULT true,

created_at TIMESTAMP DEFAULT NOW(),

updated_at TIMESTAMP DEFAULT NOW()

);

-- SOS Alerts

CREATE TABLE sos_alerts (

id UUID PRIMARY KEY DEFAULT gen_random_uuid(),

project_id UUID REFERENCES projects(id),

triggered_by UUID REFERENCES users(id),

message TEXT,

dnd_override BOOLEAN DEFAULT true, -- SOS always overrides DND

dnd_override_enabled_by UUID REFERENCES users(id), -- Who toggled DND override

triggered_at TIMESTAMP DEFAULT NOW(),

acknowledged_count INTEGER DEFAULT 0,

total_residents INTEGER

);

-- SOS Acknowledgments

CREATE TABLE sos_acknowledgments (

id UUID PRIMARY KEY DEFAULT gen_random_uuid(),

sos_id UUID REFERENCES sos_alerts(id),

user_id UUID REFERENCES users(id),

acknowledged_at TIMESTAMP DEFAULT NOW()

);

-- Audit Logs

CREATE TABLE audit_logs (

id UUID PRIMARY KEY DEFAULT gen_random_uuid(),

project_id UUID REFERENCES projects(id),

user_id UUID,

action VARCHAR(100) NOT NULL,

entity_type VARCHAR(50),

entity_id UUID,

old_value JSONB,

new_value JSONB,

ip_address VARCHAR(45),

device_info JSONB,

created_at TIMESTAMP DEFAULT NOW()

);

5.2 Redis Cache Strategy

| Key Pattern | TTL | Purpose |

|-------------|-----|---------|

| `user:{userId}:session` | 24 hours | User session data |

| `user:{userId}:pin_attempts` | 5 minutes | PIN attempt counter |

| `gate:{gateId}:status` | 5 seconds | Real-time gate status |

| `project:{projectId}:features` | 1 hour | Feature toggle cache |

| `notice:{noticeId}:reads` | 24 hours | Read receipt counter |

| `visitor:{flatId}:active` | 24 hours | Active visitors for flat |

| `rush_hour:{projectId}` | Until disabled | Rush hour mode status |

---

6. IoT Architecture

6.1 MQTT Topic Structure

pja/{project_id}/gate/{gate_id}/open      -- Gate open command

pja/{project_id}/gate/{gate_id}/close -- Gate close command

pja/{project_id}/gate/{gate_id}/status -- Gate status updates

pja/{project_id}/gate/{gate_id}/health -- Device health check

pja/{project_id}/biometric/check-in -- Biometric check-in event

pja/{project_id}/biometric/check-out -- Biometric check-out event

pja/{project_id}/sos/trigger -- SOS trigger

pja/{project_id}/guard/override -- Guard override

6.2 ESP32 Firmware Flow

ESP32 Boot

    │

    ├─ Connect to WiFi

    ├─ Connect to MQTT Broker (TLS)

    ├─ Subscribe to: pja/{project}/gate/{gate_id}/open

    ├─ Subscribe to: pja/{project}/gate/{gate_id}/close

    │

    ▼

WAITING FOR MESSAGES

    │

    ├─ On "open" message:

    │ ├── Validate payload (user_id, device_id, pin_hash)

    │ ├── Activate relay (HIGH signal)

    │ ├── Wait 2 seconds

    │ ├── Deactivate relay (LOW signal)

    │ ├── Publish status: { status: "opened", timestamp }

    │ └── Log to local storage

    │

    ├─ On "close" message:

    │ ├── Validate payload

    │ ├── Activate relay (for closing mechanism)

    │ ├── Publish status: { status: "closed", timestamp }

    │ └── Log to local storage

    │

    └─ Periodic health check (every 60 seconds):

├── Publish: { status: "online", uptime, free_heap }

└── If WiFi/MQTT disconnect: Attempt reconnection

6.3 Security Measures

| Measure | Implementation |

|---------|----------------|

| MQTT Encryption | TLS 1.3 on all MQTT connections |

| Payload Signing | HMAC-SHA256 signature on all gate commands |

| Device Authentication | Each ESP32 has unique certificate |

| Rate Limiting | Maximum 10 gate operations per minute per device |

| Fallback | Physical button always works, zero app dependency |

| Tamper Detection | ESP32 detects physical tampering and alerts |

---

7. Deployment Architecture

7.1 Cloud Deployment

┌──────────────────────────────────────────────────────────────────────────┐

│ AWS / GCP CLOUD │

├──────────────────────────────────────────────────────────────────────────┤

│ │

│ ┌─────────────────────────────────────────────────────────────────┐ │

│ │ Vercel (Next.js) │ │

│ │ ┌──────────────┐ ┌──────────────┐ │ │

│ │ │ Admin Portal │ │ PWA │ │ │

│ │ │ (SSR/SSG) │ │ (Service │ │ │

│ │ │ │ │ Worker) │ │ │

│ │ └──────────────┘ └──────────────┘ │ │

│ │ - Edge functions │ │

│ │ - Automatic preview deploys │ │

│ │ - Global CDN (Vercel Edge Network) │ │

│ └─────────────────────────────┬───────────────────────────────────┘ │

│ │ │

│ ┌─────────────────────────────┴───────────────────────────────────┐ │

│ │ Application Load Balancer │ │

│ │ (SSL termination, routing) │ │

│ └─────────────────────────────┬───────────────────────────────────┘ │

│ │ │

│ ┌─────────────────────────────┴───────────────────────────────────┐ │

│ │ ECS / Cloud Run │ │

│ │ │ │

│ │ ┌────────────┐ ┌────────────┐ ┌────────────┐ │ │

│ │ │ nextJS │ │ nextJS │ │ nextJS │ │ │

│ │ │ Container │ │ Container │ │ Container │ │ │

│ │ │ (Replica 1)│ │ (Replica 2)│ │ (Replica 3)│ │ │

│ │ └────────────┘ └────────────┘ └────────────┘ │ │

│ │ │ │

│ └────────────────────────────────────────────────────────────────┘ │

│ │ │

│ ┌─────────────────────────────┴───────────────────────────────────┐ │

│ │ Data Layer │ │

│ │ │ │

│ │ ┌────────────┐ ┌────────────┐ ┌────────────┐ │ │

│ │ │ PostgreSQL │ │ Redis │ │ S3 │ │ │

│ │ │ (RDS) │ │ (ElastiCache)│ │ (Buckets) │ │ │

│ │ └────────────┘ └────────────┘ └────────────┘ │ │

│ │ │ │

│ └────────────────────────────────────────────────────────────────┘ │

│ │

│ ┌────────────────────────────────────────────────────────────────┐ │

│ │ EC2 / Compute Engine │ │

│ │ │ │

│ │ ┌────────────┐ │ │

│ │ │ Mosquitto │ │ │

│ │ │ MQTT Broker│ │ │

│ │ └────────────┘ │ │

│ │ │ │

│ └────────────────────────────────────────────────────────────────┘ │

│ │

└──────────────────────────────────────────────────────────────────────────┘

7.2 CI/CD Pipeline

Code Push to GitHub

    │

    ├─ GitHub Actions Workflow Triggered

    │

    ├─ Stage 1: Lint & Type Check

    │ ├── ESLint (code quality)

    │ ├── TypeScript compilation check

    │ └── Prettier formatting check

    │

    ├─ Stage 2: Unit Tests

    │ ├── Jest test suite

    │ └── Coverage report

    │

    ├─ Stage 3: Build

    │ ├── Build nextJS backend (next build)

    │ ├── Build Next.js web app (next build)

    │ ├── Build Docker images

    │ └── Push to container registry

    │

    ├─ Stage 4: Security Scan

    │ ├── Snyk vulnerability scan

    │ ├── OWASP dependency check

    │ └── Container security scan

    │

    ├─ Stage 5: Deploy to Staging

    │ ├── Deploy Next.js to Vercel (preview)

    │ ├── Deploy nextJS to ECS/Cloud Run (staging)

    │ ├── Run integration tests

    │ └── Smoke tests

    │

    ├─ Stage 6: Manual Approval

    │ └── Team lead approval

    │

    └─ Stage 7: Deploy to Production

├── Deploy Next.js to Vercel (production)

├── Deploy nextJS to ECS/Cloud Run (production)

├── Database migrations

├── Health checks

└── Rollback if failed

---

8. Monitoring & Observability

8.1 Monitoring Stack

| Component | Tool | Purpose |

|-----------|------|---------|

| Application Monitoring | New Relic / Datadog | Performance monitoring |

| Log Aggregation | ELK Stack / CloudWatch Logs | Centralized logging |

| Error Tracking | Sentry | Error capture and alerting |

| Uptime Monitoring | Pingdom / UptimeRobot | Availability monitoring |

| Infrastructure Monitoring | CloudWatch / Stackdriver | Server and DB metrics |

| IoT Monitoring | Custom dashboard | Device health and connectivity |

8.2 Key Metrics

| Metric | Target | Alert Threshold |

|--------|--------|-----------------|

| API Response Time (p95) | < 500ms | > 1000ms |

| API Error Rate | < 0.1% | > 1% |

| Gate Open Response Time | < 1 second | > 2 seconds |

| MQTT Message Delivery | > 99.9% | < 99% |

| Database Connection Pool | < 80% | > 90% |

| Redis Memory Usage | < 70% | > 85% |

| Container CPU Usage | < 70% | > 85% |

| Container Memory Usage | < 80% | > 90% |

| S3 Storage | Monitor growth | > 100GB |

| Active MQTT Connections | Monitor count | Unexpected drops |

8.3 Alerting Rules

| Alert | Condition | Severity | Notification |

|-------|-----------|----------|--------------|

| API Down | 3 consecutive failures | Critical | SMS + Email + Slack |

| High Error Rate | > 5% for 5 minutes | High | Email + Slack |

| Gate IoT Offline | Device not responding for 2 minutes | High | SMS + Email |

| Database Slow Query | > 2 seconds | Medium | Email |

| High Memory Usage | > 90% for 10 minutes | Medium | Email |

| SSL Certificate Expiry | < 30 days | Low | Email |

| Backup Failure | Any failure | High | SMS + Email |

---

9. Security Architecture

9.1 Security Layers

┌─────────────────────────────────────────────────────────────────┐

│ SECURITY LAYERS │

├─────────────────────────────────────────────────────────────────┤

│ │

│ Layer 1: Network Security │

│ ├── WAF (Web Application Firewall) │

│ ├── DDoS Protection (AWS Shield / Cloudflare) │

│ ├── VPC Isolation │

│ └── Security Groups (port restrictions) │

│ │

│ Layer 2: Transport Security │

│ ├── TLS 1.3 on all connections │

│ ├── HSTS headers │

│ ├── Certificate pinning (mobile app) │

│ └── MQTT over TLS │

│ │

│ Layer 3: Application Security │

│ ├── JWT authentication with short expiry │

│ ├── Rate limiting (100 req/min per user) │

│ ├── Input validation (class-validator) │

│ ├── SQL injection prevention (Prisma ORM) │

│ ├── XSS prevention (output encoding) │

│ └── CORS configuration │

│ │

│ Layer 4: Data Security │

│ ├── AES-256 encryption at rest │

│ ├── Field-level encryption for sensitive data │

│ ├── Database encryption (RDS encryption) │

│ ├── S3 bucket encryption │

│ └── Redis encryption at rest │

│ │

│ Layer 5: Access Control │

│ ├── Role-Based Access Control (RBAC) │

│ ├── Multi-tenant data isolation │

│ ├── Device verification (fingerprinting) │

│ ├── PIN verification for gate operations │

│ └── Session management with auto-logout │

│ │

│ Layer 6: Audit & Compliance │

│ ├── Complete audit trail for all operations │

│ ├── Immutable audit logs │

│ ├── DPDP Act 2023 compliance │

│ ├── GDPR compliance framework │

│ └── Regular security audits │

│ │

└─────────────────────────────────────────────────────────────────┘

9.2 Data Isolation (Multi-Tenant)

-- Every query includes project_id filter

-- Example: Get all users for a project

SELECT * FROM users WHERE project_id = $1;

-- Prisma middleware enforces tenant isolation

-- Cannot access data from other projects

-- Even admins cannot cross tenant boundaries without explicit query

---

10. Scalability Considerations

10.1 Horizontal Scaling

| Component | Scaling Strategy |

|-----------|-----------------|

| API Server | Auto-scaling based on CPU/request count |

| PostgreSQL | Read replicas + connection pooling |

| Redis | Cluster mode for horizontal scaling |

| S3 | Unlimited storage (auto-scaling) |

| MQTT | Mosquitto cluster for high availability |

10.2 Performance Optimization

| Technique | Implementation |

|-----------|----------------|

| Caching | Redis for frequently accessed data |

| CDN | CloudFront for static assets |

| Database Indexing | Optimized indexes for common queries |

| Connection Pooling | PgBouncer for PostgreSQL connections |

| Lazy Loading | Mobile app loads data on demand |

| Image Optimization | S3 + CloudFront image resizing |

| API Pagination | Cursor-based pagination for large datasets |

10.3 Load Testing Targets

| Scenario | Target |

|----------|--------|

| Concurrent API Users | 1000+ |

| Gate Operations per Second | 100+ |

| MQTT Messages per Second | 500+ |

| Database Queries per Second | 1000+ |

| File Uploads per Minute | 50+ |