FAQs -Technical

1. How does Fanso storage asset files such as videos and images? Fanso supports Local storage (single machine) for now. We use Nginx http_auth_module to protect assets. The download link usually is available in 4h, and has integrated business rules into our application.
2. Does Fanso support S3 (Simple Storage Service) services like AWS S3 or Digital Ocean Space? Fanso supports local storage for now. If need an S3 service you can customize our File module or contact us for customization
3. Does Fanso support an FTP file server? Fanso supports local storage for now. If need FTP service you can customize our File module or contact for customization
4. Can we deploy Fanso to AWS EC2? Yes, Fanso is able to be deployed to any VPS server, including AWC EC2
5. Does Fanso support Kubernetes? We have not supported for application container image in our script yet. So you have to create an image eg with Docker and deploy the application to Kubernetes. Or contact us for a customization.
6. Does Fanso support Docker? For now Fanso does not provide a Docker image yet. We will provide it in the future release.
7. Is Fanso using CI/CD in our dev process? Yes, we are using Jenkins for this purpose
8. How can we deliver the update efficiently? We provide full source code, so you can do implementation if you want. Or we can provide Docker image for your customizations
9. API postman collections https://fanso.io/api
10. Can you confirm that your codeset supports a PWA (not just web)? It support but not 100%, some we need to modify. basically we have no PWA yet
11. Do you use any design system that we should replicate for our bespoke UI to enable efficiency and speed in the dev process? We just use ant design for our component design / approach.
12. Can you explain more about your approach to security, particularly how you manage authentication tokens and secure user data? We do not provide server security or DDOS protection, we provide application only

• Application below Authentication Tokens: • Secure Storage: Store tokens securely using methods like environment variables or dedicated secret management services. also support .env if needed • Encryption: Encrypt tokens in transit and at rest to protect against interception and unauthorized access. • Expiration and Rotation: Implement expiration dates for tokens with JWT Securing User Data: • Data Encryption: Encrypt sensitive user data both in transit (using TLS/SSL) and at rest (using AES or similar algorithms). • Access Controls: Enforce strict access controls and permissions to ensure that only authorized users and systems can access or modify data. • Data Minimization: Collect and retain only the data that is necessary for the application to function, reducing the potential impact of a data breach.

1. How do you plan to handle error logging and monitoring in both the frontend and backend to ensure reliability and ease troubleshooting? Backend we have request logs and httpexception log to track issues / exception. besides that we also have log tool to use in additional case In frontend we do not apply but we provide addon for Sentry log when having request from client

2. What strategies have you implemented for scalability, especially considering the hardcoded values and direct coupling seen in the snippets?

   • No hardcoded values with configuration files or environment variables. If have we have constants file, and define all there
   • default system is monolithic architecture but if want we can design as microservice.
   • so far in our application, we just need to separate file server then we can apply load balancer without issue
   • have cache system on our app, use Redis
   • db: Have indexing, query optimization. Our DB platform supports sharding to improve database performance and scalability.
   • we have queue, messaging system for asynchronous Processing, message queues and event-driven architectures to handle tasks that can be processed asynchronously.

3. **Could you discuss your approach to ensuring code maintainability, such as documentation standards, coding conventions, and review processes you follow?**Documentation Standards: • Code Comments • README Files: we provided confluence page with all details • API Documentation: we provided api docs already Coding Conventions: • Style Guides: we use Airbnb's JavaScript Style Guide • Naming Conventions: Use clear and descriptive names for variables, functions, and classes. • Refactoring: Regularly refactor code to improve readability and reduce complexity. Review Processes: • Code Reviews: Implement a peer review process where every piece of code is reviewed by at least one other developer before being merged.

4. How do you ensure the application is secure against common web vulnerabilities (e.g., SQL injection, XSS, CSRF)?

   // => we do not use SQL but no-sql. and we use mongoose framework with mongodb-driver, it will prevent sql injection. CSRF is not applied on our product, we use API with authentication header. XSS we provided setup on nginx, if neeed any we can update there. Check our nginx template for details

5. What is your approach to testing, both in terms of unit tests and integration tests, for the frontend and backend? // we do not have E2E or unit test right now. manual testing whole app