ZenServer

Based on the attached files, this is a Zenith API Server (Z1) - a microservices-based payment processing and webhook management system built on Val Town. Here's a comprehensive summary:

The system follows a router-based microservices pattern where a central router (Router.ts) distributes requests to specialized endpoint handlers. Each service communicates using internal JWT tokens for security.

• Health checks: /, /ping, /health - System status monitoring
• Request routing: Distributes traffic to specialized handlers
• ZID generation: Creates unique request identifiers for tracking
• Internal token management: Generates JWT tokens for inter-service communication

• POST /hooks: Store incoming webhook data
• GET /hooks: List webhooks with filtering (date range, payload mode)
• GET /hooks/{id}: Retrieve specific webhook record
• DELETE /hooks/{id}: Remove webhook record
• Metadata capture: IP, country, user agent, headers, request body

• Payment fingerprint generation using SHA-1, SHA-512, or SHA3-512
• Multiple payment modes:
  • Mode 0: Payment amount > 0
  • Mode 1: Payment amount ≥ 0
  • Mode 2: Payment amount = 0
  • Mode 3: Payment amount ≥ 0
• Input validation: Credentials, timestamps, payment amounts
• Version support: v3, v4, v5 hash algorithms

• Environment-based credentials: Pulls username/password from environment variables
• Payment schemes: tp, rr, b2b, tbp, sep, ccep
• Same validation & hashing as /hash but with scheme-based credential injection

• HTTP proxy service: Forward requests to external services
• Header preservation: Maintains authentication headers (h-key, api-key, authorization)
• Universal method support: GET, POST, PUT, DELETE, etc.

• Payment link creation (delegated to external handler)
• Link generation for payment processing

1. External Validation: Rate limiting, IP restrictions, request sanitization
2. Internal JWT Authentication: Service-to-service communication security
3. Request Correlation: ZID tracking across all services

• HMAC SHA-512 token signing
• Context validation: IP, User-Agent, host, path matching
• 5-minute expiration with clock skew tolerance
• Development mode support for local testing

• Header sanitization and validation
• Input sanitization for all user data
• Cloudflare integration: IP geolocation, country detection
• CORS, CSP, and security headers

• webhooks: Webhook request records
• hash: Basic hash generation logs
• zenhash: Enhanced hash generation logs
• logs: General application logs
• rate_limits: Rate limiting data

• Request headers, body, timestamp
• Client IP, country, user agent
• ZID correlation across services
• Hash generation parameters and results

• IP detection: cf-connecting-ip, x-forwarded-for
• Geolocation: Country, city, region detection
• Security headers: Automatic forwarding of CF security data

• Scheme-based credentials: U_TP, P_TP, etc.
• JWT secrets: Configurable signing keys
• Endpoint URLs: Microservice endpoint configuration

• Health checks: System-wide status monitoring
• Request correlation: ZID-based request tracking
• Comprehensive logging: Full request/response capture
• Error handling: Detailed error responses with stack traces

• Async processing: Non-blocking request handling
• Connection pooling: Efficient database connections
• Rate limiting: Built-in request throttling

This system appears designed for:

• Payment processing: Secure hash generation for payment gateways
• Webhook management: Capture and process incoming webhooks
• API proxying: Route requests to external services
• Request auditing: Full request/response logging for compliance
• Multi-tenant support: Scheme-based credential management

The architecture suggests it's a production-grade payment infrastructure with enterprise security features, comprehensive logging, and microservices scalability.