sboulahtit/orion
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
74bbf847024bc0f26bd6ec637d2bd7e4eafa7267
orion/docs/architecture/url-routing/overview.md
Samir Boulahtit e0b69f5a7d refactor(customers): migrate routes to module with auto-discovery 
- Move customer route implementations to app/modules/customers/routes/
- Convert legacy app/api/v1/{admin,vendor}/customers.py to re-exports
- Update router registrations to use module routers with access control
- Fix CustomerListResponse pagination (page/per_page/total_pages)
- Update URL routing docs to use storefront consistently
- Fix mkdocs.yml nav references (shop -> storefront)
- Fix broken doc links in logging.md and cdn-fallback-strategy.md

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-30 23:24:10 +01:00

532 lines
21 KiB
Markdown
Raw Blame History

# Wizamart Multi-Tenant URL Routing Guide
## Quick Answer
**How do customers access a vendor's storefront in Wizamart?**
There are three ways depending on the deployment mode:
**⚠️ Important:** This guide describes **customer-facing storefront routes**. For vendor dashboard/management routes, see [Vendor Frontend Architecture](../../frontend/vendor/architecture.md). The storefront uses `/vendors/{code}/storefront/*` (plural) in path-based mode, while the vendor dashboard uses `/vendor/{code}/*` (singular).
### 1. **SUBDOMAIN MODE** (Production - Recommended)
```
https://VENDOR_SUBDOMAIN.platform.com/storefront/products
Example:
https://acme.wizamart.com/storefront/products
https://techpro.wizamart.com/storefront/categories/electronics
```
### 2. **CUSTOM DOMAIN MODE** (Production - Premium)
```
https://VENDOR_CUSTOM_DOMAIN/storefront/products
Example:
https://store.acmecorp.com/storefront/products
https://shop.techpro.io/storefront/cart
```
### 3. **PATH-BASED MODE** (Development Only)
```
http://localhost:PORT/platforms/PLATFORM_CODE/vendors/VENDOR_CODE/storefront/products
Example:
http://localhost:8000/platforms/oms/vendors/acme/storefront/products
http://localhost:8000/platforms/loyalty/vendors/techpro/storefront/checkout
```
---
## Multi-Platform URL Routing
Wizamart supports multiple platforms (OMS, Loyalty, Site Builder), each with its own marketing site and vendor ecosystem.
### Platform URL Structure
#### Development Mode (localhost)
| URL | What it serves |
|-----|----------------|
| `/` | Main marketing site homepage (`main` platform) |
| `/about` | Main marketing site about page |
| `/platforms/oms/` | OMS platform homepage |
| `/platforms/oms/pricing` | OMS platform pricing page |
| `/platforms/oms/vendors/{code}/storefront/` | Vendor storefront on OMS |
| `/platforms/oms/admin/` | Admin panel for OMS platform |
| `/platforms/oms/vendor/{code}/` | Vendor dashboard on OMS |
| `/platforms/loyalty/` | Loyalty platform homepage |
| `/platforms/loyalty/features` | Loyalty platform features page |
#### Production Mode (custom domains)
| URL | What it serves |
|-----|----------------|
| `wizamart.lu/` | Main marketing site homepage |
| `wizamart.lu/about` | Main marketing site about page |
| `oms.lu/` | OMS platform homepage |
| `oms.lu/pricing` | OMS platform pricing page |
| `oms.lu/admin/` | Admin panel for OMS platform |
| `oms.lu/vendor/{code}/` | Vendor dashboard on OMS |
| `https://mybakery.lu/storefront/` | Vendor storefront (vendor's custom domain) |
| `loyalty.lu/` | Loyalty platform homepage |
**Note:** In production, vendors configure their own custom domains for storefronts. The platform domain (e.g., `oms.lu`) is used for admin and vendor dashboards, while storefronts use vendor-owned domains.
### Quick Reference by Platform
#### For "oms" Platform
```
Dev:
Platform: http://localhost:8000/platforms/oms/
Admin: http://localhost:8000/platforms/oms/admin/
Vendor: http://localhost:8000/platforms/oms/vendor/{vendor_code}/
Storefront: http://localhost:8000/platforms/oms/vendors/{vendor_code}/storefront/
Prod:
Platform: https://oms.lu/
Admin: https://oms.lu/admin/
Vendor: https://oms.lu/vendor/{vendor_code}/
Storefront: https://mybakery.lu/storefront/ (vendor's custom domain)
```
#### For "loyalty" Platform
```
Dev:
Platform: http://localhost:8000/platforms/loyalty/
Admin: http://localhost:8000/platforms/loyalty/admin/
Vendor: http://localhost:8000/platforms/loyalty/vendor/{vendor_code}/
Storefront: http://localhost:8000/platforms/loyalty/vendors/{vendor_code}/storefront/
Prod:
Platform: https://loyalty.lu/
Admin: https://loyalty.lu/admin/
Vendor: https://loyalty.lu/vendor/{vendor_code}/
Storefront: https://myrewards.lu/storefront/ (vendor's custom domain)
```
### Platform Routing Logic
```
Request arrives
┌─────────────────────────────────────┐
│ Check: Is this production domain? │
│ (oms.lu, loyalty.lu, etc.) │
└─────────────────────────────────────┘
├── YES → Route to that platform
▼ NO (localhost)
┌─────────────────────────────────────┐
│ Check: Does path start with │
│ /platforms/{code}/ ? │
└─────────────────────────────────────┘
├── YES → Strip prefix, route to platform
│ /platforms/oms/pricing → /pricing on OMS
▼ NO
┌─────────────────────────────────────┐
│ Route to MAIN MARKETING SITE │
│ (no platform context) │
│ /faq → Main site FAQ page │
└─────────────────────────────────────┘
```
### Platform Codes
| Platform | Code | Dev URL | Prod Domain |
|----------|------|---------|-------------|
| Main Marketing | `main` | `localhost:8000/` | `wizamart.lu` |
| OMS | `oms` | `localhost:8000/platforms/oms/` | `oms.lu` |
| Loyalty | `loyalty` | `localhost:8000/platforms/loyalty/` | `loyalty.lu` |
| Site Builder | `site-builder` | `localhost:8000/platforms/site-builder/` | `sitebuilder.lu` |
**See:** [Multi-Platform CMS Architecture](../multi-platform-cms.md) for content management details.
---
## Three Deployment Modes Explained
### 1. SUBDOMAIN MODE (Production - Recommended)
**URL Pattern:** `https://VENDOR_SUBDOMAIN.platform.com/storefront/...`
**Example:**
- Vendor subdomain: `acme`
- Platform domain: `wizamart.com`
- Customer Storefront URL: `https://acme.wizamart.com/storefront/products`
- Product Detail: `https://acme.wizamart.com/storefront/products/123`
**How It Works:**
1. Customer visits `https://acme.wizamart.com/storefront/products`
2. `vendor_context_middleware` detects subdomain `"acme"`
3. Queries: `SELECT * FROM vendors WHERE subdomain = 'acme'`
4. Finds Vendor with ID=1 (ACME Store)
5. Sets `request.state.vendor = Vendor(ACME Store)`
6. `context_middleware` detects it's a STOREFRONT request
7. `theme_context_middleware` loads ACME's theme
8. Routes to `storefront_pages.py``storefront_products_page()`
9. Renders template with ACME's colors, logo, and products
**Advantages:**
- Single SSL certificate for all vendors (*.wizamart.com)
- Easy to manage DNS (just add subdomains)
- Customers don't need to bring their own domain
---
### 2. CUSTOM DOMAIN MODE (Production - Premium)
**URL Pattern:** `https://CUSTOM_DOMAIN/storefront/...`
**Example:**
- Vendor name: "ACME Store"
- Custom domain: `store.acme-corp.com`
- Customer Storefront URL: `https://store.acme-corp.com/storefront/products`
**Database Setup:**
```sql
-- vendors table
id | name | subdomain
1 | ACME Store | acme
-- vendor_domains table (links custom domains to vendors)
id | vendor_id | domain | is_active | is_verified
1 | 1 | store.acme-corp.com | true | true
```
**How It Works:**
1. Customer visits `https://store.acme-corp.com/storefront/products`
2. `vendor_context_middleware` detects custom domain (not *.wizamart.com, not localhost)
3. Normalizes domain to `"store.acme-corp.com"`
4. Queries: `SELECT * FROM vendor_domains WHERE domain = 'store.acme-corp.com'`
5. Finds `VendorDomain` with `vendor_id = 1`
6. Joins to get `Vendor(ACME Store)`
7. Rest is same as subdomain mode...
**Advantages:**
- Professional branding with vendor's own domain
- Better for premium vendors
- Vendor controls the domain
**Considerations:**
- Each vendor needs their own SSL certificate
- Vendor must own and configure the domain
---
### 3. PATH-BASED MODE (Development Only)
**URL Pattern:** `http://localhost:PORT/platforms/PLATFORM_CODE/vendors/VENDOR_CODE/storefront/...`
**Example:**
- Development: `http://localhost:8000/platforms/oms/vendors/acme/storefront/products`
- With port: `http://localhost:8000/platforms/loyalty/vendors/acme/storefront/products/123`
**How It Works:**
1. Developer visits `http://localhost:8000/platforms/oms/vendors/acme/storefront/products`
2. Platform middleware detects `/platforms/oms/` prefix, sets platform context
3. `vendor_context_middleware` detects path-based routing pattern `/vendors/acme/...`
4. Extracts vendor code `"acme"` from the path
5. Looks up Vendor: `SELECT * FROM vendors WHERE subdomain = 'acme'`
6. Sets `request.state.vendor = Vendor(acme)`
7. Routes to storefront pages
**Advantages:**
- Perfect for local development
- No need to configure DNS/domains
- Test multiple vendors and platforms easily without domain setup
**Limitations:**
- Only for development (not production-ready)
- All vendors share same localhost address
---
## Complete Route Examples
### Subdomain/Custom Domain (PRODUCTION)
```
https://acme.wizamart.com/storefront/ → Homepage
https://acme.wizamart.com/storefront/products → Product Catalog
https://acme.wizamart.com/storefront/products/123 → Product Detail
https://acme.wizamart.com/storefront/categories/electronics → Category Page
https://acme.wizamart.com/storefront/cart → Shopping Cart
https://acme.wizamart.com/storefront/checkout → Checkout
https://acme.wizamart.com/storefront/search?q=laptop → Search Results
https://acme.wizamart.com/storefront/account/login → Customer Login
https://acme.wizamart.com/storefront/account/dashboard → Account Dashboard (Auth Required)
https://acme.wizamart.com/storefront/account/orders → Order History (Auth Required)
https://acme.wizamart.com/storefront/account/profile → Profile (Auth Required)
```
### Path-Based (DEVELOPMENT)
```
http://localhost:8000/platforms/oms/vendors/acme/storefront/ → Homepage
http://localhost:8000/platforms/oms/vendors/acme/storefront/products → Products
http://localhost:8000/platforms/oms/vendors/acme/storefront/products/123 → Product Detail
http://localhost:8000/platforms/oms/vendors/acme/storefront/cart → Cart
http://localhost:8000/platforms/oms/vendors/acme/storefront/checkout → Checkout
http://localhost:8000/platforms/oms/vendors/acme/storefront/account/login → Login
```
### API Endpoints (Same for All Modes)
```
GET /api/v1/storefront/vendors/1/products → Get vendor products
GET /api/v1/storefront/vendors/1/products/123 → Get product details
POST /api/v1/storefront/vendors/1/products/{id}/reviews → Add product review
```
---
## How Vendor Isolation Works
### Multi-Layer Enforcement
**Layer 1: URL Routing**
- Vendor is detected from subdomain, custom domain, or path
- Each vendor gets their own request context
**Layer 2: Middleware**
- `request.state.vendor` is set to the detected Vendor object
- All downstream code can access the vendor
**Layer 3: Database Queries**
- All queries must include `WHERE vendor_id = ?`
- Product queries: `SELECT * FROM products WHERE vendor_id = 1`
- Order queries: `SELECT * FROM orders WHERE vendor_id = 1`
**Layer 4: API Authorization**
- Endpoints verify the vendor matches the request vendor
- Customers can only see their own vendor's products
### Example: No Cross-Vendor Leakage
```python
# Customer on acme.wizamart.com tries to access TechPro's products
# They make API call to /api/v1/storefront/vendors/2/products
# Backend checks:
vendor = get_vendor_from_request(request) # Returns Vendor(id=1, name="ACME")
if vendor.id != requested_vendor_id: # if 1 != 2
raise UnauthorizedStorefrontAccessException()
```
---
## Request Lifecycle: Complete Flow
### Scenario: Customer visits `https://acme.wizamart.com/storefront/products`
```
┌─────────────────────────────────────────────────────────────────┐
│ 1. REQUEST ARRIVES │
└─────────────────────────────────────────────────────────────────┘
method: GET
host: acme.wizamart.com
path: /storefront/products
┌─────────────────────────────────────────────────────────────────┐
│ 2. MIDDLEWARE CHAIN │
└─────────────────────────────────────────────────────────────────┘
A) vendor_context_middleware
├─ Detects host: "acme.wizamart.com"
├─ Extracts subdomain: "acme"
├─ Queries: SELECT * FROM vendors WHERE subdomain = 'acme'
└─ Sets: request.state.vendor = Vendor(ACME Store)
B) context_middleware
├─ Checks path: "/storefront/products"
├─ Has request.state.vendor? YES
└─ Sets: request.state.context_type = RequestContext.STOREFRONT
C) theme_context_middleware
├─ Queries: SELECT * FROM vendor_themes WHERE vendor_id = 1
└─ Sets: request.state.theme = {...ACME's theme...}
┌─────────────────────────────────────────────────────────────────┐
│ 3. ROUTE MATCHING │
└─────────────────────────────────────────────────────────────────┘
Path: /storefront/products
Matches: @router.get("/storefront/products")
Handler: storefront_products_page(request)
┌─────────────────────────────────────────────────────────────────┐
│ 4. HANDLER EXECUTES │
└─────────────────────────────────────────────────────────────────┘
@router.get("/storefront/products", response_class=HTMLResponse)
async def storefront_products_page(request: Request):
return templates.TemplateResponse(
"storefront/products.html",
{"request": request}
)
┌─────────────────────────────────────────────────────────────────┐
│ 5. TEMPLATE RENDERS │
└─────────────────────────────────────────────────────────────────┘
Template accesses:
├─ request.state.vendor.name → "ACME Store"
├─ request.state.theme.colors.primary → "#FF6B6B"
├─ request.state.theme.branding.logo → "acme-logo.png"
└─ Products will load via JavaScript API call
┌─────────────────────────────────────────────────────────────────┐
│ 6. JAVASCRIPT LOADS PRODUCTS (Client-Side) │
└─────────────────────────────────────────────────────────────────┘
fetch(`/api/v1/storefront/vendors/1/products`)
.then(data => renderProducts(data.products, {theme}))
┌─────────────────────────────────────────────────────────────────┐
│ 7. RESPONSE SENT │
└─────────────────────────────────────────────────────────────────┘
HTML with ACME's colors, logo, and products
```
---
## Theme Integration
Each vendor's storefront is fully branded with their custom theme:
```python
# Theme loaded for https://acme.wizamart.com
request.state.theme = {
"theme_name": "modern",
"colors": {
"primary": "#FF6B6B",
"secondary": "#FF8787",
"accent": "#FF5252",
"background": "#ffffff",
"text": "#1f2937"
},
"branding": {
"logo": "acme-logo.png",
"favicon": "acme-favicon.ico",
"banner": "acme-banner.jpg"
},
"fonts": {
"heading": "Poppins, sans-serif",
"body": "Inter, sans-serif"
}
}
```
In Jinja2 template:
```html
<style>
:root {
--color-primary: {{ request.state.theme.colors.primary }};
--color-secondary: {{ request.state.theme.colors.secondary }};
}
</style>
<img src="{{ request.state.theme.branding.logo }}" alt="{{ request.state.vendor.name }}" />
<h1 style="font-family: {{ request.state.theme.fonts.heading }}">
Welcome to {{ request.state.vendor.name }}
</h1>
```
---
## Key Points for Understanding
### 1. Customer Perspective
- Customers just visit a URL (like any normal e-commerce site)
- They have no awareness it's a multi-tenant platform
- Each store looks completely separate and branded
### 2. Vendor Perspective
- Vendors can use a subdomain (free/standard): `acme.wizamart.com`
- Or their own custom domain (premium): `store.acme-corp.com`
- Both routes go to the exact same backend code
### 3. Developer Perspective
- The middleware layer detects which vendor is being accessed
- All business logic remains vendor-unaware
- Database queries automatically filtered by vendor
- No risk of data leakage because of multi-layer isolation
### 4. Tech Stack
- **Frontend:** Jinja2 templates + Alpine.js + Tailwind CSS
- **Backend:** FastAPI + SQLAlchemy
- **Auth:** JWT with vendor-scoped cookies
- **Database:** All tables have `vendor_id` foreign key
---
## Path-Based Routing Implementation
**Current Solution: Double Router Mounting**
The application handles path-based routing by registering storefront routes **twice** with different prefixes:
```python
# In main.py
app.include_router(storefront_pages.router, prefix="/storefront")
app.include_router(storefront_pages.router, prefix="/vendors/{vendor_code}/storefront")
```
**How This Works:**
1. **For Subdomain/Custom Domain Mode:**
- URL: `https://acme.wizamart.com/storefront/products`
- Matches: First router with `/storefront` prefix
- Route: `@router.get("/products")` → Full path: `/storefront/products`
2. **For Path-Based Development Mode:**
- URL: `http://localhost:8000/platforms/oms/vendors/acme/storefront/products`
- Platform middleware strips `/platforms/oms/` prefix, sets platform context
- Matches: Second router with `/vendors/{vendor_code}/storefront` prefix
- Route: `@router.get("/products")` → Full path: `/vendors/{vendor_code}/storefront/products`
- Bonus: `vendor_code` available as path parameter!
**Benefits:**
- ✅ No middleware complexity or path manipulation
- ✅ FastAPI native routing
- ✅ Explicit and maintainable
- ✅ Vendor code accessible via path parameter when needed
- ✅ Both deployment modes supported cleanly
---
## Authentication in Multi-Tenant Storefront
Customer authentication uses vendor-scoped cookies:
```python
# Login sets cookie scoped to vendor's storefront
Set-Cookie: customer_token=eyJ...; Path=/storefront; HttpOnly; SameSite=Lax
# This prevents:
# - Tokens leaking across vendors
# - Cross-site request forgery
# - Cookie scope confusion in multi-tenant setup
```
---
## Summary Table
| Mode | URL | Use Case | SSL | DNS |
|------|-----|----------|-----|-----|
| Subdomain | `vendor.platform.com/storefront` | Production (standard) | *.platform.com | Add subdomains |
| Custom Domain | `vendor-domain.com/storefront` | Production (premium) | Per vendor | Vendor configures |
| Path-Based | `localhost:8000/platforms/{p}/vendors/{v}/storefront` | Development only | None | None |
---
## Next Steps
1. **For Production:** Use subdomain or custom domain mode
2. **For Development:** Use path-based mode locally
3. **For Deployment:** Configure DNS for subdomains or custom domains
4. **For Testing:** Create test vendors with different themes
5. **For Scaling:** Consider CDN for vendor-specific assets
---
Generated: January 30, 2026
Wizamart Version: Current Development
Reference in New Issue View Git Blame Copy Permalink