Technical Architecture

The Gateway Philosophy in Code

Discover how ZenoAuth implements the ancient wisdom of Citium in modern software architecture. A single, logical gateway built on Rust's performance and PostgreSQL's reliability.

System Architecture

ZenoAuth Technical Architecture Diagram - Modern Glass Morphism Design

Security Architecture

Cryptographic Foundation

Modern Cryptography
# JWT Signatures Algorithm: Ed25519 Key Size: 256 bits Performance: ~64,000 signatures/sec # Password Hashing Algorithm: Argon2id Memory: 65536 KB Iterations: 3 Parallelism: 4 # TLS Configuration Version: TLS 1.3 Ciphers: ChaCha20-Poly1305, AES-256-GCM HSTS: max-age=31536000

Zero-Trust Model

Authentication Pipeline

  1. Request Validation: Schema, rate limits, origin
  2. Identity Verification: Credentials, MFA, device trust
  3. Authorization Check: Scopes, permissions, policies
  4. Token Generation: Ed25519 signing, claims validation
  5. Session Creation: Secure storage, expiry management
  6. Audit Logging: Event correlation, anomaly detection

Database Architecture

Core Schema Design
-- Multi-tenant Organizations CREATE TABLE organizations ( id UUID PRIMARY KEY DEFAULT gen_random_uuid(), name VARCHAR(255) NOT NULL, slug VARCHAR(100) UNIQUE NOT NULL, settings JSONB DEFAULT '{}', created_at TIMESTAMP WITH TIME ZONE DEFAULT NOW() ); -- Users with Flexible Attributes CREATE TABLE users ( id UUID PRIMARY KEY DEFAULT gen_random_uuid(), organization_id UUID NOT NULL REFERENCES organizations(id), email VARCHAR(255) NOT NULL, password_hash VARCHAR(255), profile JSONB DEFAULT '{}', is_active BOOLEAN DEFAULT true, created_at TIMESTAMP WITH TIME ZONE DEFAULT NOW() ); -- OAuth Applications CREATE TABLE applications ( id UUID PRIMARY KEY DEFAULT gen_random_uuid(), organization_id UUID NOT NULL REFERENCES organizations(id), client_id VARCHAR(255) UNIQUE NOT NULL, client_secret_hash VARCHAR(255), redirect_uris TEXT[], allowed_scopes TEXT[], settings JSONB DEFAULT '{}' ); -- Session Management CREATE TABLE sessions ( id UUID PRIMARY KEY DEFAULT gen_random_uuid(), user_id UUID NOT NULL REFERENCES users(id), session_token VARCHAR(255) UNIQUE NOT NULL, expires_at TIMESTAMP WITH TIME ZONE NOT NULL, metadata JSONB DEFAULT '{}' );

JSONB Flexibility

Store dynamic user profiles, application settings, and audit metadata without schema migrations.

UUID Everywhere

Globally unique identifiers prevent ID enumeration attacks and enable distributed systems.

Built-in Indexing

GIN indexes on JSONB columns, composite indexes on query patterns, and full-text search ready.

Performance Profile

Response Times (P95)

Authentication 47ms avg
Token Validation < 8ms
SSO Integration < 120ms
Database Query < 15ms

Throughput

Concurrent Users 10,000+
Operations/Second 15,000+
Memory Usage ~50MB
CPU (Idle) < 3%

Scalability

Horizontal Scaling ✅ Stateless
Read Replicas ✅ Supported
Connection Pooling ✅ Built-in
Cache Hit Rate 90%+

Implementation Philosophy

The Rust Advantage

Memory safety without garbage collection, zero-cost abstractions with predictable performance.

# Web Framework Axum: Modern async HTTP framework Tower: Middleware and service abstractions Hyper: High-performance HTTP implementation # Database SQLx: Compile-time checked queries Connection pooling: bb8 + SQLx Migrations: Embedded and versioned # Security Ed25519: ed25519-dalek crate Argon2: argon2 crate (PHC standard) JWT: jsonwebtoken + custom validation

Design Principles

Stoic Engineering

  • Control Dependencies: Minimize external dependencies to what can be controlled
  • Logical Design: Every architectural decision based on first principles
  • Predictable Behavior: No surprises, no magic, clear failure modes
  • Rational Security: Security through logic, not obscurity
  • Gateway Focus: One service, one purpose, complete control

"The Logic of Access"

Zeno taught that virtue comes from living according to nature and reason. ZenoAuth applies this philosophy to authentication: natural simplicity, reasonable security, logical architecture.