Technical Knowledge Base
I. Document control
Version | Note | Date |
---|---|---|
1.0.0 | Init document | 04 Mar 2021 |
1.0.1 | Update product type section | 01 May 2021 |
1.0.2 | Update Technical issues and Verotel | 29 Sep 2021 |
1.0.3 | Add CCBill cancelation section | 30 Sep 2021 |
1.0.4 | Add style question point | 26 Oct 2021 |
1.0.5 | Ad banner size | 08 Nov 2022 |
1.0.6 | Custom script | 13 Sep 2023 |
2.0.0 | Logo size | 18 Nov 2023 |
2.0.1 | Technical FAQs | 27 May 2023 |
II. General Questions
1. How to configure email
xFans provides 2 sections in the Admin settings for email
Email tab
Admin email: Email address for who will receive notification from system and contact form
Sender email: Email address for who will send the email in system
SMTP tab
Host: enter SMTP host eg smtp.google.com
Port: SMTP port eg 465
Auth user: SMTP username
Auth password: SMTP password
Secure option: Enable if use port 465
Note:-
You can use format “your name” <email-address> to admin email and sender email. Eg
Admin email: “xFans Admin” <admin@myxFans.info>
Sender email: “xFans Support“ <noreply@myxFans.info
xFans provides SMTP method for email only, almost services provide SMTP config, please check with your service and common list in our document.
2. How to add Google analytics code
Go to Admin panel > Settings > System settings > Google Analytics and enter your GA code.
Note: GA code usually is formatted with G-xxxxxxxxxx
3. How to add custom script
Go to Admin panel > Settings > System settings > SEO > Custom. There are 2 section you can enter your custom script
Custom header script: website will render this content in the <head> tag
Custom body script: website will render this content before </body> tag
Note:-
You can enter your GA script to one of these sections
Make sure you entered valid HTML or Javascript script. Otherwise it might break the system
4. How to update or change style
xFans does not provide option to change layout or style in the admin panel. However if you want to custom there are 2 solutions
Change style from source code (recommend this)
Or inspect element in xFans HTML code and get CSS class name or section then update your style to “Custom header script” section.
5. How to setup xFans payment gateway
xFans just supports these payment gateways.
a. CCBill
Go to Admin > Settings > System settings > CCbill and enter CCBill information in the form
CCBill webhook URL: https://[xFans-v2-api-domain]/payment/ccbill/callhook (eg https://api.xFans.info/payment/ccbill/callhook)
Approval URL: redirect link to your website after purchased successfully. You can enter https://[xFans-front-office-domain]/payment/success (eg https://xfans.info/payment/success)
Cancel URL: Redirect link after user cancelled or purchased unsuccessfully. You can enter https://[xFans-front-office-domain] (eg https://xfans.info/)
Check for CCBill setup here
b. Verotel Flexpay (since v2.1.4)
Go to Admin > Settings > System settings > Payment settings and enter Verotel credentials there
Verotel webhook URL: https://[xFans-v2-api-domain]/payment/verotel/callhook (eg https://api.xFans.info/payment/verotel/callhook)
Success URL: It is redirect pay after payment successful. You can enter https://[xFans-front-office-domain]/payment/success (eg https://xfans.info/payment/success)
Check for Verotel setup here
c. Other Payment Gateways
Please contact us for custom requirements.
6. How to add footer menu
Go to Admin panel > FE Menu. Here you can see the list and create or update existing menu.
xFans provides only option to change footer menu for now
From system page: FE will reload custom script file if it is system url. if enable you can select list of static pages too
Is new tab: open link in a new tab once clicking on
Title: menu text
Path: link to the page (you can enter full url here if it is not system page)
Section: where we will show the menu
Ordering: enter sort number of menu item in the list
7. SMTP common list and setup
Sendgrid
Host: smtp.sendgrid.net
Port: 465 / 587
Auth user: the string apikey. This setting is the exact string "apikey" and not the API key itself.
Auth password: your Sendgrid API key eg: SG.xxxxx
Gmail
Host: smtp.sendgrid.net
Port: 465 / 587
Auth user: your full email address eg: youremail@gmail.com
Auth password: your Gmail password
M3 service
Host: m3 host url eg v2010004s.m3xs.net
Port: 587
Auth user: email username account or M3 FTP master account
Auth password: your email password or M3 FTP master password
8. What are product types on xFans
xFans provide 2 product options
Physical product - Physical item such as mobile device, DVD disk, etc…
model has to ship to user once having an order
model is able to update shipping code, delivery status is needed in the control panel
Digital product - Digital item such as photo, video or audio file
user purchases digital item will receive email notification with download link of digital item
model doesn’t need to manage order status, it is completed once user purchased successfully.
9. How can user cancel unsubscribe a model?
Our system supports to cancel CCBill subscription for now.
In user: Login and check subscription tab and click on Cancel subscription button
In admin panel
Setup CCBill Datalink Service username and Datalink Service password in the Settings > CCBill
username could be found in the Log in to CCbill admin panel -> Account Info -> Data link services suite
password could be found in the link https://admin.ccbill.com/megamenus/ccbillHome.html#AccountInfo/DataLinkServicesSuite(234)
Important: For your ccbill account, please provide IP ranges that we should add in Datalink, for additional details, you may see our API guide, which also contains the list of other error codes and their explanation.
10. Banner & Logo sizes
Slider banner: 1257 x 314
Login Placeholder: 1086 x 1866
Site Logo: 300 x 87
Favicon: 16 x 16
III. Technical Questions
1. How does xFans storage asset files such as videos and images?
xFans supports Local storage (single machine) for now. We use nginx http_auth_module to protect assets. The download link usually is available in 4h, and have integrated business rules in our application.
2. Does xFans support S3 (Simple Storage Service) services like AWS S3 or Digital Ocean Space?
xFans supports local storage for now. If need S3 service you can customize our File module or contact for customization
3. Does xFans support FTP file server?
xFans supports local storage for now. If need FTP service you can customize our File module or contact for customization
4. Can we deploy xFans to AWS EC2?
Yes, xFans is able to be deployed to any VPS server, include AWC EC2
5. Does xFans support Kubernetes?
We have not supported for application container image in our script yet. So you have to create image eg with Docker and deploy application to Kubernetes. Or contact us for a customization.
6. Does xFans support Docker?
For now xFans does not provide Docker image yet. We will provide in future release.
7. Is xFans using CI/CD in our dev process?
Yes, we are using Jenkins for this purpose
8. How can we deliver the update efficiently?
We provide full source code, so you can do implementation if you want. Or we can provide Docker image for your customizations
9. How can we change style (CSS)?
We use less (https://lesscss.org/ ) to manage stylesheet. From source code you can
Check
style
folder, here we define common style rules in theglobal.less
,responsive.less
,vars.less
For separate component you can check related files in the
components > component name > .less
file. example to manage header, you can checkcomponents > common > layout > header.less
10. Can you confirm that your code set supports a PWA (not just web)?
It supports but not 100%, some we need to modify. basically we have no PWA yet
11. Do you use any design system that we should replicate for our bespoke UI to enable efficiency and speed in the dev process?
We just use ant design for our component design / approach.
12. Can you explain more about your approach to security, particularly how you manage authentication tokens and secure user data?
We do not provide server security or DDOS protection, we provide application only
Application below
Authentication Tokens:
• Secure Storage: Store tokens securely using methods like environment variables or dedicated secret management services. also support .env if needed
• Encryption: Encrypt tokens in transit and at rest to protect against interception and unauthorized access.
• Expiration and Rotation: Implement expiration dates for tokens with JWT Securing User Data:
• Data Encryption: Encrypt sensitive user data both in transit (using TLS/SSL) and at rest (using AES or similar algorithms).
• Access Controls: Enforce strict access controls and permissions to ensure that only authorized users and systems can access or modify data.
• Data Minimization: Collect and retain only the data that is necessary for the application to function, reducing the potential impact of a data breach.
13. How do you plan to handle error logging and monitoring in both the frontend and backend to ensure reliability and ease troubleshooting?
Backend we have request logs and httpexception log to track issues / exception. besides that we also have log tool to use in additional case In frontend we do not apply but we provide addon for Sentry log when having request from client
14. What strategies have you implemented for scalability, especially considering the hardcoded values and direct coupling seen in the snippets?
No hardcoded values with configuration files or environment variables. If have we have constants file, and define all there
default system is monolithic architecture but if want we can design as microservice.
so far in our application, we just need to separate file server then we can apply load balancer without issue
have cache system on our app, use Redis
db: Have indexing, query optimization. Our DB platform supports sharding to improve database performance and scalability.
we have queue, messaging system for asynchronous Processing, message queues and event-driven architectures to handle tasks that can be processed asynchronously.
15. Could you discuss your approach to ensuring code maintainability, such as documentation standards, coding conventions, and review processes you follow?
Documentation Standards:
Code Comments
README Files: we provided confluence page with all details
API Documentation: we provided api docs already
Coding Conventions:
Style Guides: we use Airbnb's JavaScript Style Guide
Naming Conventions: Use clear and descriptive names for variables, functions, and classes.
Refactoring: Regularly refactor code to improve readability and reduce complexity.
Review Processes:
Code Reviews: Implement a peer review process where every piece of code is reviewed by at least one other developer before being merged.
16. How do you ensure the application is secure against common web vulnerabilities (e.g., SQL injection, XSS, CSRF)?
we do not use SQL but no-sql. and we use mongoose framework with mongodb-driver, it will prevent sql injection. CSRF is not applied on our product, we use API with authentication header. XSS we provided setup on nginx, if neeed any we can update there. Check our nginx template for details
17. What is your approach to testing, both in terms of unit tests and integration tests, for the frontend and backend?
We do not have E2E or unit test right now. manual testing whole app
18. Can you explain the decision-making process behind the mix of local and global styling approaches seen in the frontend?
==> https://ant.design/docs/spec/values
19. What live websites or apps has xFans built that we could take a look at
You can have a look at our portfolio - https://adent.io/portfolio
20. Is application designed out of the box to scale horizontally (i.e. to be deployed on multiple instances/containers)?
=> partial support, If you want to support auto scaling - need to customize the file server as below,
database -> there is no problem with db - scale or separate db for each module file service -> converting, transcode (eg from mov to mp4 h264), image processing (eg crop, resize...) we need to create a separate file media service otherwise we cannot support horizontal scale properly.
queue / messaging service -> we are using Redis - need a shared Redis server for all instances
21. What is the plan for scaling on database side?
=> So far it is single database but it support scaling well. check https://www.mongodb.com/basics/scaling . if needed we can design / change DB connection for each module without issue as well.
22. Where users/passwords are stored?
In the DB we store hashed password. 1-way hash (sha1)
23. Which React libraries are you using in the project
Version ^18.2.0
24. What would be the process of “theming” to customize look and feel
=> Current version we are using ant design https://ant.design/(5.x) with its components
-> use scss superset to manage theme variable, theme size...
-> we can overwrite default ant design components if any (check antd custom theme https://ant.design/docs/react/customize-theme )
25. Walk-through session management
note: we allow 1 device (user) login 1 time only
Step 1: call login api /login
Step 2: create session record with unique random-token and return token to client side
Step 3: for auth request, send token to http header
Step 4: check / verify token before process next
Step 5: get user info and verify status (eg inactive) and allow/disallow to next step
26. If deployed on AWS – can it be S3?
=> Yes, it can be deployed. we can also use full AWS service if needed. step below
Upload file to s3 server directly
Listen uplaod success event and notify Lambda function
Process media convert (for instance use AWS Media convert for video processing)
27. What do you use for video streaming?
=> default is nginx pseudo streaming -> for protected file we use nginx http_auth_request_module https://nginx.org/en/docs/http/ngx_http_auth_request_module.html to verify
28. High-level Deployment steps?
Create aws ec2 instance
Install softwares for that instance (ffmpeg, redis, database...)
Configure nginx config
Deploy code / custom code to server
Build / compile code with build command.
Run application as normal node app with production process manager such as pm2
29. Frame Freezing in WebRTC Streaming
Assume server resources (CPU, RAM, Disk) are not full load. Frame Freezing problem is caused by frame Drop. The frame Drop reasons are listed below.
-Server Location
It is more stable to broadcast physically near servers.
-Server Network Capacity
For Media Streaming, servers with high network capacity are required. If your server’s network capacity is low, you may experience frame drops. Also, Frame Drops causes Frame Freezing.
30. What latencies can I achieve?
Current xFans v3 uses Ant media. Ant Media Server is capable of:
0,5 seconds typical latency with WebRTC to WebRTC streaming path. (usually around 0,2 seconds) (available in Enterprise Edition)
6-10 seconds typical latency with WebRTC to HLS streaming path.
To reduce latency you have to purchase EE version, then switch option for streaming to webRTC in admin settings > ant media
31. Pixelating of frames in WebRTC
This can cause a lot of things. If the broadcast values(Frame drop or etc) and server values (CPU or Ram etc.) are healthy, 3 things that matter to us can be listed below.
-Adaptive Streaming Setting. Here is default Setting in below.
Resolution Video Bitrate (Kbps) Audio Bitrate (Kbps)
1080p 2000 256
720p 1500 128
480p 1000 75
360p 800 64
240p 500 32
These values will be changing on different cases. Because everyone’s scenario is different, these values are not fixed.
-WebRTC Framerate Setting
Framerate is also a specific parameter. The framerate default parameter is 20. But as we said above, these values change your situation.
-Server Location
It is more stable to broadcast physically near servers.
If broadcast quality problems occur, lower these values and select the server close to where you broadcast, we hope your quality problem will be solved.