Skip to content

System Overview

This is a medium-level view of CodeSCE — enough to understand how the pieces fit, without diving into every module. The system is a fairly classic client → API → data-store shape, with a few external services for payments and auth.

Desktop AppElectron shellWeb Browsercodesce.comBackend API — Node / Expressauth · studio · payments · secure downloadsNOWPaymentsUSDT (TRC-20)OAuthGoogle · GitHubPostgreSQLusers · modules · ordersCloudflare R2module · ui · readmeRedisoptional · shared state

The components

Frontend (auth + app)

The interface is a set of static pages (HTML/CSS/JS) served by the backend. Shared logic follows the repo's module pattern — classic <script defer> files that attach to window, with no build step and no ES modules. The same pages run in the browser and inside the desktop app's window.

Authentication pages live on a dedicated auth origin (auth.codesce.com) so that OAuth start, callback, and session all share one origin — which is also what makes the desktop deep-link sign-in work.

Backend (API)

A Node.js + Express application. It owns everything: serving the frontend, OAuth sign-in, the Studio upload + security pipeline, payment invoices and the verified IPN webhook, and gated, signed downloads. It runs behind a proxy in production (deployed on Render).

Database (PostgreSQL)

PostgreSQL is the system of record — users, sessions, modules (including each module's config_schema), payment orders, and purchases. The schema is created at startup rather than via external migrations. A JSON-file fallback mode exists for lightweight local/development runs.

Storage (modules)

Module files live in Cloudflare R2 (S3-compatible object storage), not on the app server's disk. Files are split by visibility:

  • private/ — the paid Module ZIP and UI (never served directly).
  • public/ — the README.

Private files are reachable only through ownership-checked routes, and delivered as short-lived, watermarked downloads.

Redis (optional)

When available, Redis holds shared, cross-instance state: rate-limit and fraud counters, one-time download-token tracking, and payment IPN idempotency. If it's absent or down, each instance falls back to in-memory state — fail-open, so the platform keeps working.

External services

  • NOWPayments — processes crypto payments (USDT on Tron) and sends the signed IPN that confirms ownership.
  • Google / GitHub OAuth — the only sign-in methods.

Next step

See how these components collaborate in the three Core Flows →.

Built for developers who ship.