vuer_oss

vuer_oss (Operator Side Server)

Role

FaceKom’s operator/admin backend. Handles video identification sessions, document management, workflow engine, face recognition, reporting, archive/export, and all database operations. The largest and most complex service in the FaceKom ecosystem.

Property	Value
Version	1.9.11
Runtime	Node.js >= 22.18.0
Repo	TechTeamer/vuer_oss
Path	/workspace/vuer_oss
ORM	Sequelize (@techteamer/sequelize fork v6.30.1)
Messaging	RabbitMQ via @techteamer/mq
Auth	Passport.js (6 strategies)
Services	~80+ registered in service container

Table of Contents

• Architecture Overview
• Entry Points & Boot Sequence
• Bootstrap & Initialization
• Service Container & Dependency Injection
• Configuration System
• Database Layer
• Web Server & Routes
• Authentication System
• Socket.IO Server
• RabbitMQ Queue System
• Transport Layer
• Computer Vision Integration
• OCR & Recognition
• Face Recognition
• Flow Engine
• Cron Jobs
• Background Processes
• Portal & Data Match
• Partner Integration
• Services Layer
• Cryptography & Security
• Logging & Diagnostics
• Audit Logging
• Email & SMS
• Media & Conversion
• Room Inspector
• Utility Modules
• Listeners & Event System
• Error Handling
• Hacks, Workarounds & Code Smells
• Security Concerns
• Architecture Patterns Summary
• Project Structure
• Testing
• Development
• Known Gotchas
• Recent Debugging (March 2026)
• Related

---

Architecture Overview

vuer_oss runs as 7 separate Supervisor-managed Node.js processes, all sharing the same codebase but with different entry points. All inter-service communication with vuer_css goes through RabbitMQ. Communication with vuer_cv happens over HTTP/WebSocket.

graph TB
    subgraph "vuer_oss Processes"
        MAIN["vuer_oss<br/>server.js<br/>:10080/:10081"]
        CRON["vuer_cron<br/>cron.js"]
        BG["vuer_background<br/>background.js"]
        CONV["vuer_oss_convert<br/>convert.js"]
        MEDIA["vuer_media<br/>media.js<br/>:10079"]
        STOR["vuer_oss_storage<br/>storage.js"]
        ILOG["vuer_integration_log<br/>integrationLog.js"]
    end

    subgraph "External"
        RMQ["RabbitMQ"]
        PG["PostgreSQL"]
        REDIS["Redis (HA)"]
        CSS["[[vuer_css]]"]
        CV["[[vuer_cv]]"]
        JANUS["Janus WebRTC"]
    end

    MAIN --> RMQ
    MAIN --> PG
    MAIN --> REDIS
    MAIN --> CV
    MAIN --> JANUS
    RMQ <--> CSS
    CRON --> RMQ
    CRON --> PG
    BG --> RMQ
    BG --> PG
    CONV --> RMQ
    MEDIA --> PG
    STOR --> RMQ
    ILOG --> RMQ
    ILOG --> PG

---

Entry Points & Boot Sequence

Process	Entry	Port	Purpose
vuer_oss	server.js	:10081 (HTTP), :10080 (Socket.IO)	Main web + socket server
vuer_cron	cron.js	-	Scheduled tasks (19+ possible cron jobs)
vuer_background	background.js	-	Long-running jobs (reports, exports, OCR)
vuer_oss_convert	convert.js	-	Video/audio transcoding (FFmpeg)
vuer_media	media.js	:10079	Authenticated media streaming
vuer_oss_storage	storage.js	-	File archival between storage engines
vuer_integration_log	integrationLog.js	-	API integration audit logging with encryption

All processes managed by Supervisor.

Common Boot Sequence

Every process follows the same pattern:

flowchart TD
    A["process-settings()"] --> B["process-listeners()"]
    B --> C["Load config"]
    C --> D["setupServices() — subset per process"]
    D --> E["Connect DB"]
    E --> F["Connect Redis (optional, HA)"]
    F --> G["Connect RabbitMQ"]
    G --> H["initServices()"]
    H --> I["setupQueue() — consumers/producers"]
    I --> J["customization hooks"]
    J --> K["Start — web/cron/queue"]
    K --> L["Emit system.start"]

server.js (Main Server)

• Instantiates ~80+ services into serviceContainer.service.*
• Starts both Express web server and Socket.IO server
• Emits system.start event at the very end, triggering audit log

background.js

• Handles reports, exports, OCR recognition, archives
• Subset of services — no socket, no web server, no transport pool
• RPC server for reports, archive, recognition, room export

cron.js

• Creates CronJob instances, stores in serviceContainer.cron, starts all
• 19+ possible cron jobs based on config

convert.js

• Minimal services — crypto, media file, hash, trusted timestamp, SFTP
• Consumes from queue-convert
• Pre-check: runs convert_check.js to verify FFmpeg availability

media.js

• Full WebServer instance but only with media routes, no Socket.IO
• Port 10079

storage.js

• Both server and client for queue-storage

integrationLog.js

• Creates daily encryption keys, has rate limiting, dumps on exit

---

Bootstrap & Initialization

process-settings.js

• Sets process.env.TZ = 'Etc/UTC'

Security: Global TLS Bypass

If config.settings.allowSelfSignedCerts is true, sets NODE_TLS_REJECT_UNAUTHORIZED = '0' — disables all TLS certificate verification globally. See security-audit.

process-listeners.js

• Registers uncaughtException, unhandledRejection, exit, SIGINT, SIGTERM
• When emitExitEvents=true (only in server.js), emits system.exit before exiting with 1-second delay
• Process warnings listener is optional via config

connection/db.js

• Creates Sequelize connection, runs migrations via CLI exec

Hack

Uses child_process.exec to run sequelize CLI for migrations rather than the programmatic API.

• Seeds default open hours (Mon-Fri 10:00-16:00) via checkStandardDays()

connection/rabbitmq.js

• Uses @techteamer/mq ConnectionPool
• Sets up serviceContainer queue infrastructure (rpcServer, rpcClient, queueServer, queueClient, publisher, subscriber)

Fatal Exit

On RabbitMQ connection close, calls process.exit(2) immediately — no graceful shutdown.

connection/redis.js

• Only connects if HARedis.config is set
• Used for HA waiting room
• Reconnect strategy: max 10 retries at 500ms intervals, then gives up

---

Service Container & Dependency Injection

File: server/service_container.js

The service container is a singleton module that serves as:

1. A DI container (serviceContainer.service.*)
2. An event bus (serviceContainer.emitter — a WildEmitter subclass called ServiceBus)
3. A registry for all major subsystems (db, dbModels, queue, io, transportPool, etc.)

God Object Pattern

The service container holds everything — 80+ services, DB, queue, socket, transport, etc. This is both the strength (easy to access anything) and the weakness (tight coupling, hard to test, hard to reason about lifecycle). See tech-debt.

ServiceBus

Extends WildEmitter with:

Method	Behavior
addHook(tag, handler)	Register hook handler
callHooks(tag, ...params)	Promise.all execution of all handlers for tag
callOnlyHook(tag, ...params)	Calls first registered hook only
registerOverride(name, fn)	Single-function override
callOverride(name, ...args, default)	Call override or default

Used for extensibility via customization/ directory.

Key Properties on serviceContainer

Property	Content
logger, auditLog, diagnostic	Infrastructure
db, dbModels, dbHelpers	Database layer
HARedisClient	Redis (HA waiting room)
queue, queueConnectionPool	RabbitMQ
rpcServer.*, rpcClient.*	RPC pattern
queueServer.*, queueClient.*	Queue pattern
publisher.*, subscriber.*	Pub/Sub pattern
transportPool, roomTransportStorage	Transport layer
io	Socket.IO server
webServer, webServerAuth, sessionStore	Web layer
service.*	~80+ business services
cron.*	Cron jobs (cron.js only)

---

Configuration System

File: config.js

• Uses getconfig library (reads from config/*.json based on NODE_ENV)
• Optional Spring Cloud Config Server integration with retry
• Custom config.get(path, default) and config.has(path) methods
• config.getSecureConfig(): Masks sensitive fields defined in security.sensitiveConfigFields
• config.traceConfig(): Flattens entire config to sorted string list for debugging

Feature	Details
Dev mode	Auto-generates hostnames from /etc/hostname
Travis CI mode	Hardcodes RabbitMQ to localhost
Version	Appends build number from .env file
CORS	Secure-by-default — replaces * with actual hostname
DB CA cert	Reads CA cert from file if path is provided
Custom type: Types.file	Reads file contents from disk as config value
Legacy migration	Verbose warnings for old Janus config format

Configuration Access

config.get('path.to.key', defaultValue)
config.has('key')

---

Database Layer

sequelize.js

• Creates Sequelize instance from config
• Default pool max: 100 connections
• Pool monitoring: 5-second interval checks utilization, warns at 40%, errors at 60%
• SQL logging only in dev mode

Monkey-Patches

• beforeFind/beforeCount hooks strip undefined values from WHERE clauses (workaround for Sequelize v6 breaking change)
• SIGUSR1 dumps connection pool loans, SIGUSR2 releases connections borrowed for >30 seconds

models.js

• 65 models instantiated with ~200+ associations
• Returns flat object of all model classes
• All models defined as factory functions: module.exports = (sequelize, DataTypes) => { ... }

Key Models & Relationships

Model	Relationships
Room	belongs to Customer, User; has many Activity, Feedback, MediaFile, Document
SelfServiceRoom	Parallel to Room but for self-service flow
Customer	Central entity; has many Room, SelfServiceRoom, Document, CustomerHistory
User	Operator; has many Room, Cert, Download, PasswordHistory, WebAuthnCredential, TotpKey
Flow	belongs to FlowProto, Customer, Room/SelfServiceRoom; has many Task
FlowProto	Workflow template; has many TaskProto, FlowScope, FlowResult, FlowTranslation
Attachment	Screenshot/file storage; can be encrypted (belongs to Encryption)
Encryption	Tracks encryption keys per customer/room
BackgroundProcess	belongs to User, Customer, Room, Flow, Task, Attachment, Document, MediaFile, Partner, PartnerService

helpers.js (~960 lines)

Shared DB helper functions used across the application:

Function	Purpose
getActivityLog(), getLastActivity()	Query activity logs
addCustomerActivity(), addOperatorActivity()	Create activity records
findRoomByOperator(), findRoomByCustomerId()	Room lookups
getOperatorRoomData()	Massive function assembling all data for video chat
getReplayData()	Even larger — complete replay data with all activities, flows, OCR
createAttachment()	Creates attachment with optional encryption
getDecryptedAttachmentBuffer()	Attachment retrieval with decryption
getFlowData()	Assembles flow data with tasks, scopes, results, actions
checkStandardDays()	Seeds default open hours for all calendars
switchActiveCert()	Switches active signing certificate for a user

Migrations

• Located in db/migrate/ using Umzug, numbered by timestamp
• Config files: .sequelize-config.js, .sequelizerc, .sequelizercBefore
• Pre-migration hooks in db/beforeMigrate/
• Also see server/db/migrationHelpers.js for migration utilities

See database-schema for full entity documentation.

---

Web Server & Routes

WebServer.js

Express application with extensive security middleware chain:

Order	Middleware	Purpose
1	IP filter	Optional IP blocking
2	Host header validation	Injection protection (validates against config.hosts)
3	Nonce generation	crypto.randomUUID() per request
4	User-Agent parsing	ua-parser-js
5	Helmet.js	CSP, HSTS, referrer policy, etc.
6	No-cache headers	Cache control
7	Per-path CSP	Nonce-based script/style sources
8	Body parser	URL-encoded, JSON, CSP reports
9	Cookie parser	Cookie handling
10	Log4js	Express request logging
11	Locale detection	cookie > query param > Accept-Language

CSP Relaxation

CSP is turned off for /api/document/ and /import-data/ paths. Dev mode adds unsafe-eval for Istanbul coverage.

Key WebServer Methods

Method	Purpose
setupSession()	Sequelize-backed session store, auto-destroy old sessions on login
setupSessionACLHandler()	Session-based ACL rules (path-to-permission mapping)
setupResourceAccessBypass()	RAB token system for accessing resources without full auth
setup405Handler()	Checks route methods, returns 405 for wrong HTTP method
setupDisasterHandler()	Maintenance mode that blocks all access except admin

routes.js (~350 lines, 70+ routes)

Routes cover: dashboard, login, password change, 2FA, WebAuthn, TOTP, video chat, replay, flows (list/view/editor/task/result CRUD), rooms, self-service rooms, customers, import data, callback requests, waiting list, appointments, open hours, audit log, feedbacks, reports, users (list/create/edit/disable/enable/password reset), system settings, documents, disaster mode, client errors, cron manager, archive/restore, media content, various API endpoints.

Security

Every route has CSRF protection (csurf) and ACL checks (isAllowed/anyAllowed). Many routes are conditionally registered based on config feature flags.

session.js

Function	Purpose
listSessions()	Finds all sessions for a user by parsing stored JSON
closeSession()	Destroys session by SID
onExpressSessionExpiry()	Monkey-patches SequelizeStore to emit events on session expiry

Performance

listSessions() iterates ALL sessions and parses JSON to find ones belonging to a specific user — O(n) scan with no index. See tech-debt.

---

Authentication System

File: server/web/WebServerAuth.js (~700 lines)

See authentication for full documentation.

Passport Strategies (6 total)

Strategy	Details
LocalStrategy	Username/password with rate limiting, account lockout, password expiry, audit logging, 2FA redirect
ActiveDirectoryStrategy	LDAP/AD auth; multiple AD configs; maps AD groups to roles; falls through on failure
SamlStrategy	SAML 2.0 SSO via @node-saml/passport-saml; extracts email, username, names from SAML attributes
WebAuthnStrategy	FIDO2/WebAuthn via passport-fido2-webauthn; challenge store in session; supports credential registration
TotpStrategy	Time-based OTP via passport-totp; paired with local auth as second factor
UniqueTokenStrategy	Custom token-based API auth: JWE (encrypted via JOSE keystore), JWT (signed), One-Time Login

Auth Flows

flowchart LR
    A["Login Request"] --> B{"Auth Type?"}
    B -->|Interactive| C["Local / AD / SAML"]
    B -->|Token| D["JWE / JWT / OTL"]
    C --> E{"2FA Required?"}
    E -->|Yes| F["SMS / TOTP / WebAuthn"]
    E -->|No| G["Session Created"]
    F --> G
    D --> G

auth.js (Socket-level)

Helper functions: isAuthorized(), hasRight(), doIfAuthorized(), doIfHasRight(), doIfHasRoom()

SocketTokenStorage.js

• JWT-based token for socket authentication
• Creates 2-minute tokens with userId, role, rules
• Verified on socket connection

---

Socket.IO Server

File: server/socket/socket-server.js

Creates Socket.IO server with config-based options. Registers 13+ event modules on each connection. Supports recovered connections (socket.io v4 feature).

Event Modules

Module	Purpose
client.js	Client connection/disconnection handling
auth.js	Socket authentication via JWT token
acl.js	Access control for socket events
pagevisit.js	Page visit tracking
echotest.js	WebRTC echo test
ping.js	Latency measurement
videochat.js	Core video chat events
videochat.validation.js	Customer validation during video chat
videochat.customerDataChange.js	Live customer data editing
videochat.flow.js	Flow execution during video chat
videochat.presentation.js	Document presentation mode
headerinfo.js	Header information updates
webrtclog.js	WebRTC logging
cert.js	Certificate management
waitinglist.js	Waiting list management
flow.js	Flow management (optional, ACL-gated)
cronManager.js	Cron job management (optional, ACL-gated)
customerdata.js	Customer data changes (optional, ACL-gated)

---

RabbitMQ Queue System

Uses @techteamer/mq library with 4 messaging patterns. See rabbitmq-communication for full queue documentation.

Architecture

Pattern	Count	Description
RPC Servers	30+	Request-response (server.js hosts most)
RPC Clients	15+	Callers for RPC servers
Queue Servers	15+	Async consumers
Queue Clients	10+	Async producers
Publishers	3	Fanout: CustomerKey, SettingsChange, BackgroundProcess
Subscribers	3	Fanout consumers (same 3)

Connection Management

• ConnectionPool with named connections
• Default connection for most queues
• Optional separate connection for esign module
• Optional connections marked as optional won’t crash on ECONNREFUSED

RPC Servers (30+)

Queue Name	Purpose
rpc-create-customer	Customer creation from CSS
rpc-customer-portal-data	Portal data lookup
rpc-jwt-auth	JWT authentication for CSS
rpc-device-change	Device change handling (short/long tokens)
rpc-get-customer	Customer retrieval
rpc-waiting-room	Waiting room management
rpc-videochat-oss	Video chat operations
rpc-callback-request	Callback request handling
rpc-openhours / rpc-openhours-calendars	Open hours
rpc-partner-service	Partner service operations
rpc-custom-content	Custom content
rpc-selfservice-actions	Self-service actions
rpc-selfservice-upload	Self-service file upload
rpc-selfservice-v2	Self-service v2 (JWT tokens, SMS, flow management)
rpc-vuer-portal	Portal operations
client-gate	Client gate verification
rpc-system-check	System health checks
rpc-jwt-kiosk-auth	Kiosk JWT auth
rpc-kiosk-alive-check	Kiosk heartbeat
rpc-media-content	Media content serving
rpc-identification-router	Identification routing (TODO: incomplete)
rpc-device-compatibility-check	Device compatibility
background	Background process management
rpc-appointment	Appointment management
rpc-document-upload/delete	Document operations
rpc-customer-documents / rpc-flow-documents	Document queries
rpc-presentation	Presentation mode
flow-autoclear	Automatic flow clearing
rpc-transport-oss	Transport layer (bidirectional with CSS)

RPC Clients

Queue Name	Purpose
css-ping, convert-ping, cron-ping, background-ping, media-ping	Health checks
rpc-system-oss	System operations
background-reports	Report generation
background-archive	Archive operations
kiosk-document-scan	Kiosk document scanning
rpc-portal-vuer	Portal queries
integration-log	Integration logging
background-recognition	OCR recognition
rpc-esign:external	E-signature (optional separate connection)
cronManager	Cron management
rpc-xml-report / rpc-xlsx-report	Report generation
rpc-transport-css	Transport layer

Queue Servers (Consumers)

Queue Name	Purpose
queue-feedback	Customer feedback
queue-videochat-oss	Video chat events
queue-customer-history	Customer history
queue-webrtc-log	WebRTC logs
queue-clienterror-log	Client error logs
queue-convert-state	Conversion status
queue-customer	Customer events
queue-job-status-change	Job status changes
queue-storage-state	Storage status
css-client-ping-result	CSS client ping results
kiosk-queue-document-scan	Kiosk scanning
queue-selfservice-events	Self-service events
queue-selfservice-cron	Self-service cron
queue-selfservice-v2	Self-service v2 events
queue-room-cron	Room auto-close
queue-transport-oss	Transport messages from CSS

Queue Clients (Producers)

Queue Name	Purpose
queue-service-bus	Service bus messages
queue-waiting-room	Waiting room events
queue-videochat-css	Video chat to CSS
queue-convert	Conversion requests
queue-job-status-change	Job status
queue-storage	Storage operations
queue-selfservice-css / queue-selfservice-v2-css	Self-service to CSS
queue-transport-css	Transport messages to CSS

SelfServiceV2 Queue

Signs JWT tokens for self-service sessions using config.jwt.secret. Masks credentials in queue messages: item.credential = 'secret'.

---

Transport Layer

Bidirectional communication layer between vuer_oss and vuer_css.

TransportPool.js

• Manages TransportSession instances in a Map
• Supports three operations: register, transaction (RPC), send (fire-and-forget)
• Auto-register: dynamically creates session instances from class name
• Path validation: checks that session class path is within /session/ directory to prevent path traversal

TransportSession.js (Base Class)

• Extends EventEmitter
• Methods: send(), transaction(), consume(), react(), destroy(), terminate()
• Uses UUID for session ID

Session Types

Type	Purpose	Size
RoomTransportSession	Video chat room transport	750+ lines
SelfServiceTransportSession	Self-service transport	-
EchoTransportSession	Echo test transport	-

Storage Types

Type	Purpose
RoomTransportStorage	Maps room IDs to transport sessions
SelfServiceTransportStorage	Maps self-service room IDs to transport sessions

---

Computer Vision Integration

Integration with vuer_cv for ML-powered identity verification.

CVApi.js (Base Class)

• Manages output classes, result validators, detection validators
• Default validators: confidence, lowestConfidence, averageConfidence, detectionCount
• Pattern: instruction → API call → output → validation

VuerCVWebSocket.js

• WebSocket client to vuer_cv
• Supports WebRTC signaling (offer/answer)
• Message types: webrtc, debug, general messages
• Logs all messages for debugging

VuerCVSession.js

Session lifecycle:

1. Connect to CV server via WebSocket
2. Initialize task
3. Connect Janus (if video room plugin available)
4. Handle debug messages (worker info)
5. Handle CV messages
6. Handle close/error

Vision APIs

API	Purpose
BarcodeDetectionApi / BarcodeDetectionV2Api	Barcode reading
DocumentRecognitionApi	Document recognition
FaceCompareApi	Face comparison
FaceDetectionApi	Face detection
FaceExtractionApi	Face extraction
MRZDetectionApi	MRZ (Machine Readable Zone) detection
SharpnessDetectionApi	Image sharpness check

VuerCVPADService.js

• Presentation Attack Detection service (anti-spoofing)

CV Task Types

ActionTask, DocumentTask, FaceTask, HoloTask, HoloV2Task, LivenessTask, LivenessV2Task, MRZTask, PadTask, SpeechTask

CV Internals

Module	Purpose
CVConfidenceScale	Confidence scoring
CVConstants	Error codes, recognition statuses
CVThreshold	Threshold management
CVValidation / CVValidator	Validation logic

---

OCR & Recognition

OCRRecognitionClient.js

• Central OCR client managing engines and document types
• Registered engines: VuerCVMRZDetector, VuerCVOCRRecognition
• Document types loaded from customization/ocr/documents/
• Pipeline: dispatchRecognition() → engine → parseRecognition() → validate
• Backward compatibility: maps old MrzDetector engine name to VuerCVMRZDetector

Engines

Engine	Purpose
VuerCVMRZDetector	MRZ detection via vuer_cv
VuerCVOCRRecognition	General OCR via vuer_cv

MRZ Processing

File	Purpose
MRZService.js	MRZ parsing and validation
MRZData.js	MRZ data structure
MRZDataField.js	Individual MRZ field

Recognition Pipeline

File	Purpose
RecognitionJob.js	Individual recognition job
RecognitionProcessor.js	Processes recognition requests
RecognitionDocument.js	Document recognition result
RecognitionField.js	Individual recognition field
RecognitionResults.js	Aggregated results
CharacterQuality.js	Character quality assessment
FieldPosition.js	Field position tracking
RecognitionFieldValidation.js	Field-level validation rules

---

Face Recognition

VuerCVFaceRecognitionEngine.js

• HTTP client to vuer_cv REST API
• Operations: uploadImage(), faceDetect(), faceDraw(), imageDownload(), faceCompare()
• Uses fetch() API (Node.js built-in)
• Supports additional face data for multiple faces in an image

Performance Concern

getHttpsAgent() creates a new agent per call — no connection reuse/pooling. Potential resource exhaustion under load. See tech-debt.

faceRecognitionHooks.js

• Hook registration for face recognition events
• TODO: videochat flow controlled screenshot + face compare

---

Flow Engine

Task-based workflow system with conditional routing and state management.

FlowService.js

• Central flow management service
• Loads flow handlers from customization/flow/{type}/{type}.flow.handler.js
• registerFlowHandlers() — sequential registration of all flows
• Access control: view.any, view.own, view.other with hook-based custom logic
• Uses ResourceLocker to prevent concurrent flow starts

FlowHandler.js (Base Class)

• Loads proto definitions from customization/flow/{name}/{name}.flow.proto.js
• Loads translations from customization/flow/{name}/{name}.flow.trans.js
• register() — creates FlowProto, TaskProto, FlowScope, FlowResult, FlowTranslation in DB
• Registers lifecycle hook: flow:{name}:create

Supporting Files

File	Purpose
FlowScopeMap.js	Maps flow scopes to user roles
FlowResultOptions.js	Flow result option management
FlowEditor.trans.js	Translation for flow editor UI
Flow.trans.js	Translation for flow UI

Predefined Flows

14 predefined flows in customization/flow/ (self-service, online verification, esign, etc.)

---

Cron Jobs

Base class: server/cron/CronJob.js

• Uses cronosjs for cron scheduling
• Supports timezone configuration
• States: stopped, scheduled, running
• Audit logging on each run (if configured)

Available Cron Jobs (19)

#	Job	Purpose
1	CleanupExpiredDownloadsCronJob	Cleanup expired downloads
2	ArchiveCronJob	Archive old rooms
3	DeleteExpiredURLCronJob	Delete expired shortened URLs
4	DeleteExpiredOneTimeLoginCronJob	Cleanup OTL tokens
5	CloseExpiredSelfServiceRoomsCronJob	Close stale self-service sessions
6	SelfServiceAutoAbortUnattendedCronJob	Auto-abort unattended sessions
7	DeactivateInactiveUserCronJob	Deactivate inactive users
8	CertExpiryCronJob	Handle certificate expiration
9	LtvReTimestampCronJob	Re-timestamp expired LTV documents
10	CleanUpExpiredAppointmentsCronJob	Cleanup old appointments
11	SendUsersXmlReportCronjob	Email XML user reports
12	AuditLogForwardCronJob	Forward audit logs
13	CreateDailyIntegrationLogKeyJob	Create daily encryption keys
14	DropIntegrationLogKeyAndPayloadJob	Purge old integration log keys
15	PreviousNoonRememberEmail	Appointment reminder emails (noon)
16	PreviousHalfHourRememberEmail	Appointment reminder emails (30 min)
17	TemporaryFileCleanupCronJob	Cleanup temp files
18	StorageUploadCronJob	Upload files to external storage

Extensibility

Additional cron jobs can be registered via customization/cron/ hooks.

---

Background Processes

Handler: server/backgroundProcess/BackgroundProcessHandler.js

Process Types

Process	Purpose
checkSanctionedPerson.process.js	Sanctions list checking
emrtd.process.js	eMRTD processing (spawns Java process with LANG/LC_ALL/JAVA_HOME env vars)
importedRoomExport.process.js	Export imported rooms
mergeAudioFile.process.js	Merge audio files (TODO: handle single-side case)
roomExport.process.js	Export room data
selfServiceRoomExport.process.js	Export self-service room data

---

Portal & Data Match

PortalDataBase.js

• Central customer data management class
• Field definitions (PortalFieldDefinition), section definitions (PortalSectionDefinition)
• Dynamic search fields
• Data display with translations
• TODO: implement dynamic fields in field definitions

Data Match

File	Purpose
DataMatchField.js	Field-level data matching
DataMatchRow.js	Row-level data matching

Supporting Files

PortalField.js, PortalFieldDefinition.js, PortalSectionDefinition.js, helpers.js

---

Partner Integration

PartnerServiceLogic.js

• Partner service business logic
• Tasks: videochat, waitingRoom, lobby
• hasVideochat() — checks if customer has active room
• hasFlow() — checks if customer has active flow
• Uses geoip-lite for IP geolocation
• Uses google-libphonenumber for phone number validation

---

Services Layer

~80+ services organized by domain. Each is registered in the service container during boot.

Customer & Identity

Service	Purpose
CustomerService	Customer CRUD
CustomerDataService	Customer data management
CustomerDataLiveUpdateService	Real-time customer data updates
CustomerDeleteService	Customer deletion (GDPR)
CustomerFilterService	Search/filter
CustomerHistoryService	Change history
CustomerKeyStorageService	Encryption key management per customer
ContactValidationService	Email/phone validation

Room & Session

Service	Purpose
RoomService	Room lifecycle management
SelfServiceRoomService	Self-service room management
SelfServiceV2Service	v2 self-service (1500+ lines, multiple TODOs)
SelfServiceCheckerService	Validation checks (TODO: mock implementations)
VideoChatService	Video chat management
WaitingRoomService	Waiting room (Redis-backed for HA)
DurableWaitingRoomService	Persistent waiting room
SocketService	Socket connection management
SocketSessionService	Socket session debugging

Flow & Workflow

Service	Purpose
FlowService	Core flow engine (see )
FlowLiveUpdateService	Real-time flow updates
FlowFilterService	Flow search/filter

Documents & Files

Service	Purpose
DocumentService	Document management
MediaFileService	Media file operations
MediaContentService	Media content serving
FileValidatorService	File validation (TODO: implement other file types)
TempFileService	Temporary file management
SystemDocumentService	System-level documents

Export & Reporting

Service	Purpose
ExportRoomPageService	Room export
ExportImportedRoomPageService	Imported room export
ExportSelfServiceRoomPageService	Self-service room export
ExportScreenshotsService	Screenshot export
ExportRawRoomVideoFilesService	Raw video export
ReportsService	Report generation
CallsReportService	Call reports
UsersReportService	User reports
FeedbackReportService	Feedback reports
SmsReportService	SMS reports
XlsxReportService	Excel report generation
XmlReportService	XML report generation
PDFBuilderService	PDF generation with components

Security & Auth

Service	Purpose
PasswordService	Password policy, hashing, temporary passwords
TokenService	JWT/JWE token management with JOSE keystore
RabService	Resource Access Bypass tokens
RateLimiterService	IP-based rate limiting
IpFilterService	IP filtering and monitoring
JWETokenStrategyService	JWE token auth
JWTTokenStrategyService	JWT token auth
OneTimeLoginService	One-time login links
TurnPasswordService	TURN server credentials

Crypto Services

Service	Purpose
CryptoService	Base crypto operations (key management)
MediaCryptoService	Media file encryption
CertCryptoService	Certificate encryption
AttachmentCryptoService	Attachment encryption
DataCryptoService	Data field encryption
TranslationCryptoService	Translation encryption
SignatureService	PDF signing (spawns Java process)
HashService	Hashing utilities
LtvService	Long-Term Validation for timestamps
TrustedTimestampService	RFC 3161 trusted timestamps
TrustedTimestampRoomService	Timestamps for rooms

Infrastructure

Service	Purpose
SettingsService	System settings (DB-backed)
DirectoryService	Media directory management
StorageService	External storage engine integration
SFTPService	SFTP file transfers
JanusService	Janus WebRTC gateway management
AppointmentService	Appointment scheduling
CallCenterService	Call center routing
DashboardService	Dashboard data
DisasterModeService	Maintenance mode
HeaderUpdateService	Header info updates
OpenHourService	Business hours management
OnlinePresenceService	User online status
CompatibilityService	Browser compatibility checks
ShortenerService	URL shortening

Face Recognition & Comparison

Service	Purpose
FaceRecognitionService	Face recognition (TODO: rework for videochat)
FaceComparisonService	Face comparison between images

Background & Process

Service	Purpose
BackgroundProcessService	Background process orchestration
JobService	Job management
MergeAudioFileService	Audio merging
ResourceLockerService	Distributed locking (in-process Map-based)

Integrity & Sanctions

Service	Purpose
DeviceIntegrityCheckService	Device attestation
GooglePlayIntegrityCheckService	Google Play integrity
AppleIntegrityCheckService	Apple App Attest
DeviceCapabilitiesCheckService	Device capability checks
DeviceChangeService	Device change handling
SanctionedPersonCheckerService	Sanctions list checking

Audit & Logging

Service	Purpose
IntegrationLogService	Integration API logging
IntegrationLogSaveService	Integration log persistence
IntegrationLogExportService	Integration log export
ClientErrorLogService	Client-side error logging
CommunicationLogService	Communication logging
UserActivityService	User activity tracking
RoomActivityService	Room activity tracking

Import & Portal

Service	Purpose
ImportService	Data import from external systems
ImportedCustomerDeleteService	Imported customer deletion
PortalService	Portal data management

---

Cryptography & Security

AES-256-GCM Implementation (server/gcm.js)

Feature	Details
Algorithm	AES-256-GCM
Key derivation	PBKDF2 with SHA-256, 5000 iterations, 32-byte key
Encoding	Base62
Streaming	EncryptionStream / DecryptionStream (Transform streams)
Buffer ops	encryptBuffer() / decryptBuffer()
String ops	encrypt() / decrypt()
Key protection	DO_NOT_GENERATE_ENCRYPTION_KEY env var

Duplicate Operations

The encrypt() function creates cipher, updates, and finals, then calls encryptBuffer() which does the same thing again. See tech-debt.

Crypto Services Architecture

• CryptoServiceBase — base class
• Per-domain crypto services: Media, Cert, Attachment, Data, Translation
• Each handles encryption/decryption for its domain using customer-specific keys
• Keys stored in Encryption model, managed by CustomerKeyStorageService

UniqueTokenStrategy.js (Custom Passport Strategy)

• Searches token in: body, query, params, cookies, headers
• Case-insensitive by default
• Supports JWE encryption for token content

---

Logging & Diagnostics

logger.js

Log4js-based logging with multiple channels:

Channel	Purpose
vuer	Main application log
audit	Audit events
convert	Media conversion
sql	SQL queries (dev only)
janus	Janus WebRTC
express	HTTP requests
csp	Content Security Policy reports
background	Background processes
media	Media operations
cron	Cron jobs
migration	DB migrations
email	Email sending
auditAccess	Access audit

• Channel auto-detection based on entry script name
• Appenders: custom (ECS), file, syslog, papertrail
• logger.shutdown() for graceful shutdown

diagnostic.js

Real-time health monitoring:

Metric	Details
RPC round trips	Pings CSS, convert, cron, background, media
Socket round trips	Pings all connected clients
RabbitMQ queue depth	Alerts at 5x prefetch count
Sequelize pool stats	Connection pool utilization
Event loop delay	min, max, mean, percentiles
CV server availability	Availability percentage
CSS client ping results	Client-side ping data

• Emits diagnostic:updated events at configurable intervals

---

Audit Logging

File: server/auditlog.js (~365 lines)

Event-driven audit logging system listening to 50+ event types on serviceContainer.emitter.

Categories

system, user, openhour, room, selfServiceRoom, flow, settings, document, systemdocument, encrypt, timestamp, callcenter, cronjob, customer, access, report, webAuthnCredential, totpKey

• All events written to both log4js audit channel and AuditLog DB table
• Extensible via serviceContainer.emitter.callHooks('auditlog', { em, writeLog })

---

Email & SMS

Email (server/e-mail/)

File	Purpose
EmailService.js	Email sending service (Nodemailer + MJML)
EmailApiBase.js	Base email API
Letter.js	Email template/content model

SMS (server/sms/)

File	Purpose
SmsService.js	SMS sending service
SmsApiBase.js	Base SMS API
SmsMessage.js	SMS message model

---

Media & Conversion

server/convert/

File	Purpose
convert_check.js	Verifies FFmpeg availability
Converter.js	FFmpeg conversion wrapper (fluent-ffmpeg)
JanusConvertProcess.js	Janus recording conversion
JanusMetaProcess.js	Janus metadata processing

---

Room Inspector

server/room-inspector/

File	Purpose
RoomInspector.js	Room state inspection
RoomInspectorService.js	Room inspection service
VideoRoomInspectorJanusPlugin.js	Janus video room inspection plugin

---

Utility Modules

server/util/

Module	Purpose
CallCounter.js	Call counting utility
fs-utils/	Filesystem utilities (copy, exists, ensure-directory, file-type, move, move-directory-content)
isUserVerificationEnabled.js	User verification config check
magic.js	Unknown utility
mediaContentUtil.js	Media content helpers
pdf.js	PDF utilities
regexParser.js	Regex parsing utility
StreamTransform.js	Stream transformation utility
systemEnv.js	System environment detection
UniqueTokenStrategy.js	Custom Passport strategy (see )
validateReportBody.js	Report body validation

taskCompatibility.js

Maps self-service task types to SDK compatibility (mobileSDK / webSDK). Known types: 2-factor, consent, portraits, liveness, ID front/back, hologram, eMRTD, proof-of-address, data-confirmation, client-gate, video, key-enrollment. Unknown types default to mobileSDK-compatible.

---

Listeners & Event System

server/listeners/

File	Purpose
background-process.js	Background process event handlers
env-data.js	Environment data event handlers
kiosk-listener.js	Kiosk device event handlers
user-listeners.js	User lifecycle event handlers

Hook System

Extensibility via customization/listeners/:

emitter.addHook('queue', cb)           // Queue setup
emitter.addHook('services', cb)        // Service registration
emitter.addHook('webserver:setup', cb) // Web server config
emitter.addHook('cv:setup', cb)        // CV setup
emitter.addHook('system.start', cb)    // Boot complete
emitter.addHook('routes', cb)          // Route registration
emitter.addHook('cron', cb)            // Cron registration
emitter.addHook('auditlog', cb)        // Audit log extension

---

Error Handling

Custom Error Classes (server/errors/)

Class	Purpose
AuthenticationError	Authentication failure with HTTP code
FlowFrontendError	Flow-related frontend errors

Error Handling Patterns

• Most services catch errors, log them, and re-throw
• Express error handler catches:
  • AuthenticationError — emits access.failed
  • 403 errors — renders template
  • InvalidCredentialsError — flashes + redirect
• Fallback: 400 “Something broke into 400 pieces!”
• process.exit(2) used for fatal errors (DB connection, RabbitMQ close, etc.)

---

Hacks, Workarounds & Code Smells

Technical Debt

See tech-debt for tracking and prioritization.

Configuration

#	Issue	Location
1	SyntaxError parsing hack — manually parses error position from exception message string	config.js:27-52
2	Spring Cloud Config integration with promise-retry — complex and potentially slow startup	config.js

Database

#	Issue	Location
3	Global Sequelize hook to remove undefined WHERE values (v6 workaround)	sequelize.js:36-58
4	SIGUSR1/SIGUSR2 debug hooks use global.console.log (bypasses logger)	sequelize.js:100-115
5	listSessions() loads ALL sessions and parses JSON — O(n) scan with no index	session.js:4-17
6	Shells out to sequelize CLI for migrations instead of programmatic API	connection/db.js:19

Security

#	Issue	Location
7	NODE_TLS_REJECT_UNAUTHORIZED=0 — global TLS bypass	process-settings.js:7
8	Hardcoded 'temppassword' for all temporary passwords in test mode	server.js:290-292
9	unsafe-eval in CSP in dev/CI mode for Istanbul coverage	WebServer.js:178
10	Duplicate cipher operations in encrypt() — creates cipher then calls encryptBuffer() which does same	gcm.js:237-255

Service Container

#	Issue	Location
11	Typo deprecation proxy: contactValidatoin (typo) proxied to throw deprecation error	server.js:163-167
12	God Object pattern: serviceContainer holds everything	service_container.js
13	Duplicate flowFilter service creation	background.js:87-88

Code Quality

#	Issue	Location
14	50+ TODOs scattered throughout codebase	Various
15	Inconsistent naming: CryptoService (PascalCase) vs cryptos.media (camelCase)	serviceContainer
16	WebRTC and client error logs not sorted	selfservice-room.endpoint.js:251,257
17	Possible dead end in workflow	SelfServiceV2Service.js:737
18	”TODO: remove this madness and replace it with a map call everywhere”	reportUtils.js:149
19	”TODO: now only a mock”	SelfServiceCheckerService.js:166

Architecture

#	Issue	Location
20	process.exit(2) on RabbitMQ close — no graceful shutdown	rabbitmq.js:17
21	rpcServer.documentUpload overwritten by Presentation RPC server when presentationMode enabled	server.js:409
22	Service duplication across processes: each entry point re-instantiates many of the same services	All entry points

---

Security Concerns

See security-audit for full assessment.

Critical

Critical Security Issues

1. Global TLS bypass: NODE_TLS_REJECT_UNAUTHORIZED=0 disables ALL certificate validation when allowSelfSignedCerts is true (process-settings.js)
2. JWT secret from config: config.jwt.secret used for socket tokens, self-service tokens — if leaked, allows session hijacking (SocketTokenStorage.js, SelfServiceV2 RPC server)

Medium

Medium Security Issues

3. Session scanning: All sessions loaded into memory to find user’s sessions (session.js) — DoS vector if many sessions exist
4. HTTP agent per request: VuerCVFaceRecognitionEngine creates new HTTPS agent per call — no connection pooling, potential resource exhaustion
5. Credentials in queue messages: SelfServiceV2 queue server masks credentials with 'secret' but only after receiving them through the queue

Low

• CSP relaxation on multiple paths (/api/document/, /import-data/)
• Error message exposure: “Something broke into 400 pieces!” (humorous but potentially information-leaking)

Positive Security Features

• Helmet.js with configurable CSP
• CSRF protection on all routes
• ACL-based access control
• Host header injection mitigation
• IP filtering and rate limiting
• Session-based ACL rules
• Audit logging for all security events
• Encryption at rest for attachments, media, data
• Trusted timestamps (RFC 3161)
• Multiple auth strategies (Local, AD, SAML, WebAuthn, TOTP)
• Certificate management
• Resource Access Bypass tokens (short-lived, path-specific)
• No eval() or Function() — no dynamic code execution found
• getSecureConfig() properly masks sensitive fields for logging/display

---

Architecture Patterns Summary

Pattern	Implementation
Dependency Injection	Service Container (singleton module), not a true DI container but serves the purpose
Event-Driven	ServiceBus (WildEmitter-based) for system-wide events
Message-Oriented Middleware	RabbitMQ for all inter-process communication (RPC, Queue, Pub/Sub)
Repository (implicit)	Sequelize models act as repositories; dbHelpers provides shared query logic
Strategy	Auth strategies (Passport), OCR engines, face recognition engines, storage engines, crypto variants
Template Method	CronJob.run(), TransportSession.terminate(), CVApi.onCallVisionApi()
Observer	EventEmitter throughout (TransportSession, VuerCVWebSocket, ServiceBus, Socket.IO)
Middleware Chain	Express middleware stack, Socket.IO event modules
Feature Flags	Extensive config.get() to conditionally enable services, routes, queues, cron jobs
Customization Layer	customization/ directory provides extension points for API routes, flow handlers, email templates, cron jobs, listeners, portal data, OCR documents

---

Project Structure

server/
  web/              Express app, routes, middleware, API endpoints
  socket/           Socket.io server and event handlers
  queue/            RabbitMQ RPC servers/clients and queue handlers
  service/          Business logic services (80+)
  db/               Database models (65), relationships, helpers
    model/          Sequelize model definitions
    models.js       Model instantiation and relationships
  flow/             Workflow execution engine (tasks, conditions, branching)
  cron/             Scheduled task definitions (19+)
  convert/          Media conversion workers (FFmpeg)
  e-mail/           Email service (Nodemailer + MJML templates)
  sms/              SMS service
  cv/               Computer vision (face detection, MRZ recognition)
  ocr/              OCR recognition engines and processing
  faceRecognition/  Face recognition engine and hooks
  webrtc/           WebRTC/Janus gateway integration
  transport/        Bidirectional oss<->css transport layer
  portal/           Portal data management and data matching
  partner/          Partner integration logic
  listeners/        Event listeners
  backgroundProcess/ Background process handlers
  room-inspector/   Room state inspection
  bootstrap/        App initialization (DB, Redis, RabbitMQ, process settings)
  acl/              Access control list
  errors/           Custom error classes
  logger/           Log4js structured logging
  util/             Utility modules
  service_container.js  DI container (God Object)
  auth.js           Passport.js strategies (local, SAML, AD, FIDO2, TOTP)
  auditlog.js       Event-driven audit logging (50+ events)
  diagnostic.js     Real-time health monitoring
  gcm.js            AES-256-GCM encryption implementation

client/
  engine/           Custom MVC framework (View, Controller, Service, Metadata)
  features/         Feature modules (auth, videochat, socket, flow, etc.)
  ui/               UI templates, components, styles (Stylus)
    elements/       60+ reusable UI elements
    pages/          50+ page types (admin, reports, appointments, video)
    layouts/        Layout templates
    styles/         Stylus CSS

customization/      Extension hooks (white-label)
  api/              API extensions
  flow/             14 predefined flows (self-service, online verification, esign)
  email/            Email template overrides
  cron/             Cron job extensions
  listeners/        Event listener hooks
  ocr/              Country-specific OCR (HU, RS, SLO IDs/passports/licenses)

engines/            Specialized engines
  worker/           Worker pool executors
  translator/       Translation/i18n engine
  storage/          Storage drivers (local, S3)
  build/            Build utilities
  twig/             Template engine

db/                 Database migrations
  migrate/          Sequential migration files (timestamp-named)
  beforeMigrate/    Pre-migration hooks

workers/            Background workers (bcrypt.js password hashing)
web/                Compiled static assets (DO NOT edit)
config/             Environment configs (dev.json, docker.json, local.json, roles.json)
test/               Test suites (unit, e2e, integration, regression)
docs/               Documentation and config schemas (40+ feature docs)
bin/                CLI utilities and build scripts

---

Testing

yarn test:unit                     # Jest unit tests
yarn test:e2e                      # Playwright E2E tests (WARNING: can erase DB!)
yarn jest test/tests/unit/         # Specific directory
yarn jest sometest.test.js         # Single file

• Jest: V8 coverage, 30s timeout, no transform
• Playwright: Desktop Chrome, single worker, 1720x1080, camera/mic permissions
• E2E requires: both vuer_oss AND vuer_css built and running
• Test configs: test/testconfigs/test-config-ci.json (OSS), test-css-config.json (CSS)
• Shared fixtures: /workspace/test_resources

---

Development

yarn dev    # Live reload with automatic file rebuilding
yarn build  # Production build (esbuild)

---

Known Gotchas

Gotcha	Details
Mixed JS/TS	JavaScript files require() TypeScript files with explicit .ts extension
No TS runtime	No ts-node/tsx; relies on Node.js --experimental-transform-types or similar
models.ts is critical	server/db/models.ts imported by 35+ files; single point of failure
Mixed module syntax	ESM import + CJS module.exports in same file (models.ts)
Crash loop risk	Missing model files cause immediate crash; Supervisor rapidly restarts

---

Recent Debugging (March 2026)

Crash Loop - Missing Model Module (FKITDEV-7855)

• Symptom: ERR_MODULE_NOT_FOUND for server/db/model/room, Supervisor cycling PIDs
• Root cause: Missing callbackrequest model + .ts extension resolution issues
• Fix: Added .ts extensions to require statements across 38 files
• Lesson: models.ts is the critical hub; always verify module paths

Sequelize Import Error

• CreationOptional TypeScript type used in runtime without transpilation
• Part of broader TS/JS compatibility issue in the codebase

See debugging-log for full details.

---

Related

• vuer_css - Customer-facing frontend (communicates via RabbitMQ)
• vuer_cv - Computer vision service
• vuer_docker - Docker orchestration
• FaceKom - Platform overview
• rabbitmq-communication - Full queue documentation
• authentication - Auth system deep dive
• database-schema - Entity relationship documentation
• security-audit - Security assessment
• tech-debt - Technical debt tracking