doc: architecture and authentication

author: Sam Anthony <sam@samanthony.xyz> 2026-03-06 16:31:54 -0500
committer: Sam Anthony <sam@samanthony.xyz> 2026-03-06 16:31:54 -0500
commit: d8671aa47dd0472b9779918a7a9cdddf9bfde355 (patch)
tree: 8f3a202b23fa8e50191ac299fff67453cea7d17c /doc/arch.md
parent: 0dda0350dec5e82be8e5a7767c7f0a56c0d48c94 (diff)
download: buth-d8671aa47dd0472b9779918a7a9cdddf9bfde355.zip
1 files changed, 35 insertions, 0 deletions
diff --git a/doc/arch.md b/doc/arch.md
new file mode 100644
index 0000000..faac44e
--- /dev/null
+++ b/doc/arch.md
@@ -0,0 +1,35 @@
+
+# Architecture
+
+Intended to be deployed on OpenBSD.
+
+- LAN
+	- shop.samanthony.xyz
+		- Basic web server, e.g. httpd(8)
+		- Serves static HTML files
+		- Serves scripts (js/wasm) including htmx.js
+	- api.shop.samanthony.xyz
+		- `buthapi` API server
+		- Serves htmx fragments
+		- Serves 9P {/cart, /checkout} to authenticated clients via websockets
+	- auth.shop.samanthony.xyz
+		- `buthauth` web authentication gateway
+		- Client-facing HTTP interface to authfs
+		- Handles registration and login forms
+	- authfs
+		- `buthauthfs` daemon
+		- Persistent user database
+		- Stores password hashes
+		- Manages client sessions
+		- Serves 9P to api and auth servers
+	- relay
+		- relayd(8)
+		- TLS proxy/gateway
+- WAN
+	- Client web browser
+		- HTML renderer, js/wasm interpreter
+		- Generates and stores its session ID (in a cookie)
+
+The LAN could be either a single OpenBSD host, several vmd(8) VMs, or several machines in a VPN, e.g. Tailscale.
+
+![[arch.png]]
author	Sam Anthony <sam@samanthony.xyz>	2026-03-06 16:31:54 -0500
committer	Sam Anthony <sam@samanthony.xyz>	2026-03-06 16:31:54 -0500
commit	d8671aa47dd0472b9779918a7a9cdddf9bfde355 (patch)
tree	8f3a202b23fa8e50191ac299fff67453cea7d17c /doc/arch.md
parent	0dda0350dec5e82be8e5a7767c7f0a56c0d48c94 (diff)
download	buth-d8671aa47dd0472b9779918a7a9cdddf9bfde355.zip