Tech Stack

1. Tech stack

The application is developed with the following technologies:
• Backend: ASP.NET 5, language: C#
• Frontend: Angular 12, languages: TypeScript, HTML, SCSS

The application was created as a ASP.NET Core Angular SPA project. This consists of a .NET Core project which acts as the API backend and an Angular project for the UI. The frontend and the backend are built and published as a single unit. In the production environment, the backend serves the front-end, which is a single page application (SPA).

The most important ASP.NET Core utilities & features used are:
• Entity Framework Core. An object relational-mapper (ORM) framework which supports database queries, change tracking, and schema migrations.
• Identity Core. Used for user identity information storage and management (users, roles, etc.)
• Brevo for transactional email sending.
• Ravnur used for encoding and streaming endpoints

The front end consists of an Angular 12 project. One of the greatest benefits of it is the SPA Architecture, which allows for higher decoupling and route management (server independent page navigations) One front-end worth-mentioning package used is Plyr.js, which is a highly accessible and customizable media player used for in-browser video content playback. The most important resources used in the application is “Ravnur advanced media management” service hosted in our own Azure account, with its corresponding Blob Storage.

2. Video Formats

Recommended video input formats and encoding:

1. MP4 – H264 codec @ 20-30Mbit in 1080p or 2160p (.mp4)
This extension and codec offer the best possible playback options (on both PC and Mac) while keeping file sizes and transfer time at a minimum. The downside is the heavy H264 compression that can cause issues if extensive color grading is required.

2. QuickTime – ProRes codecs in 1080p or 2160p (.mov)
We recommend using Apple ProRes LT or 442 HQ for optimal image quality on high end productions that require broadcast quality playback or extensive color-grading. This format might require double the file size and will increase transfer times and storage usage. Some PCs might also need to install additional software to play ProRes files.

3. Database

The application interacts with 2 SQL relational database, managed with Microsoft SQL Server Express:
• Data – stores all the business logic related data (application specific data like Videos, Collections, Folders, Tags, etc.) and user authentication information.
• Logs – stores various information related to API requests (timestamp, endpoint method, success state)

4. Security

a. JWT Bearer Authentication
After the user successfully logs in the application, they will be granted an JSON Web Token (JWT) which will be stored in the browser’s local storage.

b. Role based restrictions
On the API side, the requests are authorized with the role provided by the application to the user. This allows access to some endpoints only to the users that have the corresponding role associated. For example, only the users with admin role can perform administrative operations (e.g., create companies).

c. Application data security
The passwords for each user are hashed with salt, before being saved in the database. These are saved either at the account activation step or when the user changes their password. In a normal login attempt, the password is pushed through a secure (encrypted) connection and checked against the hash stored in the application’s database.

d. Video storage security
The videos are stored in an Azure Blob Storage account, and are automatically encrypted when uploading them, and decrypted when accessing them. Public access to blobs (video assets and related files) is disabled and all communication to the storage account must be done via a secure connection (HTTPS).

e. SSL Certificate
The application is secured with HTTPs (Hypertext Transfer Protocol secure) via an SSL (Secure Sockets Layer) certificate. This means that all request between the client (user browser) and the web server (API) is encrypted, making the communication between them trusted and secure.

5. Application hosting

The entire application with the database is hosted on a Windows operating machine, onto the Microsoft Azure platform. The application data is protected by the infrastructure Firewalls, IP rules, and visible only to the application itself, with no means to connect to database from outside the virtual machine in which it is hosted. The hosting infrastructure consists of 2 separate environments: Staging and Production, each of them having their own separate Virtual Machine with their corresponding IIS Web server application instance and database. While the security aspects are applied to both environments, the Staging one doesn’t store any ‘sensitive’ data, being used only for pre-production tests. The production machine is also configured to do a daily backup.

6. Deployment

All deployments (new releases) are done using CI/CD pipelines from Azure DevOps. After a feature or bug- fix pull request is verified and merged, the CI pipeline will automatically be triggered. This pipeline will build and publish the project and then trigger the CD pipeline.