Product website and app backend for Studio Camera. Built on Pulsar Framework (PHP 8.5+), serving the marketing site, subscription verification API, camera compatibility database, user portal, documentation hub, and admin dashboard.
Early development. See the project board for progress.
- Marketing site: home, features, cameras, pricing, docs, support, changelog
- App API: subscription verification, camera compatibility lookup, feedback, version check, device management (JSON, Bearer auth, HMAC-signed)
- Webhook receivers: Google Play RTDN and App Store Server Notifications V2
- User portal: account dashboard, subscription management, device linking, feedback history (Google/Apple OAuth)
- Admin panel: CMS content, camera database, feedback triage, user management, release management, subscription analytics
- Documentation hub: getting started, brand-specific guides, feature guides, troubleshooting
| Layer | Technology |
|---|---|
| Framework | Pulsar Framework (PHP 8.5+) |
| Architecture | HMVC with extension system |
| Database | MariaDB 10.11+ |
| Cache | File-based (Redis post-launch) |
| Queue | Database-backed (Redis post-launch) |
| Auth | Google/Apple OAuth2 via ext-social-sso |
| CMS | Pulsar ext-cms (pages, docs, changelog, media, SEO) |
| Admin | Pulsar ext-admin (CRUD, audit, roles) |
| Styling | Pulsar UI design tokens, custom CSS (BEM) |
| Analytics | Plausible (cookie-free) |
| Error tracking | Sentry (PHP SDK) |
| AWS SES | |
| CDN | CloudFront (HTTP/3, Brotli) |
| Static assets | S3 (immutable, hashed filenames) |
| Hosting | EC2 |
app/
Controllers/
Public/ Marketing page controllers
Account/ User portal controllers
Api/ App API controllers
Webhook/ Store webhook receivers
Middleware/ Security headers, auth, rate limiting, HMAC
Jobs/ Webhook processing, notifications, GDPR purge
Entities/ Domain models (User, Subscription, Device, Camera...)
Repositories/ Data access layer
Services/ Business logic (subscription verification, HMAC signing)
Providers/ Service providers and navigation
extensions/
ext-cameras/ Camera compatibility database, API, sitemap contributor
ext-feedback/ Feedback pipeline, admin triage, beta program
ext-subscriptions/ Subscription verification, webhook processing
public/
index.php Web entry point
assets/ Compiled CSS/JS (hashed filenames)
images/ Screenshots, brand logos, icons
.well-known/ security.txt
resources/
views/
layouts/ Base layouts (marketing, docs, account, admin)
components/ Reusable view components
pages/ Page templates
errors/ Error pages (404, 500, 503)
lang/ Translations (en, fr, nl, de)
config/ Application configuration
database/
migrations/ Database migrations
seeders/ Camera brand and model seed data
tests/
Feature/ Endpoint and integration tests
Unit/ Service and entity unit tests
Lighthouse/ Lighthouse CI configuration
docs/
adr/ Architecture decision records
.github/
workflows/ CI/CD (PHPStan, Psalm, PHPUnit, Lighthouse, deploy)
CloudFront (HTTP/3, Brotli)
|
EC2
|
Pulsar Framework
|
+---------+-------+--------+---------+
| | | | |
Routes Middleware CMS Queue Extensions
| | | | |
Controllers | ext-cms | ext-cameras
| | | | ext-feedback
Services | ext-admin | ext-subscriptions
| | |
Repositories | Job workers
| | (webhooks, email,
MariaDB Cache notifications)
(file/Redis)
The application uses Pulsar's HMVC architecture. Core business logic lives in app/, while domain-specific features are isolated in extensions that register their own routes, views, migrations, and admin resources through the extension API.
API flow: mobile app -> CloudFront -> HMAC verification middleware -> Bearer token auth -> controller -> service -> repository -> MariaDB
Webhook flow: store notification -> signature verification -> queue job -> idempotent processing -> state update + audit log
| Extension | Purpose |
|---|---|
| ext-cameras | Camera compatibility database, REST API, sitemap contributor |
| ext-feedback | In-app feedback pipeline, admin triage, beta program |
| ext-subscriptions | Subscription verification, webhook processing, entitlements |
Contributions are welcome. Please read CONTRIBUTING.md before opening a PR. All contributions require acceptance of the Contributor License Agreement (CLA).
Don't post secrets, tokens, or credentials in issues. If you find a vulnerability, please report it privately. See SECURITY.md.
This project uses a source-available license that allows personal and educational use while restricting commercial use and redistribution. See LICENSE for the full terms.
For commercial licensing, contact the maintainer.