System Architecture

Last updated: December 16, 2025

QR Igniter follows a modern, layered architecture designed for scalability, maintainability, and security.

High-Level Architecture

┌─────────────────────────────────────────────────────────────────┐
│                        Client Layer                              │
├─────────────────┬─────────────────┬─────────────────────────────┤
│  Admin Panel    │  Mobile App     │  Public Website             │
│  (Filament)     │  (Flutter)      │  (Static HTML)              │
└────────┬────────┴────────┬────────┴──────────────────────────────┘
         │                 │
         ▼                 ▼
┌─────────────────────────────────────────────────────────────────┐
│                        API Layer                                 │
├─────────────────────────────────────────────────────────────────┤
│  REST API (Laravel)        │  Resolution API (Laravel)          │
│  /api/v1/*                 │  /01/{gtin}/*                       │
└────────────────────────────┴────────────────────────────────────┘
         │                             │
         ▼                             ▼
┌─────────────────────────────────────────────────────────────────┐
│                      Service Layer                               │
├─────────────────┬─────────────────┬─────────────────────────────┤
│  GS1 Services   │  QR Services    │  Analytics Services         │
│  - Parser       │  - Generator    │  - Recording                │
│  - Builder      │  - Logo Embed   │  - Aggregation              │
└────────┬────────┴────────┬────────┴──────────────────────────────┘
         │                 │
         ▼                 ▼
┌─────────────────────────────────────────────────────────────────┐
│                      Data Layer                                  │
├─────────────────────────────────────────────────────────────────┤
│  MySQL Database  │  File Storage  │  Cache (Redis)              │
└──────────────────┴────────────────┴─────────────────────────────┘

Backend Stack

Component	Technology	Version
Framework	Laravel	12.x
Admin Panel	Filament	4.3.1
Database	MySQL	8.x
Authentication	Laravel Sanctum	4.x
QR Generation	simple-qrcode	4.x
Geolocation	MaxMind GeoLite2	-

Service Layer

GS1 Services

app/Services/Gs1/
├── Gs1UriParser.php        # Parse Digital Link URIs
├── Gs1UriBuilder.php       # Build compliant URIs
├── ValueObjects/
│   └── ParsedGs1Uri.php    # Immutable parsed data
└── Exceptions/
    ├── InvalidGtinException.php
    └── InvalidGs1UriException.php

QR Code Services

app/Services/QrCode/
├── QrCodeGenerator.php     # Generate QR code images
├── QrCodeLogoService.php   # Embed logos
└── ValueObjects/
    ├── QrCodeConfig.php    # Generation settings
    ├── QrCodeResult.php    # Generated output
    └── LogoConfig.php      # Logo settings

Resolution Services

app/Services/Resolution/
└── ScanRecordingService.php  # Record scan analytics

app/Services/Geolocation/
└── GeolocationService.php    # IP to location

API Architecture

Authentication Flow

1. Client sends credentials to /api/v1/auth/token
2. Server validates and returns Sanctum token
3. Client includes token in Authorization header
4. Server validates token on each request

Request Lifecycle

Request → Middleware → Controller → Service → Repository → Database
                                                                    ↓
Response ← Resource ← Controller ← Service ←────────────────────────┘

Mobile App Architecture

flutter_app/lib/
├── app/                    # App configuration
│   ├── app.dart           # Main app widget
│   ├── routes.dart        # GoRouter navigation
│   └── theme.dart         # Material 3 theming
├── core/constants/        # App constants
├── data/
│   ├── api/              # Dio HTTP client
│   └── models/           # Data models
├── presentation/
│   ├── screens/          # UI screens
│   └── widgets/          # Reusable widgets
├── providers/            # Riverpod providers
└── services/             # Business logic (GS1 parser)

Security Architecture

Authentication

API: Bearer token (Sanctum)
Admin: Session-based with CSRF
Mobile: Secure token storage

Data Protection

All traffic over HTTPS
Database credentials in environment
Input validation on all endpoints
Rate limiting on API endpoints

Deployment Architecture

┌─────────────────────────────────────────┐
│              Load Balancer              │
│              (Nginx/HAProxy)            │
└────────────────┬────────────────────────┘
                 │
     ┌───────────┼───────────┐
     ▼           ▼           ▼
┌─────────┐ ┌─────────┐ ┌─────────┐
│  App    │ │  App    │ │  App    │
│ Server  │ │ Server  │ │ Server  │
│  (PHP)  │ │  (PHP)  │ │  (PHP)  │
└────┬────┘ └────┬────┘ └────┬────┘
     │           │           │
     └───────────┼───────────┘
                 │
     ┌───────────┼───────────┐
     ▼           ▼           ▼
┌─────────┐ ┌─────────┐ ┌─────────┐
│  MySQL  │ │  Redis  │ │  File   │
│ Primary │ │  Cache  │ │ Storage │
└─────────┘ └─────────┘ └─────────┘

Performance Targets

Metric	Target
API Response Time	< 200ms
Page Load Time	< 2s
QR Resolution Time	< 100ms
Test Coverage	> 80%

Next Steps

Database Schema - Data model details
GS1 Digital Link - Standards compliance
App Architecture - Mobile app structure