Architecture
Ezvento is a multi-tenant POS & Inventory SaaS built on Next.js 16 with strict tenant isolation, RBAC v2, and a modern React 19 + Tailwind v4 stack. This page documents every layer of the system.
Tech Stack
Multi-Tenant Model
Tenant Isolation
Authentication Flow
Session Management
| Feature | Implementation | Source |
|---|---|---|
| Lazy Session Creation | Anchored to the JWT jti claim. On first call to ensureSession(), a Session row is INSERTed with the current permissionVersion snapshot. | src/lib/auth/sessions.ts |
| Session Revocation | revokeSession(sessionId, revokedById) sets revokedAt.revokeAllUserSessions(userId) force-logs out all devices. Revoked sessions fail validation on the next request. | src/lib/auth/sessions.ts |
| Permission Version Check | User.permissionVersion increments on role/permission changes.checkPermissionVersion() compares the JWT snapshot against the DB. Mismatch forces re-authentication (the user refreshes their JWT on next login). | src/lib/auth/permission-version.ts |
| Scope Binding | bindSessionScope(sessionId, scopeType, scopeIds) locks a session to a specific store, counter, or warehouse. Cashier sessions are bound to a COUNTERand optionally a Shift. | src/lib/auth/sessions.ts |
| Session Listing | listActiveSessions(userId) returns all non-revoked, non-expired sessions with device fingerprint, IP, user agent, and last active timestamp. | src/lib/auth/sessions.ts |