REGIS-Lite - Public Registry Management System
An enterprise-grade public registry management platform for managing administrative and statistical registries with validation workflows, data governance, and comprehensive audit logging. Built for government institutions, public administration offices, and organizations requiring compliance-ready registry management.
Use Cases
Public administration offices can manage citizen registries with complete data governance, tracking personal information, official documents, and status changes through configurable validation workflows. Government agencies can maintain company and business registries with tax ID (NIP) and business ID (REGON) tracking, registration status management, and multi-step approval processes. Municipalities can manage real estate registries with property details, tenant information, occupancy status, and property categorization workflows. Social services departments can maintain beneficiaries registries with personal data, benefit types, amounts, benefit periods, and application processing workflows. Ministries can manage statistical registries for demographic data, economic statistics, public health data, educational statistics, and environmental data with comprehensive reporting capabilities. The workflow engine enables multi-step validation processes where data entries progress through stages such as 'Pending verification', 'Under verification', 'Verified', 'Approved', and 'Published', with different users responsible for each stage. Registry administrators can create and configure registries with custom JSONB schemas, defining fields, data types, validation rules, and display properties without requiring database migrations. Workflow managers can design custom validation workflows with multiple steps, approval gates, and status transitions, assigning different roles to each workflow stage. Data entry clerks can add registry entries through dynamic forms generated from registry schemas, upload supporting documents, and track entry status through workflow stages. Validators can review entries assigned to them, verify data accuracy, approve or reject entries, and add comments or notes. Managers can oversee workflow progress, approve entries at final stages, and access comprehensive audit logs for compliance reporting. The task management interface enables users to view assigned validation tasks, track task status, complete tasks with comments, and monitor workflow progress. The dashboard provides overview statistics including total registries, active entries, pending validations, and recent activity, enabling administrators to monitor system health and activity. The audit logging system captures all actions including registry creation, entry modifications, workflow transitions, user logins, and permission changes, providing immutable records for compliance audits. Perfect for public sector organizations requiring GDPR-compliant data management, government institutions managing official registries, non-profit organizations tracking beneficiaries, and enterprises needing secure registry management with full traceability.
Key Features
- Registry Management with Dynamic JSONB Schemas
- Multi-Step Validation Workflows
- Configurable Workflow Definitions
- Task Management and Assignment
- File Upload and Document Management
- Comprehensive Audit Logging
- Keycloak Authentication and Authorization
- Role-Based Access Control (RBAC)
- Dashboard with Statistics and Overview
- Registry Entry CRUD Operations
- Workflow Instance Tracking
- Status Management (Active, Inactive, Archived)
- User Authentication with SSO
- JWT Token-Based API Security
- PostgreSQL with JSONB for Flexible Schemas
- RESTful API with CORS Support
- Type-Safe Frontend and Backend with TypeScript
- Server-Side Rendering (SSR) with Next.js
- Responsive User Interface
- Health Check Endpoints
- Structured Logging with Winston
- API Rate Limiting
- Security Headers with Helmet.js
- Database Migration Management
- Railway Deployment with Automated CI/CD
Architecture
Built with Next.js 16+ (React 18) and TypeScript for a modern, type-safe frontend featuring server-side rendering (SSR) capabilities and optimized production builds. The frontend uses Next.js App Router with file-based routing, React Server Components where appropriate, and client components for interactive features. The UI is built with custom CSS and modern design patterns, providing a clean, professional interface optimized for administrative workflows. API communication is handled through a centralized API utility with automatic token injection, proper error handling, and response formatting. The backend is built with Node.js and Express using TypeScript for type safety, following RESTful API design principles with structured route handlers, service layers containing business logic, and model definitions for data structures. The architecture uses a modular service pattern with dedicated services for registry management, workflow orchestration, task management, file uploads, and health monitoring. The database layer uses PostgreSQL with connection pooling, parameterized queries for SQL injection prevention, and JSONB columns for flexible schema storage. The authentication layer integrates Keycloak through keycloak-connect middleware for backend token validation and keycloak-js for frontend authentication flows. The platform implements CORS-enabled cross-origin resource sharing for secure API access, with configurable origin policies. File uploads are handled with Multer middleware, storing files in a dedicated uploads directory with secure file serving through Express static middleware. The workflow engine manages workflow definitions stored as JSONB in the database, with workflow instances tracking execution state, current steps, and status transitions. The task management system tracks task assignments, completion status, and workflow associations. The audit logging system captures all system actions with immutable records including user context, timestamps, action types, entity information, and change details. The platform is deployed using Railway with separate services for frontend (Next.js), backend (Node.js/Express), PostgreSQL database, and Keycloak authentication server. Railway provides automated CI/CD with GitHub integration, enabling automatic deployments on code pushes. The backend uses Railway's Railpack builder for automatic Node.js detection and build optimization, while the frontend uses Nixpacks for Next.js deployment. Environment configuration uses Railway's environment variables for database connections, Keycloak URLs, API endpoints, and service settings. The architecture supports horizontal scaling through stateless API design and implements proper error handling, logging with Winston, and monitoring capabilities. Security is implemented through multiple layers including Helmet.js for security headers, express-rate-limit for API rate limiting, CORS configuration, and Keycloak-based authentication and authorization.
Security & Performance
Security is implemented through multiple layers including Keycloak integration for enterprise-grade authentication and authorization, providing Single Sign-On (SSO), role-based access control (RBAC), JWT token-based authentication, and comprehensive user management. The backend validates all JWT tokens with Keycloak, ensuring only authenticated and authorized users can access protected resources. The platform implements CORS-enabled API access with configurable origin policies, secure API endpoint design with proper HTTP method handling, and input validation throughout the application using express-validator. Helmet.js provides security headers including X-Content-Type-Options, X-Frame-Options, X-XSS-Protection, and Content-Security-Policy. Express rate limiting prevents API abuse with configurable request limits per IP address. SQL injection prevention is ensured through parameterized queries using pg library's built-in parameterization. The file upload system validates file types and sizes, stores files securely, and serves them through controlled endpoints. The platform implements comprehensive audit logging with immutable records capturing all system actions, user activities, resource modifications, and API access patterns, providing complete traceability for security and compliance requirements including GDPR. All sensitive operations are logged with user context, timestamps, and action details. The backend uses Winston for structured logging with different log levels, enabling proper error tracking and debugging. Performance is optimized through efficient Node.js backend services with connection pooling for database connections, minimizing connection overhead and improving response times. The frontend uses Next.js's efficient rendering with server-side rendering for initial page loads and client-side hydration for interactivity, providing fast page transitions and responsive user experience. Next.js's automatic code splitting and optimization reduces initial bundle sizes and improves load times. API responses are structured with proper JSON formatting and efficient data structures, reducing payload sizes and improving network performance. The database uses PostgreSQL's JSONB for flexible schema storage while maintaining query performance through proper indexing strategies. Connection pooling ensures efficient database connection management, reducing connection establishment overhead. The file upload system handles file storage efficiently with proper file serving through Express static middleware. The architecture supports horizontal scaling through stateless API design, allowing multiple backend instances to handle increased load. Railway's infrastructure provides automatic scaling capabilities and load balancing. The platform implements proper caching strategies where appropriate, with real-time data updates for registry entries and workflow status. Error handling is comprehensive throughout the application, providing user-friendly error messages while logging detailed error information for debugging.
Development & Deployment
The application is built using Next.js 16+ for the frontend with TypeScript 5+ for type safety, React 18 for UI components, and custom CSS for styling. Development workflow uses npm for package management, with Next.js's development server providing hot module replacement and fast refresh capabilities. The frontend uses Next.js App Router with file-based routing, React Server Components, and client components for interactive features. Component architecture follows React best practices with reusable components, proper prop typing, and efficient rendering. The backend uses Node.js with Express and TypeScript for type safety, following RESTful API design principles. Development workflow uses npm for package management, with tsx for TypeScript execution in development and tsc for production builds. The codebase is structured with clear separation between frontend and backend, with shared type definitions and API contracts. The backend follows Express best practices including proper error handling, structured logging with Winston, middleware organization, and route organization. The database uses PostgreSQL with node-pg-migrate for migration management, enabling version-controlled database schema changes. The platform includes comprehensive API documentation through code structure and type definitions, with RESTful endpoint design following standard conventions. For production deployment, the application uses Railway's platform with separate services for frontend, backend, PostgreSQL database, and Keycloak authentication server. The frontend deployment uses Railway's Nixpacks builder for Next.js, automatically detecting Next.js configuration and optimizing production builds. The backend deployment uses Railway's Railpack builder for Node.js, automatically detecting package.json and running build and start commands. Railway provides automated CI/CD with GitHub integration, enabling automatic deployments on code pushes with health checks and restart policies. Environment configuration uses Railway's environment variables for database connections (DATABASE_URL), Keycloak URLs, API endpoints, and service settings. The backend service runs database migrations automatically on deployment using the migrate script in package.json. The PostgreSQL service is provisioned through Railway with automatic connection string generation. The Keycloak service is deployed using Docker with custom Dockerfile configuration for Railway's reverse proxy setup. The deployment includes proper error handling, logging, and monitoring capabilities, with Railway's built-in logging and metrics for observability. The platform supports zero-downtime deployments through Railway's rolling update strategy and includes comprehensive documentation for setup, deployment, and configuration. All services are configured with hardcoded production URLs for simplified deployment, removing the need for environment variable management in the codebase.