Senoa MonoRepoAudit & Architecture
6 Critical9 High 39 modules66 tables28 flows ~70% ready · HIGH risk

Senoa MonoRepo — Project Audit Report

Date: 2026-06-29 Repo: SenoaMonoRepo (branch development) Scope: Full monorepo — backend, blockchain indexer, web, admin-panel, infra/CI


1. Executive Summary

Senoa is a Web3 social + marketplace platform built as a Turbo/PNPM monorepo. It comprises a large NestJS backend (42 modules, crypto custody, KYC/KYB, accounting, affiliate/MLM rewards), a Next.js 15 web client, a Vite/React admin panel, and a NestJS blockchain events indexer.

The architecture is reasonable and the code is consistently structured, but the project is not production-ready. The dominant themes are:

  • - Critically low test coverage across every app (backend 0.97%, web 0 tests, admin 1 file, blockchain 1 broken test).
  • - Security misconfigurations — wildcard CORS with credentials, JWTs in localStorage, a hardcoded Alchemy RPC key, hardcoded DB/JWT secrets in docker-compose.yml, default Swagger password, no rate-limiting or security headers.
  • - Incomplete financial logic — reward distribution and price-oracle integration are stubbed with TODOs; non-stablecoin exchange rates are hardcoded to 1.00.
  • - Operational gaps — blockchain indexer has no reorg handling, no idempotency, and no retries.

Overall production-readiness: ~70%. Risk level: HIGH.


2. Project Structure & Stack

AppStackFilesTests
apps/backendNestJS 9, TypeORM, Postgres, Passport/JWT, 124 migrations6256 (trivial)
apps/webNext.js 15, React 19, thirdweb/viem, TanStack Query, Zustand, socket.io2800
apps/admin-panelVite 7, React 19, CoreUI, Redux Toolkit, RR7621
apps/blockchainNestJS 9, ethers v5, Bull/Redis, Postgres141 (failing)
packages/*shared eslint-config, tsconfig

Tooling: Turbo + PNPM 10.15, TypeScript, Tailwind, Docker, AWS Elastic Beanstalk (GitHub Actions deploy).

Repo-wide metrics: 37 TODO/FIXME, 264 console.* in TS files, 208 remote branches (significant branch sprawl).


3. Critical Findings (fix before any production use)

C1 — Hardcoded Alchemy RPC API key (committed secret)

apps/blockchain/src/app.service.ts:31

new ethers.providers.JsonRpcProvider(
  `https://polygon-amoy.g.alchemy.com/v2/fBeW2OzQkFjcaNQVXzqx5rDBeO_AwMFO`)

Live key in source + git history. Rotate immediately, move to process.env.

C2 — Secrets hardcoded in docker-compose.yml

DB passwords (P71\Q4;jlpyJ, jRw0hf56E6x') and JWT_SECRET=your-super-secret-jwt-key-change-in-production are committed. Also scripts/init.sql ships appuser/rootpassword. Move to secrets/.env (prod already uses AWS SSM Parameter Store via the EB prebuild hook — good — but compose does not).

C3 — Wildcard CORS with credentials

apps/backend/src/main.ts:91-96 and gateway/chat.gateway.ts use origin: "*" with credentials: true. CSRF / cross-origin credential exposure risk. Pin to explicit origins.

C4 — Near-zero test coverage everywhere

Backend 6 trivial .spec files (0.97%), web 0, admin 1, blockchain 1 (and that e2e test asserts the wrong string, so it fails). No tests on auth, custody, accounting, KYC/KYB, or rewards.

C5 — Incomplete / incorrect financial logic

  • - accounting.service.ts:655,752,877 — non-USDT exchangeRate hardcoded to "1.00" (TODO: price oracle). All non-stablecoin ledger values are wrong.
  • - circle.service.ts:1297-1346 — reward distribution has TODO: [DB INSERT] placeholders; rewards are computed but never recorded. Users would not be paid.

C6 — JWT stored in localStorage (web + admin)

43 reads in web, plus admin panel. XSS-exfiltratable. Client-side-only token expiry (token-init-date) is trivially bypassed. Move to httpOnly cookies; rely on server 401s for expiry.


4. High-Severity Findings

#AreaFindingLocation
H1WebXSS via dangerouslySetInnerHTML with regex-only sanitization (4 sites)ProfilePreview.tsx:70, AboutUsEditor.tsx:298, etc.
H2BackendDefault Swagger password swagger@123 fallbackmain.ts:47
H3BackendNo rate-limiting (@nestjs/throttler) and no security headers (helmet) anywhereglobal
H4BackendS3 uploads use raw filename (collision/overwrite), no virus scan, 24h presigned URLsaws.service.ts, upload.service.ts
H5BackendPassword-reset token stored in plaintext in DBauth.service.ts:862
H6BackendIndividual KYC is minimal — no workflow, no status, no audit trail (KYB is robust)kyc/
H7BlockchainNo reorg protection, no block-confirmation wait, no idempotency, attempts:1 (no retries) → events silently lost/duplicatedapp.service.ts, erc20transfer.processor.ts
H8AdminRole checks are client-side only (Redux/localStorage); no CSRF protectionProtectedRouteByRole.js
H9AllOversized files: web settings/page.tsx (3139), profile/[id]/page.tsx (2540); backend posts.service.ts (2256), circle.service.ts (1911); admin ContentCreators.js (930)

5. Medium / Low Findings

  • - Lint disabled in web and admin-panel ("lint": "echo skipped"); blockchain too. ESLint configs exist but never run.
  • - TypeScript strictness off in admin (strict:false, noUnusedLocals:false) and blockchain (strictNullChecks:false, noImplicitAny:false). Web is strict.
  • - **264 console.* calls** in TS (185 in web, 57 backend) — no structured logging / log-level control; some log raw event/error objects.
  • - **188 any usages** in web reduce type safety (esp. error handling).
  • - Redis & DB defaults in blockchain fall back to localhost / empty password — won't fail fast in prod.
  • - **API_BASE_URL duplicated** ~58× in web with http://localhost:3000 fallback baked into production component files.
  • - Docker uses unpinned node:latest (non-reproducible builds); no .nvmrc/engines despite CI pinning Node 22.
  • - CI gap: the "Run Tests" job only builds — it never runs npm test. Deploys to prod/dev on push with npm install (not npm ci).
  • - **Migration 1768461271858-auto.ts** is an auto-generated schema sync — review for unintended changes.
  • - **.gitignore** lists !.env.example but never ignores .env itself (real .env files are not gitignored — currently none committed, but the guard is missing).
  • - README is stale — describes a generic "PoC monorepo", mentions MongoDB while code uses Postgres.

6. What's Done Well

  • - Clean, consistent NestJS module structure; DI used throughout.
  • - Strong input validation: global ValidationPipe with whitelist+forbidNonWhitelisted; 385 class-validator decorators across 173 DTOs.
  • - No SQL injection surface — TypeORM parameterized queries; raw SQL only in migrations.
  • - Sound crypto hygiene: bcrypt (rounds 10), crypto.randomBytes(32) reset tokens, AES encryption of custody API keys via CUSTODY_ENCRYPTION_KEY.
  • - Global JSON exception filter; consistent Nest exceptions (547 throws).
  • - Production secrets sourced from AWS SSM Parameter Store at deploy time.
  • - Double-entry accounting uses DB transactions and immutable ledger entries.
  • - Web app: TanStack Query caching, strict TS, sensible provider layering, thirdweb (no self-custody keys).

7. Prioritized Remediation Roadmap

Immediate (hours):

  1. 1. Rotate the Alchemy key (C1); move it + Redis/DB config to env.
  2. 2. Strip secrets from docker-compose.yml / init.sql (C2).
  3. 3. Pin CORS origins on HTTP + WebSocket (C3); remove default Swagger password (H2).
  4. 4. Fix the broken blockchain e2e test; make CI actually run tests.

Short term (1–2 weeks):

  1. 5. Complete reward DB inserts and integrate a price oracle (C5) — financial correctness.
  2. 6. Add helmet + @nestjs/throttler (H3); hash reset tokens (H5); UUID-prefix S3 uploads (H4).
  3. 7. Move JWTs to httpOnly cookies + add CSRF (C6, H8); replace dangerouslySetInnerHTML with DOMPurify (H1).
  4. 8. Re-enable lint and TS strictness in admin/web/blockchain.

Medium term (1–2 months):

  1. 9. Build out test suites — target ≥50–70% on auth, custody, accounting, rewards (C4). Est. 100–150 hrs backend alone.
  2. 10. Add reorg handling + idempotency + retries to the indexer (H7).
  3. 11. Refactor oversized files (H9); centralize API_BASE_URL/avatar-URL utilities; add KYC workflow + audit trail (H6).
  4. 12. Prune the 208 remote branches.

8. Per-App Risk Summary

AppArchitectureSecurityTestsProduction-ready?
backendGoodHigh risk (CORS, uploads, reset tokens)Critically low~70%
webGoodHigh risk (localStorage JWT, XSS)NoneNo
admin-panelGoodHigh risk (client-side roles, no CSRF)MinimalNo
blockchainPoCCritical (hardcoded key, no reorg/idempotency)BrokenPoC only

Bottom line: solid foundation and architecture, but treat as a late-stage prototype. Address the six critical items before exposing this to real users or funds.

Module Architecture — Overview

NestJS backend (apps/backend). Each node is a feature module; arrows show **imports** dependencies declared in each *.module.ts (A --> B = A imports B).

AppModule is the composition root and imports all 40 feature modules (edges omitted for clarity). Several edges are mutual (forwardRef) — e.g. auth ⇄ user, user ⇄ notification.

Module inventory (42)

DomainModules
Identity & Accessauth, user, user-placement
Compliancekyc, kyb
Content & Socialposts, feed, content-creator, recommended, ad, project-creation
Business & Marketplacebusiness, business-pages, listings, storefronts
Messaging & Notificationschats, messages, notification, notifications
Web3 & Financecustody, accounting, transak, xrp-swap, crypto-prices, pledge
Rewards / MLM / Passescircle, affiliate, commission-structure, reward, advocacy, pass, user-pass
Shared Infrastructurecommon, response-helper, upload, avatar, mail, dynamic-compression, search
Dev / Seedseed
Note: crypto-prices, feed, recommended, commission-structure, notifications are leaf modules (no inter-module imports); they are consumed by others and registered directly in AppModule.
Module dependency graph (42 modules) ↗ Open SVG

Shared Infrastructure

Rewards / MLM / Passes

Web3 & Finance

Messaging & Notifications

Business & Marketplace

Content & Social

Compliance (KYC / KYB)

Identity & Access

auth

user

user-placement

kyc

kyb

posts

feed

content-creator

recommended

ad

project-creation

business

business-pages

listings

storefronts

chats

messages

notification

notifications

custody

accounting

transak

xrp-swap

crypto-prices

pledge

circle

affiliate

commission-structure

reward

advocacy

pass

user-pass

common

response

upload

avatar

mail

dynamic-compression

search

seed

Scroll to zoom · drag to pan · vector (sharp at any zoom).
For a per-module breakdown (each module + its connections), switch to the Architecture Explorer.

Database Schema — Overview

Generated from the 66 TypeORM entities in apps/backend/src. Boxes are tables (with columns; PK = primary key, FK = foreign-key column). Relationship lines reflect the actual relation decorators:

NotationDecoratorMeaning
`A--o{ B`
`A--
A }o--o{ B@ManyToManymany-to-many (join table)

Labels has 1 / has 2 … distinguish multiple FKs from the same table to the same target (e.g. Post → User author vs. editor; UserConnection → User requester vs. addressee).

User is the central hub. 11 standalone tables have no entity-level relations (config/log/derived data): CryptoPrice, DynamicCompression, ErrorLog, FeeConfiguration, Feed, MediaAsset, MonthlyPool, MonthlyPoolDistribution, Pledge, Recommended, WalletBalance.

ER diagram — 66 entities · 741 columns · 109 relations ↗ Open SVG

has

has

has

has 1

has

has

has 2

has 1

has

has 2

has 3

one

has

has

many

has

has

has

has

has

has

has

has

has

has

has

has

one

has 1

has 2

has 3

one

has

has

has

has 1

has 2

has

has

one

has

has

has

has

has

has

many

has

has 1

has 2

one

has

has

has

has

has 1

has 2

has

one

many

has

has

has

has

has 1

has 2

has

one

has

has

has

has

has

has

has

has

has

has

has

has 1

has 2

has

has

has

has

has

has

has

has

has

many

has

one

has

has 1

has 2

has 1

has 2

has 1

has 2

has 1

has

has 2

has

has

has

has

has

has

Ad

string

id

PK

string

businessId

FK

string

createdBy

string

title

string

description

string

destinationUrl

string_arr

hashtags

AdStatus

status

string

tokenCost

string

ledgerEntryId

FK

Date

createdAt

Date

updatedAt

Date

deletedAt

AdMedia

string

id

PK

string

adId

FK

string

url

string

s3Key

string

alt

number

position

number

width

number

height

Record

metadata

Date

createdAt

Date

deletedAt

Advocacy

string

id

PK

string

userId

FK

string

businessId

FK

string

passId

FK

AdvocacyRole

role

string

referralCode

string

referralLink

Date

createdAt

Date

updatedAt

Date

deletedAt

Affiliate

string

id

PK

string

affiliateId

FK

string

userId

FK

string

businessId

FK

number

pledgeLevel

string

parentUserId

FK

string

userPassId

FK

PlacementType

placementType

Date

createdAt

Date

updatedAt

Business

string

id

PK

string

name

string

slug

string

logoUrl

string

logoS3Key

string

bannerUrl

string

bannerS3Key

string

themeColor

string

fontStyle

string

description

string

userId

FK

CommissionStructureType

commissionStructureType

Date

createdAt

Date

updatedAt

Date

deletedAt

boolean

allowPassCancellationRefund

number

circleActivityDurationDays

CommissionStructureType

structureType

number

maxRewardTier

boolean

structureIsActive

number

maxSpot

number

structureLockAtSpot

BusinessPage

string

id

PK

string

businessId

FK

string

userId

FK

string

title

string

slug

any

pageJson

boolean

isPublished

string

pageType

Date

createdAt

Date

updatedAt

boolean

isDeleted

Chat

string

id

PK

boolean

isGroup

string

name

boolean

isBroadcast

Date

createdAt

Date

updatedAt

Circle

string

id

PK

string

circleId

FK

string

owner

number

pledgeLevel

string

parentCircleId

FK

boolean

isPocCircle

number

instanceId

FK

string

businessId

FK

number

circleInstance

CircleStatus

circleStatus

Date

createdAt

Date

updatedAt

CirclePlacement

string

id

PK

string

circleId

FK

string

userId

FK

string

userPassId

FK

string

businessId

FK

number

spotPosition

number

circleInstance

PlacementType

placementType

number

pledgeLevel

number

instanceId

FK

Date

createdAt

CommentReaction

string

id

PK

string

commentId

FK

string

userId

FK

ReactionType

type

Date

createdAt

CommissionStructure

string

id

PK

string

businessId

FK

string

name

string

description

CommissionStructureType

structureType

CommissionType

commissionType

number

tierNumber

number

baseRate

boolean

isActive

boolean

isDefault

Date

createdAt

Date

updatedAt

CreatorProfile

string

id

PK

CreatorProfileStatus

status

string

displayName

string

bio

string

contentCategory

string

cvS3Key

string

portfolioS3Key

boolean

declarationAccepted

string

approvedBy

Date

approvedAt

string

rejectedBy

Date

rejectedAt

string

rejectionReason

string

suspendedBy

Date

suspendedAt

string

suspensionReason

Date

createdAt

Date

updatedAt

CryptoPrice

string

id

PK

string

key

any

data

Date

updatedAt

Date

createdAt

CustodyAccount

string

id

PK

string

userId

FK

string

custodySubAccountId

FK

string

custodyApiKey

string

custodySecret

string

custodyName

CustodyAccountStatus

status

Date

createdAt

Date

updatedAt

CustodyBalance

string

id

PK

string

custodyAccountId

FK

string

asset

string

availableBalance

string

pendingBalance

Date

lastSyncedAt

Date

updatedAt

Date

createdAt

CustodyExchange

string

id

PK

string

userId

FK

string

custodyAccountId

FK

string

exchangeId

FK

string

fromCurrency

string

fromNetwork

string

toCurrency

string

toNetwork

string

fromAmount

string

toAmount

ExchangeStatus

status

string

depositAddress

string

destinationAddress

string

extraId

FK

string

refundAddress

string

refundExtraId

FK

string

exchangeRate

string

networkFee

string

serviceFee

string

txHashDeposit

string

txHashWithdraw

string

errorMessage

Date

completedAt

Date

expiresAt

Date

createdAt

Date

updatedAt

CustodyTransfer

string

id

PK

string

nowTransferId

FK

string

fromUserId

FK

string

toUserId

FK

string

fromPartnerId

FK

string

toPartnerId

FK

TransferType

transferType

string

currency

string

amount

string

networkFee

TransferStatus

status

string

purpose

string

referenceType

string

referenceId

FK

string

externalAddress

string

txHash

string

note

string

errorMessage

Record

metadata

Date

createdAt

Date

updatedAt

Date

completedAt

DynamicCompression

string

id

PK

number

dcId

FK

number

expiryTime

string_arr

pledgeIdsByParentFirst

Date

createdAt

Date

updatedAt

string_arr

orderedAncestorUserIds

boolean

isValid

string

description

ErrorLog

string

id

PK

string

errorMessage

string

stack

any

data

Date

createdAt

Date

updatedAt

FeeConfiguration

string

id

PK

string

transactionType

string

platformFeePct

string

charityFeePct

string

communityFeePct

string

creatorFeePct

string

minAmount

string

maxAmount

boolean

isActive

Date

effectiveFrom

Date

effectiveTo

Date

createdAt

Date

updatedAt

Feed

string

id

PK

string

creatorImage

string

title

string

category

string

description

number

likes

number

comments

Date

createdAt

Date

updatedAt

FollowMeDetectionReward

string

id

PK

number

amount

FollowMeDetectionRewardStatus

status

Date

releasedAt

Date

createdAt

Date

updatedAt

KYBVerification

string

id

PK

string

businessId

FK

string

businessName

string

businessEmail

string

businessCountry

string

businessCity

string

businessPhone

string

businessDescription

boolean

isLegalEntity

Date

step1CompletedAt

IDType

idType

string

idIssuingCountry

string

idNumber

Date

idExpiryDate

string

idFrontS3Key

string

idBackS3Key

Date

step2CompletedAt

string

streetAddress

string

addressCity

string

addressStateProvince

string

addressZipCode

ProofOfAddressType

proofDocumentType

string

issuingCompanyMinistry

Date

proofExpiryDate

string

proofDocumentS3Key

Date

step3CompletedAt

KYBStatus

status

string

rejectionReason

Date

reviewedAt

string

reviewedBy

boolean

isAdvocacyActive

Date

createdAt

Date

updatedAt

Date

deletedAt

Kyc

string

id

PK

PersonalInfo

personal

IdentityInfo

identity

PoaInfo

poa

WalletInfo

wallet

StatusKycEnum

kycStatus

Date

createdAt

Date

updatedAt

LedgerEntry

string

id

PK

string

userId

FK

AccountType

accountType

EntryType

entryType

string

amount

string

asset

string

usdEquivalent

string

exchangeRate

string

referenceType

string

referenceId

FK

string

category

string

balanceBefore

string

balanceAfter

TransactionSource

transactionSource

string

custodyTransferId

FK

string

externalWalletAddress

string

txHash

Record

metadata

Date

createdAt

Date

updatedAt

Listing

string

id

PK

string

businessId

FK

ListingType

type

ListingStatus

status

string

title

string

description

string

category

string_arr

images

string

refundPolicyId

FK

Date

createdAt

Date

updatedAt

ListingDigitalAsset

string

id

PK

string

listingId

FK

string

downloadUrl

Record

accessRules

ListingVariant

string

id

PK

string

listingId

FK

string

sku

string

price

string

currency

number

inventoryQty

Record

attributes

MediaAsset

string

id

PK

string

s3Key

string

mime

number

size

string

ownerId

FK

string

ownerType

string

originalFilename

string

contentType

Date

createdAt

Date

updatedAt

Message

string

id

PK

string

text

Date

createdAt

Date

updatedAt

MessageAttachment

string

id

PK

AttachmentType

type

string

url

string

s3Key

string

filename

string

mimetype

number

size

string

thumbnailUrl

Date

createdAt

MonthlyPool

string

id

PK

string

businessId

FK

string

poolMonth

string

totalPoolAmount

string

currency

string

status

string

distributionDate

string

blockchainTxHash

Date

createdAt

Date

updatedAt

MonthlyPoolDistribution

string

id

PK

string

poolId

FK

string

userId

FK

string

circleId

FK

string

amount

string

distributionDate

string

blockchainTxHash

Date

createdAt

Notification

string

id

PK

NotificationReceiver_arr

receivers

string

senderId

FK

string

title

string

description

NotificationEvent

type

string

sourceId

FK

string

image

boolean

byAdmin

Record

additionalData

Date

createdAt

Date

updatedAt

NotificationPreferences

string

id

PK

string

userId

FK

boolean

systemPush

boolean

systemEmail

boolean

systemSms

boolean

reminderMessages

boolean

reminderNews

boolean

reminderComments

boolean

reminderLikes

boolean

reminderNewFollowers

boolean

reminderShippingDeliveries

Date

createdAt

Date

updatedAt

Otp

string

id

PK

string

identifier

OtpProviderEnum

provider

number

code

Date

expireIn

Date

createdAt

Date

updatedAt

Pass

string

id

PK

string

businessId

FK

string

name

string

slug

string

description

number

monetaryValue

string

coverImageS3Key

string_arr

benefits

PassStatus

status

number

purchaseCount

Date

createdAt

Date

updatedAt

Date

deletedAt

number

pledgeLevel

PlatformAccount

string

id

PK

PlatformAccountType

accountType

string

custodyAccountId

FK

string

name

string

description

boolean

isVirtual

Date

createdAt

Date

updatedAt

Pledge

string

id

PK

string

pledgeId

FK

number

pledgeLevel

string

pledger

number

createdTime

number

expiryTime

PledgeStatusEnum

status

string

circleId

FK

string

parentCircleId

FK

string

childCircleId

FK

string

txnHash

number

instanceId

FK

string

dcId

FK

Date

createdAt

Date

updatedAt

Post

string

id

PK

PostType

type

FeedType

feedType

AuthorType

authorType

string

creatorId

FK

string

businessId

FK

string

title

string

description

string

body

string

ctaLabel

string

ctaUrl

PostStatus

status

boolean

isPublic

Date

publishAt

Date

unpublishAt

string

coverMediaId

FK

string

createdBy

string

updatedBy

Date

createdAt

Date

updatedAt

Date

deletedAt

PostComment

string

id

PK

string

postId

FK

string

userId

FK

string

parentId

FK

string

body

CommentStatus

status

number

repliesCount

number

likesCount

Date

createdAt

Date

updatedAt

Date

deletedAt

PostHidden

string

id

PK

string

postId

FK

string

userId

FK

string

authorId

FK

Date

createdAt

PostMedia

string

id

PK

string

postId

FK

MediaKind

kind

string

url

string

s3Key

string

alt

number

position

boolean

isCover

number

width

number

height

number

duration

Record

metadata

Date

createdAt

Date

deletedAt

PostMetrics

string

id

PK

string

postId

FK

number

likesCount

number

commentsCount

number

sharesCount

number

savedCount

number

viewsCount

Date

createdAt

Date

updatedAt

PostPinned

string

id

PK

string

postId

FK

string

userId

FK

Date

createdAt

PostReaction

string

id

PK

string

postId

FK

string

userId

FK

ReactionType

type

Date

createdAt

PostSaved

string

id

PK

string

postId

FK

string

userId

FK

SavedListType

listType

Date

createdAt

PostShare

string

id

PK

string

postId

FK

string

userId

FK

string

platform

string

url

Date

createdAt

Date

updatedAt

Date

deletedAt

PostTopics

string

postId

PK

string

topicId

PK

Date

createdAt

Project

string

id

PK

string

projectOwnerId

FK

ProjectModelEnum

projectModel

string

smartContractAddress

string

tokenAddress

ProjectDetail

projectDetail

Level_arr

levels

string

referralLink

Level_arr

poolRewards

number

rejectedCount

string

AdminRemarks

number

submissionCount

ProjectStatus

status

boolean

isDeployed

boolean

isActive

Date

createdAt

Date

updatedAt

Recommended

string

id

PK

string

title

string

subtitle

string

priceText

string

image

PageSectionEnum

section

Date

createdAt

Date

updatedAt

ReferralHierarchy

string

id

PK

string

ancestorId

FK

string

descendantId

FK

string

ancestorEmail

string

descendantEmail

string

passId

FK

number

pledgeLevel

number

tier

string

businessId

FK

string

parentCircleId

FK

number

instanceId

FK

Date

createdAt

Date

updatedAt

string

userPassId

FK

string

parentAffiliateId

FK

Reward

string

id

PK

string

circleId

FK

number

amount

string

affiliateId

FK

RewardType

type

Date

createdAt

Date

updatedAt

string

userId

FK

string

businessId

FK

string

structureType

number

affiliateTier

number

commissionRate

CommissionType

commissionType

string

sourceUserPassId

FK

number

hierarchyLevel

number

calculatedAmount

any

calculationMetadata

string

commissionStructureId

FK

string

parentStructureSelection

boolean

isWithheld

string

releaseStatus

Date

withheldUntil

string

userPassId

FK

Storefront

string

id

PK

string

businessId

FK

string

slug

StorefrontStatus

status

string

businessPageId

FK

any

draftLayout

any

publishedLayout

Date

publishedAt

Date

createdAt

Date

updatedAt

StructureSwitchingHistory

string

id

PK

string

userId

FK

string

businessId

FK

string

fromStructureType

string

toStructureType

Date

switchedAt

string

activationId

FK

string

reason

Date

createdAt

Topic

string

id

PK

string

name

string

slug

string

icon

Date

createdAt

Date

updatedAt

User

string

id

PK

string

email

string

fullName

string

password

string

resetPasswordToken

Date

resetPasswordExpires

string

phone

string

imgPic

string

imgPicS3Key

string

biography

string

bannerUrl

string

bannerS3Key

ValidRoles

authorization

boolean

isVerified

Date

lastLoginDate

number_arr

tokens

StatusEnum

status

string

loginId

FK

string

invitedBy

string

referralCode

string

DiDId

FK

number

connectionsCount

Date

createdAt

Date

updatedAt

UserBlock

string

id

PK

string

blockerId

FK

string

blockedId

FK

Date

createdAt

Date

updatedAt

UserConnection

string

id

PK

string

requesterId

FK

string

receiverId

FK

ConnectionStatus

status

Date

createdAt

Date

updatedAt

UserFollow

string

id

PK

string

followerId

FK

string

followingId

FK

Date

createdAt

Date

updatedAt

UserPass

string

id

PK

string

userId

FK

string

passId

FK

string

purchaseTxnHash

Date

activatedAt

StructureType

structureType

string

referrerUserId

FK

StructureType

referrerStructureTypeAtActivation

string

businessId

FK

UserPassStatus

status

number

pledgeLevel

string

dcId

FK

Date

expiresAt

Date

createdAt

Date

updatedAt

UserStructureAssignment

string

id

PK

string

userId

FK

string

businessId

FK

string

currentStructureType

boolean

isActive

Date

createdAt

Date

updatedAt

Wallet

string

id

PK

string

address

ChainEnum

chain

StatusEnum

status

LoginProviderEnum

loginProvider

ProviderEnum

walletProvider

boolean

isDefault

string

tag

Date

createdAt

Date

updatedAt

WalletBalance

string

id

PK

string

userId

FK

string

currency

number

availableBalance

number

pendingBalance

number

totalEarned

number

totalWithdrawn

Date

lastUpdated

Date

createdAt

Date

updatedAt

WalletTransaction

string

id

PK

string

transactionGroupId

FK

string

userId

FK

string

fromAccountId

FK

string

toAccountId

FK

string

rewardId

FK

WalletTransactionActionType

fromAccountType

WalletTransactionActionType

toAccountType

TransactionCategory

transactionCategory

string

entryType

string

amount

string

currency

string

provider

string

providerTransactionId

FK

boolean

isCustodial

TransactionStatus

status

string

txnHash

Record

metadata

Date

createdAt

Date

completedAt

XrpSwapTransaction

number

id

PK

number

fromAmount

number

toAmount

number

directedAmount

standard_____fixed_rate

flow

direct_____reverse

type

string

payinAddress

string

payoutAddress

usdc_____usdt

fromCurrency

xrp

toCurrency

matic

fromNetwork

xrp

toNetwork

string

changeNowIdTx

string

status

string

txnHash

number

userId

FK

Date

createdAt

Date

updatedAt

Scroll to zoom · drag to pan · vector (sharp at any zoom).
For a per-table breakdown (each table + its relations), switch to the Architecture Explorer.