InvoiceMall - SaaS billing service for studios and freelancers

Hello! My name is Ignat. I’m an employee of CloudMill who developed the InvoiceMall customer relationship management service . This article is the first in a series of materials that will tell about it. In this article I will discuss the technical part of the project implementation, talk about the technologies used and the development process. The following material will be devoted to using the service with invite keys.

Initially, the service was created for the needs of our company. Over time, we decided to expand its capabilities somewhat, using the most successful ideas that emerged as a result of the brainstorming and analysis of the work of competitors. The development of the concept took about two months. We have collected all the best and created a unique service that has ample opportunities.

The basic functionality consisted of a billing service and a customer base. As a result of hard work on the project, the following additional functions appeared:

• customer management;
• project management;
• account management (various statuses and types of accounts);
• cost management;
• ticket system;
• archive of documents;
• statistics;
• the ability to accept payment to an internal account in the system through various payment instruments.

We are developing several additional sections that will make our service a full-fledged CRM system. In addition, we are planning to introduce social services and multi-language functionality. All the above functions will be connected as modules, depending on the preferences of our customers. Thus, we will keep the simplicity of service for those of them who only want to create accounts in our SaaS project.
')
Other SaaS services in operation.

We have always been interested in how other teams work, so we'll talk a little about ourselves. Initially, we used BaseCamp, but for some reason, we soon abandoned it. After a long process of choosing from various project management / collaboration services, we switched to the following:

• dropbox.com - File storage and backups;
• beanstalkapp.com - GIT & SVN repositories;
• lighthouseapp.com - Ticket system.

Iron and Hosting

For two years now we have been customers of The Planet. At the moment we rent three servers:

• 2x Intel Xeon QC 2.0GHz, FreeBSD 8.0, MySQL 5.1.50, not accessible from outside, 12GB of RAM;
• 2x Intel Xeon QC 2.0GHz, FreeBSD 8.0, memcached / MongoDB, not accessible from outside, 12GB of RAM;
• 2x Intel Xeon QC 2.0GHz, FreeBSD 7.2, nginx 0.8.48, PHP 5.3.3 fastcgi (FPM).

This is quite enough for hosting our clients and for the functioning of our project. We initially abandoned Clouds for several reasons:

• First of all, this is awful SLA Amazon `a;
• secondly, the prices for using such resources will not be much lower.

However, we use S3 & CloudFront (CDN) to store and distribute content. We are now setting up the infrastructure at Hetzner, to transfer InvoiceMall to the site in Germany. This will reduce the delay from 220ms to 70-80ms. We are also considering options for using MDNS (Zerigo), for even faster response.

Security

We paid a lot of attention to project security. For this, the framework has been reworked. Now all incoming data is pre-filtered and cleaned, thus avoiding possible developer errors. In addition, all data that goes into SQL queries is also cleared. Our next step is to connect the CSRF protection to the forms.

We really encrypt backup tables before sending them to the archive server once a day. Software is constantly updated. In addition, we conducted an internal server optimization. Enabled ipfw and autobahn bots. Constant monitoring of server load and network.

Thanks to all this, we can sleep peacefully without waking up at three in the morning from angry calls complaining that the server is not responding. We do not need to wrestle with how to climb on it and overcome the DDoS attack.

Soft

As it became clear, the service is written in PHP. We use our own framework, the base for which was Kohana 3.0. He was heavily rewritten. It can start only in PHP> 5.3, it definitely needs memcached and mysqli. We also abandoned the Kohana `View model, connecting the H2O template engine, which, in turn, was subjected to strong correspondence. Twig dropped, losing out on H2O performance. ORM was also excluded, and sessions and authorization were rewritten with it. The exception ORM - a necessary measure, because All queries are profiled and optimized.

All framework code is profiled. We tried to optimize everything in our power to remove the repeated calls of functions, the passage of cycles, the transfer of content.

As a result, we have reached the maximum page generation time of 0.007 seconds and 800kb memory costs when using APC and multi-level caching (tests were performed on the production service).

When you deploy a new version, a script is launched that combines the framework into one file. Logging and queues go to MongoDB, which allows us to safely scale the project. At the moment we do not plan to switch to NoSQL.

A couple of words about architecture

After our decision to make the product public and analyze the capabilities of competitors, we began designing a service for hundreds of thousands of users. Various fields, types of invoices, predefined installations, and more, depending on the selected country, were laid. All text was removed from templates and scripts and rendered into language files that are always accessible from the cache. Thus, the only thing required to add a new language is to add its language files, the system will connect it itself.

Features

Authorization with us is possible through Yahoo, Yandex, Google and Google Apps. Soon we will connect FaceBook. We do not use OpenID (the work logic is slightly different). Authorization will only happen if you are already registered with this email.

Currently implemented import contacts through Google AuthSub. You just need to click on the button, confirm the permission on the site and select those you need to add.

Both classes (OpenID, oAuth) we have our own. One Janrain connection added almost 0.3 s. to execute and increased memory by 1mb. Refactoring was pointless, so for each service, a wrapper was written. The base class took OpenID from ZF.

HTML / JS

JS framework - the well-known jQuery, for the beta period, we do not optimize or compress CSS. In the future, a script will be written that will flood CloudFront immediately with both the source code and the gzip version that has previously been optimized.

The project implemented partial support for IE6. For example, there are no rounded corners in it, but nothing floats and the scripts work as they should. We also optimized javascript so that the download and all actions with the DOM take place without delay on all browsers. In the future, we plan to complete the transition to HTML5 and the rejection of support for IE6.

API

We are currently working on an API. Each function on the site will be available through the API. It will be a simple and easy way to integrate. For example, the use of our service in the operation of your store will allow you to issue beautiful invoices, maintain convenient statistics, make a marketing newsletter for customers and accept payment through various merchants. We will try to limit the use of the API only your imagination.

On this I will finish. We will be happy to answer all your questions and provide interested persons for testing our product. We ask you to treat with understanding the possible errors, but we believe that with your help we will be able to quickly, and most importantly in the right direction to complete the beta testing stage and with confident steps to come to the release.

Sincerely, CloudMill Team.