SLightSFTP Architecture Guide

Architecture Stack

High-level layers for Desktop (Electron) and Web Server modes.

Desktop Mode

Electron shell renders GUI
Node.js orchestrates listeners via IPC
SFTP/FTP listeners share same core
SQLite DB for settings, users, activity
Tray app keeps services running headless

Web Mode

Node.js service exposes REST + WebSocket
Browser UI served statically
Same DB schema as Desktop
Good for headless servers / labs
Pairs with reverse proxy for TLS

Security Layers

Password + SSH public key auth
Per-listener permissions and virtual paths
Idle timeout safety (5 minutes)
Audit logging with IP + auth method

Desktop (Electron)
+----------------+     +------------------+     +--------------------+
| Electron GUI   | --> | Node Controller  | --> | SFTP/FTP Listeners |
| (HTML/JS)      |     | (IPC + WebSocket)|     | (22/21/custom)     |
+----------------+     +------------------+     +--------------------+
         |                      |                         |
         v                      v                         v
    Settings UI           SQLite Database           Virtual Paths

Web Server Mode
Browser --> Web UI --> REST/WebSocket --> Core Server --> Listeners --> Storage

Port Map

Defaults

SFTP: 22
FTP: 21 + passive range (configurable)
Web GUI: 3000

Recommendations

Use non-privileged alternate ports when running un-elevated
Separate DMZ and internal listeners
Document passive port range and open only that range

Reverse Proxy

Front Web GUI with IIS/NGINX for TLS
Keep proxy on 443, forward to 3000
Limit admin IPs at proxy and firewall

Key Data Flows

Authentication Flow

Client --> Listener --> Auth Service --> DB (users, keys) --> Result
               |             |
          IP + method    Audit log row

File I/O Flow

Client --> Listener --> Virtual Path Resolver --> Local FS --> Result
                       |-> Permission Check

Activity Logging

Operation --> Event Bus --> Activity Table --> UI/CSV Export

Process Lifecycle

Desktop Start

Electron launches and loads GUI
Node controller initializes DB and listeners
Tray icon created; Web GUI toggles available

Web Mode Start

npm run start:web boots API + GUI server
Listeners start if enabled
WebSocket pushes stats to browser

Shutdown

Stop listeners (drain active sessions)
Flush pending activity log writes
Close DB cleanly

Deployment Topologies

Single Node

Desktop or Web mode on one Windows host
DMZ exposure via firewall rule
Backups: copy SQLite DB + config directory

Split Roles

Web GUI on port 3000 behind reverse proxy
SFTP on 22, FTP on 21 or custom
Restrict passive FTP range at firewall

Partner DMZ + Internal

DMZ listener for partners (key-only)
Internal listener for LAN users
Separate virtual paths per audience
Rotate keys regularly; log exports weekly

Data Model Notes

Tables

Users: credentials, SSH keys, role flags
Listeners: protocol, port, bind IP, status
Virtual Paths: virtual -> local mapping, permissions
Activity: timestamp, user, verb, path, result, IP

Integrity

Listener assignments reference user IDs
Virtual path permissions scoped per listener
Activity rows immutable; exportable as CSV

Backups

Stop service ➜ copy DB file ➜ start service
Keep 7-day rolling backups
Test restore on a staging VM monthly

Configuration Surfaces

GUI

Listeners: protocol, port, bind IP
Users: password/key auth, permissions, virtual paths
Web server toggle and port

Env / CLI

WEB_PORT: override web GUI port
Passive FTP range: set in config/env then mirror firewall
Service-friendly: wrap npm run start:web as Windows service

Filesystem

Data directory holds SQLite DB
Virtual paths map to local folders you choose
Keep data path on SSD/NVMe for throughput

Backup & Restore

Backup

Stop service/app
Copy SQLite DB file and config directory
Store off-box with 7-day rotation

Restore

Stop service/app
Replace DB with backup copy
Start app; verify listeners and users

Test

Run monthly restore drill on a staging VM
Validate log history and user keys
Document steps for operators