System Architecture

Premium Discord operations platform: dashboard, website, bot, domains, and external services.
BOT

Discord Bot Ecosystem

snowflake-bot / discord.js v14 / Express / ws
Gateway Runtime
  • Listens to guild membership, messages, edits, deletes, bans, kicks, and audit events.
  • Reports join/leave state through /api/internal/bot-membership.
Bot Service API
  • GET /health, GET /channels, GET /guild
  • POST /snowflake-dispatch for embeds, showcases, rules, products, and changelogs.
  • Moderation routes for timeout, kick, ban, nickname, roles, reactions, and deletion.
Message Shadow Index

Indexes Discord messages into MySQL for dashboard search, context panels, deleted-state tracking, embeds, attachments, and moderation history.

Scoped Control

Dashboard calls include x-tenant-id, x-guild-id, and the shared bot API secret so tenants cannot cross-act.

API

Control Plane and Data Ownership

server.cjs / Express / Vite build / Plesk reverse proxy
Public Entry and Provisioning

Discord OAuth signs users in, installs the bot when requested, seeds webhooks, creates tenant rows, and assigns owner access.

GET/auth/discordOAuth
POST/auth/discord/callbacksession
POST/api/provisiontenant
GET/api/provision/verify-botinstall
Request Pipeline
  • Helmet CSP, strict origin handling, image proxy checks, and body-size caps.
  • HttpOnly JWT session plus role checks for owner, admin, moderator, and viewer.
  • Redis-backed rate limits with memory fallback when Redis is offline.
  • /__bot-proxy and WS tickets keep bot secrets server-side.

Bot Owns Live Discord State

  • Channels, roles, members, presence, permissions
  • Messages, reactions, moderation actions
  • Bot install status and gateway telemetry

Website Owns Product State

  • Tenants, plans, users, branding, settings
  • Products, showcases, changelogs, schedules
  • Landing pages, webhooks, billing, telemetry
Bot Proxy Contract

The browser never receives bot secrets. /__bot-proxy validates the session, injects the bot secret, and forwards scoped calls.

Realtime Contract

/api/bot/ws-ticket mints short-lived tickets for the bot /ws stream, with REST polling fallback.

UI

Website and Dashboard

React 19 SPA / tenant-aware SaaS modules
01Dashboard Home
02Product Catalog
03Embed and Rules Builder
04Showcase Manager
05Changelog Automator
06Discord Live View
07Moderation Hub
08Economy and Giveaways
09Billing and Settings
Staff and Telemetry

Staff activity, system logs, webhook delivery health, moderation history, daily telemetry snapshots, and CSV exports.

Public Community Surface

Studio+ tenants expose community landing pages at panel.snowflake-studios.xyz/c/{slug} while staff work stays authenticated.

EXT

External Services

Discord, Stripe, Sentry, and media sources
Discord Platform
  • OAuth2 login and guild discovery
  • Bot install and permissions consent
  • Gateway events plus REST moderation actions
Discord Webhooks
  • Seeded during OAuth setup
  • Managed per tenant and channel
  • Used for publish and alert workflows
Stripe Billing
  • Checkout sessions and customer portal
  • /api/billing/webhook plan updates
  • Sentry captures server and client errors
DNS

Domains and Hosting

Cybrancee / Plesk / Node.js app root
snowflake-studios.xyzMarketing site and SaaS commercial entry point.
panel.snowflake-studios.xyzAuthenticated React dashboard and Express API server.
/c/{slug}Current Studio+ public community route.
*.panel...Future wildcard model, not current production routing.
DB

Persistence, Guards, and Deployment

MySQL / Redis / migrations / production server

MySQL Persistence

  • Tenant isolation through tenant_id foreign keys and scoped helpers.
  • Core tables: tenants, users, branding, bot settings, products, showcases, changelogs.
  • Operational tables: messages, moderation history, activity logs, telemetry, webhooks.

Redis and Runtime Guards

  • Distributed API and login rate limiting with memory fallback.
  • Bot health cache prevents noisy status pings.
  • Proxy caps and private-host checks reduce SSRF and abuse risk.

Build and Release Path

  • npm run build creates the Vite SPA in dist.
  • npm run start runs server.cjs.
  • npm run db:migrate applies production schema upgrades.
KEY

Key Principles

what the architecture protects
Discord state is collected by the bot, not guessed by the frontend.
The browser never sees bot tokens or tenant API secrets.
Tenant context resolves before protected data or bot actions run.
Public website data and staff dashboard data stay separate.
BOT ↔ CONTROLLINK 01
CONTROL ↔ SURFACELINK 02
SURFACE ↔ EXTERNALLINK 03
LINK 04ROW 1 ↔ PERSISTENCE
PROXY
API
OAUTH
DB
DB
DB