System Architecture Overview¶
High-Level Architecture¶
flowchart TD
Browser[Browser / Android App] --> Render[Render: Gunicorn\n1 worker, 6 threads]
Render --> Flask[Flask App\nlenzeye_database.py]
Flask --> Blueprints[Blueprints\n15+ route modules]
Flask --> DB[(PostgreSQL\nRender Managed)]
Flask --> S3[Wasabi S3\nAP Southeast-1]
Flask --> Celery[Celery Worker\nRedis broker]
Celery --> S3
Celery --> DB
Components¶
| Component | Role |
|---|---|
| Gunicorn | WSGI server, 1 worker + 6 gthread threads |
| Flask | Web framework, app factory pattern |
| SQLAlchemy + Flask-Migrate | ORM + DB migrations |
| PostgreSQL | Primary database (Render managed) |
| Wasabi S3 (boto3) | Object storage for all user files |
| Celery + Redis | Async task queue for heavy S3 operations |
| Brevo SMTP | Transactional email (OTP, notifications) |
| Razorpay | Payment gateway (in integration) |
Request Flow¶
Upload (Plain Path)¶
Browser → POST /upload/guest/initiate → Flask → S3.create_multipart_upload
Browser → GET /upload/guest/presigned-url → Flask → S3.generate_presigned_url → returned to browser
Browser → PUT directly to S3 via presigned URL (no Flask in data path)
Browser → POST /upload/guest/complete → Flask → S3.complete_multipart_upload
Upload (Encrypted Path)¶
Browser → POST /upload/guest/encrypted/initiate → Flask → DB.get_user_key → create session_token → S3.create_multipart_upload
Browser → POST /upload/guest/encrypted/upload-part → Flask → decrypt_token → AES-256-CTR encrypt → S3.upload_part
Browser → POST /upload/guest/encrypted/complete → Flask → HMAC finalize → S3.complete_multipart_upload → S3.copy_object (metadata update)
Download (Encrypted)¶
Browser → GET /download/{token} → Flask → verify OTP → DB.get_link → S3.get_object (stream) → AES-256-CTR decrypt → stream to browser
Blueprint Map¶
| Blueprint | File | Prefix |
|---|---|---|
guest_upload_bp |
guest_upload_routes.py |
/ |
guest_download_bp |
guest_download_routes.py |
/guest |
upload_wasabi_bp |
upload_wasabi_home.py |
/ |
secure_storage_new_routes_bp |
secure_storage_new_routes.py |
/ |
decide_upload_bp |
DecideWheretoUpload.py |
/ |
multifile_upload_bp |
multifile_upload_routes.py |
/ |
sst_bp |
sst_flask_routes.py |
/sst-file-manager |
collaboration_routes |
collaboration_routes.py |
/ |
admin_routes |
admin_routes.py |
/ |
lab_portal_bp |
lab_portal_routes.py |
/ |
lab_print_upload_bp |
lab_print_upload_routes.py |
/ |
android_api |
android_api_routes.py |
/ |
store_routes |
lenzeye_store_routes.py |
/store |
email_routes |
email_token_routes.py |
/ |
user_registration_bp |
UserRegistration.py |
/ |
TL;DR¶
What it is: Flask app factory, deployed on Render via Gunicorn, using PostgreSQL for data and Wasabi S3 for files. Celery handles async S3 listing. 15+ blueprints split by feature domain.
Key design choices: Single Gunicorn worker (RAM constraint), stateless upload session tokens (horizontal scale-ready), all file data goes to S3 (server RAM-safe), Celery offloads slow S3 list operations.