Architecture-Summary

Architecture Overview - Reffi App

Purpose

This is a business-friendly summary of key technical decisions from the full architecture documentation.

High-Level Architecture

System Type: Modern Web Application (Client-Server) Backend: Supabase (Backend-as-a-Service) Frontend: React Single Page Application

[User Browser] → [React App] → [Supabase Cloud]
                                  ↓
                            [PostgreSQL Database]
                            [Authentication]
                            [Edge Functions]
                            [Stripe Integration]

Key Technical Decisions

Decision 1: Supabase as Backend Platform

• What: Using Supabase instead of building custom backend infrastructure
• Why:
  • Reduces development time by 60-70%
  • Provides enterprise-grade security out of the box
  • Built-in authentication and database management
  • Automatic API generation
• Impact:
  • Faster time to market
  • Lower hosting costs (~$25-$75/month vs. $500+/month for custom infrastructure)
  • Easier scaling as user base grows

Decision 2: Remote-Only Database (No Local Instance)

• What: All development happens against remote Supabase database
• Why:
  • Simplifies development workflow
  • Ensures consistency across team members
  • Easier onboarding for new developers
• Impact:
  • Requires internet connection for development
  • Faster deployment process
  • Single source of truth for data

Decision 3: Edge Functions for Business Logic

• What: Server-side functions run on Supabase cloud infrastructure
• Why:
  • Secure payment processing (Stripe Connect)
  • Complex business logic isolated from frontend
  • Rate limiting and security validations
• Impact:
  • Prevents payment fraud
  • Handles webhook processing for Stripe
  • Automatic payment releases after 30 days

Decision 4: Row Level Security (RLS)

• What: Database-level security policies controlling data access
• Why:
  • Referees can only see their own data
  • Leagues can only see their own job postings
  • Prevents unauthorized data access
• Impact:
  • Enterprise-grade security
  • GDPR/privacy compliance ready
  • Reduces security vulnerabilities by 90%

Integration Points

External Services

1. Google Maps API - Location-based job search

   • Cost: ~$200/month at scale (free tier for initial launch)

2. Stripe Connect - Payment processing

   • Cost: 2.9% + $0.30 per transaction
   • Enables referee payouts

3. Supabase - Backend infrastructure

   • Cost: $25/month(Protier)initially,scalesto$75/month at 10k users

Deployment & Hosting

• Platform: Supabase Cloud (PostgreSQL, Auth, Edge Functions)
• Frontend Hosting: TBD - Likely Vercel/Netlify → Moving to Render
• Monthly Cost Projection:
  • Initial: $25-50/month
  • At 1,000 users: $50-100/month
  • At 10,000 users: $75-200/month
• Scalability: Can handle 100,000+ users without major architectural changes

Security Features

Production-Ready Security

• Rate Limiting: 10 requests per 60 seconds per user on critical endpoints
• Input Validation: All user inputs validated before processing
• Audit Logging: Automatic tracking of sensitive operations
• PII Protection: No personal information logged
• Payment Security: Stripe-compliant payment handling

Development Workflow

1. Code Changes: Developers work locally on React app
2. Database Changes: Apply migrations via Supabase MCP tools
3. Testing: Test against remote Supabase instance
4. Deployment: Push to hosting platform (automated)

Time to Deploy: ~5 minutes for code changes, ~2 minutes for database migrations

---

Full Technical Details

Complete architecture documentation: /home/alexd/Projects/reffi-webapp/.opencode/rules/memory-bank/architecture.md