System Architecture

Tarasol follows a microservices architecture with 21+ independent services communicating via HTTP REST and RabbitMQ message queues. Each service owns its data and is independently deployable.

Architecture Principles

Service Isolation — Each service has its own database schema and can be deployed independently
Event-Driven — Asynchronous communication via RabbitMQ for decoupled processing
Multi-Tenant — Tenant isolation at the database level with dynamic connection management
API Gateway — Single entry point via the Gateway service for all client traffic
Shared Nothing — Services don't share databases; inter-service data access is via APIs

Service Communication

Service Dependency Graph

Loading diagram...

Deployment Topology

The system is designed for containerized deployment:

Infrastructure Layer — Redis, RabbitMQ, SQL Server, MongoDB, Elasticsearch
Foundation Services — Identity, Tenant (must start first)
Core Business Services — CMS, Correspondence, Task, Admin
Support Services — Notification, Media, Search, BI, Audit, Profile
Workers — Notification Workers, Media Worker
Gateway — Starts last, routes to all services

Multi-Tenant Data Isolation

Multi-Tenant Database Routing

Loading diagram...

Each request carries a tenant identifier. Services dynamically connect to the appropriate tenant database based on configuration stored in the central Tarasol.MultiTenancy database.

Security Layers

Layer	Implementation
Transport	HTTPS / TLS
Authentication	JWT tokens (access + refresh)
Authorization	Role-based + Permission-based
Service-to-Service	S2S JWT tokens
HTTP Security	Helmet middleware
Rate Limiting	express-rate-limit (per tenant/user)
Input Validation	Class-validator (NestJS)
File Security	ClamScan virus scanning

Monitoring Stack

Elastic APM — Application performance monitoring across all services
Elasticsearch — Centralized log aggregation
Prometheus — Metrics collection from each service
Winston — Structured JSON logging (ECS format)
Morgan — HTTP request logging