Core Concepts

Flowfull is built on 7 portable, language-agnostic concepts that work in any technology stack. These concepts are the foundation of the Pubflow architecture and can be implemented in Node.js, Go, Python, Rust, or any other language.

The 7 Core Concepts

1. 🌉 Bridge Validation

Distributed authentication system that validates user sessions from Flowless (core auth) to your Flowfull backend.

Key Features:

• Session validation with Flowless integration
• LRU cache for performance (97% hit rate)
• Automatic fallback to Flowless API
• Device-bound sessions with IP/User-Agent validation

Use Case: Authenticate users without building your own auth system.

---

2. 🔒 Validation Modes

Layered security system with configurable validation levels.

Modes:

• DISABLED - No validation (development only)
• STANDARD - IP address validation
• ADVANCED - IP + User-Agent validation
• STRICT - IP + User-Agent + Device ID validation

Use Case: Configure security based on your application's needs.

---

3. ⚡ HybridCache

3-tier caching system for lightning-fast performance.

Architecture:

1. LRU Cache (Memory) - 1-2ms response time
2. Redis Cache (Shared) - 5-10ms response time
3. Database (Source of truth) - 20-50ms response time

Performance: 97% cache hit rate, 50x faster responses

Use Case: Scale your backend to millions of requests with minimal database load.

---

4. 🔐 Trust Tokens (PASETO)

Cryptographically secure tokens using PASETO v4 with Ed25519 signatures.

Features:

• Email verification tokens
• Password reset tokens
• Organization invitations
• API access tokens
• 6 layers of security validation

Use Case: Implement secure, single-use tokens for sensitive operations.

---

5. 🛡️ Auth Middleware

Flexible route protection with middleware patterns.

Patterns:

• requireAuth() - Require authenticated user
• optionalAuth() - Optional authentication
• requireUserType() - Require specific user type
• requirePermission() - Require specific permission

Use Case: Protect your API routes with minimal code.

---

6. 🗄️ Multi-Database Support

Database abstraction supporting multiple database types.

Supported Databases:

• PostgreSQL
• MySQL
• LibSQL/Turso
• Neon (Serverless Postgres)
• PlanetScale (Serverless MySQL)

Use Case: Switch databases without changing your code.

---

7. ⚙️ Environment Configuration

Type-safe configuration with Zod validation.

Features:

• Zod-validated environment variables
• Fail-fast validation on startup
• Auto-detection of database type
• Clear error messages

Use Case: Prevent runtime errors from misconfiguration.

---

Why These Concepts?

🌍 Language Agnostic

These concepts are portable - they work in any language:

// Node.js/TypeScript
app.get('/api/profile', requireAuth(), async (c) => {
  const userId = c.get('user_id');
  return c.json({ profile: await getProfile(userId) });
});

// Go
func ProfileHandler(w http.ResponseWriter, r *http.Request) {
    userId := r.Context().Value("user_id").(string)
    profile := getProfile(userId)
    json.NewEncoder(w).Encode(profile)
}

# Python
@app.get("/api/profile")
@require_auth
async def profile(user_id: str = Depends(get_user_id)):
    profile = await get_profile(user_id)
    return {"profile": profile}

🚀 Production Ready

These concepts are battle-tested and used in many production systems worldwide.

📖 Well Documented

Each concept has:

• ✅ Detailed explanation
• ✅ Architecture diagrams
• ✅ Real-world examples
• ✅ Implementation guides
• ✅ Best practices
• ✅ Troubleshooting

Next Steps

Choose a concept to learn more:

Essential Concepts (Start here):

• Bridge Validation - Connect to Flowless
• Auth Middleware - Protect your routes

Performance Concepts:

• HybridCache - 50x faster responses
• Validation Modes - Configure security

Advanced Concepts:

• Trust Tokens - Secure tokens
• Multi-Database - Database flexibility
• Environment Config - Type-safe config

Implementation Guides

Ready to implement these concepts?

• 📖 Getting Started - Build your first backend
• 🚀 30-Minute Tutorial - Complete walkthrough
• 📚 Guides - Feature-specific guides

Need Help?

If you need support, assistance, or want us to build your backend for you:

• 🌐 Notside.com - Technology firm specializing in Pubflow implementations
• 📧 Email: contact@notside.com
• 💼 Services: Custom backend development, consulting, and enterprise support