Nespo.dev

Architecture Overview

Nespo.dev is built on a modern, scalable monorepo architecture that enables maximum code reuse across multiple platforms while maintaining clear separation of concerns.

High-Level Architecture

┌─────────────────────────────────────────────────────────┐
│                     Nespo Monorepo                       │
├─────────────────────────────────────────────────────────┤
│                                                           │
│  ┌──────────────┐  ┌──────────────┐  ┌──────────────┐  │
│  │   Web App    │  │  Mobile App  │  │   API Server │  │
│  │   (Next.js)  │  │    (Expo)    │  │   (NestJS)   │  │
│  └──────┬───────┘  └──────┬───────┘  └──────┬───────┘  │
│         │                  │                  │          │
│         └──────────────────┴──────────────────┘          │
│                            │                             │
│                 ┌──────────▼──────────┐                  │
│                 │  Shared Packages    │                  │
│                 │  - API Client       │                  │
│                 │  - Types           │                  │
│                 │  - Utils           │                  │
│                 └─────────────────────┘                  │
└─────────────────────────────────────────────────────────┘

Core Principles

1. Monorepo Structure

All applications and packages live in a single repository, enabling:

  • Atomic commits across multiple packages
  • Simplified dependency management
  • Consistent versioning
  • Unified CI/CD pipeline

2. Type Safety

End-to-end type safety powered by TypeScript:

  • Shared types across all platforms
  • Auto-generated API client types
  • Compile-time error detection
  • Enhanced IDE support

3. Code Reusability

Maximum code sharing without sacrificing platform-specific optimizations:

  • Business logic packages
  • Shared utilities and helpers
  • Type definitions
  • API client library

4. Clear Boundaries

Well-defined boundaries between different parts of the system:

  • Apps: Platform-specific user-facing applications
  • Packages: Shared, reusable code
  • Services: Third-party integrations

Technology Stack

Build System

  • TurboRepo: Intelligent build orchestration
  • pnpm: Efficient package management
  • TypeScript: Type-safe development

Frontend

  • Next.js 15: Web application framework
  • Expo SDK 52: Mobile application framework
  • React 19: UI library
  • Tailwind CSS: Styling

Backend

  • NestJS 11: API framework
  • Prisma: Database ORM
  • PostgreSQL: Primary database
  • Socket.io: Real-time communication

Developer Tools

  • ESLint: Code linting
  • Prettier: Code formatting
  • Jest: Testing framework
  • GitHub Actions: CI/CD

Application Layers

Presentation Layer

Platform-specific user interfaces:

  • Web: Next.js with App Router and React Server Components
  • Mobile: Expo with React Native and native modules

Business Logic Layer

Shared across all platforms:

  • Authentication and authorization
  • Data validation
  • Business rules
  • State management patterns

Data Layer

Centralized data management:

  • Prisma ORM: Type-safe database queries
  • PostgreSQL: Relational data storage
  • Redis (optional): Caching and sessions

Integration Layer

Third-party services:

  • Payment processing (Stripe)
  • Email delivery (Resend)
  • Cloud storage (AWS S3)
  • Push notifications (Expo)

Data Flow

Client to Server

1. User Action (Web/Mobile)
   ↓
2. Type-safe API Client
   ↓
3. HTTP Request
   ↓
4. NestJS API Endpoint
   ↓
5. Business Logic / Service Layer
   ↓
6. Prisma ORM
   ↓
7. PostgreSQL Database
   ↓
8. Response back through the chain

Real-time Updates

1. Event Trigger (Server)
   ↓
2. Socket.io Broadcast
   ↓
3. WebSocket Connection
   ↓
4. Client Update (Web/Mobile)

Security Architecture

Authentication

  • JWT-based authentication
  • OAuth 2.0 support (Google, GitHub)
  • Secure token storage
  • Refresh token rotation

Authorization

  • Role-based access control (RBAC)
  • Resource-level permissions
  • API route guards
  • Database-level security

Data Protection

  • Encrypted connections (TLS)
  • Password hashing (bcrypt)
  • SQL injection prevention (Prisma)
  • XSS protection (built-in React)
  • CSRF tokens

Scalability

Horizontal Scaling

  • Stateless API design
  • Load balancer ready
  • Database connection pooling
  • Redis session store

Vertical Scaling

  • Efficient query optimization
  • Proper indexing strategy
  • Caching layers
  • Background job processing

Deployment Architecture

Development

Developer Machine
├── Web (localhost:3000)
├── API (localhost:4000)
├── Mobile (Expo Go)
└── PostgreSQL (Docker)

Production

Cloud Infrastructure
├── Web App (Vercel/AWS)
├── API Server (AWS ECS/Fargate)
├── Database (RDS PostgreSQL)
├── Storage (S3)
├── CDN (CloudFront)
└── Monitoring (DataDog/Sentry)

Next Steps

Dive deeper into specific aspects:

Or explore our feature implementations: