WikINT is a course materials platform built for Telecom SudParis / IMT-BS. It functions as a collaborative knowledge base where students upload, organize, review, and consume academic materials (PDFs, Office documents, images, audio, video, code files). Think of it as a student-run wiki where every content change goes through a pull request review process before being published to the browsable tree.
The platform serves a dual purpose:
- Knowledge preservation across academic years (materials persist and version)
- Collaborative curation where students collectively build and maintain a shared study resource library
WikINT follows a three-tier architecture with a clear separation of concerns:
┌─────────────────────────────────────────────────────────────────┐
│ NGINX Reverse Proxy │
│ (TLS termination, path routing, rate limiting) │
└──────┬──────────────────────┬───────────────────┬───────────────┘
│ │ │
▼ ▼ ▼
┌──────────────┐ ┌──────────────────┐ ┌──────────────┐
│ Next.js │ │ FastAPI (API) │ │ OnlyOffice │
│ Frontend │ │ + ARQ Workers │ │ Document │
│ (SSR/CSR) │ │ │ │ Server │
└──────────────┘ └───────┬──────────┘ └──────────────┘
│
┌─────────────┼─────────────────┐
│ │ │
▼ ▼ ▼
┌──────────┐ ┌──────────┐ ┌──────────────┐
│PostgreSQL│ │ Redis │ │ MinIO / S3 │
│ (data) │ │(cache/ │ │ (file store) │
│ │ │ queues) │ │ │
└──────────┘ └──────────┘ └──────────────┘
│
▼
┌──────────────┐
│ MeiliSearch │
│ (full-text) │
└──────────────┘
Pattern: Service-Oriented Monolith. The API is a single FastAPI application, but internally it is organized into distinct domains (routers, services, models) that could be extracted into separate services if needed. Background processing is handled by ARQ workers running the same codebase.
| Layer | Technology | Version |
|---|---|---|
| Frontend | Next.js (App Router), React, TypeScript, Tailwind CSS | Next.js 15 |
| API | FastAPI, SQLAlchemy 2 (async), Pydantic v2 | Python 3.13 |
| Database | PostgreSQL (via asyncpg) | 15+ |
| Migrations | Alembic | |
| Cache / Queues | Redis (via redis-py async + ARQ) | |
| Object Storage | S3-compatible (MinIO dev, Cloudflare R2 prod) | |
| Search | MeiliSearch | |
| Malware Scanning | YARA rules + MalwareBazaar API | |
| Document Editing | OnlyOffice Document Server | |
| Observability | OpenTelemetry + Prometheus | |
| Reverse Proxy | Nginx |
architecture/system-overview.md- System topology, service interactions, and deployment modelarchitecture/data-model.md- Complete database schema, entity relationships, and migration history
modules/core-infrastructure/storage.md- S3/MinIO object storage abstraction layermodules/core-infrastructure/database.md- Async SQLAlchemy engine, session management, post-commit job patternmodules/core-infrastructure/redis.md- Redis clients, ARQ pool, pub/sub for SSEmodules/core-infrastructure/configuration.md- Environment-based settings, secret validation, per-type size limitsmodules/core-infrastructure/telemetry.md- OpenTelemetry traces, Prometheus metrics
modules/data-layer/models.md- All SQLAlchemy ORM models, mixins, relationshipsmodules/data-layer/schemas.md- Pydantic request/response schemas
modules/api-endpoints/authentication.md- Email OTP + magic link auth, JWT lifecyclemodules/api-endpoints/upload.md- Direct upload, presigned upload, TUS resumable protocolmodules/api-endpoints/pull-requests.md- Batch PR creation, approval, votingmodules/api-endpoints/browse.md- Directory tree traversal, material retrievalmodules/api-endpoints/remaining-routes.md- Search, comments, annotations, flags, notifications, admin, OnlyOffice
modules/business-services/pr-engine.md- Topological sort, operation dispatch, temp_id resolutionmodules/business-services/material-service.md- Material CRUD, versioning, search indexingmodules/business-services/user-service.md- User lifecycle, roles, onboarding
modules/background-workers/upload-pipeline.md- The 4-stage upload processing pipelinemodules/background-workers/cleanup.md- Orphan cleanup, stale upload cleanup, multipart reconciliation
security/file-security.md- Metadata stripping, malware scanning, sandbox, MIME validationsecurity/authentication.md- JWT architecture, token blacklisting, RBACsecurity/upload-hardening.md- Quarantine pattern, CAS dedup, quota enforcementsecurity/markdown-safety.md- Sanitization, Mermaid diagram hardening, and SVG isolation
modules/frontend/overview.md- Next.js app structure, routing, state managementmodules/frontend/upload-system.md- Client-side upload orchestration, staging store, crypto utils
flows/upload-lifecycle.md- Complete file upload from browser to stored materialflows/pull-request-lifecycle.md- PR creation, review, approval, and content materializationflows/authentication-flow.md- Login, token refresh, and session management